0/66

Threat

com.oem.rftoolkit

RfToolkit

Analyzed on 2022-01-14T19:40:59.522448

2

permissions

14

activities

2

services

0

receivers

0

domains

File sums

MD5 71deb0e33151df3c8964220623f976c5
SHA1 ed3c883eb6d24aa0366eb005a415a5e6f56873a7
SHA256 2305153da5ad3662026fc2cf25d09d981f56755b9ae9d08e5fcc79e6f23a68e3
Size 0.16MB

APKiD

Information computed with APKiD.

/tmp/tmpsxcwq7n7!classes.dex
yara_issue
  • yara issue - dex file recognized by apkid but not yara module
compiler
  • unknown (please file detection issue!)

SSdeep

Information computed with ssdeep.

APK file 3072:6F2x/EeRyCkDKfkmIa8ugC02YqMuGi8+Itu3ms0AszosbchjiRdOpu75:6yKe8wf0WsVdt5
Manifest 96:VDVPjmLJMTQ8E4cv/bgKaJ9VHUeICy4MxSFa65DoFnQugdBIa6jE42lpQ9fqXOaB:V…
classes.dex 3072:5F2x/EeRyCkDKfkmIa8ugC02YqMuGi8+Itu3ms0Aszosi:5yKe8wf0Wsi

Dexofuzzy

Information computed with Dexofuzzy.

classes.dex None

APK details

Information computed with AndroGuard and Pithus.

Package com.oem.rftoolkit
App name RfToolkit
Version name V1.02
Version code 30
SDK 30 - 30
UAID 036029ebebd6c2b72dd4f5689733e34db50c46f9
Signature Signature V1 Signature V2 Signature V3
Frosting Not frosted
Blocks found within V2 signature:
  • 0x7109871a: Unknown
  • 0xf05368c0: Unknown
  • 0x42726577: Verity padding

Certificate details

Information computed with AndroGuard.

MD5 0d2bb493d4c258eb105fa6e0d59ac47b
SHA1 23527ef30c2eb107dc50d2800794b5d58e6067fc
SHA256 c6e8150aa5bbaf523ca1e2d9e356008e1728a12fe20c3c7875a446afb7c579f9
Issuer Email Address: oneplus@oneplus.cn, Common Name: OnePlus, Organizational Unit: SW, Organization: OnePlus, Locality: Shenzhen, State/Province: Guangdong, Country: CN
Not before 2015-05-07T07:23:23+00:00
Not after 2042-09-22T07:23:23+00:00

Manifest analysis

Information computed with MobSF.

Medium Application Data can be Backed up[android:allowBackup] flag is missing.
The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High Activity (com.oem.rftoolkit.RfToolkitFactory) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitFactorySetTx) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitCustomerService) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitBandSelect) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitFactoryGsm) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitFactoryLte) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitFactoryCdma) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitFactoryWcdma) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitFactoryTdscdma) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitFactoryNR5G) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitFactoryMmwave) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitAgingTest) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.GsmInterfereSensorTest) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Activity (com.oem.rftoolkit.RfToolkitQtmDetect) is not Protected.An intent-filter exists.
An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High Service (com.oem.rftoolkit.ProductionLineRfAgingService) is not Protected. [android:exported=true]
A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Activities

Information computed with AndroGuard.

com.oem.rftoolkit.RfToolkitFactory
com.oem.rftoolkit.RfToolkitFactorySetTx
com.oem.rftoolkit.RfToolkitCustomerService
com.oem.rftoolkit.RfToolkitBandSelect
com.oem.rftoolkit.RfToolkitFactoryGsm
com.oem.rftoolkit.RfToolkitFactoryLte
com.oem.rftoolkit.RfToolkitFactoryCdma
com.oem.rftoolkit.RfToolkitFactoryWcdma
com.oem.rftoolkit.RfToolkitFactoryTdscdma
com.oem.rftoolkit.RfToolkitFactoryNR5G
com.oem.rftoolkit.RfToolkitFactoryMmwave
com.oem.rftoolkit.RfToolkitAgingTest
com.oem.rftoolkit.GsmInterfereSensorTest
com.oem.rftoolkit.RfToolkitQtmDetect

Services

Information computed with AndroGuard.

com.oem.rftoolkit.MdmFtmInitService
com.oem.rftoolkit.ProductionLineRfAgingService

Sample timeline

Oldest file found in APK Jan. 1, 2009, midnight
Latest file found in APK Jan. 1, 2009, midnight
Certificate valid not before May 7, 2015, 7:23 a.m.
First submission on VT Oct. 30, 2020, 8:29 p.m.
Last submission on VT Oct. 30, 2020, 8:29 p.m.
Upload on Pithus Jan. 14, 2022, 7:40 p.m.
Certificate valid not after Sept. 22, 2042, 7:23 a.m.

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1 The application does not store any credentials to non-volatile memory.
Storage of Credentials
FCS_CKM_EXT.1.1 The application generate no asymmetric cryptographic keys.
Cryptographic Key Generation Services
FDP_DEC_EXT.1.1 The application has access to no hardware resources.
Access to Platform Resources
FDP_DEC_EXT.1.2 The application has access to no sensitive information repositories.
Access to Platform Resources
FDP_NET_EXT.1.1 The application has no network communications.
Network Communications
FDP_DAR_EXT.1.1 The application does not encrypt files in non-volatile memory.
Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1 The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product.
Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5
The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File
Files:
 com/oem/rftoolkit/PALocalSocketClient.java
com/oem/rftoolkit/RfToolkitFactoryMmwave.java
com/oem/rftoolkit/RfToolkitFactoryLte.java
com/oem/rftoolkit/MdmFtmInitService.java
com/oem/rftoolkit/RfToolkitFactoryCdma.java
com/oem/rftoolkit/RfToolkitQtmDetect.java
com/oem/rftoolkit/RfToolkitFactorySetTx.java
com/oem/rftoolkit/RfToolkitBandSelect.java
com/oem/rftoolkit/RFARFCN.java
com/oem/rftoolkit/ProductionLineRfAgingService.java
com/oem/rftoolkit/RfToolkitAgingTest.java
com/oem/rftoolkit/RfToolkitFactoryWcdma.java
com/oem/rftoolkit/RfToolkitFactoryGsm.java
com/oem/rftoolkit/RfToolkitFactoryBase.java
com/oem/rftoolkit/RfToolkitTxBase.java
com/oem/rftoolkit/RfToolkitFactoryTdscdma.java
com/oem/rftoolkit/RFcommon.java
com/oem/rftoolkit/RfToolkitFactoryNR5G.java
com/oem/rftoolkit/RfToolkitFactory.java

Permissions analysis

Information computed with MobSF.

Low android.permission.FOREGROUND_SERVICE Allows a regular application to use Service.startForeground
com.qti.permission.DIAG Unknown permission
Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:
100%
Monitor the broadcast action events (BOOT_COMPLETED)

Behavior analysis

Information computed with MobSF.

Get system service
       com/oem/rftoolkit/ProductionLineRfAgingService.java
com/oem/rftoolkit/RfToolkitAgingTest.java
Inter process communication
       com/oem/rftoolkit/RfToolkitFactoryBase.java
com/oem/rftoolkit/RfToolkitCustomerService.java
com/oem/rftoolkit/MdmFtmInitService.java
com/oem/rftoolkit/RfToolkitFactorySetTx.java
com/oem/rftoolkit/RfToolkitBandSelect.java
com/oem/rftoolkit/ProductionLineRfAgingService.java
com/oem/rftoolkit/RfToolkitAgingTest.java
com/oem/rftoolkit/RfToolkitFactory.java
Loading native code (shared library)
       com/oem/rftoolkit/RfToolkitDiagDci.java
Starting activity
       com/oem/rftoolkit/RfToolkitFactorySetTx.java
com/oem/rftoolkit/RfToolkitAgingTest.java
com/oem/rftoolkit/RfToolkitFactory.java
Starting service
       com/oem/rftoolkit/RfToolkitFactoryBase.java
com/oem/rftoolkit/ProductionLineRfAgingService.java

Control flow graphs analysis

Information computed by Pithus.