├── README.md ├── assets ├── data_dump.png ├── data_dump.raw ├── data_dump_cluster.png ├── data_static.png ├── data_static.raw ├── fault_console.txt ├── fault_trace_console.txt ├── instrumentation_timing.json ├── key_recovery.txt ├── mem_trace.json ├── timing.txt └── wb-traces │ ├── injection-1a8549.trace │ ├── injection-1a8978.trace │ ├── injection-1a8efd.trace │ ├── injection-1a8fdf.trace │ ├── injection-1a90ce.trace │ ├── injection-1a91b2.trace │ ├── injection-1a930d.trace │ └── injection-1a95bd.trace ├── figures ├── aes_rounds.png ├── inst_addr.png ├── inst_addr_zoom.png ├── overview.png ├── zoom_1.png ├── zoom_2.png └── zoom_3.png ├── libnative-lib-patched.so ├── libnative-lib.so ├── lief_patch.py ├── push.sh ├── re.pwnme.1.0.apk ├── root-bypass.js ├── scripts ├── aes_test.py ├── show_memory_accesses.py └── wb_key_recovery.py └── shim-whitebox ├── CMakeLists.txt ├── cmake └── config-android-aarch64.sh ├── lib ├── application.apk └── libnative-lib.so └── src ├── data.hpp ├── json.hpp └── main.cpp /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/README.md -------------------------------------------------------------------------------- /assets/data_dump.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/data_dump.png -------------------------------------------------------------------------------- /assets/data_dump.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/data_dump.raw -------------------------------------------------------------------------------- /assets/data_dump_cluster.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/data_dump_cluster.png -------------------------------------------------------------------------------- /assets/data_static.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/data_static.png -------------------------------------------------------------------------------- /assets/data_static.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/data_static.raw -------------------------------------------------------------------------------- /assets/fault_console.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/fault_console.txt -------------------------------------------------------------------------------- /assets/fault_trace_console.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/fault_trace_console.txt -------------------------------------------------------------------------------- /assets/instrumentation_timing.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/instrumentation_timing.json -------------------------------------------------------------------------------- /assets/key_recovery.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/key_recovery.txt -------------------------------------------------------------------------------- /assets/mem_trace.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/mem_trace.json -------------------------------------------------------------------------------- /assets/timing.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/timing.txt -------------------------------------------------------------------------------- /assets/wb-traces/injection-1a8549.trace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/wb-traces/injection-1a8549.trace -------------------------------------------------------------------------------- /assets/wb-traces/injection-1a8978.trace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/wb-traces/injection-1a8978.trace -------------------------------------------------------------------------------- /assets/wb-traces/injection-1a8efd.trace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/wb-traces/injection-1a8efd.trace -------------------------------------------------------------------------------- /assets/wb-traces/injection-1a8fdf.trace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/wb-traces/injection-1a8fdf.trace -------------------------------------------------------------------------------- /assets/wb-traces/injection-1a90ce.trace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/wb-traces/injection-1a90ce.trace -------------------------------------------------------------------------------- /assets/wb-traces/injection-1a91b2.trace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/wb-traces/injection-1a91b2.trace -------------------------------------------------------------------------------- /assets/wb-traces/injection-1a930d.trace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/wb-traces/injection-1a930d.trace -------------------------------------------------------------------------------- /assets/wb-traces/injection-1a95bd.trace: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/assets/wb-traces/injection-1a95bd.trace -------------------------------------------------------------------------------- /figures/aes_rounds.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/figures/aes_rounds.png -------------------------------------------------------------------------------- /figures/inst_addr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/figures/inst_addr.png -------------------------------------------------------------------------------- /figures/inst_addr_zoom.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/figures/inst_addr_zoom.png -------------------------------------------------------------------------------- /figures/overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/figures/overview.png -------------------------------------------------------------------------------- /figures/zoom_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/figures/zoom_1.png -------------------------------------------------------------------------------- /figures/zoom_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/figures/zoom_2.png -------------------------------------------------------------------------------- /figures/zoom_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/figures/zoom_3.png -------------------------------------------------------------------------------- /libnative-lib-patched.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/libnative-lib-patched.so -------------------------------------------------------------------------------- /libnative-lib.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/libnative-lib.so -------------------------------------------------------------------------------- /lief_patch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/lief_patch.py -------------------------------------------------------------------------------- /push.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/push.sh -------------------------------------------------------------------------------- /re.pwnme.1.0.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/re.pwnme.1.0.apk -------------------------------------------------------------------------------- /root-bypass.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/root-bypass.js -------------------------------------------------------------------------------- /scripts/aes_test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/scripts/aes_test.py -------------------------------------------------------------------------------- /scripts/show_memory_accesses.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/scripts/show_memory_accesses.py -------------------------------------------------------------------------------- /scripts/wb_key_recovery.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/scripts/wb_key_recovery.py -------------------------------------------------------------------------------- /shim-whitebox/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/shim-whitebox/CMakeLists.txt -------------------------------------------------------------------------------- /shim-whitebox/cmake/config-android-aarch64.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/shim-whitebox/cmake/config-android-aarch64.sh -------------------------------------------------------------------------------- /shim-whitebox/lib/application.apk: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/shim-whitebox/lib/application.apk -------------------------------------------------------------------------------- /shim-whitebox/lib/libnative-lib.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/shim-whitebox/lib/libnative-lib.so -------------------------------------------------------------------------------- /shim-whitebox/src/data.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/shim-whitebox/src/data.hpp -------------------------------------------------------------------------------- /shim-whitebox/src/json.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/shim-whitebox/src/json.hpp -------------------------------------------------------------------------------- /shim-whitebox/src/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/romainthomas/r2pay/HEAD/shim-whitebox/src/main.cpp --------------------------------------------------------------------------------