Android Exploit Framework

This project is about creating a framework for on-device exploitation of Android devices with the aim of gaining permanent root-level system access permissions for applications and the user. While most existing approach need a host computer to “root” the Android device, this project aims at being executed on the Android device itself. In contrast to other applications that are available as compiled and ready-to-install APK files, the project is also open source and is intended to be embedded into other applications.

The Android on-device exploit framework project was initiated by Sebastian Höbarth as part of the “Secure Mobile Systems” course at Upper Austria University of Applied Sciences and subsequently extended and published by Sebastian Höbarth and Rene Mayrhofer. An initial paper describing the technical details was submitted to IWSSI/SPMU 2011 (3rd International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Phone Use) and is available online.

Full source code of the exploit framework can be downloaded from the public git repository or cloned anonymously with

git clone http://git.openuat.org/git/android-exploiting.git

Updates to the framework may be done irregularly for new devices or new Android versions. Any suggestions for improvement are highly welcome.

René Mayrhofer
René Mayrhofer
Professor of Networks and Security & Director of Engineering at Android Platform Security; pacifist, privacy fan, recovering hypocrite; generally here to question and learn