# A tale of finding Android 0days By @Chal13W1zz  <!--  --> --- --- ### Who am I? - <code class="blue">Am a jack of all trades :smiling_face_with_smiling_eyes_and_hand_covering_mouth: </code> - <code class="blue">I :heart: Android and ARM assembly </code> - <code class="blue">I use Parrot OS :cat:</code>  --- ### Why hunt for Android 0days? :thinking_face: 1. Heavy bounty rewards :money_mouth_face: 2. Opensource, welcoming to hobbyists & researchers :books: 3. Rich people problems in IOS :broken_heart: 4. Well Documented with a supportive community :hugging_face:  --- ### Basics :yum: - Basic Memory Corruption Bugs - Languages (C , C++, Some assembly, Java, and English [optional]) - 8+ RAM, 50+ HDD , good internet ++ <code class="orange">Let us begin :tada:</code>  --- ### Where Do I start? :cry:  - Read dislosed reports p0, CTFs, google :) - Set up your lab (install build tools, get source) --- ### Where Do I start ctd... - SyzKaller (mailing list sub) - Read Security Bulletins - changelogs and patch diffing - Twitter - Stalk Other Researchers :eyes: --- ### My Hunting Methodology :bow_and_arrow:  - Read write ups and RCAs - kernel pull, sync and diff - Kernel browse (bootlin) [Time Travel] - Versioned Exploit --- ### Android Priviledge Escalation  ___ --- ## UAF Analogy  --- ## 0day/Nday? https://github.com/Chal13W1zz/bad-binder Demo --- ### Socials? :sheep: https://linktr.ee/chal13w1zz Twitter : https://twitter.com/Chal13W1zz  --- ## Q & A :) Now you know how to the FBI :crossed_swords: