You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a super exciting proposal and very excited to see the implementation.
Just wondering have you thought about any additional artifacts being logged? such as process execution? I very much doubt most Android exploits would deploy a rootkit to hide the process exec, might be useful to log execs and ship them with the logcat data to a central server for analysis/review? It would be very noisy and probably shouldn't be enabled by default but for very paranoid people would be a huge win.
Compared to on iOS where you have to trigger a sysdiagnose to get information about processes, having Graphene just log and export them for review would be very useful https://github.com/KasperskyLab/iShutdown. Obviously if you suspected compromise you could connect with adb and poke around but having the log manager/system keep track I think would be much better.
In addition to the failed MTE reports are you saving any other data about the crash? I haven't looked in detail at the implementation here but can you load your own custom crash handler? If so logging registers and maybe, 2048 bytes before and after the program counter, as well as maybe 2048 bytes before and after whatever registers are pointing at would be extremely useful, by the time you see the MTE failed log you lose the ability to do much about it, having some data from a frozen point in time would allow you to see if this crash is something to be concerned about, or if it's just a buggy app.
Just some ideas :)
The text was updated successfully, but these errors were encountered:
agnosticlines
changed the title
Additional forensic artifacts, custom crash handler, and stack data with reports?
Additional forensic artifacts, custom crash handler, and stack/register snapshots with reports?
Jan 18, 2024
This is a super exciting proposal and very excited to see the implementation.
Just wondering have you thought about any additional artifacts being logged? such as process execution? I very much doubt most Android exploits would deploy a rootkit to hide the process exec, might be useful to log execs and ship them with the logcat data to a central server for analysis/review? It would be very noisy and probably shouldn't be enabled by default but for very paranoid people would be a huge win.
Compared to on iOS where you have to trigger a sysdiagnose to get information about processes, having Graphene just log and export them for review would be very useful
https://github.com/KasperskyLab/iShutdown
. Obviously if you suspected compromise you could connect with adb and poke around but having the log manager/system keep track I think would be much better.In addition to the failed MTE reports are you saving any other data about the crash? I haven't looked in detail at the implementation here but can you load your own custom crash handler? If so logging registers and maybe, 2048 bytes before and after the program counter, as well as maybe 2048 bytes before and after whatever registers are pointing at would be extremely useful, by the time you see the MTE failed log you lose the ability to do much about it, having some data from a frozen point in time would allow you to see if this crash is something to be concerned about, or if it's just a buggy app.
Just some ideas :)
The text was updated successfully, but these errors were encountered: