FORUMS
Remove All Ads from XDA

kindle RCE plugin, hidden files.

227 posts
Thanks Meter: 18
 
By gcbxda, Senior Member on 16th May 2019, 06:55 AM
Post Reply Email Thread
I saw this on my device, and only found little info/threads, with almost zero content/analysis. Aparently the kindle app leaves a bunch of random files around. And since the prefix is "RCE" i am a little paranoid, since that usually means "Remote code execution" and is usually associated with exploits

Files:
  • CS_JIT_Animation.mp4
  • jit_cs_positive_preview.png
  • rce_plugin_strings_resource_cs_CZ.json.min
  • rce_plugin_strings_resource_de_DE.json.min
  • rce_plugin_strings_resource_en_US.json.min
  • rce_plugin_strings_resource_es_ES.json.min
  • rce_plugin_strings_resource_fr_FR.json.min
  • rce_plugin_strings_resource_it_IT.json.min
  • rce_plugin_strings_resource_ja_JP.json.min
  • rce_plugin_strings_resource_nl_NL.json.min
  • rce_plugin_strings_resource_pt_BR.json.min
  • rce_plugin_strings_resource_v2_TYPO_TEST.json
  • rce_plugin_strings_resource_zh_CN.json.min
All Attached in a zip created by the android native file manager.

Current places mentioning this

How to make those files appear for you:
  1. Install kindle from the google app store
  2. if you already have it installed, or want to see the files again after you deleted, Stop the app and delete all storage. (nothing will be lost, this app syncs everything and some more to the amazon servers)
  3. perform the first Sync on kindle app
  4. Now, insert a pen drive and open the native android File Mananger and look at the local Download folder

Files are somewhat hidden:
If you look into the download folder with any other app (I tried, blackberry file manager, oi file manager, Ghost Commander, and Termux --after enabling the storage setup)

Files probably have a weird attribute or ownership... but the native android file manager does not show anything other than creation date! And every single file operation (copy, move, compress) reset the information to "regular user, creation time set to now". So either I see them on the Native File Manager, without any information available, or I do not see the files until I destroy the information.


Android version is not important (seems to happen on several versions) and has been happening for a while (First mention seems to be Nov2018)


Anyone have any idea what this is? I know I will probably reverse eng the kindle app at some point, wast a bunch of time, and realize it is just some dumb amateur library badly implemented by amazon... or maybe not. I think at this point I am most curious as to how the app "hides" the files from most everything.
Attached Files
File Type: zip Archive.zip - [Click for QR Code] (74.9 KB, 2 views)
 
 
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes