• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Question...

You have to manually walk through (took me three hours for the Spirit aboot) and mark sections as code or data before you get any meaningful string/code xrefs.
 
Well if you have the load address right, the first instruction you are pointing to is going to be code. From there you literally walk down the file marking as code or data depending on the makeup of the hex bytes to the left.
 
You don't need to touch addresses, just the "DCB" etc instructions. Once you start marking everything IDA will eventually have enough information to start forming code/data/string xrefs (the Interactive part of IDA :P).
 
Can't really see how kernel fuzzing would be useful unless we were looking for a kernel root exploit.
 
But we'd need a method of running our own code in the bootloader's address space. If we had that, we wouldn't be having this conversation.
 
Oh, erm, right. Is it possible to load our bootchain in the android emulator? I'd like to see if I can get some debugging programs (don't know which yet) and run them against it.
 
Back
Top Bottom