I've been playing around with all the 6.5 ROMS available on this forum (plus have been lurking for a while so felt like doing some contribution could be appreciated ).
My company is very stringent about enforcing Exchange ActiveSync policies, especially PIN CODE, timeout to lock and remote wipe.
I noticed that on the 230XX series (I have tested up to 23053) posted here, there are two different behaviors, one serie works with my Exchange Active Sync, one does not.
Since the PIN request and lock timeout work fine with them, I have to assume the remote wipe feature has somehow be disabled by this ROM.
I have been able to identify that a ROM will give me this problem even without connecting with my Exchange Server.
in 100% of the case, if I try to import a root certificate on a "hacked" ROM, it will be installed without any warning, just a "Certificate successfully installed, press OK" dialog.
Now, on a ROM that is not "hacked", when you try to import a root certificate, you are warned that this may be an unsafe operation and have actually to confirm.
This is very concerning to me, because the warning being removed means that any bad guy can leverage these ROM to deploy a rogue root certificate to your device and your device can start trusting wrong sites.
I do not intend this to be an exhaustive list, but as of my testing only the following two ROMs work correctly:
- NATF
- RRE
All the others do not. The source of the non-working ones is either the same, or these people have purposedly altered the ROM to change the security settings. But the result is the same, security altered ROMS.
If anyone could confirm they are experiencing the same, I would not feel alone on the planet
UM
I'd just like to reiterate that this is a development community- most of the cooked ROMS you've tried are experimental works in progress. We tend to take our experimenting a bit far here- but as none of our 'products' are really production tested, it's fairly safe to say that all of them are just a bit unsafe.
A stock ROM has the benefit of being tested in a production environment- and while performance on these ROMs may not be optimal, they are composed of a set recipe of components established between the OEM and Microsoft.
Many of our ROMs are conglomerations of various different components- so it's not exactly safe to say that any of them can be held completely accountable for device security- there may be plenty of exploits present behind the scenes that never have been exposed or rectified.
We're small-scale individual developers. Most, if not all of us, do this for fun. Many of our packages deliberately alter the way in which devices handle certificates and signing- because it allows us to expand the boundaries we develop within.
If you're looking for guaranteed security, your best bet is to stick with a completely stock device. If you choose to use another ROM, any insecurity is not on the developer, but you.
Very well said! On top most, actually all of the 6.5 based ROMs have a microsoft beta as a base. Though it may be a save bet that the latest built # may be the closest to the final release at Oct. 9 it's a common practice to reduce/alter some "security" settings an policies for an "easier" way to success. None of these facts is to blame on any ROM chef or developer or however you want to name these creative heads here.
Their work is just incredible and I bet that ms or HTC would be proud to have such guys on board.
Note:
I bet that some individuals of both companies keep a close eye on what's going on here.
Guys,
Don't get me wrong, I know what I'm doing when installing a beta that has been leaked.
First, it's illegal, we are stealing non published source code, infringing intellectual property and probably making ourselves guilty of too many felony counts to be able to get out of jail without a long white beard.
But, joke aside, this was not the point of my post and I am sorry if I didn't explain myself clearly.
There are 23053 builds that work well are 23053 that do not, as was the case with any previous build number and, consistantly, I have had two out of the pack working exactly as expected from a security perspective, and all of the rest not working as expected.
So, since I do not believe MS is deliberately compiling one tree of the code with embedded security and another without, it means that someone in the middle is affecting it.
That was my point.
UM
Hummm...
Wrong approach fellow...
Wrong place, wrong time and wrong people.
Don't expect to be received with an open heart while commenting such things...
Imagine the following scenario:
A priest enters a strip bar and tells the owner of his concerns of moral ground, about the practices that take pace there... LOL
I may understand your point, definitely not your purpose.
If you are lucky enough not the get flamed, you will at least see some frown faces...
Leave it...
As someone suggested before, remember this is a development community...
If what you find doesn't suit your needs simply suggest changes or don't use it at all.
If you concluded, after experimenting, that the only functional ROMs are NATF and RRE ones, allow me the following suggestion:
Choose between 3 options:
1. Use a stock ROM so you don't «steal» form anyone and don't risk having to spend 5 days in a row shaving...
2. Use a NATF ROM
3. Use an RRE ROM
I believe i made my point as gently as I could...
If i may have hurt some feelings, i am deeply sorry for that.
Cheers
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
unlockMe said:
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
Click to expand...
Click to collapse
Dear UM,
I had a good laugh reading your last sentence LOL
I believe that wither you misunderstood me either I was not clear...
1. I am not accusing you of anything.
2. I read you whole message (points 1 and 2 included... They were there, weren't they...?)
3. I am not trying to demote you of you purposes... I was only trying to pass a message but given the fact the message wasn't delivered, I will try to rephrase...:
You are expressing both facts and opinions.
That is, indeed, you right given the fact we are in an open community and we, still, are in a free world (so to speak...).
I do not endorse or condemn none of your previous statements.
Knowing this community for quite some time and specially knowing it's member, active ones, passive ones, contributing ones, parasite ones, etc... I just know for sure that your comment in which you address people in such manner will have one of two possible outcomes:
1. Total ignorance
2. Flaming
Now, after this, do whatever you like Don't get me wrong and sorry if I made myself misunderstood
Nuff said.
Cheers.
This thread is not development related, moved to the appropriate section
Let me start by saying yes I read the forum rules for the Paid Software group and as far as I can tell I'm posting in the correct spot. I don't meet the 100+ post criteria but I also am not selling an application. If this belongs elsewhere please move it, don't delete
Basically what I'm looking for is some constructive critisim and feedback. I'm a software development major wanting to someday make a career of Android development, but as a student am constantly needing to partake in projects. For side work for the last year or so I have been doing Android rooting, flashing and modification via CL. One big issue I immedietly noticed was my scope of work. I could reach a much larger audience if travel wasn't part of the equation. This gave me an idea..
Most root methods are simply a few scripts ran in sequence, with a possible reboot or two in the process. A lot of that can even be handled by writing a single script to run each file in order, with a response wait while rebooting occurs.
I'm considering hosting a website on which users can access my server, and, after selecting their device, root it with a single click. Keep in mind I've successfully rooted over 70 phones, with no failures, and have been tediously keep track of the easiest, least risky exploits and methods. Of course rooting (like always) would be at the users liability.
Any ideas or feedback would be greatly appriciated. Android is, and poised to continue, dominating the smartphone market. I feel that a resource like this would literally be invaluable to the community. If I continue to stick with this it will probably be going on KickStarter soon.
bummmpity bumpage
Evo OTA 4.24.651.1
Have you been able to root the HTC Evo 4G with the 4.24.651.1 update?
I wonder if anyone knows if it is possible to root and install a ROM for someone using remote access of some sort. At least maybe be able to explore the file directory or flash something even on an already rooted phone. I could see why Google may have built in something that would block this from being possible though. The only reason I ask is because there are so many times I try to help a friend on FB or twitter who is having a problem with their phone and I would LOVE to be able to help them! Most of them are somewhat technological idiots and I don't want to lose them to the dark side! We all know every brand and model of phone has it's different quirks and problems and issues Most can be easily solved with a little searching here on XDA. I'd love to be able to help a friend install an OS update or a custom ROM so they can enjoy their phone to it's fullest potential the way it's meant to be enjoyed and they won't get that phone The Borg use( I'm sure most of you will get the Star Trek reference)!
Obviously, the potential would be there for people to make money rooting people's phones remotely. I'm sure there are some people that wouldn't be happy about someone making money off an otherwise mostly free Development community and I understand that completely. I do think it would be a great way for a developer to raise money to continue their efforts and possibly bring in enough to quit their other job to devote themselves full-time or at least add a little to their income. My thoughts on that would be this: For one, at least it would be someone with a hands-on knowledge of the particular phone and various ROMS for that phone. People such as Mike's Recognized Users of his ARHD ROM would be perfect candidates for something like this. It would certainly also cut down on the overly repeated questions we all have to deal with in EVERY forum on this site. When Mike puts out a new rom there are 10+ new pages an hour, mostly repeating the same three questions, and you know what those are. If I haven't checked in a couple of days that could be HUNDREDS of posts! I am actually someone who reads as much as I can before I install anything, even a small update. Would be nice to have one post answering all the questions I would have. Repetitive questions lead to FIVE repetitive answers of "search before you post" followed by "I did" and a two page conversation about searching. Ugh!
Of course, there is also the problem of someone who is not fully adept at doing somethin like this and bricking peoples phones without recourse. For sure, it would be tough to identify a qualified person to do this but it could be possible. Now, unfortunately you would also be opening yourself up to a stranger accessing all your files and information that are on your phone. I'm not a developer by any means but I'm sure there could be an app and program created that would allow you access but block any files containing personal information.
Overall I think there would be some definite postives to something like this, as well as negatives that I'm not thinking about. Would love to hear your opinion.
Oh, and if anyone tries to steal my idea and profit by it I'm reserving all rights to the concept right now!
Someone did it
Halfcab123.com
VNC/RDP and do everything from a command prompt.
tony yayo said:
I wonder if anyone knows if it is possible to root and install a ROM for someone using remote access of some sort. At least maybe be able to explore the file directory or flash something even on an already rooted phone. I could see why Google may have built in something that would block this from being possible though. The only reason I ask is because there are so many times I try to help a friend on FB or twitter who is having a problem with their phone and I would LOVE to be able to help them! Most of them are somewhat technological idiots and I don't want to lose them to the dark side! We all know every brand and model of phone has it's different quirks and problems and issues Most can be easily solved with a little searching here on XDA. I'd love to be able to help a friend install an OS update or a custom ROM so they can enjoy their phone to it's fullest potential the way it's meant to be enjoyed and they won't get that phone The Borg use( I'm sure most of you will get the Star Trek reference)!
Obviously, the potential would be there for people to make money rooting people's phones remotely. I'm sure there are some people that wouldn't be happy about someone making money off an otherwise mostly free Development community and I understand that completely. I do think it would be a great way for a developer to raise money to continue their efforts and possibly bring in enough to quit their other job to devote themselves full-time or at least add a little to their income. My thoughts on that would be this: For one, at least it would be someone with a hands-on knowledge of the particular phone and various ROMS for that phone. People such as Mike's Recognized Users of his ARHD ROM would be perfect candidates for something like this. It would certainly also cut down on the overly repeated questions we all have to deal with in EVERY forum on this site. When Mike puts out a new rom there are 10+ new pages an hour, mostly repeating the same three questions, and you know what those are. If I haven't checked in a couple of days that could be HUNDREDS of posts! I am actually someone who reads as much as I can before I install anything, even a small update. Would be nice to have one post answering all the questions I would have. Repetitive questions lead to FIVE repetitive answers of "search before you post" followed by "I did" and a two page conversation about searching. Ugh!
Of course, there is also the problem of someone who is not fully adept at doing somethin like this and bricking peoples phones without recourse. For sure, it would be tough to identify a qualified person to do this but it could be possible. Now, unfortunately you would also be opening yourself up to a stranger accessing all your files and information that are on your phone. I'm not a developer by any means but I'm sure there could be an app and program created that would allow you access but block any files containing personal information.
Overall I think there would be some definite postives to something like this, as well as negatives that I'm not thinking about. Would love to hear your opinion.
Oh, and if anyone tries to steal my idea and profit by it I'm reserving all rights to the concept right now!
Click to expand...
Click to collapse
Lol been done already
GNeX
AOKP
FRANCOS LATEST KERNEL
& WHATEVER [MOD AT THE TIME]
Hey all. Currently, evilpotatoman has gotten us closer than ever to achieving root with our phones. He's out of commission at this time until his device back comes in, which could take 2 weeks or more. He has extended the torch to any dev who might be interested in taking a crack at it with his notes (included below). Reference the bounty thread here for details about the bootloader/root bounty information.
!!!!PLEASE DO NOT POST YOUR BOUNTY AMOUNTS HERE!!!! DO IT IN RAYLON00'S THREAD FOR CONTINUITY: http://forum.xda-developers.com/showthread.php?t=3339857
evilpotatoman said:
Here's where it's at, but first a few notes and thoughts;
A) Even after upsetting dm-verity, the system remained somewhat stable*
*The only issues I see are the system:custom message, an unlocked boot logo, and that the stock installer refuses to install anything but FOTAs or a sec_csc.zip flashed on the CACHE partition. If cleared, the system boots up normally
B) It's extremely difficult to reverse dev this device - Every piece of secure-trust-knox-DRK-verity-crapola increases the chance of a misstep and ending up with a really nice IOT brick. Because of all this security, looking for buffer overflows and random execs would take ages. I focused on stupid programming mistakes, sifting through log files, much like I did when developing the original Note 3 recovery method.
C) The HOME_CSC partition file that seems to fail typical odin flashes -- It sets something permanent, like kind of hard-coding the verity keys. During my testing, I flashed one only to later realize that my CSC was then hard-coded to Chinese branding. Before that flash, I could mess around with the branding at will (and subsequently write to the system partition). It was only after I flashed that CSC_HOME that dm-verity actually failed. In short -- I had root BEFORE download mode labeled my system as custom. I flashed HOME_CSC, dm-verity then failed when I changed the CSC following the hard-code.
I have yet to fully re-create my EFS partition, and sent it to someone who wears darker hats than I for a fix. Because I won't have the phone for a while (at least 2 weeks), I've decided to give a brain dump in hopes that someone can pick up where I left off.
PM me for additional details, but the following should get better devs searching for a more stable method.
sec_csc.zips (found in cache.img.ext4) can be used to modify the system partition, and the partition itself isn't signed. Those zips also set the region.
*A particularly interesting csc zip exists for the G9300's CSC file.....
Odin happily flashes specific "partitions" individually, so piece-meal it out.
nand partitions can be written to while still failing in odin (but system.img is signed in 2 places, so fyi)
The exploit leverages those download-mode/recovery, plus the stupid programming error found below:
on the stock firmware, there's a boot script that calls a missing binary, which is a perfect -in- for the su daemon.
Click to expand...
Click to collapse
You can PM evilpotatoman here: http://forum.xda-developers.com/member.php?u=2322344
Very cool! This looks promising
Sent from my SM-G935P using Tapatalk
maybe @jcadduono can do something here?
Holy ****! This is big news!
seanvree said:
maybe @jcadduono can do something here?
Click to expand...
Click to collapse
He does not have a s7, so I doubt he can help much
Maybe jcase can work on boot loader and root
Sent from my Nexus 6 using Tapatalk
@jcase and @beaups come to mind.
I'd love to see this take off. To that effect, may I suggest contacting the dev you're wondering about and asking (POLITELY) if they intend to or are willing to contribute to this project?
Additionally, since we have nearly $2000 pledged for a root method, we can set up a fund to get the devices in the hands of the devs willing to work on the issue that may not have a device, starting with @evilpotatoman if he needs it. This might also give people who were apprehensive about contributing to the bounty another option to support this endeavor, and gives the rest of us a way to actively contribute instead of saying "here's your prize if you win."
Someone could even act as a third party to set up the fund (be it gofundme or something else, I need to research options). We may not all know how to fight on the front lines, but there are definitely ways the rest of us peons can actively support the effort instead of being passive and hoping it eventually happens because someone else did it.
Thoughts, suggestions, questions?
@jcase hacked the unhackable black phone.... I ask him on Twitter but he didn't say if he would have time to do it or not...
Sent from my Nexus 6 using Tapatalk
Tagging him won't help. I don't think he likes to tagged often. I'm talking about jcase. If he wants to he will. Since evilpotatoman has opened up this whole new scenario. I hope all the devs see it and try to put on their magic. But yes. I have my bet on jcase. Have seen his work from a while back. A mastermind I must admit.
Sent from my SM-G935T using XDA-Developers mobile app
Mew351 said:
Holy ****! This is big news!
Click to expand...
Click to collapse
No it isnt, this is exactly zero news.
That entire post is wrong, it is full of basic factual errors that make question if its a troll, or a misunderstanding of how these things work.
I may nitpick it when I get home if anyone disagrees with my evaluation of it, but a simple view:
a) messing with dm-verity wouldnt cause system stability issues at all, either it would boot or not.
b) reverse engineering this device is no harder than previous ones, there is no insane obfuscation or anything (just some simple obfuscation). Standard toolsets would work ehre.
c) The "custom" symbol is just a sign of tampering, in fact I could make a standard app to cause it. It wouldn't stop or remove root from a system.
The whole post in general is gibberish.
Dont start funds for developers who need phones, too many times it comes out bad.
We allow bounties, but funds need to be pledged not held by a single person, and they should not be paid out unless the project is completed, and posted (and is of primarily original work).
psych0r3bel said:
I'd love to see this take off. To that effect, may I suggest contacting the dev you're wondering about and asking (POLITELY) if they intend to or are willing to contribute to this project?
Additionally, since we have nearly $2000 pledged for a root method, we can set up a fund to get the devices in the hands of the devs willing to work on the issue that may not have a device, starting with @evilpotatoman if he needs it. This might also give people who were apprehensive about contributing to the bounty another option to support this endeavor, and gives the rest of us a way to actively contribute instead of saying "here's your prize if you win."
Someone could even act as a third party to set up the fund (be it gofundme or something else, I need to research options). We may not all know how to fight on the front lines, but there are definitely ways the rest of us peons can actively support the effort instead of being passive and hoping it eventually happens because someone else did it.
Thoughts, suggestions, questions?
Click to expand...
Click to collapse
jcase said:
Dont start funds for developers who need phones, too many times it comes out bad.
We allow bounties, but funds need to be pledged not held by a single person, and they should not be paid out unless the project is completed, and posted (and is of primarily original work).
Click to expand...
Click to collapse
Fair enough. I probably should have checked to see if there was any rule against this. Regardless, from a common sense standpoint you make...well, sense. Wrote myself into a corner there. >.>
As for the entire OP being gibberish...you're essentially saying we're back at square one, or is he at least barking up the right tree, in your opinion? As you can tell, I'm a little overzealous when it comes to this phone getting root lol.
jcase said:
No it isnt, this is exactly zero news.
That entire post is wrong, it is full of basic factual errors that make question if its a troll, or a misunderstanding of how these things work.
I may nitpick it when I get home if anyone disagrees with my evaluation of it, but a simple view:
a) messing with dm-verity wouldnt cause system stability issues at all, either it would boot or not.
b) reverse engineering this device is no harder than previous ones, there is no insane obfuscation or anything (just some simple obfuscation). Standard toolsets would work ehre.
c) The "custom" symbol is just a sign of tampering, in fact I could make a standard app to cause it. It wouldn't stop or remove root from a system.
The whole post in general is gibberish.
Click to expand...
Click to collapse
psych0r3bel said:
Fair enough. I probably should have checked to see if there was any rule against this. Regardless, from a common sense standpoint you make...well, sense. Wrote myself into a corner there. >.>
As for the entire OP being gibberish...you're essentially saying we're back at square one, or is he at least barking up the right tree, in your opinion? As you can tell, I'm a little overzealous when it comes to this phone getting root lol.
Click to expand...
Click to collapse
Well he did manage to get root so I don't know how it is all gibberish.
jakebake102 said:
Well he did manage to get root so I don't know how it is all gibberish.
Click to expand...
Click to collapse
I don't believe you or him on that. It is gibberish because its factually wrong, if it wasnt factually wrong I wouldnt have a reason to doubt someone in particular got root. When you make it apparent you are making stuff up or dont know what your talking about, it casts a major doubt.
Plus the proof shown, just showing that syscope got tripped, its not showing root, its not showing unlock, its literally showing nothing of any indication.
jakebake102 said:
Well he did manage to get root so I don't know how it is all gibberish.
Click to expand...
Click to collapse
It is possible to see and not understand. Often times an opinion held about the cause of a specific behavior in a complex system can be premature, and when new information comes to light suddenly all of the indicators that pointed to one cause suddenly mean something very different. The problem comes not with forming these theories about what causes a behavior, but in voicing that opinion before it is fully vetted out by your own tests.
In short, it is possible to be right about what you see, but wrong about what caused it.
jcase said:
I don't believe you or him on that. It is gibberish because its factually wrong, if it wasnt factually wrong I wouldnt have a reason to doubt someone in particular got root. When you make it apparent you are making stuff up or dont know what your talking about, it casts a major doubt.
Plus the proof shown, just showing that syscope got tripped, its not showing root, its not showing unlock, its literally showing nothing of any indication.
Click to expand...
Click to collapse
Ok well thanks for looking this over.
jakebake102 said:
Well he did manage to get root so I don't know how it is all gibberish.
Click to expand...
Click to collapse
Everyone beat me to it, but yeah. He said it, hasn't proven it. If he managed to get root, great. I gave him the benefit of the doubt, but now we have a known dev basically discrediting everything based upon his own expertise.
So from this point forward, the onus of proof is on the OP to prove he has/had root. Nothing a screenshot can't prove. It's entirely possible he did get root, but for a different reason than he stated, and posting his proof opens up the floor for a discussion on the exact process. The result doesn't produce the method, so maybe he stumbled upon root by chance in the midst of his work, which led him to think his method worked. Too many variables. That's why we discuss these things.
jcase said:
No it isnt, this is exactly zero news.
That entire post is wrong, it is full of basic factual errors that make question if its a troll, or a misunderstanding of how these things work.
I may nitpick it when I get home if anyone disagrees with my evaluation of it, but a simple view:
a) messing with dm-verity wouldnt cause system stability issues at all, either it would boot or not.
b) reverse engineering this device is no harder than previous ones, there is no insane obfuscation or anything (just some simple obfuscation). Standard toolsets would work ehre.
c) The "custom" symbol is just a sign of tampering, in fact I could make a standard app to cause it. It wouldn't stop or remove root from a system.
The whole post in general is gibberish.
Click to expand...
Click to collapse
Hey jcase (I know you from the old days on XDA, just a bit undercover now for XDA reasons.) Anyway, please don't let the excitement of some folks turn you off to this whole idea. These Qualcomm variants of the S7/Edge are majorly great devices, and root would be ****ing awesome for everyone, so people are gonna get worked up about it. You KNOW how XDA gets. If you believe that there might be a straightforward exploit available, similar to the CID directory exploit that was used in the VS5, please pass on any help you can. (Or even if it has nothing to do with that route.)
All I know is that if you, or bceups, or anyone could actually help make this happen (and this is definitely a "they say it'll never happen" moment, like the Evo3d or the VS5) then you'd be rockstars of the community, more than you are now, however much that means to you. (It means a lot to me, I promise you.) If you think there's hope, and you're willing to give it a shot, ****ing bad ass... If not, maybe PM evilpotatoman and give him a nudge in the direction you'd think would work best.
Either way, I, and I'm sure every GS7/EDGE customer in America who's into Android, definitely have your back.
Let us know your thoughts, and if there's actually a ray of hope.
That's all I got.
Peace, bro.
Edit: and, btw, there IS some big bounty or something to boot, lol.
..