ELF_LOTOOR.C

 Analysis by: Weichao Sun

 THREAT SUBTYPE:

Rooting Tool

 PLATFORM:

Android OS

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Hacking Tool

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This hacking tool may be manually installed by a user.

  TECHNICAL DETAILS

File Size:

23,060 bytes

File Type:

ELF

Initial Samples Received Date:

23 Aug 2012

Arrival Details

This hacking tool may be manually installed by a user.

NOTES:

It can be launched manually or by another application. After launched, it executes following steps to root the device:

  • Back up self to /data/local/tmp/boomsh
  • Back up /system/bin/sh to /data/local/tmp/sh
  • Check if already have a 0 user ID (i.e. root privilige)
  • Check system version, if the system is neither Android2.2 nor Android2.3 , it then exits
  • Check the vold executable file version
  • Run the exploit module according to the system version
  • If the exploit module fails, it then exits
  • Sets ro.kernel.qemu value to 0
  • Kill and restart the ADB process

Executing the exploit roots the ADB shell.