Hello, I'm Aris Thallas, a computer security researcher working at CENSUS. Back in February 2020 I had the pleasure of presenting my work on proprietary hypervisor emulation and bug discovery at the OffensiveCon 2020 conference.
Besides their common use for system virtualization, hypervisors have been
adopted in the Android ecosystem as a kernel protection against runtime attacks.
Each OEM/vendor is free to implement their own hypervisors by employing the ARM
virtualization extensions. Due to the lack of proper debugging and system
inspection support in the Android ecosystem in general such implementations have
been extremely difficult to audit/reverse/debug. This situation has been further
complicated by OEMs/vendors failing to release documentation, source code, tools,
etc. for these components publicly.
The OffensiveCon 2020 presentation entitled "Emulating Hypervisors; a Samsung RKP case study"
focused on the emulation of proprietary hypervisors under QEMU which provides users full control over
the emulated system, including debugging capabilities. The presentation discussed ARM system development and virtualization extension topics, laying the foundations for arbitrary hypervisor debugging work on ARM architectures. Examples were showcased through a custom framework that allowed for bootstraping and interacting
with the Samsung S8 proprietary hypervisor. The presentation concluded with a demonstration of
fuzzing capabilities that were made possible through the framework.
You may find the related presentation material below:
I would like to thank the organizers of OffensiveCon 2020 for an excellent conference!