Automatic privilege evaluation of D-Bus services on a remote device.
Presented at DEF CON 26 (slide, video)
See branches of this Git repository.
- tizen-wearable-2.3.2
- tizen-wearable-3.0
yarn install
yarn run allDan spawns a test process with no privilege on a remote device. The process recursively scans through its D-Bus tree to acquire its structure; bus names, objects, interfaces, properties, methods, and signals. The analyzer tries to gather every property of every object, and to call every method of every interface for privilege evaluation. Finally, the data is written into the files for further analysis.
db.json: A simple JSON database for the analyzer, containing the D-Bus tree structureproperties.log: A list of properties accessible from the test processcallables.log: A list of methods callable from the test process, formatted as shell commands
GPLv3