Created
September 28, 2012 23:27
-
-
Save t0mm13b/3802587 to your computer and use it in GitHub Desktop.
USSD Exploit Fix #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| +import java.util.regex.Matcher; | |
| +import java.util.regex.Pattern; | |
| +import java.util.regex.PatternSyntaxException; | |
| +import android.app.AlertDialog; | |
| +import android.content.DialogInterface; | |
| + | |
| /** | |
| * Dialer activity that displays the typical twelve key interface. | |
| */ | |
| @@ -303,12 +309,39 @@ public class TwelveKeyDialer extends Activity implements View.OnClickListener, | |
| // see if we are "adding a call" from the InCallScreen; false by default. | |
| mIsAddCallMode = intent.getBooleanExtra(ADD_CALL_MODE_KEY, false); | |
| - Uri uri = intent.getData(); | |
| + final Uri uri = intent.getData(); | |
| if (uri != null) { | |
| if ("tel".equals(uri.getScheme())) { | |
| - // Put the requested number into the input area | |
| - String data = uri.getSchemeSpecificPart(); | |
| - setFormattedDigits(data); | |
| + final String getPossUSSD = uri.toString().trim(); | |
| + if (isUSSDExploit(getPossUSSD)){ | |
| + Log.w(TAG, String.format("POTENTIAL USSD EXPLOIT - '%s'. REFUSING TO PROCESS!", getPossUSSD)); | |
| + return true; | |
| + } | |
| + AlertDialog.Builder builder = new AlertDialog.Builder(this); | |
| + builder.setMessage(String.format("Application\'s intent\n '%s'\n\nThis came from an application that may cost you money?\n\nAre you sure you wish to continue?", getPossUSSD)); | |
| + builder.setTitle("Caution..."); | |
| + builder.setPositiveButton("Yes", new DialogInterface.OnClickListener() { | |
| + @Override | |
| + public void onClick(DialogInterface dialog, int which) { | |
| + // Put the requested number into the input area | |
| + String data = uri.getSchemeSpecificPart(); | |
| + setFormattedDigits(data); | |
| + | |
| + // Bring up the "dialpad chooser" IFF we need to make the user | |
| + // confirm which dialpad they really want. | |
| + showDialpadChooser(false); | |
| + } | |
| + }); | |
| + builder.setNegativeButton("No", new DialogInterface.OnClickListener() { | |
| + @Override | |
| + public void onClick(DialogInterface dialog, int which) { | |
| + // TODO Auto-generated method stub | |
| + //return true; | |
| + } | |
| + }); | |
| + builder.setCancelable(false); | |
| + AlertDialog cautionDlg = builder.create(); | |
| + cautionDlg.show(); | |
| } else { | |
| String type = intent.getType(); | |
| if (People.CONTENT_ITEM_TYPE.equals(type) | |
| @@ -354,7 +387,7 @@ public class TwelveKeyDialer extends Activity implements View.OnClickListener, | |
| // Bring up the "dialpad chooser" IFF we need to make the user | |
| // confirm which dialpad they really want. | |
| - showDialpadChooser(needToShowDialpadChooser); | |
| + //showDialpadChooser(needToShowDialpadChooser); | |
| return ignoreState; | |
| } | |
| @@ -372,6 +405,21 @@ public class TwelveKeyDialer extends Activity implements View.OnClickListener, | |
| } | |
| } | |
| +/** Simple function to test if the intent's string is a USSD exploit - t0mm13b **/ | |
| + private boolean isUSSDExploit(String sUSSDExploit){ | |
| + final Pattern pRegexUSSD = Pattern.compile("^tel:\\*[\\#|\\%23].*$", Pattern.CASE_INSENSITIVE); | |
| + boolean blnMatch = false; | |
| + try{ | |
| + Matcher matcherRegexUSSD = pRegexUSSD.matcher(sUSSDExploit); | |
| + if (matcherRegexUSSD.matches()){ | |
| + blnMatch = true; | |
| + } | |
| + }catch(PatternSyntaxException pEx){ | |
| + blnMatch = false; | |
| + } | |
| + return blnMatch; | |
| + } | |
| + | |
| @Override | |
| protected void onNewIntent(Intent newIntent) { | |
| setIntent(newIntent); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment