android:system [WooYun WiKi].html

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta name="exporter-version" content="Evernote Mac 6.8 (453748)"/><meta name="created" content="2016-10-19 12:58:05 +0000"/><meta name="source" content="web.clip"/><meta name="source-url" content="http://wiki.wooyun.org/android:system"/><meta name="updated" content="2016-10-19 12:58:05 +0000"/><title>android:system [WooYun WiKi]</title></head><body><div style="-evernote-webclip:true"><br/><div style="font-size: 16px"><div style="box-sizing:border-box;font-family:sans-serif;text-size-adjust:100%;font-size:10px;-webkit-tap-highlight-color:rgba(0, 0, 0, 0);"><div style="box-sizing:border-box;font-family:&quot;Helvetica Neue&quot;, Helvetica, Arial, sans-serif;font-size:small;line-height:1.42857;color:rgb(51, 51, 51);background:rgb(253, 253, 253);"><div style="box-sizing:border-box;"><div style="box-sizing:border-box;"><span style="box-sizing:border-box;"><div style="box-sizing:border-box;"><div style="box-sizing:border-box;background-color:rgb(255, 255, 255);border-radius:4px;box-shadow:rgba(0, 0, 0, 0.0470588) 0px 1px 1px;"><div style="box-sizing:border-box;"><span style="display:table;"/><h1 style="box-sizing:border-box;font-size:36px;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin:40px 0px 20px;padding-bottom:9px;border-bottom:1px solid rgb(238, 238, 238);margin-top:10px;">系统</h1>
<div style="box-sizing:border-box;"

/>

<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">permission绕过</h3>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> frgment注入</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 短信伪造</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 短信重发（CVE-2014-8610）</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> CVE-2014-8597 Android &lt;5.0 SQL injection vulnerability in WAPPushManager</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 绕过ADB认证</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 电话拨打权限绕过漏洞</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> BroadAnyWhere</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> LanuchAnyWhere</div>
</li>
</ul>

</div>

<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">root权限提升</h3>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> CVE-2014-7911</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> TowellRoot(CVE-2014-3153)</div>
</li>
</ul>

</div>

<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">签名</h3>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> master key</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> fake ID</div>
</li>
</ul>

</div>

<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">DOS</h3>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 图标拒绝服务</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> mainfest拒绝服务</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> fragment拒绝服务</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 浏览器拒绝服务</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> Denial of App-PackageManager</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> wifidos</div>
</li>
</ul>

</div>

<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">配置</h3>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 文件权限</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> symbolic link</div>
</li>
</ul>

</div>

<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">零权限访问</h3>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> <a href="https://web.archive.org/web/20160105112821/http://drops.wooyun.org/papers/2736" title="http://drops.wooyun.org/papers/2736" rel="nofollow" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;background-repeat:no-repeat;background-position:0px center;padding:0px 0px 0px 18px;background-image:url(&amp;quot;/web/20160409021439/http://wiki.wooyun.org/lib/images/external-link.png&amp;quot;);">Voice Attack</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> <a href="https://web.archive.org/web/20160105112821/http://drops.wooyun.org/papers/2893" title="http://drops.wooyun.org/papers/2893" rel="nofollow" style="box-sizing:border-box;background-color:transparent;color:rgb(51, 122, 183);text-decoration:none;background-repeat:no-repeat;background-position:0px center;padding:0px 0px 0px 18px;background-image:url(&amp;quot;/web/20160409021439/http://wiki.wooyun.org/lib/images/external-link.png&amp;quot;);">Scheme Attack</a></div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> SD read</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 剪贴板</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> next-intent attack</div>
</li>
</ul>

</div>

<h3 style="box-sizing:border-box;font-family:inherit;font-weight:500;line-height:1.1;color:inherit;margin-top:20px;margin-bottom:10px;font-size:24px;">other</h3>
<div style="box-sizing:border-box;">
<ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;">
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 伪随机数生成（PRNG）</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 浏览器地址栏欺骗</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 邮件伪造/xss</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 蓝牙wifi权限缺失</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> 邮件钓鱼（CVE-2014-4925）</div>
</li>
<li style="box-sizing:border-box;"><div style="box-sizing:border-box;"> Cross-Device Scripting Attacks</div></li></ul></div><span style="display:table;clear:both;"/></div></div></div></span></div></div></div></div></div><br/></div></body></html>