PPOMPPU
08
Forum > Mobile Phone Forum ▼> Classification ▼
Check the popular Samsung GOS performance control-related backdoor server_20220305
093850
nokitel
information 2022-03-05 1009 views 7416 recommendations 55
Post #1
Additional technology related to Samsung GOS performance control
support network_202203050737
Samsung is hosting a server at IBM.It’s a post for further research.
As a result of monitoring, I checked the network
packet as soon as I received information from the server.
AWS 336xx Samsung MDEC
AWS 15164xx Samsung Cloud
13125xx Samsung Cloud
AWS 52193xxgspio
AWS 337xx smartthings
AWS 13125xx smartbaedalcom
Real IP has been hidden.
Samsung’s operating servers are operated through AWS Amazon Cloud and found that 52193XX host name gos-gspio GOS is communicating with the server.I checked that I was receiving data through
communication with the GOS server immediately after booting according to the terminal reboot 12 of
1.
p10714 Saturday, March 5th
Game Optimizing Service
Traffic statistics for today
окв
0500
0000
11100
2200
Total traffic
3772KB
Saved data
OKB
All data
Today…Game Optimizing Service
1 316 KB A 6 KBOOKB
Total request.Reboot 1. Screenshot time 0715
tal 10730 Saturday, March 5th
Game Optimizing Service
Traffic statistics for today
1771 KB
0600
2200
Total traffic
7722 KB
Saved data
0KB
All data
Today…Game Optimizing Service
▼ 653 KB ▲ 110 KB O O KB
Total request.5
Reboot 2. Screenshot time 0730
> Every time I reboot the Adguard detection history terminal, I try to communicate through the GOS app
1st Boot Upload 6kb Download 316kb Accumulated
2nd Boot Upload 119kb Accumulated 653kb Download 653kb There was no communication at all from 00:00 today, but after rebooting at 07:14
UpdownPacket Appears
The communication log is as follows.
I hid the real IP. I want to post it in high definition because it’s 1mb
HAN, but it’s not going up.Immediately after booting, you can try to communicate between dedicated servers in the GOS app and check that you are getting data
data.We opened the
communication line, went through the authentication process, and confirmed that we received encrypted application data exactly eight times.
Also, after checking the GOS server information, I found out that I bought and used the 42 version of the Linux kernel.
Device type general purpose
Running JUST GUESSING Linux 4X 87
OSCPECpeolinuxlinux_Kernel42
aggressiveOSguesses Linux 4287
NoExactOSmatches for host conditions
UptimeGuesses 43793 Days
You can see that the kernel 42 version was released on August 30, 2015, and the server has been running for more than 6 years
.
httpsKernewbiesorgLinuxVers
KernelInformation is available on our official site.
Anyone can see that the data updated by Samsung immediately after booting through communication with the GOS server was
read from the GOS application in the form of
downloaded propxml every time to manipulate the user’s smartphone performance.
Now, regardless of the GOS release patch or recall, we will have to admit that these actions are clearly
illegal and reveal the exact details of stealing or injecting other information through further investigation.
!