About

ยท 128 words ยท 1 minute read

About Me ๐Ÿ”—

I am a security researcher from Qihoo 360, mainly focusing on Android related targets. I have been looking into some attack surfaces like NFC, Binder, Media Codecs and TrustZone.

Find me as:

Twitter: @JHyrathon

Wechat: hyrathon

Mail: hyrathon@gmail.com

Presentations ๐Ÿ”—

[HITCON 2019] Hunting in the Near Field: An Investigation of NFC-related bugs of Android

[Blackhat Asia 2021] Wideshears: Investigating and Breaking Widevine on QTEE

Hunted Bugs ๐Ÿ”—

Some of the PoCs can be found here: https://github.com/hyrathon/PoCs

ID Component Link
CVE-2019-2017 NFC https://source.android.com/security/overview/acknowledgements#mar-2019
CVE-2019-2027 Tremolo https://source.android.com/security/overview/acknowledgements#apr-2019
CVE-2019-2034 NFC https://source.android.com/security/overview/acknowledgements#apr-2019
CVE-2019-2099 NFC https://source.android.com/security/overview/acknowledgements#june-2019
CVE-2019-2118 Binder https://source.android.com/security/overview/acknowledgements#july-2019
CVE-2019-2135 NFC https://source.android.com/security/overview/acknowledgements#august-2019
CVE-2019-2178 NFC https://source.android.com/security/overview/acknowledgements#september-2019
CVE-2019-2187 NFC https://source.android.com/security/overview/acknowledgements#october-2019
CVE-2019-2207 NFC https://source.android.com/security/overview/acknowledgements#november-2019
CVE-2019-9358 NFC https://source.android.com/security/overview/release-acknowledgements
CVE-2020-0050 NFC HCI https://source.android.com/security/overview/acknowledgements#march-2020
CVE-2020-0216 NFC https://source.android.com/security/overview/acknowledgements#june-2020
CVE-2020-11132 BOOT/UEFISECAPP https://www.qualcomm.com/company/product-security/bulletins/november-2020-security-bulletin#_cve-2020-11132
CVE-2020-11293 Widevine TA https://source.android.com/security/overview/acknowledgements#may-2021
CVE-2020-11304 Widevine TA https://source.android.com/security/overview/acknowledgements#june-2021