Android Hacking

Question1.

Which Android kernel exploit (CVE) was used in the original Towelroot root tool to gain privilege escalation?

Question2.

What is the ARM assembly instruction used to invoke system calls on Android native binaries?

Question3.

Which system property can a malware modify to disable SELinux at boot if it has root access?

Question4.

What tool allows dynamic instrumentation of Android apps by injecting JavaScript into the runtime?

Question5.

What binder transaction code is often fuzzed to discover new Android IPC vulnerabilities?

Question6.

What is the name of the system service responsible for managing permissions at runtime on Android 6.0+?

Question7.

Which technique helps advanced Android malware run native code stealthily, avoiding static detection?

Question8.

Which special file in Android allows reading raw kernel logs and is often targeted by privilege escalation exploits?

Question9.

What is the flag used in smali or DEX code to denote an obfuscated method with native linkage?

Question10.

Which syscall is commonly used by Android rootkits to hook into process creation and execute hidden code?

Question11.

Name the system component Pegasus and similar spyware target to inject code before the user interface is rendered.

Question12.

What forensic memory analysis technique helps in detecting fileless Android malware?  

Question13.

Which Android boot image segment can be patched to bypass Verified Boot (AVB)?

Question14.

In code injection, what API is used to allocate executable memory for shellcode in Android native code?

Question15.

What is the name of the file format used by Android to package and sign OTA firmware updates?

Question16.

You reversed a malware that encrypts exfiltrated data using AES GCM before uploading it via HTTP POST to a hardcoded IP. The key is dynamically generated from device IMEI using SHA-256.
Whatʼs the flag format if the IMEI is 358240051111110 ?