Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,736,733 Members 53,815 Now Online
XDA Developers Android and Mobile Development Forum

About VZW Remote Diagnostics/AetherPal

Tip us?
 
substanceD
Old
#1  
Member - OP
Thanks Meter 49
Posts: 40
Join Date: Aug 2009
Default About VZW Remote Diagnostics/AetherPal

I've been doing some research into Verizon's new remote diagnostic app, so I'll share my findings here. The app in question is Aetherpal.apk, which is located in /system/app/ in the FP1 update for the Droid Charge. When the phone boots up, this app establishes a connection with AetherPal's server to establish a secure session, and though it's hard to tell exactly how this happens by reading the smali code, it appears to use a combination of AES (symmetric encryption) and cipher block chaining (each section of the message is passed through a block cipher) for encryption.

After establishing a session, the app idles until it receives either a special SMS message or a packet over HTTPS, which can instruct it perform a variety of functions. I'm still investigating what these are, but some of the status codes are for starting streaming, pausing streaming, and initiating remote control. The application logs the actions taken in the course of the session, and there is some sort of a user interface that shows the user what the remote operator is currently doing with the phone in real-time. The log is sent back to Verizon's AetherPal service running on AetherPal's servers, where presumably Verizon representatives can access it.

Here is a nice diagram that AetherPal has made concerning their service: http://aetherpal.com/architecture.html.

Well, that's it for now, but I'm going to continue investigating in more detail. In particular, I'm interested in how exactly the handshake happens during initialization, what information is logged (anything potentially sensitive?), and how much control remote operators have over the device. It would be good to confirm that some action is needed on the user's part to allow a remote operator to start controlling the device.
The Following 3 Users Say Thank You to substanceD For This Useful Post: [ Click to Expand ]
 
davwman
Old
#2  
davwman's Avatar
Senior Member
Thanks Meter 615
Posts: 4,244
Join Date: Nov 2010
Location: Centereach
I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.
 
44BSD
Old
#3  
Junior Member
Thanks Meter 0
Posts: 7
Join Date: Oct 2012
Quote:
Originally Posted by davwman View Post
I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.
More info on Aetherpal:

www dot google dot com slash patents slash US20120254762

www dot w2bi dot com

aetherpal dot com

Strings from Aetherpal.apk :

Does verizon actually use this to help customers?
Attached Files
File Type: txt Aetherpal.txt - [Click for QR Code] (173.5 KB, 82 views)
 
Antoneus1231
Old
#4  
Antoneus1231's Avatar
Senior Member
Thanks Meter 71
Posts: 189
Join Date: May 2012
Thanks for bringing this to our attention. I hope your findings can tell us if vzw can tell if we are rooted through this "feature". It could possibly void a bunch of warranties.

However, if a device is stolen then I can see some benefits to it.

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .
-:: GalaxyMod 16 _ LK 2.1 _ Ubuntu Dark ::-

Retired
Droid Charge - Tw3ak3d 3.2, EXT4, Lazarus 130109, ADW EX, Vanilla Bean
OG Motorola Droid
 
44BSD
Old
#5  
Junior Member
Thanks Meter 0
Posts: 7
Join Date: Oct 2012
Quote:
Originally Posted by davwman View Post
I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.
Quote:
Originally Posted by Antoneus1231 View Post
Thanks for bringing this to our attention. I hope your findings can tell us if vzw can tell if we are rooted through this "feature". It could possibly void a bunch of warranties.

However, if a device is stolen then I can see some benefits to it.

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .
lines 3436-3437:

'VZW_DEVICE_NOT_ROOTED',
'VZW_DEVICE_ROOTED'
 
Antoneus1231
Old
(Last edited by Antoneus1231; 12th January 2013 at 02:17 AM.)
#6  
Antoneus1231's Avatar
Senior Member
Thanks Meter 71
Posts: 189
Join Date: May 2012
Oh shoot. That isn't good is it...

Is that something that is transferred as it establishes a connection as you described or just a command that is available?

Can this be resolved by hiding root w an app?

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .
-:: GalaxyMod 16 _ LK 2.1 _ Ubuntu Dark ::-

Retired
Droid Charge - Tw3ak3d 3.2, EXT4, Lazarus 130109, ADW EX, Vanilla Bean
OG Motorola Droid
 
shrike1978
Old
#7  
shrike1978's Avatar
Recognized Contributor
Thanks Meter 3094
Posts: 3,413
Join Date: Jun 2011
Location: Atlanta, GA

 
DONATE TO ME
I have had the automated system ask me for permission to allow a technician to remotely connected to my phone when I've called in a few times and denied it, and they never said another word about it once they were on the phone. My assumption is that there are some pretty strict privacy policies in place for it after all the fallout from the keylogger that other providers had been using.

To put it all in perspective though, I sent a Rezound in for a warranty exchange that was S-OFF and running CM9 and they never said a word about it.
My HTC Rezound Development:
CounterShrike (Heavily modified CM9 - Aroma Installer) - PAC-Man (CM10/AOKP/Paranoid Android hybrid) - Ermahgerd Kernel (ICS/JB AOSP kernel)

My smartphone history: iPhone (Retired) - iPhone 3G (Retired) - iPhone 3GS (Retired) - Samsung Droid Charge (Retired) - HTC Rezound (Dev phone) - Samsung Galaxy Note II (Current)

All of my work is open source: My Github
Donations are never expected, but always appreciated.
The Following User Says Thank You to shrike1978 For This Useful Post: [ Click to Expand ]
 
THEbigSWEEN
Old
#8  
THEbigSWEEN's Avatar
Senior Member
Thanks Meter 163
Posts: 364
Join Date: Mar 2012
Quote:
Originally Posted by shrike1978 View Post
I have had the automated system ask me for permission to allow a technician to remotely connected to my phone when I've called in a few times and denied it, and they never said another word about it once they were on the phone. My assumption is that there are some pretty strict privacy policies in place for it after all the fallout from the keylogger that other providers had been using.

To put it all in perspective though, I sent a Rezound in for a warranty exchange that was S-OFF and running CM9 and they never said a word about it.
Was that a Verizon, manufacturer, or third party warranty? Because I've heard of people sending their phones in to Samsung and having it rooted with no issues but if it's a warranty or repair through Verizon then they will cry voided warranty. Big surprise there. Luckily I've yet to have to send a phone in :knock on wood: and I froze sysscope with TiBu on my Charge just in case.

Side note: warranty is one of those words that the more you say it, the more it doesn't sound right
 
shrike1978
Old
#9  
shrike1978's Avatar
Recognized Contributor
Thanks Meter 3094
Posts: 3,413
Join Date: Jun 2011
Location: Atlanta, GA

 
DONATE TO ME
Straight through Verizon. I have the extra insurance, but I've never used it. I did replace my Charge twice and I've had to replace my Rezound three times. All of it from hardware issues, and most of it from poor QA on Verizons CLNR program.
My HTC Rezound Development:
CounterShrike (Heavily modified CM9 - Aroma Installer) - PAC-Man (CM10/AOKP/Paranoid Android hybrid) - Ermahgerd Kernel (ICS/JB AOSP kernel)

My smartphone history: iPhone (Retired) - iPhone 3G (Retired) - iPhone 3GS (Retired) - Samsung Droid Charge (Retired) - HTC Rezound (Dev phone) - Samsung Galaxy Note II (Current)

All of my work is open source: My Github
Donations are never expected, but always appreciated.

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Cell Phone SIM Unlock Bill Just Steps Away from President’s Desk

For all those who believe that Cinderella stories don’t actually … more

Get Your Cargo to its Destination in 4×4 Military Operations Reborn

Racing games have evolved quite a bit since the days of Pole … more

Automate Your Device with Sfen

Changing the profile of yourdevice manually is now long forgotten. Since the advent of Android automation … more