A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #26481  by poppig
 Sun Aug 09, 2015 4:34 pm
Hello, I'am now reversing the stagefright detect tools that is published by the Zimperium.
I find that the real application that detect the Vulnerability is native_app.

The detection results from the native_app is below:
root@hwH60:/sdcard # ./native_app cve-2015-3829.mp4
./native_app cve-2015-3829.mp4
received signal 11

The native_app is the elf format.So I decide to reverse it.
Finally,I finish the code. But it doesn't work.

root@hwH60:/sdcard # ./nativesf cve-2015-3829.mp4
./nativesf cve-2015-3829.mp4
[0;35m[mov,mp4,m4a,3gp,3g2,mj2 @ 0x493c90] [0m[1;31mmoov atom not found
[0mresult: NULL

I have upload the source code and apk including the native_app.
I don't know if I miss something from the native_app?
apk(native_app include)
(848.9 KiB) Downloaded 30 times
(1.46 KiB) Downloaded 34 times