{"id":10539,"date":"2014-05-29T14:54:47","date_gmt":"2014-05-29T12:54:47","guid":{"rendered":"https:\/\/www.corelan.be\/?p=10539"},"modified":"2014-05-29T14:54:47","modified_gmt":"2014-05-29T12:54:47","slug":"hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/","title":{"rendered":"HITB2014AMS - Day 1 - State of the ART: Exploring the New Android KitKat Runtime"},"content":{"rendered":"<p>Good afternoon and welcome back to Hack In the Box. \u00a0I can't think of anything better than a talk on ART, the new Android KitKat Runtime, to digest lunch \ud83d\ude42<\/p>\n<h4>Intro<\/h4>\n<p>ART was introduced in Android 4.4 back in October 2013 and although it is still in an experimental stage, it's poised to replace Dalvik in the near future. \u00a0ART features AOT (Ahead Of Time) compilation, which means it will run faster compared to Dalvik (which has JIT compilation) (no benchmark data is available at this point). \u00a0As a side-effect, the battery life will be improved too. \u00a0On the downside, more storage space will be needed (about 10 times larger) and ART has a longer installation time. \u00a0To enable ART (in KitKat), you can switch from Dalvik to Art by editing the corresponding developer setting.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" style=\"display: block; margin-left: auto; margin-right: auto;\" title=\"DSC_0562.jpg\" src=\"https:\/\/www.corelan.be\/wp-content\/uploads\/2014\/05\/DSC_0562.jpg\" alt=\"DSC 0562\" width=\"600\" height=\"400\" border=\"0\" \/><\/p>\n<p>To check which runtime is enabled, run \u00a0 <strong>getprop persist.sys.dalvik.vm.lib.1<\/strong> \u00a0 \u00a0If \u00a0\"libart.so\" is returned, ART is enabled. \u00a0<\/p>\n<p>Before continuing, Paul emphasizes that ART is still experimental, which means some of the contents of his talk are subject to change in the final version of ART.<\/p>\n<h4>Ahead of time compilation<\/h4>\n<p>The OAT happens upon reboot after ART is enabled. \u00a0It creates a boot.oat and boot image. \u00a0All installed apps will be compiled... and this may take a while, Paul says. \u00a0 When a new applications is installed, it also gets compiled. \u00a0The dex2oat utility is used to compile an app to OAT, and the resulting oat file will be stored on the device. \u00a0 Paul explains that the boot.oat file contains absolute pointers to methods in the boot image. \u00a0The boot.oat and boot image are loaded by zygote.<\/p>\n<p>ART has 3 compilers back-ends: \u00a0<\/p>\n<ol>\n<li>Quick (default): \u00a0Medium Level IR (DEX bytecode). It uses low level IR, gets converted to native code, and some optimization is done at each stage of the compilation process.<\/li>\n<li>Optimized: Basically an optimized version of \"Quick\"<\/li>\n<li>Portable: Uses LLVM bitcode at its LIR. \u00a0It uses optimisations using the LLVM optimizer and code generation is done by the LLVM backends. \u00a0Paul mentions that he has not been able to use the portable backend yet, for unknown reasons.<\/li>\n<\/ol>\n<p>By default, ART compiles all methods (except for some class initialization methods). \u00a0<\/p>\n<p>When you run an app, profiling data is generated (unless you disable it) and stored under \/data\/dalvik-cache. \u00a0ART uses this profiling data to determine if dex2oat must be used (and thus the applicatio must be compiled). \u00a0If the number of methods comprising 90% of the called methods has changed by 10%, it will be compiled. (in other words, it compares with previous runs and compiles as soon as it reaches a threshold). \u00a0 The methods to compile = the methods comprising 90% of the called methods.<\/p>\n<h4>OAT file format<\/h4>\n<p>The OAT file is an ELF dynamic object file, and has an .oat file extension, and uses a container for the oat data. \u00a0 The file start with the string \".oat\" (\"magic\" bytes) and has dynamic symbol tables pointing to oat data and code: oatdata (.rodata), oatexec (.text) and oatlastword. \u00a0<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" style=\"display: block; margin-left: auto; margin-right: auto;\" title=\"DSC_0563.jpg\" src=\"https:\/\/www.corelan.be\/wp-content\/uploads\/2014\/05\/DSC_0563.jpg\" alt=\"DSC 0563\" width=\"600\" height=\"400\" border=\"0\" \/><\/p>\n<p>The oat data table points to headers, DEX files. \u00a0Oatexec points to the compiled code and oatlastword is just an end marker (marks the last 4 bytes of oatdata). \u00a0OAT supports ARM, ARM64, Thumb2, x86, x86_64 and MIPS, and the target architecture is stored in the instruction_set header field.<\/p>\n<p>The DEX File header is placed right after the OAT header. \u00a0It contains information about the dex size (length of the original input path), data (original path of input file), checksum (of the path), a pointer to the embedded input DEX (apk) file, and a list of offsets to OATClassHeaders. \u00a0Each of these headers has a few fields: status, type, bitmap_size, bitmap_pointer and methods_pointer. \u00a0kOatClassAllCompiled, kOatClassSomeCompiled, kOatClassNoneCompiled are examples of the Oat Classes. \u00a0Bitmaps are used to represent which methods are compiled. \u00a0Each bit represents every method in the class, starting with direct methods.<\/p>\n<p>Next, we find an OatMethodOffset (which corresponds with a method) and OatMethodHeader header, which appears right before the method code.<\/p>\n<h4>Security Implications<\/h4>\n<p>New technology means new code, Paul says. \u00a0New code means potential mistakes. \u00a0Paul decided to fuzz the compiler (using dumb fuzzing methods), generating DEX files with mutated method code and ran them against dex2oat. \u00a0 He found several crashes but didn't pursue the crashes because he realized that - since ART is still evolving and under heavy development - it may get fixed in a next version of ART. \u00a0It does prove that new code == flaws.<\/p>\n<p>Exploiting ART would allow attackers to install user mode root kits. The fact that the boot image has the addresses of methods, it could be parsed and the pointers used in local attacks.<\/p>\n<p>Also, the base address of the boot image is fixed at 0x700000, which means it could be used to bypass ASLR. \u00a0It's a rich source of ROP gadgets. \u00a0Also, boot.oat code section has 27mb of code \ud83d\ude42<\/p>\n<h4>Reverse Engineering<\/h4>\n<p>From a static analysis perspective, Paul says, it's probably easier to read Dalvik bytecode disassembly. \u00a0If you feel up to it, you can dump the native code disassembly using oatdump (which should be on your ART enabled device). \u00a0He explains that the absolute addresses of methods are put in the application just like that. \u00a0In other words, it may be difficult to understand what is going on unless you create cross reference names. \u00a0 Also, oatdump dumps the entire OAT file, which may be painful. \u00a0 Paul mentions that you can use gdb to debug native code. \u00a0Simply get the address of a method using oatdump, set a breakpoint and trace.\u00a0<\/p>\n<p>For dynamic instrumention, you could use Cydia Substrate for Android (by saurik) or Xposed framework (by rovo89). \u00a0Unfortunately ART is not supported yet (unless it has stabilized). So, for now, static instrumentation is the way to go.. \u00a0You'll have to unpack, unassembled, etc. which can be painful.<\/p>\n<p>Paul finished his talk by explaining that ART is definitely ripe for more security research and explains that more work on RE tools is necessary to make it easier to perform research.<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<hr \/>\n<h3>About the speaker<\/h3>\n<p><a href=\"https:\/\/twitter.com\/polsab\"><strong>Paul Sabanal<\/strong><\/a> is a security researcher on IBM Security Systems\u2019s X-Force Advanced Research Team. He has more than a decade of experience in the information security industry, mainly focusing on reverse engineering and vulnerability research. He has previously presented in several conferences on the topics of C++ reversing and various sandboxing technologies. His main research interests these days are in protection technologies, mobile security, and automated binary analysis tools. When not in front of a computer, he enjoys Disney movie nights with his daughter, playing weird instruments in a band, and pajama wrestling. He is currently based in Manila, Philippines.<\/p>\n<hr \/>\n","protected":false},"excerpt":{"rendered":"<p>Good afternoon and welcome back to Hack In the Box. \u00a0I can't think of anything better than a talk on ART, the new Android KitKat Runtime, to digest lunch \ud83d\ude42 Intro ART was introduced in Android 4.4 back in October 2013 and although it is still in an experimental stage, it's poised to replace Dalvik &hellip; <a href=\"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> \"HITB2014AMS - Day 1 - State of the ART: Exploring the New Android KitKat Runtime\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[2250],"tags":[2775,2676,1834,240],"class_list":["post-10539","post","type-post","status-publish","format-standard","hentry","category-cons-seminars","tag-hitb","tag-reverse-engineering","tag-shellcode","tag-vmware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Android ART: State of the Art in the KitKat Runtime<\/title>\n<meta name=\"description\" content=\"Android ART insights from HITB2014AMS Day 1: explore Ahead-Of-Time compilation, Dalvik transition, and improved performance. Read more to stay informed.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android ART: State of the Art in the KitKat Runtime Today\" \/>\n<meta property=\"og:description\" content=\"ART details from HITB2014AMS Day 1 and how Android evolves.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2014-05-29T12:54:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.corelan.be\/wp-content\/uploads\/2014\/05\/DSC_0562.jpg\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Android ART: KitKat Runtime \u2014 State of the Art Today\" \/>\n<meta name=\"twitter:description\" content=\"Discover how ART reshapes Android runtime in KitKat today.\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"HITB2014AMS - Day 1 - State of the ART: Exploring the New Android KitKat Runtime\",\"datePublished\":\"2014-05-29T12:54:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/\"},\"wordCount\":1124,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2014\\\/05\\\/DSC_0562.jpg\",\"keywords\":[\"hitb\",\"reverse engineering\",\"shellcode\",\"vmware\"],\"articleSection\":[\"Cons and Seminars\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/\",\"name\":\"Android ART: State of the Art in the KitKat Runtime\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2014\\\/05\\\/DSC_0562.jpg\",\"datePublished\":\"2014-05-29T12:54:47+00:00\",\"description\":\"Android ART insights from HITB2014AMS Day 1: explore Ahead-Of-Time compilation, Dalvik transition, and improved performance. Read more to stay informed.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2014\\\/05\\\/DSC_0562.jpg\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2014\\\/05\\\/DSC_0562.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2014\\\/05\\\/29\\\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HITB2014AMS &#8211; Day 1 &#8211; State of the ART: Exploring the New Android KitKat Runtime\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Android ART: State of the Art in the KitKat Runtime","description":"Android ART insights from HITB2014AMS Day 1: explore Ahead-Of-Time compilation, Dalvik transition, and improved performance. Read more to stay informed.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/","og_locale":"en_US","og_type":"article","og_title":"Android ART: State of the Art in the KitKat Runtime Today","og_description":"ART details from HITB2014AMS Day 1 and how Android evolves.","og_url":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/","og_site_name":"Corelan | Exploit Development &amp; Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2014-05-29T12:54:47+00:00","og_image":[{"url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2014\/05\/DSC_0562.jpg","type":"","width":"","height":""}],"author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_title":"Android ART: KitKat Runtime \u2014 State of the Art Today","twitter_description":"Discover how ART reshapes Android runtime in KitKat today.","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"HITB2014AMS - Day 1 - State of the ART: Exploring the New Android KitKat Runtime","datePublished":"2014-05-29T12:54:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/"},"wordCount":1124,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"image":{"@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/#primaryimage"},"thumbnailUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2014\/05\/DSC_0562.jpg","keywords":["hitb","reverse engineering","shellcode","vmware"],"articleSection":["Cons and Seminars"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/","url":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/","name":"Android ART: State of the Art in the KitKat Runtime","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/#primaryimage"},"image":{"@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/#primaryimage"},"thumbnailUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2014\/05\/DSC_0562.jpg","datePublished":"2014-05-29T12:54:47+00:00","description":"Android ART insights from HITB2014AMS Day 1: explore Ahead-Of-Time compilation, Dalvik transition, and improved performance. Read more to stay informed.","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/#primaryimage","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2014\/05\/DSC_0562.jpg","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2014\/05\/DSC_0562.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2014\/05\/29\/hitb2014ams-day-1-state-of-the-art-exploring-the-new-android-kitkat-runtime\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"HITB2014AMS &#8211; Day 1 &#8211; State of the ART: Exploring the New Android KitKat Runtime"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":7550,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/10539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=10539"}],"version-history":[{"count":0,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/10539\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=10539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=10539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=10539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}