Android exploit dalvik classes: Preferences
Recently, i have been trying to understand how some apps manage to change android browser settings by code like the homepage. This is how “far” i have come. It is not support by the android api and normal code. You have to use native code. I analysed a advertising sdk which was the way most of the apps managed to change the settings. My first thoughts were that it may did some kind of root exploiting to get full access to shared preferences where the settings are stored.
I did som research and analysing on the sdk and found similarities beetwen the sdk and a malware called Plankton. Both the malware and the SDK collects device info and sends a request to a C&C server and downloads a jar file with native code. It “exploits Dalvik class loading capability to stay stealthy” instead of using root exploits. It supports some commands like setting homepage, shortcuts, and bookmarks and collecting browser history.
I have tried to manually download the jar from the server by using the url and adding the post data to it from the sdk but i didnt get it to work. Maybe i have messed with the post data. How can it change the settings without having root access and instead using dalivk exploit? Any thoughts would be appreciated.
2 Solutions collect form web for “Android exploit dalvik classes: Preferences”
Not really on topic, but ‘collecting browser history’ is a supported function of the stock browser.
There is a permission needed as can be seen on:
public static final String READ_HISTORY_BOOKMARKS Added in API level 4
Allows an application to read (but not write) the user’s browsing
history and bookmarks. Constant Value:
Hope this helps a bit
- Put your device on wifi
- set the system proxy to fiddler
- run the app that downloads the jar.
- Grab the jar from fiddler.