SHADY RPC LIK3 SAMSUNG

β€” Posted inAndroid β€” 10 min read

So evry Sumsuser got this tiny little app who do a LOOOT…
To whom goes all this data from app…!??

Package Name: com.sec.imsservice

adb shell pm kill --user 0 com.sec.imsservice

Services

com.sec.internal.ims.imsservice.ImsService
com.sec.internal.ims.imsservice.CapabilityService
com.sec.internal.ims.imsservice.SemCapabilityService
com.sec.internal.ims.imsservice.PresenceService
com.sec.imsservice.service.VshService
com.sec.internal.ims.imsservice.VolteService2
com.sec.internal.ims.imsservice.SmsService
com.sec.internal.ims.imsservice.SSConfigService
com.sec.internal.ims.imsservice.UtService
com.sec.internal.ims.cmstore.CloudMessageService
com.sec.internal.ims.imsservice.OpenApiService
com.sec.internal.ims.entitlement.nsds.NSDSMultiSimService
com.sec.internal.ims.entitlement.config.EntitlementConfigService
com.sec.internal.ims.entitlement.softphone.SoftphoneService
com.sec.internal.ims.imsservice.TapiService
com.sec.internal.ims.imsservice.ImsStatusService
com.sec.internal.ims.config.UserMessageIntentService
com.sec.internal.ims.entitlement.fcm.FcmListenerService
com.sec.internal.ims.aec.receiver.fcm.FcmIntentService
com.sec.internal.ims.aec.receiver.fcm.FcmInstanceIdService
com.sec.internal.ims.entitlement.nsds.app.fcm.ericssonnsds.NsdsInstanceIdListenerService
com.sec.internal.ims.entitlement.nsds.app.fcm.ericssonnsds.RegistrationIntentService
com.sec.internal.ims.imsservice.SemGbaService

*Components that run in the background to perform long-running operations or to perform work for remote processes.

Broadcast Receivers

com.sec.internal.ims.imsservice.ImsServiceStub$BootCompleteReceiver
com.sec.internal.ims.imsservice.ImsIntentReceiver
com.sec.internal.ims.servicemodules.tapi.service.receiver.RcsServiceControlReceiver
com.google.firebase.iid.FirebaseInstanceIdReceiver

*These are components that respond to system-wide broadcast announcements. They don’t display a user interface but can create a status bar notification.

Content Providers

com.sec.internal.ims.servicemodules.tapi.service.provider.HistoryLogProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.CapsProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.ChatProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.GroupDeliveryInfoProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.FtProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.GeolocProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.RcsSettingsProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.IshProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.VideoSharingProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.BlockedContactProvider
com.sec.internal.ims.servicemodules.tapi.service.provider.UserConsentProvider
com.sec.internal.ims.settings.SettingsProvider
com.sec.internal.ims.diagnosis.ImsLogAgent
com.sec.internal.ims.config.ConfigProvider
com.sec.internal.ims.servicemodules.options.CapabilityProvider
com.sec.internal.ims.servicemodules.options.RcsUriProvider
com.sec.internal.ims.servicemodules.options.UriGeneratorProvider
com.sec.internal.ims.servicemodules.im.ImProvider
com.sec.internal.ims.cmstore.CloudMessageProvider
com.sec.internal.ims.servicemodules.csh.CshProvider
com.sec.internal.ims.rcscore.RcsPreferencesProvider
com.sec.internal.ims.servicemodules.session.SharedMultimediaProvider
com.sec.internal.ims.entitlement.softphone.SoftphoneSettingsProvider
com.sec.internal.ims.entitlement.nsds.ericssonnsds.persist.NSDSContentProvider
com.sec.internal.ims.entitlement.EntitlementContentProvider
android.support.v4.content.FileProvider
com.sec.internal.ims.entitlement.config.persist.EntitlementConfigProvider

*They manage a shared set of application data that you can store in the file system, in a SQLite database, on the web, or on any other persistent storage location that your app can access.

Requested Permissions

android.permission.RECEIVE_SMS
android.permission.RECEIVE_MMS
android.permission.BROADCAST_STICKY
android.permission.READ_PRIVILEGED_PHONE_STATE
android.permission.INTERACT_ACROSS_USERS_FULL
android.permission.INTERACT_ACROSS_USERS
android.permission.MANAGE_USERS
android.permission.PROCESS_OUTGOING_CALLS
android.permission.MONITOR_DEFAULT_SMS_PACKAGE
android.permission.SCHEDULE_EXACT_ALARM
com.google.android.c2dm.permission.RECEIVE
com.samsung.android.unifiedwfc.VOWIFI_PROVISIONING_PERMISSION
com.sec.nsds.READ_NSDS_PERMISSION
com.sec.nsds.WRITE_NSDS_PERMISSION
com.sec.android.settings.permission.SOFT_RESET
com.sec.android.settings.permission.NETWORK_RESET
com.sec.imslogger.permission.SERVICE
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.INTERNET
android.permission.MODIFY_PHONE_STATE
android.permission.READ_CONTACTS
android.permission.WRITE_CONTACTS
android.permission.SYSTEM_ALERT_WINDOW
android.permission.WAKE_LOCK
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
com.verizon.vzwavs.permission.READ
android.permission.READ_BLOCKED_NUMBERS
android.permission.CHANGE_WIFI_STATE
android.permission.SAMSUNG_MODIFY_IPTABLES
android.permission.SAMSUNG_MODIFY_ROUTE
com.sec.ImsTelephonyService.EPDN
com.sec.android.SAMSUNG_MODIFY_IPTABLES
com.sec.android.SAMSUNG_MODIFY_ROUTE
android.permission.BROADCAST_SMS
android.permission.READ_SMS
android.permission.WRITE_SMS
android.permission.MANAGE_APP_OPS_MODES
com.samsung.rcs.im.READ_PERMISSION
samsung.permission.DMSERVICE
android.permission.RECEIVE_WAP_PUSH
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.RECORD_AUDIO
android.permission.CAMERA
com.sec.sveservice.PERMISSION
android.permission.WRITE_SECURE_SETTINGS
android.permission.WRITE_SETTINGS
com.sec.epdg.PERMISSION
com.sec.android.providers.iwlansettings.permission.WRITE_IWLANSETTINGS
com.sec.android.providers.iwlansettings.permission.READ_IWLANSETTINGS
com.vzw.qualitydatalog.permission.LOG_EVENT
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.ACCESS_IMS_CALL_SERVICE
com.sec.ims.nsds.OPEN_WEBSHEET
com.samsung.android.mdec.provider.setting.CMC_ES_PERMISSION
android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS
com.ims.dm.permission.WRITE_DATABASES

Why this need all these permissions ??? lol

URL endpoints

http://maven.apache.org/POM/4.0.0 http://www.w3.org/2001/XMLSchema-instance http://maven.apache.org/xsd/maven-4.0.0.xsd https://github.com/google/libphonenumber/ http://maven.apache.org/maven-v4_0_0.xsd http://square.github.io/okio/ http://www.opengis.net/gml http://www.opengis.net/pidflo/1.0 http://www.gsma.com/rcs/maap/ http://www.tta.or.kr http://uri.etsi.org/ngn/params/xml/simservs/xcap http://127.0.0.1:1080/test/ http://clients3.google.com/generate_204 http://error.com http://good.com http://gsma.com/ns/iari-authorisation# http://gsma.com/ns/iari-authorisation-profile http://localhost:1080/cookie/mnc http://oap7.sprintpcs.com/http:// http://rcs-acs-mccXXX.jibe.google.com http://www.w3.org/2000/09/xmldsig# www.w3.org/2001/04/xmldsig-more#rsa-sha256 http://www.w3.org/2001/04/xmlenc#sha256 http://www.w3.org/2006/12/xml-c14n11 http://www.w3.org/2009/xmldsig-properties http://www.w3.org/TR/2001/REC-xml-c14n-20010315 http://xmlpull.org/v1/doc/features.html#process-namespaces https://bsf.sipgeo.t-mobile.com:443/ https://eas3.msg.t-mobile.com/generic_devices https://fir-e287d.firebaseio.com https://oap7.sprintpcs.com/https:// https://sentitlement2.mobile.att.net/WFC https://ses-pr.mobilecore.lla.com https://ses.epdg.gci.net/generic_devices https://tprodsmsx.att.net/commonLogin/nxsEDAM/controller.do https://wsg www.ims_rrc_refresh_dns.net http://xml.apache.org/xslt https://glassfish.dev.java.net/public/CDDL+GPL.html http://www.ietf.org/rfc/rfc3462.txt http://www.ietf.org/rfc/rfc3464.txt http://www.ietf.org/rfc/rfc2060.txt http://www.ietf.org/rfc/rfc2222.txt http://java.sun.com/j2se/1.5.0/docs/guide/security/sasl/sasl-refguide.html http://www.ietf.org/rfc/rfc1939.txt http://java.sun.com/products/javamail/Third_Party.html http://www.ietf.org/rfc/rfc821.txt http://www.ietf.org/rfc/rfc1651.txt http://www.ietf.org/rfc/rfc2554.txt http://www.ietf.org/rfc/rfc2592.txt http://www.ietf.org/rfc/rfc2831.txt http://www.ietf.org/rfc/rfc1891.txt http://www.ietf.org/rfc/rfc1892.txt http://www.ietf.org/rfc/rfc1894.txt http://www.ietf.org/rfc/rfc1869.txt http://www.ietf.org/rfc/rfc2045.txt http://www.ietf.org/rfc/rfc2231.txt http://java.sun.com/products/javamail/JavaMail-1.4.pdf http://java.sun.com/products/javamail/FAQ.html http://java.sun.com/products/javamail/ http://www.apache.org/licenses/LICENSE-2.0 http://schemas.android.com/apk/res/android http://config.rcscloudconnect.net http://rcs-acs-mccXXX.jibe.google.com/ http://config.rcs.mnc230.mcc311.pub.3gppnetwork.org http://rcs-acs-att-us.jibe.google.com https://xcap.ims.truphone.net http://rcs-acs-airtel-india.jibe.google.com/ http://rcs-acs-vodafone-idea-india.jibe.google.com/ http://config.rcs.mnc008.mcc450.pub.connectrcs.com http://config.rcs.mnc006.mcc450.pub.connectrcs.com http://config.rcs.mnc005.mcc450.pub.connectrcs.com http://rcs-acs-mcc206.jibe.google.com/ http://rcs-acs-bouygues-france.jibe.google.com/ http://rcs-acs-orange-france.jibe.google.com/ http://rcs-acs-free-france.jibe.google.com/ http://rcs-acs-ee-uk.jibe.google.com http://rcs-acs-hutch-three-uk.jibe.google.com/ http://rcs-acs-sky-uk.jibe.google.com/ http://rcs-acs-lyca-uk.jibe.google.com/ http://config.rcs.tracfone.com http://rcs-acs-dish-us.jibe.google.com http://rcs-acs-tmobile-us.jibe.google.com http://acs-uscc.jibe.google.com http://rcs-acs-xfinity-us.jibe.google.com http://acs-vzw-us.jibe.google.com http://rcs-acs-spectrum-us.jibe.google.com http://acs-ft-tel-ca.jibe.google.com http://rcs-acs-fizz-ca.jibe.google.com http://rcs-acs-mcc302.jibe.google.com/ http://acs-ft-fre-ca.jibe.google.com http://rcs-acs-mcc724.jibe.google.com/ http://acs-ft-clr-br.jibe.google.com http://xcap.ims.mnc002.mcc736.pub.3gppnetwork.org/simservs.ngn.etsi.org/users/IMPU/simservs.xml http://acs-ft-tlf-mx.jibe.google.com/ http://rcs-acs-virgin-mobile-uk.jibe.google.com/ https://acs-ft-oi-br.jibe.google.com/ http://rcs-acs-mcc330.jibe.google.com http://json-schema.org/draft-07/schema# https://json-schema.org/learn/getting-started-step-by-step.html https://tools.ietf.org/html/rfc6714 https://www.iso.org/obp/ui/#search https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes https://ftcontentserver.rcs.mnc https://cs-rcs.uplus.co.kr:8080 https://cs-rcs.uplus.co.kr:8090 https://211.115.7.206:8080 http://211.115.7.207:6010 http://foo.bar https://rcs-iot-dev-1-css.iot.jibecloud.net/cs https://ses.o2.co.uk:443/generic_devices https://ses-test.o2.co.uk:443/generic_devices https://rcs-user-content-eu.storage.googleapis.com https://mstore.de1.rbm.mavenir.com

*These endpoints are so shaaaddyyy…

IP endpoints

1.1.0.72 13.124.244.70 172.28.109.73 211.188.227.140 18.140.41.245 192.168.49.1 2.2.00.00 3.127.55.209 3.89.177.225 8.8.8.8 2.3.3.4 http://127.0.0.1:1080 107.108.208.127 10.40.140.134 3.6.2.2 172.28.118.201 172.28.109.141 172.28.109.100 21.1.1.206 10.211.35.68 10.77.153.28 104.199.19.32 192.168.1.2 192.168.150.1 10.91.244.12 10.254.44.36 10.72.66.132 5.4.2.2 5.1.3.1 2.4.3.3 120.197.90.65:5260 183.62.212.197:80 https://211.115.7.206:8080 http://211.115.7.207:6010

*IP also… who are uuu…???

This app u cant kill, u cant stop, u cant freeze…
if u do it breaks ur normal SMS sending msg…
sumhow is attacked with regual SMG messages…

TOP MOST DANGEROUS PERMISSIONS IMPOSSIBLE TO CHANGE ???

Data cant be cleaned also,
u cant change behavior its setting on Battery > Unrestricted …!?!?

Force Stop also no effect, u can click but nothin changes…

i use Shizuku with AppOps to block this app…
it just keeps trying to access messages or contacts..
crazy…

Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.