Does your T95 Android TV Box contain a folder named
/data/system/Corejavaand a file named/data/system/shared_prefs/open_preference.xml?Your T95 is infected with malware pre-installed, ready to do whatever the C2 servers decide. Yes, malware from Amazon straight to your door! If they insist on selling these devices they really should add an “Includes Malware” category in the Android TV section.
This device’s ROM turned out to be very very sketchy – Android 10 is signed with test keys, and named “Walleye” after the Google Pixel 2. I noticed there was not much crapware to be found, on the surface anyway. If test keys weren’t enough of a bad omen, I found ADB wide open over Ethernet and WiFi - right out-of-the-box. T95 AllWinner T616 Malware Analysis · Cleanup
so.cl
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer