How to exploit CVE-2020-0035 in android

I have some issues with this CVE. Firstly, I can see that there is some permission issue in TelephonyProvider.java which causes some information disclosure.

I have tried to use frida exploit this CVE, however, I cannot find the TelephonyProvider class.

Next, I tried to create an application but I cannot import android.provider.Telephony.TelephonyProvider class. (I read through the code that Google provides, they manage to import it.

Links: https://source.android.com/security/bulletin/2020-03-01 https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/099c68c403c470aaafd3a0f7d4bdf69c873d4740

How to store ECDSA public key securely in Android

I am writing an Android application that needs to verify that a request is sent from a trusted party (me).

This is my current solution:

Storing keys:

  1. Generate ECDSA public key / private key from a server.
  2. Store private key in server. Store public key in Android app, hard-coding it as a static final String.
  3. Deploy Android application.

Request some action from server to Android app:

  1. Server requests a challenge message to the Android app.
  2. Android app creates a random String and sends it to server.
  3. Server signs random String with private key and sends it to Android app.
  4. Android app verifies signature from server, if signature is verified, perform some action.

The question:

From what I understand, it is easy to reveal the server’s public key by decompiling the APK. Then it seems pretty easy for the attacker to recompile the APK with the attacker’s own public key, rather than the server’s key.

If my understanding is correct, how can I securely store the server’s public key so that an attacker cannot modify it?

Do I need something in addition to openGL ES 3 on android to make a 3d game?

In openGL on desktop

  • usually you would use the Lightweight Java Game Library(LWJGL) in addition to openGL to make a 3D game.

Make question:

I am on android and currently using openGL ES version 3, I want to know if I need an additional library to make the game, because I came across a problem when I needed Vector3f and Matrix4f classes that are not supported in android, but are found in LWJGL.

What should I use also?

Accidentally clicked spam email link on android, risk of malware?

I was browsing my spam folder on my phone in the gmail app and stupidly let curiosity get the better of me. The app had blocked images by default but I clicked to allow them as well as accidentally clicked a link in the email while scrolling through. A page began to load but I closed it before anything visually loaded as soon as I saw the URL.

I was on a Oneplus 5 android phone connected to my home WiFi. Android version 9 with August 1, 2019 security patch. Gmail app last updated Feb 12th 2020. The gmail app had permissions to my contacts, calendar, and storage at the time I clicked the link. The phone is rooted with magisk but no root prompts were given so I don’t think this is an issue..?

The email was a spam email about someone who had viewed me on linkedin recently. From long-pressing to copy the url, the link I believe I clicked was http://mycity.citywork.vn/wp-content/uploads/2020/twisterrt.php

I’ve already run a malwarebytes virus scan from the mobile app on the phone (came up clean) and changed the passwords (from another PC) to all 5 emails that I had linked in the gmail app as well as cleared the app caches and storage.

I was wondering if any experts could let me know what damage could possibly have been done considering the scenario (android device, home network, gmail app, clicked links in possibly malicious spam email causing a page to load, but no further prompts, user input, or changes as far as I was able to see), as well as if possible to investigate the link to determine what it was attempting to do/load.

I’m a fairly technical (and fairly paranoid) person looking for a fairly technical answer in terms of the potential of whether something malicious could have been run/installed on the device and whether a full device wipe is recommended.

Thanks in advance for your help!

How many 2d rigidbody can work in android? [closed]

I’m making 2d side scroller shooter with Unity. There are 2 main things that have rigidbody2d: Characters and weapons. Characters are player and enemies, and weapons are just weapons.

However when I run the game, frequently lag spike happens, and in my android phone is worse. So I opened profiler and in the moment game goes really slow, there are lots of Physics2D stuffs working. In that moment, there was 80 rigidbodies(and 60 is active, and rest is sleeping).

I can find using physics in mobile is quite heavy very easily. Is this bad idea to exists 80 – 100 rigidbodies in android device?

Also currently I try to find some alternative, not use physics to move character but couldn’t find any helpful information. Even Unity’s official tutorial uses Rigidbody to move character. If I don’t use rigidbody and collider, how do I implement character stuck in the wall or something? Any advice will very appreciate it.

Android Encryption: Can an attacker get the master key due to Android’s default password and wear-leveling?

Since Android 5.0: Upon first boot, the device creates a randomly generated 128-bit master key and then hashes it with a default password and stored salt. The salt and the encrypted master key are stored in the crypto footer.

When the user sets the PIN/pass or password on the device, only the 128-bit master key is re-encrypted and the crypto footer is updated.

Because of wear-leveling multiple “versions” of a single sector may be available to an attacker. For my understanding Android can not ensure that the old encrypted master key is really overwritten.

Would it therefor theoretically be possible for an attacker to decrypt the user data by recovering the old encrypted master key (derived from the default password) and thus calculating the static unencrypted master key with the known salt and the default password.