FORUMS
Remove All Ads from XDA
Post Reply Email Thread
I would like to start a forensics thread.
I am a securiry auditor ( pen tester) and good at reverse engineering.

*****UPDATE******

I have owned the application decomiled the entire thing. I have all the download scripts and the actual apk is it not mktcamera it is

com.example.cameraroot-325a203119a823aad9e160e729650fbb.apk

I have given chainfire the apk it is up to him what he does.
I will send an email to kingo and and see if they want to clean up there ****. if they dont. i will release everything.

If you do not beleave me pm chainfire and ask him yourself.

I can not spend anymore time on this.
The Following 5 Users Say Thank You to krazylary For This Useful Post: [ View ] Gift krazylary Ad-Free
26th January 2014, 11:23 AM |#2  
Senior Member
Thanks Meter: 1,043
 
More
Sounds interesting. Kudos to you for attempting something concrete.

If you want to do static analysis of the initial download ("android_root.exe"), see this post. The initial Kingo download is an Inno Setup self extractor that can be unpacked without running it using the InnoUnp extractor utility.

I'll see what I can do to help.
The Following User Says Thank You to bftb0 For This Useful Post: [ View ] Gift bftb0 Ad-Free
26th January 2014, 06:56 PM |#3  
OP Junior Member
Thanks Meter: 35
 
More
thanks
I am trying to download the latest kingo. There site is very very slow. Looks like it is getting ddos. That is really good. It might give me a change to hit the request with session splitting, so i can get the scripts manually.

I
29th January 2014, 05:18 AM |#4  
OP Junior Member
Thanks Meter: 35
 
More
can someone translate this
Getting closer to having this app owned

I need this translated thanks!

The Following 4 Users Say Thank You to krazylary For This Useful Post: [ View ] Gift krazylary Ad-Free
29th January 2014, 07:31 AM |#5  
MBRedline's Avatar
Member
Thanks Meter: 17
 
More
Nice work, I am looking forward to seeing where you get with this. I rooted with kingo a little while back.
29th January 2014, 02:59 PM |#6  
lmike6453's Avatar
Senior Member
Eagleville PA
Thanks Meter: 322
 
More
subbed for results. Thanks for taking the time to look into this and sharing with us, very intriguing
23rd March 2014, 07:28 PM |#7  
Senior Member
Thanks Meter: 5
 
More
Help rooting my VZW note 3
Quote:
Originally Posted by MBRedline

Nice work, I am looking forward to seeing where you get with this. I rooted with kingo a little while back.

How? I tried and tried rooting with Kingo. It kept coming back to the "root" radio button after, "root failed". If there's something I need to do first please tell me. I checked the" allow from unknown sources" tab after unhiding the USB area. As far as I can tell I prepped it as described.
30th January 2014, 01:36 AM |#8  
Senior Member
Thanks Meter: 1,043
 
More
Quote:
Originally Posted by krazylary

I have decided to not release the source code publicly. I will be giving it to the rockstars in the android world so we can have a clean root.

Thank you. It would be much preferable to having a static ARM (not PC-based) binary that needs no network access to get it's job done. Open source would be even better - even in the case of a completely static binary with no need for network access, the device owner is still "turning over their device" to that program and trusting that it is not malicious. After all, if it succeeds, it pwns the targeted device.

Although, truth be told, that just makes Sammy's job of closing off the hole that much easier, but that's the nature of the arms race.

Q about your previously posted (and now redacted) summaries - what is typical for false positive detection rates for random executables submitted to those "all in one" virus scanning services? Seems like the candidate malware identified would have shown some evident symptoms (popup ads, site redirection, etc) on folks platforms - unless it just lies dormant for a while or has been subverted itself to serve other needs (bot, etc).

What was the nature of the .xml that was being downloaded - did you have a look?
30th January 2014, 01:42 AM |#9  
Digital DJ's Avatar
Senior Member
Flag Virginia Beach
Thanks Meter: 57
 
More
I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?

Sent from my SM-N900V using xda app-developers app
The Following User Says Thank You to Digital DJ For This Useful Post: [ View ] Gift Digital DJ Ad-Free
30th January 2014, 02:59 AM |#10  
Senior Member
Thanks Meter: 1,043
 
More
Quote:
Originally Posted by dead batteries

I'm confused, what is it particularly you are looking for in kingo? I just ripped with kingo a couple days ago. Should I be worried about anything?

I suppose you should always be worried about any advice that begins with

"hey, download this unknown executable from the internet and run it on your Virus Hosting Platform^B^B^B^B^B^B^B^B^B^B^B^B^B^B^BWindows Machine"

But that applies to even things like "Odin v3.09". Or "Android Phone rooting toolkits". They are also just executables, and certainly just as capable of hosting malware installed (even unknowingly) by persons that re-upload it.

But in particular, the thing that got everybody's hackles up was that it bears all the "hallmarks" of malware:

- published by an author with an inscrutable monetization strategy*
- by its intended purpose, is authored by folks skilled in software exploits (but... blackhat or whitehat)?
- uses an "attack server" architecture. (Downloads payloads off the internet in order to run to completion)
- closed source
- contacts multiple sites on the internet during setup and/or operation
- uploads to the internet information gleaned from host and target systems
- at runtime uses code obfuscation procedures that are typical of malware


What the OP is currently after is a way to replace it with something that will still root the phone, but do so in a way that seems less suspicious - for instance has no need to ever contact remote machines on the internet, and no need to even use a PC, either. But let's be honest - any time you turn your device over to a piece of software that has the objective of rooting either a remote host or the one it is running on, you are implicitly handing that device over to that software if it succeeds. If it is completely open source, and you compile it, install it, and run it yourself - after having looked through the code to judge it's safety... well, you might be able to say with confidence that "this looks pretty safe".

OTOH, doing that (open source) also makes it pretty darn easy for defenders (e.g. Samsung or Google if it is an Android kernel exploit) to patch the hole directly without doing the corresponding exploit discovery themselves.

I'm not saying that Kingo is malicious though; I really don't know. I can think of very compelling reasons why it operates exactly the way it does:

1) Rooting methods vary by device, carrier, and software release version. That means that a "universal" and static Android rooting tool with encyclopedic knowledge of all current rooting methods would have to bundle in a single download package an enormous collection of exploit vectors. Hundreds and hundreds of megabytes of stuff ... per handset. Live device detection eliminates the need for that - and the bill from the server hosting company for excessive bandwith usage.

2) Rooting methods come and go. A client-server attack method can determine immediately if something it tried succeeded or failed - on every single attempt. And collect reliable information about software release versions, model numbers, carrier in use, etc. Compare that to a piecemeal, scarce, non-uniform and unreliable method of trying to intuit that information by hand out of forum reports written by folks who many times have no computer skills at all. It's light-years better in reliability and breadth.

I was going to also say "Open Source of an attack reduces it's effectiveness", but that opens a whole can of worms, as the position one takes on that particular statement probably is the bright line dividing the white hat and black hat ethical spheres.



*hey wait a minute - isn't that everybody on XDA?
The Following 3 Users Say Thank You to bftb0 For This Useful Post: [ View ] Gift bftb0 Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes