This project is about creating a framework for on-device exploitation of Android devices with the aim of gaining permanent root-level system access permissions for applications and the user. While most existing approach need a host computer to "root" the Android device, this project aims at being executed on the Android device itself. In contrast to other applications that are available as compiled and ready-to-install APK files, the project is also open source and is intended to be embedded into other applications.
The Android on-device exploit framework project was initiated by Sebastian Höbarth as part of the "Secure Mobile Systems" course at Upper Austria University of Applied Sciences and subsequently extended and published by Sebastian Höbarth and Rene Mayrhofer. An initial paper describing the technical details was submitted to IWSSI/SPMU 2011 (3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use) and is available online.
Full source code of the exploit framework can be downloaded from the public git repository or cloned anonymously with
git clone http://git.openuat.org/git/android-exploiting.git
Updates to the framework may be done irregularly for new devices or new Android versions. Any suggestions for improvement are highly welcome.