> Attention!

New threads need to be created only inroot partition! In the future, they will be processed by moderators.

If you posted a new version of the program, please notify the moderator by clicking the "Complaint" button on your message.

Catalog of Android programs



VTS for Android | A tool for the study of public-known system vulnerabilities.



Rep: (6068)
VTS for Android
Version: v.13

Last update of the program in the header:15.12.2015

Attached Image
Screenshots
Attached Image
Attached Image
Attached Image


Short description:
A tool for researching publicly known system vulnerabilities.

Description:
This tool probes your device for publicly-known system vulnerabilities. All data will stay on your device and will not be shared without your explicit consent. If the app says you're affected, please readhttps: //www.nowsecure....-vulnerable-now-what/. This application is not malicious, and because it's an open-source project you can see this for yourself on the app's Github repohttps://github.com/nowsecure/android-vts.
Please file any bugs, issues, or feature requests at:https://github.com/nowsecure/android-vts/issues. Note that some anti-virus programs may flag this application because it probes the device for weaknesses.

This tool is meant to show the end user the attack surface that a given device is susceptible to. In implementing these checks we attempt to minimize or eliminate both false positives / false negatives without negatively affecting system stability. The application is open source and you can contribute or review the source code athttps://github.com/nowsecure/android-vts.

When a vulnerability is discovered, Google receives word and applies a patch to Android. The Nexus devices are usually the devices that receive these patches quickest as they deviate the least (read: not all) from AOSP (Android Open Source Project - The core of Android, where Google commits to). The lag time between learning about a bug and the time when a patch is applied to a device can still be significant (for OEMs, it can be>1 year or never). For example, the futex bug (CVE-2014-3153 / Towelroot) was known about in late May, early June. This bug took multiple months to get patched on the flagship (at the time) Nexus 5. This leaves users extremely vulnerable to attack from applications. Users mostly do not know that their devices are vulnerable and this tool is meant to give visibility into the vulnerabilities a given device is susceptible to.

Attention! This application only checks for vulnerabilities, but does not eliminate them.


Android required: 4.0.3+ (API 15+)
Russian interface: Not

Developer: NowSecure OSS
The official page in Facebook: https://www.facebook.com/NowSecure
Official page in Twitter: https://twitter.com/nowsecuremobile

Download in Google Play: https://play.google.com/store/apps/details?id=com.nowsecure.android.vts (Temporarily not available)

Changes:
Version: v.13
1. Prioritize vulnerables which were positive on the device.
2. Add intro / welcome screens.
3. Add a test for CVE-2015-6616 from the December sec bulletin.

Version: v.12
1. Add a dialog after scan to denote whether the device is vulnerable or not.
2. Bubble vulnerable items to the top of the list.

Version: v.11
1. Sort vulnerabilities by date of CVE descending.
2. Enable WeakSauce check.
3. Fix crashes with x509 serialization check on devices<Kitkat.
4. Add check for CVE-2015-1528.
5. Fix some UI state bugs.
6. Small grammar fixes.

Version: v.9
1. Fixes coloring issue (s) with failed / inconclusive tests.
2. Adds new check for CVE-2015-6608.
3. Fixes race condition related to running some stagefright checks.
4. In the additional info, links to patches are shown instead of duped external links.
5. Added the ability to (optionally, explicitly, and anonymously) share results to a publicly available Google spreadsheet.

Version: v.6
1. Added descriptions to each vulnerability.
2. Fixed some issues running on ARM64.
3. Changed the vulnerability status to be yellow in the case of a failed test.

Version: v.5
1. This should fix issues with the serialization bug accidentally decrementing the wrong address.

Version: v.4
1. Added the ability to execute vulns only on particular architectures.

Version: v.3
1. This update includes a new material design.


Download:
Fresh fork: VTS for Android (Post S-trace # 70590336)
Version: v.13 Attached fileandroidVTS_v.13.apk (2.24 MB)


Past versions
Version: v.12 Attached fileandroidVTS_v.12.apk (2.02 MB)
Version: v.11 Attached fileandroidVTS_v.11.apk (2.01 MB)
Version: v.9 Attached fileAndroidVTS_v.9.apk (5.01 MB)
Version: v.6 Attached fileAndroidVTS_v.6.apk (5.01 MB)
Version: v.5 Attached fileAndroidVTS_v.5.apk (4.9 MB)
Version: v.4 Attached fileAndroidVTS_v.4.apk (4.9 MB)
Version: v.3 Attached fileAndroidVTS_v.3.apk (4.89 MB)


Post has been editedDisplax - 21.02.18, 23:05



Rep: (1)
Added Russian translation. version 13

Attached files

Attached fileVTS.apk(2.23 MB)


Post has been editedVladimus136969 - 29.01.16, 22:52
Reason for editing: Added .apk - file



Rep: (1412)
Gathered fresher version.
Sources:https://github.com/S-t...rtyCow%2BCVE_2016_0808

Cobrany together of two branches:
https://github.com/iRa.../tree/feature/DirtyCow
https://github.com/gia...tree/add_CVE-2016-0808

Attached fileandroid-vts_v.13 + 54_built_by_S-trace.apk(3.41 MB)



Rep: (6)
Can advise how to address the vulnerability? In the appendix all at angliyskom.I not copy the text to translate online.



Rep: (6068)
* adswerq,
Displax @ 25.11.15, 16:07*
Attention! This application only checks for vulnerabilities, but does not eliminate them.


But on the issue, put the firmware with the latest patches Android security (if your manufacturer scored on official updates).



Rep: (6)
Well, I realized that the app only proveryaet.A manually does not eliminate the vulnerability? I have a custom Prosha mainly on official firmware.



Rep: (6068)
* adswerq,
Well, only stagefright disabled via build.prop possible, and everything else ...
These vulnerabilities as much for only one and a half years of active their location, divorced, even if some of them can be on their own to fix, you torment. And so, all at the code level. Only the firmware on an actual basis AOSP save.



Rep: (647)
Displax @ 09.04.17, 15:45*
Only stagefright can be disabled via build.prop

What property do you mean?



Rep: (6068)
* okouser,
media.stagefright.enable-player = false
media.stagefright.enable-http = false
media.stagefright.enable-aac = false
media.stagefright.enable-qcp = false
media.stagefright.enable-fma2dp = false
media.stagefright.enable-scan = false



Rep: (647)
* Displax,
And do you know where to find the most detailed collection / description of system variables?



Rep: (1412)
Added support for 64bit ARM devices.
Sources all there:https://github.com/S-t...DirtyCow+CVE_2016_0808

Attached files

Attached fileandroid-vts_v.13 + 54_with_armv8_built_by_S-trace.apk(3.6 MB)



Rep: (1412)
I rebuilt and perezalil file from the last post (for some reason gives 404 even if the logged on profilesavagemessiahzine.com).
Original file I do not have, but collected from the same source as the last.

Attached files

Attached fileandroid-vts_v.13 + 54_with_armv8_built_by_S-trace.apk(3.41 MB)


Full version    

Help     rules

Time is now: 25/04/20, 2:13