This website is using cookies. We use cookies to ensure that we give you the best experience on our website. More info. That's Fine
HPC:Factor Logo 

Exploiting H/PC Pro 3.0 - Windows CE's unseen legacy

Handheld PC News

Posted 4 years ago | News | Chris Tilley 2 comments

Microsoft Windows CE 2.11 Logo
Most users of computing devices seldom giving the very real need to understand application security much credence. The same is true for most Windows CE users, who, since 1996 have without much more than a second glance consumed tools, apps and utilities from the Internet without much thought to the quality and security profile of those programs.

If Windows CE had been more popular, hadn't faded into obscurity and had become more ubiquitous like its Win32 counterpart. How would history have recorded the security profile and security efforts of those few who chose to develop for the platform?

In an interesting, if technical series of articles. Elias Augusto has been taking a look at the practicalities of performing a low level buffer exploit against H/PC Pro 3.0 under the SH3 architecture. Using a couple of apps from the SCL here on HPC:Factor, Elias goes on to develop the exploit attack and subsequently works towards making it a fully demonstrable proof of concept.

It isn't an easy read if you are not a security researcher or hacker, however Elias's article offers a fascinating view into the world of security research, offering a clear insight into the intricacies and hurdles experienced in creating such exploits. His work leaves the topic open to some interesting thinking on just how well written these early apps were as well as what might exploits still might be possible were modern thinking and attack techniques being readily applied against the H/PC.

For simplicity, the articles in the series up to the current time are linked below or you can visit Elias's blog directly to view the latest developments.

  1. Windows CE SuperH3 Exploit Development Part 1: Tools and Sources of Information
  2. Windows CE SuperH3 Exploit Development Part 2: Finding Buffer Overflows with the Embedded Visual Tools Debugger
  3. Windows CE SuperH3 Exploit Development Part 3: Unicode Blues and an Unfortunate Conclusion (For Now)
  4. Windows CE SuperH3 Exploit Development Part 4: Buffer Overflows Take Two, Heap Spritzing, and Turning Lessons Learned…
  5. Windows CE SuperH3 Exploit Development Part 4: RISC Shellcoding Philosophy and Examples
  6. Windows CE SuperH3 Exploit Development Interlude: Usable Null-Free RISC Shellcode and ASCII Parameter Translation
  7. Windows CE SuperH3 Exploit Development Part…0: A Statement and a Fresh Start

View: Elias Augusto's Blog
Posted on 04 February 2020 at 10:27By Chris Tilley (C:Amie)

Comments on this article

Jake's Avatar Jake 05 February 2020 3:23:58 PM
A pleasure to read your writing, Chris. Your summary is clear and incisive and intriguing.

joval's Avatar joval 30 March 2020 2:08:13 AM
Most of his blog is over my head, but it seems his best efforts at creating a wince 2.1 hack/exploit failed...am I correct in that? So, it appears to be a more secure platform than one might think given its creation so long ago.!! is that what you are saying???

The Jornada 680 I had way back when just didn't seem powerful enough...but perhaps I just didn't know about HPCFactor at the time. When I acquired used J720's later and this site, with programs and drivers, it seemed a different story. WEP wifi being the most obvious security weakness I have been aware of...

You must be logged-in to comment on this article. Please login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.