Menu
Is Android too locked down for this, or is it possible for an app to include a custom JIT (just in time compilation) engine? For example, for Javascript or an emulator. Once I've compiled code (in-memory), can I simply call into that address as a function (long jumping to that address)? Or will the security flip out (e.g. trip No Execute protection) because I'm trying to execute a memory page that wasn't marked as executable? Is there a special way I need to allocate the memory so it will allow it to run executable code?
200
Android PlayStore has no special security restrictions for on-the-fly generated or manipulated code. It is very straightforward to compile a piece of C code with gcc on the device, produce a shared library (.so) and load this library from your Java or native code. Or produce an executable and exec() it from Java or native code.
On the other hand, since r.2.3, i.e. for a long long time, Android enables DEP. To tell you how hard it may be to work around this protection, depending on the hardware platform, kernel version, and ROM (e.g. whether to enable SeLinux), I cannot tell. Note that ASLR is enabled by default after r.4.0, making on-the-fly code manipulation even more challenging.
107
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
