12-02-2015, 01:40 PM
Here's a 411 on Eken's modus operandi, as described by the lads behind Clean Master:
<!-- m --><a class="postlink" href="https://www.cmcm.com/blog/en/security/2015-11-09/838.html">https://www.cmcm.com/blog/en/security/2 ... 9/838.html</a><!-- m -->
And yes, both boot and recovery have references to CloudsOTA. Lines 223 to 230 of init.sun8i.rc call for checkota.sh and shell_cmd_service to be loaded on boot:
Checkota.sh then runs, calling for the system to copy and chmod CloudsService.apk to /system/app:
<!-- m --><a class="postlink" href="https://www.cmcm.com/blog/en/security/2015-11-09/838.html">https://www.cmcm.com/blog/en/security/2 ... 9/838.html</a><!-- m -->
And yes, both boot and recovery have references to CloudsOTA. Lines 223 to 230 of init.sun8i.rc call for checkota.sh and shell_cmd_service to be loaded on boot:
Code:
#clouds checkota service
service checkota /system/bin/checkota.sh
class main
oneshot
#clouds ota service
service shcmd /system/bin/shell_cmd_service
class main
Code:
#!/system/bin/sh
OTA_APK="/system/app/CloudsService.apk"
OTA_MD5="00a46780cb123dff97eb98cd080f5a0e"
mount -o remount,rw /system
if [ ! -f "$OTA_APK" ]; then
/system/bin/cp /cloudsota/CloudsService.apk /system/app/
/system/bin/chmod 644 /system/app/CloudsService.apk
else
echo "the same apk"
# /system/bin/mkdir /data/CloudsService
# TMP_MD5=`/system/bin/busybox md5sum /system/app/CloudsService.apk | /system/bin/busybox cut -d " " -f 1`
# if [ $OTA_MD5 = $TMP_MD5 ]; then
# echo "the same apk"
# else
# echo "not the same apk"
# /system/bin/cp /cloudsota/CloudsService.apk /system/app/
# /system/bin/chmod 644 /system/CloudsService.apk
# fi
fi