Joel Eriksson

Joel Eriksson has written 22 posts for ClevCode

CVE-2014-3153 Exploit

This awesome vulnerability, that affect pretty much all Linux kernels from the last five years, was found by Comex about a month ago. It is also the vulnerability that is used in TowelRoot by GeoHot, to root the Samsung S5 and a bunch of other Android based devices. TowelRoot is closed source and heavily obfuscated … Continue reading »

Available for projects

I am currently available for projects involving: Code Auditing Reverse-Engineering Exploit Development Vulnerability Assessments Malware Analysis Security Research-oriented projects in general For more information about me and my abilities, besides what you can see in my posts here, you are welcome to take a look at my CV: http://www.clevcode.org/cv.pdf For select clients, I might also … Continue reading »

Oldies but goldies #2

Found another one of my old exploits. This one a Windows kernel exploit from 2006. :) This also happens to be one of the exploits I demonstrated (but did not release) at BlackHat and DefCon in 2007, in our Kernel Wars talk. It was actually still unpatched when demonstrating it at BlackHat Europe, even though … Continue reading »

Oldies but goldies

Looking through some old disks now, and found a couple of exploits I coded back in 2004. Good old times. :) The first one is an exploit for a double free() in CVS

ARM payload development

As I mentioned on Twitter earlier (@OwariDa, @ClevCode), using the excellent Hex-Rays ARM decompiler turned out to be quite handy for verifying the payload I’m developing and injecting into the XMM6260-based baseband in my Samsung S3 (GT-i9300). Rebooting my phone due to baseband crashes can be a bit time consuming. :D The specific research I’m … Continue reading »

Team ClevCode

This is now the official home for Team ClevCode. More information about us at: http://www.clevcode.org/team/  

Codegate Quals 2012 – Vuln 500

This is my writeup for the Vuln 500 challenge in the Codegate Quals 2012 competition. The vulnerability is a straight forward format string vulnerability in a SUID Linux/x86 program. Since ASLR & NX was activated, it was not quite as straight forward to exploit though. Since partial RELRO was used as well, DTORS was read-only, … Continue reading »

CanYouCrackIt.co.uk / GCHQ Challenge Solution – Stage 3

The final stage of the GCHQ challenge was a small (5kB) x86 Windows/cygwin binary (available here). Analyzing it in IDA Pro, I could see that it expects a 24 byte license file with the following format: “gchq” : Static header Password : Eight character password, which should match the DES-hash “hqDTK7b8K2rvw” with the salt “hq” … Continue reading »

CanYouCrackIt.co.uk / GCHQ Challenge Solution – Stage 2

After cracking stage 1 of the GCHQ challenge, we get the URL to the Javascript code available here. It defines a virtual machine with four general registers, two segment registers, one flag register and of course the instruction pointer. It also includes an array of two values named “firmware”, which seems rather strange. These values … Continue reading »

CanYouCrackIt.co.uk / GCHQ Challenge Solution – Stage 1

I heard about “the code” at www.canyoucrackit.co.uk during the first friday of december (2011-12-02), and cracked the final stage on sunday two days later. The reason for not cracking it all during friday evening was, unfortunately, not because it presented much of a challenge but because I was out partying pretty much 24/7 during friday … Continue reading »

View Joel Eriksson's profile on LinkedIn