About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Subverting Code Integrity in Electron- 1731

Darius Houle - Trail of BitsPosted 5 Months Ago
  • Electron packages are signed in order to prevent tampering. Many applications, such as Signal and 1Password, use this.
  • Electron is based on the Chrome browser. V8 heap snapshots occur from a user-writable directory in Chrome. These are used for rendering various browser components from disk instead of doing it over and over again.
  • The bypass for the code integrity is simply done by modifying the V8 snapshots on the system. By clobbering Array.isArray() in JavaScript, the author can easily trigger a crash. Naturally, this hijacking of functions and be used to add arbitrary code and circumvent all integrity checks.
  • This vulnerability is super simple but requires a deep knowledge of Chrome. Understanding something popular very well can lead to seemingly simple security issues with devastating consequences, such as this one.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed