One Article Review
| Source |  ProjectZero |
|---|---|
| Identifiant | 8405411 |
| Date de publication | 2023-11-03 10:04:59 (vue: 2023-11-03 17:06:44) |
| Titre | Premier combiné avec MTE sur le marché First handset with MTE on the market |
| Texte | By Mark Brand, Google Project ZeroIntroduction It\'s finally time for me to fulfill a long-standing promise. Since I first heard about ARM\'s Memory Tagging Extensions, I\'ve said (to far too many people at this point to be able to back out…) that I\'d immediately switch to the first available device that supported this feature. It\'s been a long wait (since late 2017) but with the release of the new Pixel 8 / Pixel 8 Pro handsets, there\'s finally a production handset that allows you to enable MTE! The ability of MTE to detect memory corruption exploitation at the first dangerous access is a significant improvement in diagnostic and potential security effectiveness. The availability of MTE on a production handset for the first time is a big step forward, and I think there\'s real potential to use this technology to make 0-day harder. I\'ve been running my Pixel 8 with MTE enabled since release day, and so far I haven\'t found any issues with any of the applications I use on a daily basis1, or any noticeable performance issues. Currently, MTE is only available on the Pixel as a developer option, intended for app developers to test their apps using MTE, but we can configure it to default to synchronous mode for all2 apps and native user mode binaries. This can be done on a stock image, without bootloader unlocking or rooting required - just a couple of debugger commands. We\'ll do that now, but first:Disclaimer This is absolutely not a supported device configuration; and it\'s highly likely that you\'ll encounter issues with at least some applications crashing or failing to run correctly with MTE if you set your device up in this way. This is how I\'ve configured my personal Pixel 8, and so far I\'ve not experienced any issues, but this was somewhat of a surprise to me, and I\'m still waiting to see what the first app that simply won\'t work at all will be...Enabling MTE on Pixel 8/Pixel 8 Pro |
| Envoyé | Oui |
| Condensat | #00 #01 #02 /apex/com /data/app/~~lggoat3gb6oojf3iwxi 0000000000000001 0000000000000004 0000000000000020 0000000000000075 00000072aae969ac 00000072ab1867e0 00000072ab1867ec 00000072ab35e7ac 0000007fe384be30 0000007fe384c2e0 0000007fe384c308 00676e6972747320 7274732074736574 > /data/local/tmp/chrome >>> jniexport jstring jnicall pc pst sp x1 x10 x11 x13 x14 x15 x17 x18 x19 x2 x21 x22 x23 x25 x26 x27 x29 x3 x5 x6 x7 x9 *** +160 +1636 +212 +36 +496 /data/local/tmp /data/local/tmp/chrome /dev/ /proc/self/smaps /u:object 00000000 0000000000000001 000000000000000f 000000000000050c 000000000000179c 00000000000017dc 0000000000057ba4 000000000005e800 000000000007fff3 00000000003867ec 000000000055e7a8 0000000080001000 00000000ebad6a89 000000722ff047b8 00000072aae969ac 00000072aaed0af4 00000072aaed0c18 00000072aaed0ca8 000000754a5fae40 0000007573c00000 00000075740fe000 0000007fe384c260 0000007fe384c2d0 0000007fe384c2e0 0000007fe384c308 00:12 022shiba:/ $ 041/10808477:user/release 070000741fa897b0 092532886+0200 0b000072afa9f790 0x0b000072afa9f790 0x1000 0x72afa9f790 0xfffe 10292 16:56:32 176 19:14 2 except 2017 2023 230803 24147 24147: 31106e3dee7fb177 6178811259984417487 765bff1000 765c011000 8/pixel 99033978352804627313491551960229047428 : ::checkjni::newstringutf ::jnivaluetype* ::scopedcheck::check :backtrace: >newstringutf APIkey PAC a017f07431ff6692304a0cae225962fb a5fcf27f4a71b07dff05c648ad58e3cd abi: ability able about absolutely access accessed adb add added additional addr advantages after again all all2 apps alloc allocation allocations allocator allow allows almost already also amounts android anonymous any apdakey apdbkey apibkey apk app application applications applies apps are arm arm64 art/lib64/libart art:: art::scopedobjectaccess& async attached attack availability available back based basis1 battery because been below big binaries bit bluetooth bool boot bootctl bootloader brand browser browsers browsing bug bug: build buildid: bullet for but byte bytes c/c++ calling can case cat cause cause: caused causes celebrating char char* ptr = strdup check chrome chrome doesn chrome://flags#enable chromium click cmdline: code com command commands components in computer that conclusion configuration; configure configured configuring connect const* cores correctly corruption couple crash crashes crashing ctrl: currently daily dangerous day deallocated debug debugger debugging decreasing default detect detected detection developer developers development device device: device:shiba devices diagnostic disable disabling does doesn doing don done due dynamic easier echo effectively effectiveness element empty enable enabled enabled: enables enabling encounter entirely example exceptions exclusions executables executables: expect experienced experiment experimental explicitly exploitation extensions extern f60a9970a8a46ff7949a5c8e41d0ece51e47d82c failing failure far fault feature features=partitionallocmemorytagging:enabled features=partitionallocpermissivemte ffffffffffffffff figure file file; finally fingerprint: first first:disclaimer flag flags follow following forward found frames free from fulfill future fuzzing general gesture google google/shiba/shiba:14/ud1a grep handset happened harder has have haven having heard highlighted highly how huge id:5 illustrates image immediately impact implement improvement individual inherit input instead instructions intended involve involves issues java jni jnienv* jnienv* env jnienv::newstringutf jobject /* this */ just k4yl4omx9pebfuvtekjqfg==/base keys keys: killpartitionallocmemorytagging kq==/com large last late later launch least leave libmtetestapplication libraries life like likelihood likely line lineshiba:/ $ linux |
| Tags | Tool Mobile |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.