While Android’s use in mobile and embedded systems is now common, details about how to debug and develop in its internals are still hard to come by. This session will cover the tools, techniques and hacks that developers can use to debug difficult problems within the Android stack.
View this presentation on YouTube:
https://www.youtube.com/watch?v=vnoY9WwEwIc
While Android’s use in mobile and embedded systems is now common, details about how to debug and develop in its internals are still hard to come by. This session will cover the tools, techniques and hacks that developers can use to debug difficult problems within the Android stack.
View this presentation on YouTube:
https://www.youtube.com/watch?v=vnoY9WwEwIc
Introduction to Android development - PresentationAtul Panjwani
A powerpoint presentation on Introduction to android development
prepared for college seminar
[Report is also uploaded named "Introduction to Android development - Presentation Report"]
Source: developer.android.com
1.ANDROID
2.INTRODUCTION
Android is a Linux-based operating system designed primarily for touchscreen mobile devices such as smartphones and tablet computers.
Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices. The first Android-powered phone was sold in October 2008.
3.ARCHITECTURE
4.Android consists of a kernel based on Linux kernel version 2.6 and, from Android 4.0 Ice Cream Sandwich onwards, version 3.x, with middleware, libraries and APIs written in C, and application software running on an application framework which includes Java-compatible libraries based on Apache Harmony.
Android uses the Dalvik virtual machine with just-in-time compilation to run Dalvik 'dex-code' (Dalvik Executable), which is usually translated from Java bytecode.The main hardware platform for Android is the ARM architecture.
5.APPLICATIONS
Android has a growing selection of third party applications, which can be acquired by users either through an app store such as Google Play or the Amazon Appstore, or by downloading and installing the application's APK file from a third-party site.
The Play Store application allows users to browse, download and update apps published by Google and third-party developers, and is pre-installed on devices that comply with Google's compatibility requirements.
6.APPLICATIONS
The app filters the list of available applications to those that are compatible with the user's device, and developers may restrict their applications to particular carriers or countries for business reasons. Purchases of unwanted applications can be refunded within 15 minutes of the time of download, and some carriers offer direct carrier billing for Google Play application purchases, where the cost of the application is added to the user's monthly bill.
As of September 2012, there were more than 675,000 apps available for Android, and the estimated number of applications downloaded from the Play Store was 25 billion.
7.SECURITY & PRIVACY
Android applications run in a sandbox, an isolated area of the system that does not have access to the rest of the system's resources, unless access permissions are explicitly granted by the user when the application is installed. Before installing an application, the Play Store displays all required permissions: a game may need to enable vibration or save data to an SD card, for example, but should not need to read SMS messages or access the phonebook. After reviewing these permissions, the user can choose to accept or refuse them, installing the application only if they accept.
KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be DangerousPriyanka Aash
Modern operating systems nowadays implement read-only memory mappings at their CPU architecture level, preventing common security attacks. By mapping memories as read-only, the memory owner process can usually trust the memory content, eleminating unnecessary security considerations such as boundary check, TOCTTOU(Time of check to time of use) issues etc., with the assumption of other processes not being able to mutate read-only shared mappings in their own virtual spaces.
However, the assumption is not always correct. In the past few years, several logical issues were addressed by security community, most of which were caused by operating systems incorrectly allowing to remap the read-only memories as writble without marking them COW(copy-on-write). As a result, the memory content of the owner process is not trustable anymore, yet causing memory corruption problem or even leading to userland privilege escalation. With operating system evolves, such issues are rare though. On the other hand, with stronger and more abundant features provided by peripheral components attached to the mobile device, DMA(direct-memory-access) technology enables the ability for fast data transfer between the host and peripheral devices. DMA leverages IOMMU(Input/Output Memory Management Unit) for memory operations, thus memory protection mechanism provided by CPU MMU is not available during the DMA transfer. In the middle of 2017, Gal Beniamini of Goole Project Zero team utilized DMA to successfully achieve device-to-host attack on both Nexus 6p and iPhone 7. Nevertheless, this new attack model usually only applies for device-to-host attack senario, where a firmware bug is needed to fully control the device. Unfortunately, DMA related interfaces are not exposed to userland applications directly.
With months of research, we found an exception case on iOS device: the Apple Graphics. At MOSEC conference in 2017, we demonstrated jailbreak for iOS 10.3.2 and iOS 11 beta 2, the latest version at that time, on iPhone 6s and iPhone 7. Details of the demonstration have never been published yet.
In this talk, we will introduce the concepts essential to our bugs, which includes:
- Indirect DMA features exposed to iOS userland
- The implementation of IOMMU memory protection
- Notification mechanism between GPU and Apple Graphics driver
The next part will cover two bug details: one in DMA handling with host virtual memory, and another out-of-bound write issue caused by potentially untrusted userland read-only memory.
Lastly we talk about how we combine two flaws across different Apple Graphics components to achieve reliable kernel code execution from iOS application sandbox.
OSSEU17: How Open Source Project Xen Puts Security Software Vendors Ahead of ...The Linux Foundation
This presentation covers a real-world case study of Bitdefender Hypervisor Introspection (HVI) that is based on Xen Project software. On April 14th, The Shadow Brokers released the Eternalblue exploit toolkit, which exploited an SMBv1 vulnerability across a wide range of Windows operating systems. The exploit was most famously used as a propagation mechanism for the WannaCryransomware. HVI prevented exploitation attempts with no prior knowledge of the exploit or underlying vulnerability. This talk will cover the exploit mechanism, how HVI detects its actions, and illustrate some of the advantages of HVI built through open source collaboration. Audience members will takeaway a better understanding of this type of exploit and how something like hypervisor introspection and security through a hypervisor approach can help companies avoid these types of new exploits.
Bringing up Android on your favorite X86 Workstation or VM (AnDevCon Boston, ...Ron Munitz
My session at AnDevCon Bostong, May 2013, Boston, MA.
This class introduces the concepts of AOSP and how to use it in order to configure and build one of the most popular Android devices available: The Android emulator, for an x86 target. You will then learn a reincarnation of the AOSP, intended to bring Android to as many x86 devices as possible. You will see its structure and compare it with the AOSP, and demonstrate how such a build works within Virtual Box, QEMU and more.
LEVEL: Intermediate
TOPIC AREA: Embedded Android
For Training/Consulting requests: info@thepscg.com
(1) Analysis of Large-scale system software
(2) Diagnose faults inside system software, especially for
device drivers
(2) Deal with faulty device driver implementation
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
2. CC-BY-SA 3.0 - Attribution requirements and misc., PLEASE READ:
This slide must remain as-is in this specific location (slide #1), everything else you are free to
change; including the logo :-)
Use of figures in other documents must feature the below "Originals at" URL immediately
under that figure and the below copyright notice where appropriate.
You are FORBIDDEN from using the default "About" slide as-is or any of its contents.
Copyright (C) 2014-2015, Opersys inc.
These slides created by: Karim Yaghmour
Originals at: http://www.opersys.com/training/
4. Introduced Linux Trace Toolkit in 1999
Originated Adeos and relayfs (kernel/relay.c)
Ara Android Arch Oversight
Training, Custom Dev, Consulting, ...
5. "Note that memory usage on modern operating systems like Linux is an extremely
complicated and difficult to understand area. In fact the chances of you actually
correctly interpreting whatever numbers you get is extremely low. (Pretty much
every time I look at memory usage numbers with other engineers, there is always
a long discussion about what they actually mean that only results in a vague
conclusion.)"
-- Dianne Hackborn, Feb 19, 2010, Stackoverflow
17. BionicBionic
malloc()/free()
Comes from Doug Lea's dlmalloc
Public Domain
See bionic/libc/upstream-dlmalloc/
Tutorial/doc:
Dates back to 1987
Uses CALL_MORECORE() macro do allocations
Based on sbrk()
dlopen()/dlsym()
http://g.oswego.edu/dl/html/malloc.html
https://en.wikipedia.org/wiki/C_dynamic_memory_allocation
18. Flags to debug/observe malloc/free Linux
Enable native monitoring by DDMS:
Open ~/.android/ddms.cfg
Add line stating: "native=true"
$ adb shell setprop libc.debug.malloc 1
$ adb shell stop
$ adb shell start
19. App Dev ConsiderationsApp Dev Considerations
Recommendations given by Google
Measuring app mem usage
Getting system mem usage
android.os.Debug
android:largeHeap="true"
https://developer.android.com/training/articles
/memory.html
https://developer.android.com/reference/android
/app/ActivityManager.html#getProcessMemoryInfo%28int[]%29
public MemoryInfo[] getProcessMemoryInfo (int[] pids)
https://developer.android.com/reference/android
/app/ActivityManager.html#getMemoryInfo%28android.app.ActivityManager.MemoryInfo%29
public void getMemoryInfo (ActivityManager.MemoryInfo outInfo)
23. 8.3 Dalvik/ART8.3 Dalvik/ART
Heap size measurement
API in apps to get access to heap size from Runtime
MAT/Eclipse
dalvik.vm.heapsize
https://developer.android.com
/reference/java/lang/Runtime.html#maxMemory%28%29
public long maxMemory ()