Pithus report for RfToolkit - com.oem.rftoolkit

File sums

MD5	`71deb0e33151df3c8964220623f976c5`
SHA1	`ed3c883eb6d24aa0366eb005a415a5e6f56873a7`
SHA256	`2305153da5ad3662026fc2cf25d09d981f56755b9ae9d08e5fcc79e6f23a68e3`
Size	`0.16MB`

APKiD

Information computed with APKiD.

`/tmp/tmpsxcwq7n7!classes.dex`
yara_issue	`yara issue - dex file recognized by apkid but not yara module`
compiler	`unknown (please file detection issue!)`

SSdeep

Information computed with ssdeep.

APK file	`3072:6F2x/EeRyCkDKfkmIa8ugC02YqMuGi8+Itu3ms0AszosbchjiRdOpu75:6yKe8wf0WsVdt5`
Manifest	`96:VDVPjmLJMTQ8E4cv/bgKaJ9VHUeICy4MxSFa65DoFnQugdBIa6jE42lpQ9fqXOaB:V…`
`classes.dex`	`3072:5F2x/EeRyCkDKfkmIa8ugC02YqMuGi8+Itu3ms0Aszosi:5yKe8wf0Wsi`

Dexofuzzy

Information computed with Dexofuzzy.

classes.dex

None

APK details

Information computed with AndroGuard and Pithus.

Package	`com.oem.rftoolkit`
App name	`RfToolkit`
Version name	`V1.02`
Version code	`30`
SDK	`30` - `30`
UAID	`036029ebebd6c2b72dd4f5689733e34db50c46f9`
Signature	Signature V1 Signature V2 Signature V3
Frosting	Not frosted Blocks found within V2 signature: `0x7109871a`: Unknown `0xf05368c0`: Unknown `0x42726577`: Verity padding

Certificate details

Information computed with AndroGuard.

MD5	`0d2bb493d4c258eb105fa6e0d59ac47b`
SHA1	`23527ef30c2eb107dc50d2800794b5d58e6067fc`
SHA256	`c6e8150aa5bbaf523ca1e2d9e356008e1728a12fe20c3c7875a446afb7c579f9`
Issuer	`Email Address: oneplus@oneplus.cn, Common Name: OnePlus, Organizational Unit: SW, Organization: OnePlus, Locality: Shenzhen, State/Province: Guangdong, Country: CN`
Not before	`2015-05-07T07:23:23+00:00`
Not after	`2042-09-22T07:23:23+00:00`

Manifest analysis

Information computed with MobSF.

Medium	Application Data can be Backed up[android:allowBackup] flag is missing. The flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
High	Activity (com.oem.rftoolkit.RfToolkitFactory) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitFactorySetTx) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitCustomerService) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitBandSelect) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitFactoryGsm) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitFactoryLte) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitFactoryCdma) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitFactoryWcdma) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitFactoryTdscdma) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitFactoryNR5G) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitFactoryMmwave) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitAgingTest) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.GsmInterfereSensorTest) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Activity (com.oem.rftoolkit.RfToolkitQtmDetect) is not Protected.An intent-filter exists. An Activity is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the Activity is explicitly exported.
High	Service (com.oem.rftoolkit.ProductionLineRfAgingService) is not Protected. [android:exported=true] A Service is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.

Activities

Information computed with AndroGuard.

com.oem.rftoolkit.RfToolkitFactory
com.oem.rftoolkit.RfToolkitFactorySetTx
com.oem.rftoolkit.RfToolkitCustomerService
com.oem.rftoolkit.RfToolkitBandSelect
com.oem.rftoolkit.RfToolkitFactoryGsm
com.oem.rftoolkit.RfToolkitFactoryLte
com.oem.rftoolkit.RfToolkitFactoryCdma
com.oem.rftoolkit.RfToolkitFactoryWcdma
com.oem.rftoolkit.RfToolkitFactoryTdscdma
com.oem.rftoolkit.RfToolkitFactoryNR5G
com.oem.rftoolkit.RfToolkitFactoryMmwave
com.oem.rftoolkit.RfToolkitAgingTest
com.oem.rftoolkit.GsmInterfereSensorTest
com.oem.rftoolkit.RfToolkitQtmDetect

Services

Information computed with AndroGuard.

com.oem.rftoolkit.MdmFtmInitService
com.oem.rftoolkit.ProductionLineRfAgingService

Sample timeline

Oldest file found in APK	Jan. 1, 2009, midnight
Latest file found in APK	Jan. 1, 2009, midnight
Certificate valid not before	May 7, 2015, 7:23 a.m.
First submission on VT	Oct. 30, 2020, 8:29 p.m.
Last submission on VT	Oct. 30, 2020, 8:29 p.m.
Upload on Pithus	Jan. 14, 2022, 7:40 p.m.
Certificate valid not after	Sept. 22, 2042, 7:23 a.m.

VirusTotal

Score	0/66
Report	https://www.virustotal.com/gui/file/2305153da5ad3662026fc2cf25d09d981f56755b9ae9d08e5fcc79e6f23a68e3/detection

NIAP analysis

Information computed with MobSF.

FCS_STO_EXT.1.1	The application does not store any credentials to non-volatile memory. Storage of Credentials
FCS_CKM_EXT.1.1	The application generate no asymmetric cryptographic keys. Cryptographic Key Generation Services
FDP_DEC_EXT.1.1	The application has access to no hardware resources. Access to Platform Resources
FDP_DEC_EXT.1.2	The application has access to no sensitive information repositories. Access to Platform Resources
FDP_NET_EXT.1.1	The application has no network communications. Network Communications
FDP_DAR_EXT.1.1	The application does not encrypt files in non-volatile memory. Encryption Of Sensitive Application Data
FTP_DIT_EXT.1.1	The application does not encrypt any data in traffic or does not transmit any data between itself and another trusted IT product. Protection of Data in Transit

Code analysis

Information computed with MobSF.

Low
CVSS:7.5

The App logs information. Sensitive information should never be logged.
MASVS: MSTG-STORAGE-3
CWE-532 Insertion of Sensitive Information into Log File

Files:

 com/oem/rftoolkit/PALocalSocketClient.java
 com/oem/rftoolkit/RfToolkitFactoryMmwave.java
 com/oem/rftoolkit/RfToolkitFactoryLte.java
 com/oem/rftoolkit/MdmFtmInitService.java
 com/oem/rftoolkit/RfToolkitFactoryCdma.java
 com/oem/rftoolkit/RfToolkitQtmDetect.java
 com/oem/rftoolkit/RfToolkitFactorySetTx.java
 com/oem/rftoolkit/RfToolkitBandSelect.java
 com/oem/rftoolkit/RFARFCN.java
 com/oem/rftoolkit/ProductionLineRfAgingService.java
 com/oem/rftoolkit/RfToolkitAgingTest.java
 com/oem/rftoolkit/RfToolkitFactoryWcdma.java
 com/oem/rftoolkit/RfToolkitFactoryGsm.java
 com/oem/rftoolkit/RfToolkitFactoryBase.java
 com/oem/rftoolkit/RfToolkitTxBase.java
 com/oem/rftoolkit/RfToolkitFactoryTdscdma.java
 com/oem/rftoolkit/RFcommon.java
 com/oem/rftoolkit/RfToolkitFactoryNR5G.java
 com/oem/rftoolkit/RfToolkitFactory.java

Permissions analysis

Information computed with MobSF.

Low	`android.permission.FOREGROUND_SERVICE`	Allows a regular application to use Service.startForeground
	`com.qti.permission.DIAG`	Unknown permission Unknown permission from android reference

Threat analysis

Information computed with Quark-Engine.

Confidence:

100%

Monitor the broadcast action events (BOOT_COMPLETED)

Behavior analysis

Information computed with MobSF.

Get system service

       com/oem/rftoolkit/ProductionLineRfAgingService.java
       com/oem/rftoolkit/RfToolkitAgingTest.java

Inter process communication

       com/oem/rftoolkit/RfToolkitFactoryBase.java
       com/oem/rftoolkit/RfToolkitCustomerService.java
       com/oem/rftoolkit/MdmFtmInitService.java
       com/oem/rftoolkit/RfToolkitFactorySetTx.java
       com/oem/rftoolkit/RfToolkitBandSelect.java
       com/oem/rftoolkit/ProductionLineRfAgingService.java
       com/oem/rftoolkit/RfToolkitAgingTest.java
       com/oem/rftoolkit/RfToolkitFactory.java

Loading native code (shared library)

       com/oem/rftoolkit/RfToolkitDiagDci.java

Starting activity

       com/oem/rftoolkit/RfToolkitFactorySetTx.java
       com/oem/rftoolkit/RfToolkitAgingTest.java
       com/oem/rftoolkit/RfToolkitFactory.java

Starting service

       com/oem/rftoolkit/RfToolkitFactoryBase.java
       com/oem/rftoolkit/ProductionLineRfAgingService.java

Control flow graphs analysis

Information computed by Pithus.

com.oem.rftoolkit

RfToolkit

2

permissions

14

activities

2

services

0

receivers

0

domains

File sums

APKiD

SSdeep

Dexofuzzy

APK details

Certificate details

Manifest analysis

Activities

Services

Sample timeline

VirusTotal

NIAP analysis

Code analysis

Permissions analysis

Threat analysis

Behavior analysis

Control flow graphs analysis