{"id":488176,"date":"2021-05-12T18:49:30","date_gmt":"2021-05-12T10:49:30","guid":{"rendered":"http:\/\/4563.org\/?p=488176"},"modified":"2021-05-12T18:49:30","modified_gmt":"2021-05-12T10:49:30","slug":"%e5%9c%a8%e5%85%a8%e7%90%83%e6%9c%80%e5%a4%a7%e7%9a%84%e5%90%8c%e5%a7%93%e5%8f%ab%e5%8f%8b%e7%bd%91%e7%ab%99%e5%8f%91%e7%8e%b0%e4%b8%80%e6%ac%be%e4%b8%80%e9%94%ae%e6%a0%bc%e7%9b%98%e5%b7%a5%e5%85%b7-m","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=488176","title":{"rendered":"\u5728\u5168\u7403\u6700\u5927\u7684\u540c\u59d3\u53eb\u53cb\u7f51\u7ad9\u53d1\u73b0\u4e00\u6b3e\u4e00\u952e\u683c\u76d8\u5de5\u5177 MJJ\u6765\u8bd5\u8bd5"},"content":{"rendered":"\n<p>  \t\t\t\t\t<strong>mubazhe<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n<h3>\u5728\u5168\u7403\u6700\u5927\u7684\u540c\u59d3\u53eb\u53cb\u7f51\u7ad9\u53d1\u73b0\u4e00\u6b3e\u4e00\u952e\u683c\u76d8\u5de5\u5177 MJJ\u6765\u8bd5\u8bd5<\/h3>\n<p>  \t\t\u9879\u76ee\u5730\u5740 https:\/\/github.com\/mbkore\/lockup<\/p>\n<p>  An Android-based Cellebrite UFED self-defense application<br \/>  LockUp is an Android application that will monitor the device for signs for attempts to image it using known forensic tools like the Cellebrite UFED. Here is a blog I wrote.<\/p>\n<p>  Proof-of-Concept. Not meant as an in-depth defense<br \/>  Android API 28, Does not require root<br \/>  Relies on RECEIVE_BOOT_COMPLETED to start a Service and AccessibilityService<br \/>  Monitors USB events through ACTION_USB_DEVICE, package installations, and known exploit staging locations on the filesystem<br \/>  Detects Logical Extractions, File System Extractions, and Physical Extractions leveraging ADB<br \/>  Will automatically respond with a factory reset with DeviceAdminReceiver<br \/>  Beginning steps to researching more robust anti-forensic techniques\t\t\t\t<\/p>\n<p>  \t\t\t\t\t<strong>yuqi<\/strong>  \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n<h3><\/h3>\n<p>  \t\t\u4e00\u952e\u586b0\u586b1\u6709\u6ca1\u6709\t\t\t  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>mubazhe \u5927\u4f6c\u6709\u8bdd\u8bf4 : \u5728&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/488176"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=488176"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/488176\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=488176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=488176"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=488176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}