Make Your Own Heat Sink for the LG Optimus 4X HD

Its not a rare occurrence that performing a resource heavy task on your Android device (e.g. … more

Learn How to Create an Old School Dialer

XDA is not only a great source for custom ROMs, kernels, and various modifications for numerous … more

USB Desktop Charger Roundup – XDA TV

Sometimes you learn one way to do something, and that’s the way you do it forever. You never … more

Samsung Galaxy Grand Duos Receives Early CM12 Port

Samsung Galaxy Grand is a dual-SIM phone with a 5 screen that was announced two years ago. … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

About VZW Remote Diagnostics/AetherPal

OP substanceD

25th March 2012, 11:42 AM   |  #1  
OP Member
Thanks Meter: 49
 
40 posts
Join Date:Joined: Aug 2009
More
I've been doing some research into Verizon's new remote diagnostic app, so I'll share my findings here. The app in question is Aetherpal.apk, which is located in /system/app/ in the FP1 update for the Droid Charge. When the phone boots up, this app establishes a connection with AetherPal's server to establish a secure session, and though it's hard to tell exactly how this happens by reading the smali code, it appears to use a combination of AES (symmetric encryption) and cipher block chaining (each section of the message is passed through a block cipher) for encryption.

After establishing a session, the app idles until it receives either a special SMS message or a packet over HTTPS, which can instruct it perform a variety of functions. I'm still investigating what these are, but some of the status codes are for starting streaming, pausing streaming, and initiating remote control. The application logs the actions taken in the course of the session, and there is some sort of a user interface that shows the user what the remote operator is currently doing with the phone in real-time. The log is sent back to Verizon's AetherPal service running on AetherPal's servers, where presumably Verizon representatives can access it.

Here is a nice diagram that AetherPal has made concerning their service: http://aetherpal.com/architecture.html.

Well, that's it for now, but I'm going to continue investigating in more detail. In particular, I'm interested in how exactly the handshake happens during initialization, what information is logged (anything potentially sensitive?), and how much control remote operators have over the device. It would be good to confirm that some action is needed on the user's part to allow a remote operator to start controlling the device.
The Following 3 Users Say Thank You to substanceD For This Useful Post: [ View ]
25th March 2012, 02:22 PM   |  #2  
davwman's Avatar
Senior Member
Flag Centereach
Thanks Meter: 712
 
4,384 posts
Join Date:Joined: Nov 2010
More
I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.
10th January 2013, 12:04 PM   |  #3  
Junior Member
Thanks Meter: 0
 
7 posts
Join Date:Joined: Oct 2012
Quote:
Originally Posted by davwman

I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.

More info on Aetherpal:

www dot google dot com slash patents slash US20120254762

www dot w2bi dot com

aetherpal dot com

Strings from Aetherpal.apk :

Does verizon actually use this to help customers?
Attached Files
File Type: txt Aetherpal.txt - [Click for QR Code] (173.5 KB, 101 views)
11th January 2013, 12:35 AM   |  #4  
Antoneus1231's Avatar
Senior Member
Thanks Meter: 71
 
189 posts
Join Date:Joined: May 2012
More
Thanks for bringing this to our attention. I hope your findings can tell us if vzw can tell if we are rooted through this "feature". It could possibly void a bunch of warranties.

However, if a device is stolen then I can see some benefits to it.

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .
11th January 2013, 11:01 PM   |  #5  
Junior Member
Thanks Meter: 0
 
7 posts
Join Date:Joined: Oct 2012
Quote:
Originally Posted by davwman

I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.

Quote:
Originally Posted by Antoneus1231

Thanks for bringing this to our attention. I hope your findings can tell us if vzw can tell if we are rooted through this "feature". It could possibly void a bunch of warranties.

However, if a device is stolen then I can see some benefits to it.

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .

lines 3436-3437:

'VZW_DEVICE_NOT_ROOTED',
'VZW_DEVICE_ROOTED'
12th January 2013, 03:13 AM   |  #6  
Antoneus1231's Avatar
Senior Member
Thanks Meter: 71
 
189 posts
Join Date:Joined: May 2012
More
Oh shoot. That isn't good is it...

Is that something that is transferred as it establishes a connection as you described or just a command that is available?

Can this be resolved by hiding root w an app?

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .
Last edited by Antoneus1231; 12th January 2013 at 03:17 AM.
12th January 2013, 05:42 AM   |  #7  
shrike1978's Avatar
Recognized Contributor
Flag Atlanta, GA
Thanks Meter: 3,095
 
3,413 posts
Join Date:Joined: Jun 2011
Donate to Me
More
I have had the automated system ask me for permission to allow a technician to remotely connected to my phone when I've called in a few times and denied it, and they never said another word about it once they were on the phone. My assumption is that there are some pretty strict privacy policies in place for it after all the fallout from the keylogger that other providers had been using.

To put it all in perspective though, I sent a Rezound in for a warranty exchange that was S-OFF and running CM9 and they never said a word about it.
The Following User Says Thank You to shrike1978 For This Useful Post: [ View ]
15th January 2013, 05:39 AM   |  #8  
THEbigSWEEN's Avatar
Senior Member
Thanks Meter: 264
 
470 posts
Join Date:Joined: Mar 2012
More
Quote:
Originally Posted by shrike1978

I have had the automated system ask me for permission to allow a technician to remotely connected to my phone when I've called in a few times and denied it, and they never said another word about it once they were on the phone. My assumption is that there are some pretty strict privacy policies in place for it after all the fallout from the keylogger that other providers had been using.

To put it all in perspective though, I sent a Rezound in for a warranty exchange that was S-OFF and running CM9 and they never said a word about it.

Was that a Verizon, manufacturer, or third party warranty? Because I've heard of people sending their phones in to Samsung and having it rooted with no issues but if it's a warranty or repair through Verizon then they will cry voided warranty. Big surprise there. Luckily I've yet to have to send a phone in :knock on wood: and I froze sysscope with TiBu on my Charge just in case.

Side note: warranty is one of those words that the more you say it, the more it doesn't sound right
15th January 2013, 05:27 PM   |  #9  
shrike1978's Avatar
Recognized Contributor
Flag Atlanta, GA
Thanks Meter: 3,095
 
3,413 posts
Join Date:Joined: Jun 2011
Donate to Me
More
Straight through Verizon. I have the extra insurance, but I've never used it. I did replace my Charge twice and I've had to replace my Rezound three times. All of it from hardware issues, and most of it from poor QA on Verizons CLNR program.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes