(tl;dr: I didn't see adups packages on the Gemini)
Adups was a spyware that was baked in on a number of low cost Mediatek based phones in the last 2 years.
Pretty nasty stuff -
https://www.blackhat.com/us-17/briefings/sc...ps--others-6634I personally had one of these devices.
I mentioned to Planet early on in the campaign to guard against any
accidents. Seems I was not the only one.
Back when adups first came out, I managed to verify it by checking the packages installed on the phone, and watching the stuff crash in logcat when I blacklisted the URLs it used on my network...
To check the Gemini for this, we first need to do a few things:
1) Enable developer options in Android:
In Settings, go to About, then tap on Build number option a number of times until you get the toast-message confirming developer option.
2) Ensure debug options are enabled on the device:
In Settings, go to Developer Options, and make sure the toggle is set to On.
3) Connect device:
Use the USB cable, and connect to the USB-C port on the left side of the Gemini (unplug and replug I guess if you already had it connected)
4) Download the driver:
Download latest_usb_driver_windows.zip from here:
https://dl-ssl.google.com//android/reposito...ver_windows.zip(The google driver seems to work, so no need to mess around with the MTK driver...)
Extract ZIP
5) Install the driver:
In Windows, open Device Manager, and you should observe some ADB device under "Other devices", with a yellow triangle on it...
There is more than one way of installing the drivers, you have to follow these steps to make it work... don't use some shortcut method you may know - Window will reject the driversRight click on the ADB device with the yellow triangle
Select Update Driver Software…
Select "Browse for driver software on your computer"
Select "Let me pick from a list of device drivers on my computer"
Select "Show all devices"
Select "Have Disk"
Navigate to where you extracted the ZIP, select the android_winusb.inf file
In the dialog select "Android ADB Interface"
Ignore the "Update Driver Warning" message
Observe new device in Device Manager located at Android Device\Android ADB Interface.
You probably will get a confirmation dialog on your Gemini asking you to trust the computer - make sure you confirm that on the GeminiNow that we have the drivers are loaded, you need ADB installed:
1) Go to here:
https://developer.android.com/studio/index.html2) Scroll down to "Get just the command line tools" and download the SDK tools.
Check if ADB is working:
1) From command line, navigate to \sdk\platform-tools\
2) Run: adb devices
You should see your device listed (make sure you tap the confirm button in the dialog on the Gemini)
To check for Adups, we'll make a text file, and try to get all the packages on the phone listed in it:
1) From command line, navigate to \sdk\platform-tools\
2) Run these command to dump package names into a text file:
adb shell pm list packages > packages.txt
adb shell pm list packages -s >> packages.txt
adb shell pm list packages -3 >> packages.txt
adb shell pm list packages -d >> packages.txt
3) Open that packages.txt file, and check for anything called "adups"
Is Adups in there?
Nope, cannot find it.
I did spot a com.fota.wirelessupdate though...
Previously the adups packages were:
com.adups.fota
com.adups.fota.sysoper
though that also means "Firmware Over-The-Air" - so does not mean anything.Does that mean the Gemini is 100% clean?
Unsure.
Apparently Adups did
something after they were found out... there are some news stories about a second round of adups fun out there...
https://www.slashgear.com/adups-chinese-spy...g-blu-27493055/The original adups thing, exfiltrated data to:
bigdata.adups.com
bigdata.adsunflower.com
bigdata.adfuture.cn
bigdata.advmob.cn
221.228.214.101
See:
https://www.theregister.co.uk/2016/11/15/an..._home_to_china/Maybe someone with better skills can do some network level checking on the Gemini over a period of time, and list all the IPs/domains the device calls out to?