Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-6606 PoC — Android Secure Element Evaluation Kit插件权限许可和访问控制漏洞

Source
https://github.com/michaelroland/omapi-cve-2015-6606-exploit
Associated Vulnerability
Title:Android Secure Element Evaluation Kit插件权限许可和访问控制漏洞 (CVE-2015-6606)
Description:Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。Secure Element Evaluation Kit(又名SEEK或SmartCard API)是其中的一个统一的访问接口插件。 Android 5.1版本的Secure Element Evaluation Kit插件中存在安全漏洞。攻击者可借助特制的应用程序利用该漏洞获取权限。
Description
Simple Exploit for Verification of CVE-2015-6606
Readme
# Simple Exploit for Verification of CVE-2015-6606

This is a simple exploit to verify a code injection vulnerability that exists in the
SEEK smartcard service versions 3.1.0 and below (CVE-2015-6606, Google internal bug#
ANDROID-22301786). The vulnerability allows specially crafted Android application
packages to inject arbitrary code into the execution context of the smartcard system
service. This code inherits all permissions granted to this system service, which
include signature-or-system permissions that are not normally granted to third party
apps.

Further details can be found in our report *Executing Arbitrary Code in the Context
of the Smartcard System Service* (see literature section below).



## DISCLAIMER

You are using this application at your own risk. *We are not responsible for any
damage caused by this application, incorrect usage or inaccuracies in this manual.*



## LITERATURE

- [CVE-2015-6606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6606)
- Google: [Nexus Security Bulletin - October 2015](http://source.android.com/security/bulletin/2015-10-01.html)
- M. Roland: "*Executing Arbitrary Code in the Context of the Smartcard System Service*," [arXiv:1601.05833 [cs.CR]](http://arxiv.org/abs/1601.05833), Computing Research Repository (CoRR), arXiv.org/corr, University of Applied Sciences Upper Austria, JR-Center u'smile, January 2016.
- M. Roland and M. H�lzl: "*Open Mobile API: Accessing the UICC on Android Devices*," [arXiv:1601.03027 [cs.CR]](http://arxiv.org/abs/1601.03027), Computing Research Repository (CoRR), arXiv.org/corr, University of Applied Sciences Upper Austria, JR-Center u'smile, January 2016.



**License**: [GNU General Public License v3.0](http://www.gnu.org/licenses/gpl-3.0.txt)
File Snapshot

 [4.0K]  /data/pocs/405c20d3b4de50cb4c43664e59fd54a779c1efd5
├── [4.0K]  app
│   ├── [6.5K]  app.iml
│   ├── [ 635]  build.gradle
│   ├── [4.0K]  libs
│   │   └── [ 178]  README.txt
│   ├── [4.0K]  libs-preinstalled
│   │   ├── [ 25K]  org.simalliance.openmobileapi.jar
│   │   └── [ 181]  README.txt
│   ├── [ 673]  proguard-rules.pro
│   └── [4.0K]  src
│       └── [4.0K]  main
│           ├── [2.0K]  AndroidManifest.xml
│           ├── [4.0K]  java
│           │   └── [4.0K]  org
│           │       └── [4.0K]  simalliance
│           │           └── [4.0K]  openmobileapi
│           │               └── [4.0K]  service
│           │                   └── [4.0K]  terminals
│           │                       └── [4.0K]  exploit
│           │                           ├── [4.0K]  activities
│           │                           │   ├── [2.8K]  AboutActivity.java
│           │                           │   ├── [7.2K]  MainActivity.java
│           │                           │   └── [4.5K]  ViewerActivity.java
│           │                           ├── [ 11K]  ContextInfo.java
│           │                           ├── [1.5K]  DumpableInfo.java
│           │                           ├── [4.7K]  ExploitTerminal.java
│           │                           └── [2.4K]  OmapiInfo.java
│           └── [4.0K]  res
│               ├── [4.0K]  drawable-hdpi
│               │   ├── [4.5K]  ic_launcher.png
│               │   ├── [1.9K]  ic_menu_info_details.png
│               │   ├── [1.2K]  ic_menu_save.png
│               │   ├── [10.0K]  logo_app_square.png
│               │   ├── [3.6K]  logo_fhooe_square.png
│               │   ├── [2.4K]  logo_fhooe_square_small.png
│               │   ├── [5.0K]  logo_mroland_square.png
│               │   ├── [3.4K]  logo_mroland_square_small.png
│               │   ├── [2.7K]  logo_usmile_square.png
│               │   └── [1.7K]  logo_usmile_square_small.png
│               ├── [4.0K]  drawable-ldpi
│               │   ├── [1.9K]  ic_launcher.png
│               │   ├── [1.5K]  ic_menu_info_details.png
│               │   ├── [1.2K]  ic_menu_save.png
│               │   ├── [4.0K]  logo_app_square.png
│               │   ├── [1.5K]  logo_fhooe_square.png
│               │   ├── [1022]  logo_fhooe_square_small.png
│               │   ├── [2.1K]  logo_mroland_square.png
│               │   ├── [1.3K]  logo_mroland_square_small.png
│               │   ├── [1.1K]  logo_usmile_square.png
│               │   └── [ 751]  logo_usmile_square_small.png
│               ├── [4.0K]  drawable-mdpi
│               │   ├── [2.8K]  ic_launcher.png
│               │   ├── [1.2K]  ic_menu_info_details.png
│               │   ├── [ 981]  ic_menu_save.png
│               │   ├── [6.5K]  logo_app_square.png
│               │   ├── [2.4K]  logo_fhooe_square.png
│               │   ├── [1.5K]  logo_fhooe_square_small.png
│               │   ├── [3.4K]  logo_mroland_square.png
│               │   ├── [2.1K]  logo_mroland_square_small.png
│               │   ├── [1.7K]  logo_usmile_square.png
│               │   └── [1.1K]  logo_usmile_square_small.png
│               ├── [4.0K]  drawable-xhdpi
│               │   ├── [6.5K]  ic_launcher.png
│               │   ├── [2.7K]  ic_menu_info_details.png
│               │   ├── [1.5K]  ic_menu_save.png
│               │   ├── [ 13K]  logo_app_square.png
│               │   ├── [5.0K]  logo_fhooe_square.png
│               │   ├── [3.3K]  logo_fhooe_square_small.png
│               │   ├── [6.7K]  logo_mroland_square.png
│               │   ├── [4.6K]  logo_mroland_square_small.png
│               │   ├── [3.6K]  logo_usmile_square.png
│               │   └── [2.4K]  logo_usmile_square_small.png
│               ├── [4.0K]  layout
│               │   ├── [ 10K]  activity_about.xml
│               │   ├── [4.3K]  activity_main.xml
│               │   └── [3.6K]  activity_viewer.xml
│               ├── [4.0K]  menu
│               │   ├── [1.1K]  main.xml
│               │   └── [1.3K]  viewer.xml
│               └── [4.0K]  values
│                   ├── [ 845]  colors.xml
│                   ├── [3.0K]  strings.xml
│                   └── [ 919]  styles.xml
├── [ 498]  build.gradle
├── [4.0K]  gradle
│   └── [4.0K]  wrapper
│       ├── [ 52K]  gradle-wrapper.jar
│       └── [ 230]  gradle-wrapper.properties
├── [ 855]  gradle.properties
├── [4.9K]  gradlew
├── [2.3K]  gradlew.bat
├── [ 34K]  LICENSE
├── [ 958]  omapi-cve-2015-6606-exploit.iml
├── [1.7K]  README.md
└── [  15]  settings.gradle

23 directories, 72 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.