zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such as rm -r -f or rm -fr etc.
As in code src/tools/android/actions.rs#L413-L424, we can see the rm -f and rm -rf are hard coded and thus can be simply bypassed via rm -r -f or rm -fr etc.
pub async fn device_shell(adb: &AdbExecutor, cmd: &str) -> Result<String> {
// Normalize whitespace for blocklist check
let normalized: String = cmd.split_whitespace().collect::<Vec<_>>().join(" ");
let lower = normalized.to_lowercase();
let blocked = [
"rm -rf",
"rm -r",
"reboot",
"factory_reset",
"wipe",
"format",
"dd if=",
"mkfs",
"flash",
"fastboot",
];
for pattern in &blocked {
if lower.contains(pattern) {
return Err(ZeptoError::Tool(format!(
"Blocked dangerous command containing '{}'",
pattern
)));
}
}
Set up zeptoclaw with an Android tool and then run the command rm -f -r etc.
Unauthorized command executed in Android device.
0.6.2Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:H7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H