1.8 KiB
1.8 KiB
Security
Quick evaluation is it is basically and older Android device, likely vulnerable to a wide range of older attacks. Has wifi, bluetooth, maybe even GSM...
The process table shows it's ready to send SMS... :)
root@ngl:/ # ps a
USER PID PPID VSIZE RSS WCHAN PC NAME
root 126 2 0 0 002366ec 00000000 S apr_driver
system 328 1 16956 4044 ffffffff a548fa20 S /system/bin/audiod
root 2528 1 5868 368 ffffffff 00434a84 S /sbin/adbd
u0_a70 4397 302 1257352 23972 ffffffff a66719c0 S com.android.smspush
Not sure this is necessary... (?)
# from lsof
/system/priv-app/Telecom/Telecom.apk
/system/priv-app/TelephonyProvider/TelephonyProvider.apk
/data/data/com.android.providers.telephony/databases/cdmacalloption.db
/data/data/com.android.providers.telephony/databases/HbpcdLookup.db
/system/app/PhoneFeatures/PhoneFeatures.apk
/system/framework/qcrilhook.jar
/data/data/com.android.providers.telephony/databases/telephony.db
/data/data/com.android.providers.telephony/databases/mmssms.db
# Ok, so it has pretty much everything enabled/running apparently...
/system/app/Email/Email.apk
# Don't think it has hardware GPS (?).
# Perhaps for use with paired GPS (e.g. android phone).
/system/priv-app/com.qualcomm.location/com.qualcomm.location.apk
/system/framework/com.android.location.provider.jar
Uses SELinux kernel.
Net
When connected to wifi the device tries to connect to port 80
of
IP 142.250.72.14
, which is allocated to Google LLC
.
It also tries to connect to port 443
of IP 157.240.19.19
.
That IP is owneed by Facebook, Inc.
. Not sure why that is needed.
Binaries
The busybox binaries are (ancient) 32-bit(?).
$ file xbin/zcat
xbin/zcat: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, for GNU/Linux 2.6.16, stripped