Threat Research

Android/DroidKungFu uses AES encryption

By Axelle Apvrille | June 09, 2011

As a "Crypto Girl" should, I wish to report that the latest Android malware, Android/DroidKungFu, uses AES encryption.

It is certainly not the first time Android malware use cryptographic encryption - we have already seen use of DES in Android/Geinimi or Android/HongTouTou - but this would appear to be the first use of AES on Android (AES has already been reported in Symbian malware such as SymbOS/InSpirit).

In Android/DroidKungFu, the malware uses AES to encrypt the two exploits it uses:

  • CVE-2009-1185: packaged as gjsvro. located in the malware's assets

  • CVE-2010-EASY (rage against the cage): named ratc, in the malware's assets

We can't really figure out why the malware authors specifically used AES, as a simple XOR on the exploits would have bypassed hash-based AV-signatures (signatures based on a hash of those executables). Is it just because there's an AES class available?

The malware decrypts the files using a hard-coded key in a malicious utility class (named Utils):

private static byte[] defPassword = { 70, 117, 99, 107, 95, 115, 69, 120,
  121, 45, 97, 76, 108, 33, 80, 119 };

To decrypt the exploits, we can write some Java source code that reads the encrypted assets, decrypts it with AES using the hard-coded key, and dumps the decrypted data.

The decryption routine can be copy-pasted from a disassembly of the malware:

public static byte[] decrypt(byte[] paramArrayOfByte)
throws Exception  {
 byte[] arrayOfByte = defPassword;
 SecretKeySpec localSecretKeySpec = new SecretKeySpec(arrayOfByte, "AES");
 Cipher localCipher = Cipher.getInstance("AES");
 localCipher.init(2, localSecretKeySpec);
 return localCipher.doFinal(paramArrayOfByte);

Then, reading the asset and dumping the output is just a matter of using the Java FileInput/OutputStream and ByteArrayInput/OutputStream classes.

ByteArrayOutputStream bout = new ByteArrayOutputStream();
FileInputStream fin = new FileInputStream(filename);
int c;
while ((c = != -1) {
byte [] decrypted = decrypt(bout.toByteArray());
ByteArrayInputStream bin = new ByteArrayInputStream(decrypted);
String outputfilename = filename + ".decrypt";
FileOutputStream fout = new FileOutputStream(outputfilename);
while ((c = != -1) {

A quick look to the strings shows the assets are decrypted successfully:

$ strings ratc.decrypted
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[-] getrlimit...

Android/DroidKungFu was discovered by Pr. Xuxian Jiang and his team. Thanks for sharing samples.

Stay tuned!

-- the Crypto Girl

Join the Discussion