Saturday, January 07, 2006

Symbian OS 9, "eclipsing", new executable format

Symbian SO 9 is looking more interesting by the minute.

It looks like Symbian now has an "official"(it's listed in FAQ-1304) term for the attack made popular by the Skulls family of trojans.

From the Symbian Developer Network FAQ database, the term is "eclipsing" :
"where the loader loads DLLs located on a higher order drive (e.g. C drive) to dynamically replace files on the firmware (Z drive)."
The FAQ goes on to mention that this attack is no longer allowed by the v.9 installer. No longer will unsigned apps[1] be allowed to "eclipse" rom apps. As the underlying file-system has a bit more security the cost of this attack has been raised.

On the new executable format, I've been a bit tied up the last few months so I missed that OS 9 is using ELF. New binary tools are becoming available on the Symbian Developer network. New OS version , new tools. Fun? We'll see.

[1] Applications are DLLs. So, no more overwriting the Application Manager.

Friday, January 06, 2006

DumpSIS minor updates

A few minor changes to DumpSIS. More to come.
The current version is 0.94. The changes have been checked into CVS.

New features

  • (-x) Dump All files option added.

  • Useful, for blind dumping of SIS file contents. Sometimes you want finer control. It's still available.

  • Install name (displayed by App Manager) added to default dump.

  • This is in the SIS header, at the offset to the language-dependent names block(0x64). Previously referred to in the dump as "Component". This is viewable in the SIS file in plain text. Easy to modify with hex editor. Even easier to modify by rewriting pkg file; this is the same as the Component Name in the package header.

Protecting the ‘Metaverse ecosystem’…: Openness is healthy

Meta’s Reality Labs has an opening for “Malware Reverse Engineer” . Not an uncommon role, but this particular one is a bit more specific whe...