Hello everyone!
You may or may not know me, however I have secretly been working behind the scenes with ChiefzReloaded to learn how Android works. Together we have been trying to develop new ways to root the Slide, primarily because we both landed in a sticky situation that left us both without root and without a way to revert to root.
After many long hours of trying to restore my phone, I have now ported the exploid exploit to the MyTouch Slide! This means that you can gain root on any version of the Slide, INCLUDING the latest OTA! However, this isn't necessarily "easy" as in the One-Click Root program, but there are reasons for this. While Android is running we cannot write to /system and even if we force Linux to let us, the NAND protection will prevent Linux from completing the write!
To get started, please see the bottom of this post for the link and download it. You will want to download it to your computer and not your phone's SD card. Also, you will need the tools from the Android SDK. I would suggest extracting the file from my zip at the bottom of this page into the Android SDK's tools directory.
Extract the zip
Make sure your phone is in USB debugging mode AND you are in "Charge Only" mode.
Connect your phone to your computer.
Make sure you're in the same directory as where exploid is extracted before continuing to the next step.
Issue the following command: adb push exploid /sqlite_stmt_journals. Note: It MUST be in that directory - NO exceptions.
Run: adb shell
Run: cd /sqlite_stmt_journals
Run: chmod 0755 exploid
Run: ./exploid
Toggle your phone's Wifi (on or off, however you wish to do that).
Now (again) run: ./exploid (if prompted for a password enter: secretlol)
The next line should now begin with a pound (#) - if not, then something isn't setup right. Make sure to follow the directions verbatim. If you suspect you did follow them correctly, please reply to this post letting me know.
You should now be root! At this point you can do many things, but if you're looking to flash a custom ROM, continue to these instructions:
[NEW 10/18/2010:]
Steps 1-12 are intended to get you the ability to flash mtd0.img (which previously required using the SimpleRoot method) by gaining root inside of Android. By following the instructions in the rest of this section, it will allow you to flash a ROM or S-OFF your device:
The files you need are at: http://forum.xda-developers.com/showthread.php?t=703076- download both files linked in there (ESPRIMG.zip and SlideEng-package.zip)
Extract the contents of SlideEng-package.zip to a place of your choosing on your computer.
Place the entire (unextracted) ESPRIMG.zip on your SDcard.
Now push the files 'flash_image' and 'mtd0.img' that you just extracted from SlideEng-package.zip to /data/local using 'adb push'. (Noob? Instead of using 'adb push', install Droid Explorer and, using that utility, copy the 'flash_image' and 'mtd0.img' files to /data/local on your Slide)
Now I'm going to assume your phone is at root prompt (#) using steps 1-12. So now do (without typing the '#' symbols in front of both lines - they're just there to remind you that you need to be at a '#' prompt):
Code:
# cd /data/local
# chmod 04755 flash_image
# ./flash_image misc mtd0.img
Before you reboot make sure that the ESPRIMG.zip is on your SDcard!
Now turn off the phone.
Then press Volume-Down + Power.
The phone will power on and after about 5 minutes of verifying ESPRIMG.zip it will ask you if you want to flash it.
Press Volume-Up for 'YES' and wait until it finishes (ABSOLUTELY DO NOT POWER DOWN WHILE IT'S STILL FLASHING!!!).
Now when you go into recovery it should allow you to 'Apply update.zip from sdcard' (booting into Clockwork). If you don't have the Clockwork update.zip, here it is: http://www.4shared.com/file/OTRU7T3y/update_2.html (rename to update.zip after downloading since it's currently update_2.zip, then place it on your sdcard).
[/NEW 10/18/2010]
[NEW 12/30/2010]
Optional: Now that you're rooted you might want to disable all flash memory protections so you can permanently flash Clockworkmod (recovery - no more using an update.zip!) as well as other random things. Check here for details: http://forum.xda-developers.com/showthread.php?t=798168
[/NEW 12/30/2010]
CREDIT GOES TO:
[*] ChiefzReloaded! (For helping me learn the intricacies of Android and patiently answering all of my questions)
[*] 743C (For developing the original exploit)
Source code: (Yes, it's hackish. I was just trying to figure out why the system kept rebooting and haven't cleaned up the code since) download
DOWNLOAD:
http://www.4shared.com/file/CZsxSq-f/exploid.html
DONATE:
(Anything helps!)
(Some people may wonder why this is special compared to the One Click Root application. What's important is that One Click Root doesn't work on Slides running production/retail software, likely the same problem I had to fix to get exploid to work in my version.)
Thats whats up!!
If you be trollin then YOU BES TRAWLLIN
But if not then good job nb!
Sent from my T-Mobile myTouch 3G Slide using XDA App
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
falken98 said:
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
Click to expand...
Click to collapse
Sure, I was getting around to that - and I understand your concern. I'll post it in a second.
falken98 said:
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
Click to expand...
Click to collapse
You think nb is distributing a virus disguised as a root method?
Waaaaaat
Sent from my T-Mobile myTouch 3G Slide using XDA App
r0man said:
You think nb is distributing a virus disguised as a root method?
Waaaaaat
Click to expand...
Click to collapse
It is a bit funny, but I do understand his concern. I've posted the source code into the original post. Compiling it should result in the same hash as the binary I posted.
Good to see this I suggested this in another thread glad to see it in use thanks a bunch
nbetcher said:
It is a bit funny, but I do understand his concern. I've posted the source code into the original post. Compiling it should result in the same hash as the binary I posted.
Click to expand...
Click to collapse
Ill take a look at it when I get home.
ilostchild said:
Good to see this I suggested this in another thread glad to see it in use thanks a bunch
Click to expand...
Click to collapse
I actually had to do a lot of work on it. It doesn't quite work the same as the original exploid simply because the original exploid crashes the entire system and reboots. This causes the rootshell to never be committed to NAND and thus you get no where. I had to keep playing with things until I found a different method that works. It took several hours of me being upset with it, but watched the latest Burn Notice, came back to it, and BAM I had a stroke of genius.
where is rootshell? i can't exicute rootshell nor can i "cp" any files from sdcard however i do have a # instead of a $
Armyjon88 said:
where is rootshell? i can't exicute rootshell nor can i "cp" any files from sdcard however i do have a # instead of a $
Click to expand...
Click to collapse
Ignore that portion of the instructions provided by the program. As I stated, this is not intended for non-developers at this point. The # is your indication that you're running as root.
I am headed to work, but I don't usually have much going on there - I will be setting up a much cleaner system/environment for non-developers to work with and perma-root their phones with over the next few hours. Stay tuned!
Sweet
Sent from my T-Mobile myTouch 3G Slide using XDA App
having # and running as root as stated before u can actually follow with eng and then custom recovery and ur choice's rom..pls correct me if im wrong..thanx
statuzz said:
having # and running as root as stated before u can actually follow with eng and then custom recovery and ur choice's rom..pls correct me if im wrong..thanx
Click to expand...
Click to collapse
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
nbetcher said:
Ignore that portion of the instructions provided by the program. As I stated, this is not intended for non-developers at this point. The # is your indication that you're running as root.
I am headed to work, but I don't usually have much going on there - I will be setting up a much cleaner system/environment for non-developers to work with and perma-root their phones with over the next few hours. Stay tuned!
Click to expand...
Click to collapse
Let me know if you want to work together on some kind of one-click root app for the Slide. If the commands work through the terminal on the phone itself rather than via adb, I could probably make this into an app already, but since you're working on a more non-developer-friendly version, I'll just wait until that's out
televate said:
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
Click to expand...
Click to collapse
I'm delaying the release of my non-developer program for another couple hours.
As far as what you said above, all you need to do after gaining the # prompt is (in a separate window):
adb push flash_image /data/local
adb push mtd0.img /data/local
(switch back to your # adb shell, then type
cd /data/local
chmod 04755 flash_image
./flash_image misc mtd0.img
Then reboot and apply the ESPRIMG.zip. All of these files are found on the same post that I referenced in my OP. These instructions are all in that same page.
televate said:
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
Click to expand...
Click to collapse
Im also stuck since im not sure if you can update to eng from the ota..But first i want to personally thank the OP & CR for providing this.
This would be great for a One Click method
this would be nice to work into a one click root!
And This did work for me!
Does this root method gets /system moumted when android running?In short do we finaly get metamorph and root explorer working?
Related
like this!
i thought a purely ubuntu method would be helpful for those just starting out [like me] and the linux methods haven't been updated [to my knowledge].
1. charge your phone to at least 50%.
2. get adb.
BEARTARD said:
Install adb. Download it here: developer.android.com/sdk/index.html . adb is a little program distributed as part of the Android software development kit (SDK). Its job is to communicate with the phone from a shell (terminal). To install adb, I strongly suggest you copy the adb file from the tools directory into your system's /usr/local/bin directory. This way, it will always be in your path. If you don't intend to do development work on Android applications, feel free to delete the rest of the SDK after installing adb.
Click to expand...
Click to collapse
so, download that ^ . open it up and extract the adb file from the tools folder onto the desktop. now open up the terminal and type in:
gksu nautilus /usr/local/bin
drag the adb file in there and close nautilus.
3. pick a rom from the rom bible: forum.xda-developers.com/showthread.php?t=704567
i like the ota updated one from CR, the froyo ones were "too lacking" for me. although still awesome*
place the rom on your phone's sd card. don't unzip it. and remember where you put it.
4. download this 4shared.com/file/J6i52nwy/slideroot.html
make a folder somewhere [i use the desktop] and name it something, like "root". extract the downloaded files into that folder.
5. set the phone up to be rooted:
-unplug it from the computer if it is plugged in
-again, make sure it is charged to at least 50%
-settings > applications > development > USB debugging (check mark here)
-settings > connect to pc > charge only
-settings > wireless & networks > wifi unchecked (important)
-settings > sound & display > screen timeout > never
-now plug it back in
6. minimize all other windows.
open up a terminal and type:
cd
now drag the folder you extracted all the stuff from step 4 into the terminal window [faster than typing it all out ]. click the title bar of the terminal. press enter. don't close this terminal. we should now be inside the folder.
7. copy and paste these commands in order.
they make some time to complete, so be patient or risk KILLING YOUR PHONE TO DEATH. [also, i'm not sure which commands actually require sudo to run so i just included it in all of the commands, forgive my noobishness].
commands:
sudo adb devices
-to start it up and make sure your phone is recognized the first time, if not, try again:
sudo adb devices
sudo adb push exploid /sqlite_stmt_journals
sudo adb push flash_image /data/local
sudo adb push mtd0.img /data/local
sudo adb push update.zip /sdcard
sudo adb push esprimg.zip /sdcard/ESPRIMG.zip
-you might want to get a drink or say hi to some friends at this point; takes a while. just wait until it says it's done like the rest.
adb shell
cd /sqlite_stmt_journals
chmod 0755 exploid
./exploid
-at this time go to settings and turn wifi on and then back off before continuing
./exploid
-the password is : secretlol
you should now have a # instead of a $
cd /data/local
chmod 04755 *
/data/local/flash_image misc /data/local/mtd0.img
8. turn off the phone.
9. press and hold volume down and then power up; hold both buttons.
let go when see the 3 skateboarding androids.
10. wait until the bar on the side of the screen loads.
if you don't see the bar wait about 4 minutes and something should happen.
11. when it is finished, press volume up, when prompted, to apply the update.
wait some more!~
DON'T REBOOT when it is done.
12. DON'T REBOOT!
13. press volume down.
press volume down once to highlight recovery and select with the power/lock button to boot recovery.
on the recovery screen you will see a device with a red warning triangle.
hold volume up and power together for a second or so.
14. ignore the warning at the bottom.
press volume down and then power to select apply update.zip.
you will now be loaded into the clockwork recovery and will be able to flash the rom of your choosing from your sd card.
you can use your touchpad at the bottom now and select with it.
otherwise: volume butttons=navigation power/lock=select
15. do a backup of your phone with nandroid.
-pretty self explanatory > press backup >wait >??? >profit!
16. wipe the device.
this won't wipe your sd card though, so don't worry.
17.install a custom rom
scroll down and select "install zip from sd"
select choose "zip from sdcard"
find your rom and apply!!!
wait!!!!!!.....
reboot!
18. complain on the dev forums about how bad the roms are, how dead the phone is, and speculate about newer phones. also, make sure to start your own thread even if it is a question, general banter, or to post pictures .
/sarcasm
19. seriously don't do step 18.
>_O
20. update the radio if it is not the newest one.
forum.xda-developers.com/showthread.php?t=705064
sources/more info:
exploid method:
forum.xda-developers.com/showthread.php?t=754669
ubuntu set up:
forum.xda-developers.com/showthread.php?t=710056
rom bible:
forum.xda-developers.com/showthread.php?t=704567
go donate money to the active devs now.
Oh crap. I got quoted. Good job, man!
thanks! i didn't know how else to so eloquently explain adb, so i just quoted you. hopefully this will be of help to all three of those linux users out there on this forum!
It's kind of funny, I came on here to write a thread like this one. I noticed that there wasn't a single thread that combined the new root method with flashing the ENG build into one. You saved me some time.
I noticed that you don't have the part about updating to the newest Radio after the ENG build. Do the newer ROMs come with a Radio update in them?
@slughappy1: i reccomended updating to CR's OTA rom since going from stock to updated stock with root is the most logical step. therefore, a radio updatre is included.
to my knowledge, the nicer devs include the newer radio, other wise they make a mention of updating it. anyways, i'll include it in my tutorial for completeness sake. now if only i could figure out how to take non-blurry distance pictures with my slide >_>. sadly, i'll probably sell this off for a g2 =\.
Why sudo? I don't think adb need super user permission. Is it needed because you put it in /usr/local?
Sent from my T-Mobile myTouch 3G Slide using Tapatalk
arifwn said:
Why sudo? I don't think adb need super user permission. Is it needed because you put it in /usr/local?
Click to expand...
Click to collapse
Some systems are setup incorrectly to handle giving users permission to write to the ADB device file when the phone is plugged in. The correct process is to fix the permissions on the dev file that udev creates. Here's a link to do that: http://forum.xda-developers.com/showpost.php?p=5300224&postcount=6.
Please ALWAYS refrain from using 'sudo' or 'su' unless you're ABSOLUTELY sure that it needs root and there's no (more) proper way to do it.
(On a side note, I'm always available to answer any simple or complicated Linux questions anyone may have. You can PM me to get my attention or GTalk: nbetcher at gmail dot com.)
Thanks for the post about not using sudo. It was a quick way to make sure users on various linux distros can get it to work without a whole bunch of rigmarole.
On another note about the udev rules mentioned, the "SYSFS{}" call is being deprecated and a revision will be needed soon.
So i tried to follow the intstruction but once i booted in recovery mode nothing happend
10. wait until the bar on the side of the screen loads.
if you don't see the bar wait about 4 minutes and something should happen.
this is the step where nothing i happening on my phone
huh!! no one cares to help me
You didn't give much information to learn where the problem might be. If you didn't get the loading bar on the side of the screen, your recovery didn't see the ESPRIMG.zip file in the root directory of your sd card. Mount it on the computer and see if it's there.
beartard said:
You didn't give much information to learn where the problem might be. If you didn't get the loading bar on the side of the screen, your recovery didn't see the ESPRIMG.zip file in the root directory of your sd card. Mount it on the computer and see if it's there.
Click to expand...
Click to collapse
Alright let me check if the sd card has ESPRIMG.zip. but i have a question no where in the instruction it says if i need to transfer the zip file to the sd card ?
Step number seven is one of the most important ones. Check those commands you pasted. Most of them copy files to various places on your phone.
When will it arrive?for 101 i mean
It won't happen until we get permanant root. No telling when that will happen.
a better question is, when will root be available, doesn't seem we have people with the right skills interested on the 101
Does the rageagainstthemachine root patch not work? Are you able to get to the /data/local directory and place something there that will allow for a flash_image command to be run? Do we know if they have the same type of hardware-level protection like HTC does?
EDIT: Can someone do the following:
1. download the rage zip enclosed, and unzip to it's own directory
2. run the following from your command prompt, assuming you have the Android SDK installed and in the path
adb push root/rageagainstthecage /data/local/tmp
adb shell
chmod 0755 /data/local/tmp/rageagainstthecage
./data/local/tmp/rageagainstthecage
Click to expand...
Click to collapse
It should kick you out and display some messages on the screen...just not errors. Then type:
adb shell
Click to expand...
Click to collapse
You Should see a "#".
If so, then we have temp root and then we should be able to perform some other functions like flash a recovery, etc....
Sent with my fingertips and voice on my Evo
jerdog said:
Does the rageagainstthemachine root patch not work? Are you able to get to the /data/local directory and place something there that will allow for a flash_image command to be run? Do we know if they have the same type of hardware-level protection like HTC does?
EDIT: Can someone do the following:
1. download the rage zip enclosed, and unzip to it's own directory
2. run the following from your command prompt, assuming you have the Android SDK installed and in the path
It should kick you out and display some messages on the screen...just not errors. Then type:
You Should see a "#".
If so, then we have temp root and then we should be able to perform some other functions like flash a recovery, etc....
Sent with my fingertips and voice on my Evo
Click to expand...
Click to collapse
It does not work as of the latest Archos firmware. All the previous firmwares/z4root work fine for temp root. The ADB device part of the Archos just never comes back (doesn't show in device manager for instance). I do not know if this helps, but Archos also has a crippled busybox and it seems furthered crippled as of the last firmware upgrade.
Tsusai said:
It does not work as of the latest Archos firmware. All the previous firmwares/z4root work fine for temp root. The ADB device part of the Archos just never comes back (doesn't show in device manager for instance). I do not know if this helps, but Archos also has a crippled busybox and it seems furthered crippled as of the last firmware upgrade.
Click to expand...
Click to collapse
Maybe have something to do with newer ARM architecture?
Sent with my fingertips and voice on my Evo
Why do you need permanent root?
Archos kindly released SDE which provides a way to install your own builds in dual boot.
Some links for more info:
http://forum.xda-developers.com/showthread.php?t=871335
http://www.openaos.org/
IRC #openaos on freenode
Maurice
The SDE require booting in recovery mode, and people said that it's often not perfect.
A permanent root for main OS would still be very useful, and still allow us to dual boot when we need to..
I think so too. PermaRoot would be very usefull.
I'm posting this here for visibility for Fascinate users and ROM developers. In the following thread you can find all the information, as well as how to download and apply the patch files:
http://forum.xda-developers.com/showthread.php?t=977154
I'm sure it will be incorporated into the major ROM's soon. However, if you install apps from unverified sources, or regularly try out new apps from the market, you shouldn't wait.
Patching via CWM:
imnuts said:
Here are two zips if people want them and don't feel like going to another thread/page/topic/whatever.
DroidDreamMalwarePatch_pre-edify.zip
DroidDreamMalwarePatch_edify.zip
Click to expand...
Click to collapse
Patching via ADB or terminal emulator:
Alternatively, probably the quickest way (and if you copy and paste, the most fool-proof) if you are rooted and know how to use ADB, is to open up a command prompt or a terminal emulator on the phone to access the adb shell. If on a PC, type:
Code:
adb shell su
Then type the following lines, omitting the $ and # (if you are on a terminal emulator, start here):
Code:
$ su
# mount -o rw,remount /dev/block/stl9 /system
# touch /system/bin/profile
# chmod 444 /system/bin/profile
You are now protected from the current iteration of DroidDream Malware. Consider installing a security program like LookOut to protect against future vulnerabilities.
Original Post:
Rodderik said:
[Patch][Rom]Malware Exploit for all pre-Gingerbread phones
Who is affected? All phones pre-gingerbread
Who should act? Users and developers using pre-gingerbread roms
How do I fix? Flash attached .zip at the bottom of this post or use one of the alternate methods down there
What if I think I was infected? Completely wipe your device, format sdard, go back to stock and re-apply rom, then flash the attached .zip (before installing any apps)
Why should I care? read below...
http://www.androidpolice.com/2011/0...your-phone-steal-your-data-and-open-backdoor/
Link to publishers apps here. I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn’t who it was supposed to be.
Super Guitar Solo for example is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APK’s, they both contain what seems to be the "rageagainstthecage" root exploit – binary contains string "CVE-2010-EASY Android local root exploit (C) 2010 by 743C". Don’t know what the apps actually do, but can’t be good.
I appreciate being able to publish an update to an app and the update going live instantly, but this is a bit scary. Some sort of moderation, or at least quicker reaction to malware complaints would be nice.
EDIT: After some dexing and jaxing, the apps seem to be at least posting the IMEI and IMSI codes to http://184.105.245.17:8080/GMServer/GMServlet, which seems to be located in Fremont, CA.
I asked our resident hacker to take a look at the code himself, and he’s verified it does indeed root the user’s device via rageagainstthecage or exploid. But that’s just the tip of the iceberg: it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.
Click to expand...
Click to collapse
The offending apps from publisher Myournet:
* Falling Down
* Super Guitar Solo
* Super History Eraser
* Photo Editor
* Super Ringtone Maker
* Super Sex Positions
* Hot Sexy Videos
* Chess
* ????_Falldown
* Hilton Sex Sound
* Screaming Sexy Japanese Girls
* Falling Ball Dodge
* Scientific Calculator
* Dice Roller
* ????
* Advanced Currency Converter
* App Uninstaller
* ????_PewPew
* Funny Paint
* Spider Man
* ???
Click to expand...
Click to collapse
http://www.androidpolice.com/2011/0...-android-nightmare-and-weve-got-more-details/
Now, on to some more details of the virus. We should point out that this vulnerability was patched with Gingerbread, meaning any device running Android 2.3+ should be fine. In other words, if you’re looking to play the blame game (which I’m not, but having read all the comments on the original post, many people are), then there’s plenty to go around. The hole was fixed by Google, but it’s relatively useless since many phones aren’t yet running a version of Android that is protected. It’s noteworthy that some manufacturers released updates that patched the exploit for devices without updating to Gingerbread; unfortunately, it appears that minority is quite a small one.
Perhaps most important is the question of what infected users can do about their situation; unfortunately, the answer is not much of anything. Because the virus opens up a backdoor and can bring in new code at any time, the only way to really rid an infected device of any damage is to completely wipe the device – not exactly the optimal solution, but it looks like the only one available, at least for now.
Finally, Justin notes that ROM developers working with pre-Gingerbread versions of Android can prevent the virus from backdooring in code by putting a dummy file at /system/bin/profile.
Click to expand...
Click to collapse
As you can see androidpolice.com reports on this backdoor and roots and steals personal information. The apps are removed from the market but that doesn't mean they got them all. Attached is a flashable fix as suggested by androidpolice.com
So users can flash this .zip or simply create a blank file called profile and place it in /system/bin/ (developers are encouraged to include this file in future releases. A blank file is not going to affect performance at all)
Alternate methods:
Using 'adb shell' or terminal emulator (should work on any ROOTED phone) as suggest by xaueious here
Code:
$ su
su
# remount rw
Remounting /system (/dev/stl9) in read/write mode
# touch /system/bin/profile
# chmod 644 /system/bin/profile
#
Alternate 2:
Download blank profile file from here (or create one and name it profile)
Use a program like Root Explorer to copy it to /system/bin/
Then longpress on it and check the permissions should be read/write for user, read for group, and read for others.
Alternate 3:
cyansmoker has put together an apk for the patch here https://market.android.com/details?id=com.voilaweb.mobile.droiddreamkiller
Thanks for pointing this out photoframd and androidpolice.com for investigating and reporting!
UPDATE: I renamed the .zip file and reuploaded it (350 hits wow). Also in the edify scripted version I added 644 permissions to the file (but if you already flashed it then it should have defaulted to that). I also added a pre-edify version of the patch thanks to xaueious for people using a recovery that does not yet understand edify.
Click to expand...
Click to collapse
Thanks
Sent from my Rocking dj05, themed superdark w/o swype mod, voodoo 5, with custom boot and shutdown.. With premium xda app.
I would also recommend installing the free Lookout Mobile Security app. I find it to be very non-intrusive on my phone, no negligible battery drain or performance issues. Just scans any app you install, looking for bad stuff. Also does weekly full system scans, contact backup, and provides phone lock/alarm/location tracking features in case you lose it. Premium version has even more bells and whistles.
Posted from my EB01 SuperClean Fascinate with Voodoo
This has been stuck for the time being as it seems to be affected a BOATLOAD of users. Thanks for the linkage!
Here are two zips if people want them and don't feel like going to another thread/page/topic/whatever.
adb shell busybox touch /system/bin/profile
is all you need. Most fascinate kernels (of recent) have a bug, and /system is mounted as r/w.
So everyone should flash this no matter what rom you are using? Should we flash the new cwr also?
sorry delete
jcase said:
adb shell busybox touch /system/bin/profile
is all you need. Most fascinate kernels (of recent) have a bug, and /system is mounted as r/w.
Click to expand...
Click to collapse
adb shell chmod 644 /system/bin/profile
also?
NOsquid said:
adb shell chmod 644 /system/bin/profile
also?
Click to expand...
Click to collapse
This would probably be a good thing. Basically locks the file from being written to, right? Should I add it to the first post?
lasportsfan said:
So everyone should flash this no matter what rom you are using? Should we flash the new cwr also?
Click to expand...
Click to collapse
Yes.
All this is is a quick fix that will create a blank file. The current iteration of the malware checks to see if it already exists. This file fools it into thinking it already exists, so it moves on.
As you might guess, the author needs to only update his code to bypass this, in order for this to be an issue again.
And now that this is out, someone else will probably try it. Someone who is a little more thorough.
Moral of the story?
Be careful.
Consider running something like LookOut.
Backup your important data regularly.
As far as CWM goes, is there some kind of connection to the malware thing? Or just in general?
(If just in general, it's better to ask elsewhere as to not derail the thread).
Otherwise, I don't believe the newest (orange) clockwork recovery from ROM manager is fully compatible yet. Last I heard, it still had some bad binaries and 1 bad mounting point. Stick with the Red from JT's thread (which is the same bundled into SuperClean). Other than a couple superficial bugs that don't hurt anything, it works wonderfully and has more features than the orange CWM currently has.
GizmoDroid said:
This would probably be a good thing. Basically locks the file from being written to, right? Should I add it to the first post?
Click to expand...
Click to collapse
I dunno, it was in Rodderik's post but jcase didn't mention it. He's smarter than me, that's why I asked...
444 or 000 would be safer as that would prevent the file from being overwritten at all. 444 for read-only, 000 for no access.
If I never downloaded any of the apps in the list and have lookout on my phone is this neccesary to download or should i not be worried?
italysfinest327 said:
If I never downloaded any of the apps in the list and have lookout on my phone is this neccesary to download or should i not be worried?
Click to expand...
Click to collapse
Who should act? Users and developers using pre-gingerbread roms
Click to expand...
Click to collapse
I'd say that means you should be worried. Those apps listed are just the ones that were found on the market with them from one publisher. Just how virus's can get put into any application on a PC, the same can be done on phones.
Remember folks, our phones are just as exploitable as any other computer, so be careful!
good thing the patch came out!
imnuts said:
444 or 000 would be safer as that would prevent the file from being overwritten at all. 444 for read-only, 000 for no access.
Click to expand...
Click to collapse
Not sure whether Android interprets permissions differently from desktop Linux, but even if a file is 000 the owner can delete it on Debian. And root definitely can. If the file needs to be there for the root exploit to work, then this prevents it, but if they can run the root exploit and get root while this file is there then changing permissions on it will do nothing.
iofthestorm said:
Not sure whether Android interprets permissions differently from desktop Linux, but even if a file is 000 the owner can delete it on Debian. And root definitely can. If the file needs to be there for the root exploit to work, then this prevents it, but if they can run the root exploit and get root while this file is there then changing permissions on it will do nothing.
Click to expand...
Click to collapse
This is just another reason why I see this as a quick fix for what will need to have a much better one in the future.
If anyone hears of a more robust solution (besides using LookOut), let us know!
I navigated through Root Explorer to system/bin/profile and found a file there that reports
"01 Aug 08 06:00:00 rwxr-xr-x 0 bytes".
The 2008 date has me worried, although the 0 bytes means it is empty. Does anybody know if this is put there by FrankenClean 2.8 as a fix for this issue, or am I the only one on SuperClean seeing this (which would be bad!)
SupraLance said:
I navigated through Root Explorer to system/bin/profile and found a file there that reports
"01 Aug 08 06:00:00 rwxr-xr-x 0 bytes".
The 2008 date has me worried, although the 0 bytes means it is empty. Does anybody know if this is put there by FrankenClean 2.8 as a fix for this issue, or am I the only one on SuperClean seeing this (which would be bad!)
Click to expand...
Click to collapse
It is included in SC2.8. The 0 bytes is the best indicator that you are clean, since this patch is merely an empty file.
If you were infected, that file would actually have code in it.
For CWM 2.5.x.x DJ05, which one do you flash? or both?
DroidDreamMalwarePatch_pre-edify.zip
DroidDreamMalwarePatch_edify.zip
Thanks and sorry for the trouble, just wanted to be sure.
I see random postings from others that also have the Motorola Electrify and was hoping to start a thread where Electrify owners could post a little information as to those things already developed for the Photon that work (or do not work) for our sister phone. Personally, I was a little apprehensive about diving in and applying mods haphazardly without some other brave soul taking the leap first.
I can confirm that the AIO root method by shabbypenguin (LINK) works on the Electrify and I would have commented in that thread, but my noobness on this site did not allow me to do so in the dev topics. I actually saw another Electrify owner's post confirming this, not on xda, but rather in comments on the youtube AIO root Video Instructions (thanks qbking77).
I had previously tried the root with dock method by edgan, but was unsuccessful.
My hope is that mods will allow this post to continue and that other Electrify users might find it useful and likewise contribute.
Thanks
note: I have started to add some links in post #3 below to some Electrify-specific information.
I thought I would mention that my local US Cellular has promotional pricing (-25%) on the HD Dock and Vehicle Navigation Dock for the Electrify which retail for $100 and $60 respectively. I have no idea if these are compatible with those made for the Photon, or vice versa.
Here is some basic info from the About Phone screen for the Motorola Electrify:
Motorola Electrify model MB853
Stock System version 45.1.167.MB853.USC.en.US
Android Version 2.3.4
Baseband Version n_01.10.00s.xj
Webtop Version WT-1.2.0-131-4
Kernel Version 2.6.32.9-00010-ge26b22b
[email protected]#2
Build number 4.5.1A_SUN_USC_16.7
PRL Version 15112
---------------------------
LINKS:
Link to Motorola Electrify kernel.img: HERE
Link to Stock (USC) Motorola Electrify System Dump (not cwm flashable)
and Deodexed version (cwm flashable - by shabbypenguin) in dev forums.HERE
Team US Cellular Electrify Forum - for confirmation of working mods, many originally posted on XDA.
Stock Motorola Electrify SBF File - for unrooting and re-locking bootloader
Motorola Owner's Forum for ELECTRIFY
Motorola Product Support page for ELECTRIFY
Motorola Media Link for Windows
ZumoCast for Windows by Motorola
If there is other information that might assist devs in determining compatibility for projects already developed or in development, please advise (but please be specific, as I take my noobivity seriously).
try flashing cwm, i would imagine youll be fine from that. but the big test will be if my kernel works/boots yall's phone
A full system dump would be great...
Requirements:
- Rooted Electrify
- Android SDK
Instructions:
- Connect via adb and issue the following commands:
Code:
adb shell
su
busybox tar czvf /sdcard/systemdump.tgz /system
exit
exit
adb pull /sdcard/systemdump.tgz
- Upload systemdump.tgz to a file sharing host like MultiUpload, Filesonic, etc. and post the link here.
Thanks!
actually a better way to do it would just use dd so i could get stock kernel and see if there is any if at all differences.
Question...is 4G Wimax and on Sprints /Clears wimax network?...im just hoping this phone and the photon in japan on kdd may give some hints or help with fixing the broke wimax when unlocked and also gsm radio rom that will work in the us
Sent from my MB855 using XDA App
Well, now I understand why I'm over here posting in the "General" section and not the development threads
I've spent the last several hours reading and installing the SDK only to discover I can't even figure out how to get it configured properly. I will succeed, but I'm too tired right now to continue and have other things to do later today. I'll try to provide more information as soon as I can get back to it.
And thanks Beach_Head and shabbypenguin for your interest and assistance.
just cheat, in the AIO root there is adb.exe and two dll files, toss them in your user's folder ( C:/Users/yourusernamehere) then you can just hit teh windows key and r. type in cmd hit enter, and you will be in command prompt in a directory with adb available (no sdk installing needed )
Beach_Head said:
A full system dump would be great...
Requirements:
- Rooted Electrify
- Android SDK
Instructions:
- Connect via adb and issue the following commands:
Code:
adb shell
su
busybox tar czvf /sdcard/systemdump.tgz /system
exit
exit
adb pull /sdcard/systemdump.tgz
- Upload systemdump.tgz to a file sharing host like MultiUpload, Filesonic, etc. and post the link here.
Thanks!
Click to expand...
Click to collapse
I get an error using the "busybox tar czvf" entry:
tar: invalid option --z
BusyBox v1.18.0.git multicell binary
??
I'll be away from the computer the rest of the day till late. Thanks again for the help. BTW, following shabbypenguin's adb "cheat" and got command window, but did not realize I needed to open superuser on the device to accept permissions (kept getting denied - duh)
adb shell
su
dd if=/dev/block/mmcblk0p11 of=/sdcard/eletricfykernel.img
upload that for me please
you can then use dd to copy the rest of the phone
It looks like your BusyBox build doesn't include gzip. Where'd you get it from?
Anyway, download Busybox by Stericson from Market and install a newer BusyBox build.
That command will work guaranteed...
Thanks!
drenner99 said:
I get an error using the "busybox tar czvf" entry:
tar: invalid option --z
BusyBox v1.18.0.git multicell binary
??
I'll be away from the computer the rest of the day till late. Thanks again for the help. BTW, following shappypenguin's adb "cheat" and got command window, but did not realize I needed to open superuser on the device to accept permissions (kept getting denied - duh)
Click to expand...
Click to collapse
drenner99 said:
Well, now I understand why I'm over here posting in the "General" section and not the development threads
I've spent the last several hours reading and installing the SDK only to discover I can't even figure out how to get it configured properly. I will succeed, but I'm too tired right now to continue and have other things to do later today. I'll try to provide more information as soon as I can get back to it.
And thanks Beach_Head and shabbypenguin for your interest and assistance.
Click to expand...
Click to collapse
You have been a positive contributor, and so I proudly give you your first "Thanks."
shabbypenguin said:
adb shell
su
dd if=/dev/block/mmcblk0p11 of=/sdcard/eletricfykernel.img
upload that for me please
you can then use dd to copy the rest of the phone
Click to expand...
Click to collapse
Here is the file you requested from the Electrify (electrifykernel.zip)
hopefully it contains what we're looking for....
Beach_Head said:
It looks like your BusyBox build doesn't include gzip. Where'd you get it from?
Anyway, download Busybox by Stericson from Market and install a newer BusyBox build.
That command will work guaranteed...
Thanks!
Click to expand...
Click to collapse
@Beach_Head, Thanks again. I did as you suggested and installed the newer busybox (1.19.2), but I still get the invalid option ("z") error when I enter the command
"busybox tar czvf /sdcard/systemdump.tgz /system"
from your code, and am then presented with a list of valid options, "z" not being one of them. Are we sure the czvf part of that line is as you intended? I'm still willing to give it a go if it will produce info that is helpful (see post immediately above with kernel.img file).
Thanks once again.
deedscreen said:
You have been a positive contributor, and so I proudly give you your first "Thanks."
Click to expand...
Click to collapse
I am truly humbled and can only say, you're welcome!
Yes. The z switch is for gzip...
Anyway, can you try without the z swicth.
So: busybox tar cvf /sdcard/systemdump.tgz /system
And then just zip it up again via WinRar or 7Zip before you upload it here...
Thanks!
drenner99 said:
@Beach_Head, Thanks again. I did as you suggested and installed the newer busybox (1.19.2), but I still get the invalid option ("z") error when I enter the command
"busybox tar czvf /sdcard/systemdump.tgz /system"
from your code, and am then presented with a list of valid options, "z" not being one of them. Are we sure the czvf part of that line is as you intended? I'm still willing to give it a go if it will produce info that is helpful (see post immediately above with kernel.img file).
Thanks once again.
Click to expand...
Click to collapse
I'm a moto electrify rooted and bootloader unlocked user.
Everything seems to work (as far as the root/unlock), but shabby's kernals are somewhat unstable on the electrify. Broken wi-fi is my only concern, and even with the wi-fi fix we haven't been able to run it.
one of my issues - now this isn't specifically about shabby's kernal or anything like that, but more of setcpu. Setcpu doesn't give me the option to scale, unfortunately.
my kernels are unstable on the photon so thats nothing new
what wifi fix? wifi is busted in rc2 due to modules needing to be updated. they arent part of the kernel they are instead loaded by the rom but they need to have the config file from the kernel in order to make them properly and thats where its all failing
shabbypenguin said:
my kernels are unstable on the photon so thats nothing new
what wifi fix? wifi is busted in rc2 due to modules needing to be updated. they arent part of the kernel they are instead loaded by the rom but they need to have the config file from the kernel in order to make them properly and thats where its all failing
Click to expand...
Click to collapse
Is there anything I can get you to fix the wifi in rc 2?
Hey guys, I came up with a basic set of tools which I find useful. You may redistribute , include in any custom ROMs and/or distributions.
This includes:
Rewrite /default.prop for ADB
Install and deploy busybox in /system/xbin
install bash, ipctool, strace, tcpdump, and viewmem binaries.
To install, you must be rooted.
Unzip the attached file
place it on your nook.
cd to the folder you installed
Run the following
Code:
sh /sdcard/BHT/run.sh
Please note, I use Android Market app QuickSSH to get into my nook terminal, your results may very.. I hope someone else grabs these files and makes it all more user friendly. I've got too many other things going on.
I encourage other developers to include these valuable debugging tools in their packages.
You, sir, are a monster! You get my vote.
Sent from my Nexus S using xda premium
AdamOutler said:
Hey guys, I came up with a basic set of tools which I find useful. You may redistribute , include in any custom ROMs and/or distributions.
This includes:
Rewrite /default.prop for ADB
Install and deploy busybox in /system/xbin
install bash, ipctool, strace, tcpdump, and viewmem binaries.
To install, you must be rooted.
Unzip the attached file
place it on your nook.
cd to the folder you installed
Run the following
Code:
sh /sdcard/BHT/run.sh
Please note, I use Android Market app QuickSSH to get into my nook terminal, your results may very.. I hope someone else grabs these files and makes it all more user friendly. I've got too many other things going on.
I encourage other developers to include these valuable debugging tools in their packages.
Click to expand...
Click to collapse
I can turn this into an apk, if you don't mind. By turn on adb with this method, adb will be rooted and the device will still be allowed to sleep?
brianf21 said:
I can turn this into an apk, if you don't mind. By turn on adb with this method, adb will be rooted and the device will still be allowed to sleep?
Click to expand...
Click to collapse
By all means. Please do.
My vote too. I just hope after you win that you keep up the great work on the Nook Tablet. The last two weeks or so have looked very promising towards getting custom roms on here and a lot of that has to do with Adam's hard work along with a few others
Nearly all of these are already in snowball-mod, but I'll include ipctool, and viewmem for the next release.
cfoesch said:
Nearly all of these are already in snowball-mod, but I'll include ipctool, and viewmem for the next release.
Click to expand...
Click to collapse
How did you get default.prop reread into memory? The only think I can see is the 2nd init hijack? Am I missing something a lot easier?
brianf21 said:
How did you get default.prop reread into memory? The only think I can see is the 2nd init hijack? Am I missing something a lot easier?
Click to expand...
Click to collapse
Note, I said "nearly all". I don't really see though how changing /default.prop would keep over reboots... rootfs is stored in memory and recreated every time, isn't it?
I've added the binaries to NT Hidden Settings. I have not implemented /default.prop swap yet. I have to play with hijacking init before I do. Thanks again.
brianf21 said:
I've add the binaries to NT Hidden Settings. I have not implemented /default.prop swap yet. I have to play with hijacking init before I do. Thanks again.
Click to expand...
Click to collapse
cool. where are you hosting that binary? I currently have a mirror set up at nook1.adamoutler.com for easy access... When someone gets a new device, they need to download 3 things onto their device to make it a real tablet.. nook1=hidden settings, nook2=homecatcher, nook3=market.. I may change 3 to launcherpro, but hidden settings is the number1 tool required for the nook Tablet.
AdamOutler said:
cool. where are you hosting that binary? I currently have a mirror set up at nook1.adamoutler.com for easy access... When someone gets a new device, they need to download 3 things onto their device to make it a real tablet.. nook1=hidden settings, nook2=homecatcher, nook3=market.. I may change 3 to launcherpro, but hidden settings is the number1 tool required for the nook Tablet.
Click to expand...
Click to collapse
Homecatcher? I mean, I understand if you want to keep using the B&N store and stuff, but if you don't care about the B&N stuff, then the hacked SystemUI.apk is a way better option than Homecatcher.
But then, you're advancing "launcher pro", while I would more generally say "any non-B&N launcher"...
I added another option to nt hidden settings to run adb as root. It doesn't require a reboot and it automatically turns off auto mount. I am using nemith's adbd.
remount / as rw
stop adbd
replace /sbin/adbd
remount / as ro
setprop to turn off auto mount
start adbd as root
It's not persistent after reboot, but it works and doesn't kill the battery. I am not going to bother with hkvc's hijacking init method, because it looks like you, hkvc, bauwks, and nemith will be able to replace the os soon. Thanks.