Merge pull request #86 from Fuzion24/feature/enable_weaksauce

Feature/enable weaksauce
AndroidVTS · Nov 25, 2015 · d3deccb · d3deccb
2 parents 595f8c0 + 734a6c1
commit d3deccb
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 4 deletions.
diff --git a/app/src/main/assets/vuln_map.json b/app/src/main/assets/vuln_map.json
@@ -17,6 +17,25 @@
     "cvssv2": 4.9,
     "cvedate": "08/05/2015"
   },
+  "WeakSauce": {
+    "cve": "WeakSauce",
+    "altnames": [
+      "WeakSauce"
+    ],
+    "description": "HTC devices have a poorly written device management agent which has been continually exploited for privledge escalation purposes",
+    "impact": "Local privilege escalation to root from an unprivileged app",
+    "external_links": [
+       "http://newandroidbook.com/Articles/HTC.html",
+       "https://plus.google.com/+JustinCaseAndroid/posts/515qRPK7c7D",
+       "https://plus.google.com/+JustinCaseAndroid/posts/GhTCJpr5HcT",
+       "http://forum.xda-developers.com/showthread.php?t=2699089",
+       "http://gsec.hitb.org/materials/sg2015/D2%20-%20Ryan%20Welton%20and%20Marco%20Grassi%20-%20Current%20State%20of%20Android%20Privilege%20Escalation.pdf"
+    ],
+    "patch": [
+    ],
+    "cvssv2": 4.9,
+    "cvedate": "11/25/2015"
+  },
   "CVE-2014-4943": {
     "cve": "CVE-2014-4943",
     "altnames": [

diff --git a/app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/VulnerabilityOrganizer.java b/app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/VulnerabilityOrganizer.java
@@ -25,6 +25,7 @@
 import fuzion24.device.vulnerability.vulnerabilities.kernel.CVE_2015_3636;
 import fuzion24.device.vulnerability.vulnerabilities.system.CVE20151528;
 import fuzion24.device.vulnerability.vulnerabilities.system.SamsungCREDzip;
+import fuzion24.device.vulnerability.vulnerabilities.system.WeakSauce;
 
 public class VulnerabilityOrganizer {
 
@@ -42,7 +43,7 @@ public static List<VulnerabilityTest> getTests(Context ctx){
         allTests.add(new CVE_2014_3153());
         allTests.add(new CVE_2014_4943());
         //tests.add(new StumpRoot());
-        //tests.add(new WeakSauce());
+        allTests.add(new WeakSauce());
         allTests.add(new GraphicBufferTest());
         allTests.addAll(StageFright.getTests(ctx));
         allTests.add(new CVE_2015_6602());

diff --git a/app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/system/WeakSauce.java b/app/src/main/java/fuzion24/device/vulnerability/vulnerabilities/system/WeakSauce.java
@@ -3,6 +3,7 @@
 
 import android.content.Context;
 import android.content.pm.PackageManager;
+import android.os.Build;
 
 import fuzion24.device.vulnerability.util.CPUArch;
 import fuzion24.device.vulnerability.vulnerabilities.VulnerabilityTest;
@@ -12,14 +13,15 @@
 import java.util.List;
 
 public class WeakSauce implements VulnerabilityTest {
-
-
     @Override
     public List<CPUArch> getSupportedArchitectures() {
         ArrayList<CPUArch> archs = new ArrayList<CPUArch>();
         archs.add(CPUArch.ALL);
         return archs;
     }
+    private boolean isHTCPhone(){
+        return Build.MANUFACTURER.equalsIgnoreCase("htc");
+    }
 
 
     @Override
@@ -37,10 +39,14 @@ private boolean thisHasInternetPermission(Context ctx)
     @Override
     public boolean isVulnerable(Context context) throws Exception {
 
+        if(!isHTCPhone()){
+            return false;
+        }
+
         if(!thisHasInternetPermission(context))
             throw new Exception("No internet permission assigned to app to perform WeakSauce Test");
 
         File dmAgentSocket = new File("/dev/socket/dmagent");
-        return dmAgentSocket.canWrite() && dmAgentSocket.canRead();
+        return dmAgentSocket.exists();
     }
 }