Saturday, January 07, 2006

Symbian OS 9, "eclipsing", new executable format

Symbian SO 9 is looking more interesting by the minute.

It looks like Symbian now has an "official"(it's listed in FAQ-1304) term for the attack made popular by the Skulls family of trojans.

From the Symbian Developer Network FAQ database, the term is "eclipsing" :
"where the loader loads DLLs located on a higher order drive (e.g. C drive) to dynamically replace files on the firmware (Z drive)."
The FAQ goes on to mention that this attack is no longer allowed by the v.9 installer. No longer will unsigned apps[1] be allowed to "eclipse" rom apps. As the underlying file-system has a bit more security the cost of this attack has been raised.

On the new executable format, I've been a bit tied up the last few months so I missed that OS 9 is using ELF. New binary tools are becoming available on the Symbian Developer network. New OS version , new tools. Fun? We'll see.

[1] Applications are DLLs. So, no more overwriting the Application Manager.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Protecting the ‘Metaverse ecosystem’…: Openness is healthy

Meta’s Reality Labs has an opening for “Malware Reverse Engineer” . Not an uncommon role, but this particular one is a bit more specific whe...