Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Archives > Comedy Goldmine > The Goodmine > Found AndroSpy rootkit on Galaxy Note 2; Help?
 
  • Locked thread
Xenthalon
Jun 28, 2010
 Why would you completely abandon the phone? Doesn't reset to factory settings work? Or completely wiping and reapplying a vendor rom?

* # ¿ Jul 24, 2014 13:32
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 29, 2024 20:01
  • Quote
Xenthalon
Jun 28, 2010
 OP, on the off chance that this isn't an elaborate troll, and since you simply chose to ignore the correct technical explanations on why what you describe is not possible on the Android OS, here is how I would try to diagnose if it's actually AndroSpy or whatever it's called. (the simple file copies your it friend did won't work if it's a sophisticated spytool)

At no point in these steps will your phone be required to boot into the OS, potentially allowing the AndroSpy app to wipe itself or the phone.

1. put battery back into phone, no sim card
2. flash a custom recovery as described here (CM Note 2 Installation Guide), follow only the "Installing a custom recovery on Galaxy Note 2" section. In this step you only boot into the boot loader.
3. boot into the custom recovery and do a full nandroid backup
4. copy nandroid backup to a computer with a standard usb cable, this is possible from recovery mode. No idea what your friend is on about having to build a custom computer and getting cardreaders and whatnot
5. now you should have a full backup of your entire phone, all of the protected OS files (your state of the rom), radio, recovery, bootloader, all installed apps and their current state as well as your private data

From here on you could

a) dig around in the filesystem directly for anything suspicious, this would require detailed knowledge of the android filesystem
b) boot into a default virtual machine of a android phone (comes free with the android sdk), download Titanium Backup from the app store or sideload it, put nandroid backup file inside the virtualized phone, restore nandroid backup files into virtual phone using Titanium backup. This restores only the apps and their state, but most android spyware I know doesn't insert itself any deeper either, it only hides it's presence from sight. Don't allow internet access to the vm and monitor the behavior.
c) find a way to directly boot the entire nandroid backup in a vm, 5 minutes of googling didn't provide any finds, might still be possible though
d) share it with us as we could then verify your story

Please stop insulting everyone here as unhelpful idiots now.

* # ¿ Jul 26, 2014 17:49
  • Quote
  • Locked thread
The Something Awful Forums > Archives > Comedy Goldmine > The Goodmine > Found AndroSpy rootkit on Galaxy Note 2; Help?