Overview:
HTCLoggers.apk was a logging controller present in many HTC devices.
I provided a PoC code/demonstration on how this application was flawed here – http://infectedrom.com/showthread.php/559-Vunerability-1-Android-Security-Elevation
On 10/25/2011 patches pushed to american carriers removing this apk from many devices. On sprint alone HTC EVO™ 4G, HTC EVO™ 3D, HTC EVO Shift™ 4G, HTC EVO Design 4G™, HTC EVO View 4G™ and HTC Wildfire S™ were effected. (source)
*Update* HTCLoggers.apk is back in newer versions of sense as Smith.apk with different signatures. It is also using unix domain sockets instead of TCP ports.
How it works:
App responsible:
/system/app/HtcLoggers.apk
Where it writes to:
/data/data/com.htc.loggers/
Ports Opened: (see more at original PoC report)
TCP Port 65511 – htcloggerd from /data/data/ path. Commands accepted
:getservices: – lists other listening services
LogCTL Port:
:help:
:getpath:
:bugreport:
:dumpsys:
Logcat Entries:
The following menus were available, and even though they claim are disabled, logcat entries showed otherwise:
D/HL:htcloggerd( 1335): uevent [change@/devices/platform/htc_battery/power_supply/usb]
D/HL:htcloggerd( 1335): uevent [change@/devices/platform/htc_battery/power_supply/ac]
D/HL:htcloggerd( 1335): uevent [change@/devices/platform/htc_battery/power_supply/battery]
D/HL:htcloggerd( 1335): uevent [remove@/devices/system/cpu/cpu1/cpufreq]
D/HL:htcloggerd( 1335): uevent [offline@/devices/system/cpu/cpu1]