A rootkit for Android. Based on Android platform based linux kernel rootkit from Phrack Issue 68
Part of ISA 673 a class project. Adding it here just because there is not just enough documentation out there to do this for Android
I appreciate any pull requests as long as they extend functionality and dont do harm
Kernel Build Specs
Using kernel tree from here
Using ROM image from here
Using Android NDK toolchain 4.4.3 from Google.
Tried and tested on HTC Bravo running kernel version 184.108.40.206
Desciption: This rookit is developed to intercept the following calls
Author: Hitesh Dharmdasani email@example.com
License: GPL v2
Depends: Android NDK, Kernel source tree of target
Vermagic: 220.127.116.11-cos-bravo-jellybean+ preempt mod_unload ARMv7
- The source tree will not complile to give you a zImage that you should use. A hack around it was to just use a pre built rom with the same specs
- If you are facing vermagic issues. Fix them by the obvious.
- Fix entry in utrelease.h
- Fix entry in kernel.release
- DO NOT 'make' the kernel source tree after you do this
- Edit the makefile to suit your paths for the NDK and the kernel source tree for your Android Operating system
- The rootkit compiles as a kernel object and needs to be run on the phone.
# insmod sys_call_table.ko