On 07/09/2013 11:15 PM, Jeffrey Walton wrote:
On Mon, Jul 8, 2013 at 4:06 AM, Pau Oliva Fora wrote:
Looks like it has to do with duplicate file entries, there's more info here:

https://jira.cyanogenmod.org/browse/CYAN-1602
http://review.cyanogenmod.org/#/c/45251/
Thanks for the sample code Pao
(https://gist.github.com/poliva/36b0795ab79ad6f14fd8).

Would you happen to know....

(1) Does this work reliable using `adb -r install` (I have had a lot
of trouble in the past with '-r'); or does the adbersary need elevated
privileges?
just make sure to increase the 'android:versionCode' in the manifest
file, it installs without problem using -r:

pau@maco:/tmp$ adb install file.apk
656 KB/s (25886 bytes in 0.038s)
         pkg: /data/local/tmp/file.apk
Success
pau@maco:/tmp$ adb install -r evil-file.apk
1632 KB/s (64844 bytes in 0.038s)
         pkg: /data/local/tmp/evil-file.apk
Success
pau@maco:/tmp$

(2) I presume it works if someone grants a trojan System.
yes, but in practice is not that easy: system apps are odexed and system
APKs do not contain a classes.dex inside, so you can backdoor an APK to
change a resource/xml but not to alter the actual program because it's
an *.odex file outside the APK.

There should be no problem to do that on deodexed ROMs, because the
system APKs contain the classes.dex inside, however CyanogenMod has a
patch to prevent installing platform packages to user storage and would
prevent that too.

(3) Are you able to tamper with a backup (`adb backup -all -noshared`)
and then restore with the modified APK?
I haven't tried that, but I don't see why it shouldn't work.

Jeff
Cheers,

  Pau

--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to android-security-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 7 of 9 | next ›
Discussion Overview
groupandroid-security-discuss @
categoriesandroid
postedJul 6, '13 at 2:52p
activeJul 14, '13 at 4:36a
posts9
users4
websiteandroid.com

People

Translate

site design / logo © 2019 Grokbase