> Who gets to control the server being compromised?
I was thinking about phones, not servers.
> then the buyer can log all the network traffic and find the incoming attack traffic and work out the exploit from there.
Is it really that easy? I'm not a security researcher, but I imagine that most exploits aren't just a magic byte sequence you send to the victim -- so I assumed that just a single observation of a successful attack is not enough to understand it easily.
that doesn't change things too much, it does introduce some potential difficulties with intercepting certain types of traffic/input to the phone. The question just becomes who controls the hardware being compromised.
> but I imagine that most exploits aren't just a magic byte sequence you send to the victim
Its not, and its not like you can just replay those very same bytes, but its not magic, it all has a meaning and a purpose. While its not easy, you can work out plenty from logs. The entire exploit necessarily is there, things will change, but all the instructions[0] that get injected to do later stages necessarily needs to be sent, or the instructions to generate/cause them.
Its not an easy skill, but its not unheard of.
[0] I'm simplifying a bit to avoid getting into various code execution techniques
I was thinking about phones, not servers.
> then the buyer can log all the network traffic and find the incoming attack traffic and work out the exploit from there.
Is it really that easy? I'm not a security researcher, but I imagine that most exploits aren't just a magic byte sequence you send to the victim -- so I assumed that just a single observation of a successful attack is not enough to understand it easily.