Theories built to a proof of concept.
Hey! How are you doing? Welcome to yet another blog documenting my recent technical exploit, which is hacking safe exam browser(s) and giving your online tests under virtual machines! But before starting, let me present to you the old boring warning! All the content I show here is for educational purposes only, I do not…
The change to block exec() on application data files for targetAPI >= Q is working-as-intended. Please see https://android-review.googlesource.com/c/platform/system/sepolicy/+/804149 for background on this change. Calling exec() on writable application files is a W^X (https://en.wikipedia.org/wiki/W%5EX) violation and represents an unsafe application practice. Executable code should always be loaded from the application APK. While exec() no longer works…
