CTFZone Paper: Trust Area — Infra

Apps bootstrap

Concurrent communication chains

  • REST API to accept commands from the System Checker and results from the Checker Agent
  • Emulator Manager for Android-side deployments
  • APK Grabber 3000 to collect the teams’ applications and control their versions
  • small async glue to organize the other parts
Fig. 1. System Checker-initiated action flow
  1. The System Checker interacted with a simple REST API of the Trust Area Core and knew nothing about the complexity of the underlying communications — therefore, it was programmed in a simple synchronous manner.
  2. The Emulator Manager (within the Trust Area Core) spawned an ADB command to send the intent to the Checker Agent and waited for an HTTP request with the results from the Checker Agent (try to implement it yourself with Futures 😉).

Flags delivery

Fig. 2. Flags change flow

Source code:

--

--

--

International community conference for cybersecurity researchers and professionals. No suits, no business — only hardcore research.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to use the Flutter command-line interface

Amazon Kinesis Enhanced Fan-Out

Angular Development Company | Hire Angular Developers

Tutorial Import Data Product Category | Odoo 14

TEI 177: Creating a hybrid Agile Stage-Gate process — with Colin Palombo

My Journey at TIIDELab to Self-Reliance 1.0

The Buzz Lightyear Syndrome and our misunderstandings about what a good enough software project is…

How to delete WhatsApp, beyond the obvious part

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
OFFZONE

OFFZONE

International community conference for cybersecurity researchers and professionals. No suits, no business — only hardcore research.

More from Medium

CSRF prevention: Control your TLDs

A Defender’s Perspective of Sitecore XP Deserialization RCE (CVE-2021–42237)

(Letsdefend.io) Case: SOC169 — Possible IDOR Attack Detected

Network Services