Vulnerability Development mailing list archives
Re: PocketPC exploitation
From: dennis () backtrace de
Date: Thu, 22 Sep 2005 16:16:09 +0200
i would like to know if some of you have experience with exploitation of PocketPCs and could give me some ways and tools (debugger...). since some vulns come ( http://www.securityfocus.com/bid/13807 ) I know that writing a DLL (Fuser) is quite easy with eVC++ (Embedded), so a "download and execute"-like shellcode could be amazing...Pointers to begin with : - Microsoft Embedded Visual C++, with on-target debugging :
http://www.microsoft.com/downloads/details.aspx?FamilyID=1dacdb3d-50d1-41b2-a107-fa75ae960856&displaylang=en
- Phrack #63 "Hacking Windows CE" http://www.phrack.org/phrack/63/p63-0x06_Hacking_WindowsCE.txt - And the upcoming IDA Pro 4.9 with Windows CE on-target debugging : http://www.datarescue.com/idabase/wince/index.htm Regards, - Nicolas RUFF Security researcher @ EADS-CCR
Hello Nicolas, hello Jerome, hello list :) Even an early alpha version of the IDA Windows CE debugger proved to be *very* useful and had some major advantages over the Embedded MSVC debugger (single-stepping into subfunctions for instance). I used IDA and the CE debugger in order to find and verify the vulnerability mentioned above. Looking forward to 4.9 :-) Cheers, Dennis
Current thread:
- Re: PocketPC exploitation Nicolas RUFF (Sep 19)
- Re: PocketPC exploitation dennis (Sep 24)
- <Possible follow-ups>
- PocketPC exploitation Jose Morales (Sep 21)
- Re: PocketPC exploitation Ratter (Sep 24)
- Re: PocketPC exploitation Jose Morales (Sep 24)
- Re: PocketPC exploitation Ratter (Sep 24)