Analysis by: Weichao Sun
 THREAT SUBTYPE:

Rooting Tool

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This hacking tool may be manually installed by a user.

  TECHNICAL DETAILS

Tamaño del archivo 23,060 bytes
Tipo de archivo ELF
Fecha de recepción de las muestras iniciales 23 Aug 2012

Arrival Details

This hacking tool may be manually installed by a user.

NOTES:

It can be launched manually or by another application. After launched, it executes following steps to root the device:

  • Back up self to /data/local/tmp/boomsh
  • Back up /system/bin/sh to /data/local/tmp/sh
  • Check if already have a 0 user ID (i.e. root privilige)
  • Check system version, if the system is neither Android2.2 nor Android2.3 , it then exits
  • Check the vold executable file version
  • Run the exploit module according to the system version
  • If the exploit module fails, it then exits
  • Sets ro.kernel.qemu value to 0
  • Kill and restart the ADB process

Executing the exploit roots the ADB shell.