Re: [android-security-discuss] Info on Android bug 8219321?

Tue, 09 Jul 2013 16:42:18 -0700 

On 07/09/2013 11:15 PM, Jeffrey Walton wrote:
> On Mon, Jul 8, 2013 at 4:06 AM, Pau Oliva Fora <p...@eslack.org> wrote:
>> Looks like it has to do with duplicate file entries, there's more info here:
>>
>> https://jira.cyanogenmod.org/browse/CYAN-1602
>> http://review.cyanogenmod.org/#/c/45251/
> Thanks for the sample code Pao
> (https://gist.github.com/poliva/36b0795ab79ad6f14fd8).
> 
> Would you happen to know....
> 
> (1) Does this work reliable using `adb -r install` (I have had a lot
> of trouble in the past with '-r'); or does the adbersary need elevated
> privileges?

just make sure to increase the 'android:versionCode' in the manifest
file, it installs without problem using -r:

pau@maco:/tmp$ adb install file.apk
656 KB/s (25886 bytes in 0.038s)
        pkg: /data/local/tmp/file.apk
Success
pau@maco:/tmp$ adb install -r evil-file.apk
1632 KB/s (64844 bytes in 0.038s)
        pkg: /data/local/tmp/evil-file.apk
Success
pau@maco:/tmp$


> (2) I presume it works if someone grants a trojan System.
> 

yes, but in practice is not that easy: system apps are odexed and system
APKs do not contain a classes.dex inside, so you can backdoor an APK to
change a resource/xml but not to alter the actual program because it's
an *.odex file outside the APK.

There should be no problem to do that on deodexed ROMs, because the
system APKs contain the classes.dex inside, however CyanogenMod has a
patch to prevent installing platform packages to user storage and would
prevent that too.


> (3) Are you able to tamper with a backup (`adb backup -all -noshared`)
> and then restore with the modified APK?
> 

I haven't tried that, but I don't see why it shouldn't work.


> Jeff
> 

Cheers,

        Pau

-- 
You received this message because you are subscribed to the Google Groups 
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to android-security-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to android-security-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to