Hi guys, today I read about the WifiHs20UtilityService path traversal bug in our S6.
WifiHs20UtilityService reads any files placed in /sdcard/Download/cred.zip,
and unzips this file into /data/bundle. Directory traversal in the path of the zipped contents allows an attacker to write a controlled file to an arbitrary path as the system user.
Do you think it could be possible to fix the Mobile Radio Active Bug with the Xposed Module mentioned here without root?
Maybe many other things will be possible which requires root access?!
What du you think?
Related
Hey people on the board!
I'm a relative newbie in this PDA-stuff so I have a question which perhaps (hopefully) is easy to answer. Problem:
I have an application which I run on my Qtek 1010. The application runs fine, but prior to using it, a significant amount of time must be spent on installing and configuring it. In case of battery-faliure, this needs to be done from scratch. I would therefore like the Qtek to execute a script-like file (autorun.exe) which performs this task, immediately after booting.. The file is present on a flash-card inserted in the slot. How do I do this? Where - on the card - do I place the file? In the root? And how do I detect it and run it automatically after a cold-boot?
Any help would be greatly appreciated! Thx!
/Joe72
Its quite simple
Hi there, your problem to fix is quite easy.
If you look in in your windows directory with the built-in explorer, you'll find a directory - either "startUp" or "Autostart" depends on the system language you are using. Here you put a link to the program you're having on card. With every cold- or warm boot it will be executed. :lol:
regards
cimber
On the memory card make a directory named 2577, I believe the pocket pc will look here for your autostart on boot, try it and see. You can try putting a cab file in there or your autostart config file. I am not an expert in this but thats how its done with ipaq navigation system which is an automatic routine using the 2577 directory and I have also seen other software using the same method.
the file should be called 'autorun.exe' in the '\storage card\2577\' directory.
when you insert the card, the autorun.exe will be copied to \windows, and executed with 'install' as parameter.
when you remove the card, it will get executed with 'uninstall' as parameter.
and then removed from \windows.
but this will not nescesarily happen at boot.
just figured out another thing: the number you put in the .lnk file in \windows\startup is completely ignored by windows.
also, if the executable is in \windows, you may omit the path,
you may also omit the extension if it is .exe.
if you specify commandline parameters, your application will get passed upto 255 characters starting from the first non-whitespace character after the executable name.and including any newlines that may be in the file.
Hi!
Thanks for the response. I'll give the methods a try during the day and get back.
Thanks so far - I appreciate it
/Joe72
Hi there (again)!
I have tried the different suggestions with no luck. Perhaps I should have been a bit more specific. What I actually need is to have the autorun.exe run (install) a number of cab-files also on the flash-card. I was - perhaps naively - thinking that there would be a generic tool out there to create this type of autorun.exe file? I am looking for something along the lines of what is being done here:
http://forum.xda-developers.com/viewtopic.php?t=508&highlight=autorun
Only, in the case above, the autorun.exe lauches a specific .cab-file which contains a ROM for the PDA.
Is there a "configurable" .cab-installing autorun.exe out there somewhere? Or should it be written from scratch every time for new purposes?
Hope I make myself clear
/Joe72
yes, it is in the extended rom, processing the config.txt file.
eeeh, but the location of the config.txt is taken from the registry, which is currently always set to \extended_rom\config.txt.
itsme said:
yes, it is in the extended rom, processing the config.txt file.
eeeh, but the location of the config.txt is taken from the registry, which is currently always set to \extended_rom\config.txt.
Click to expand...
Click to collapse
Could you explain that to me in more detail, please? As I mentioned, I am a relative newcomer in this Xda stuff Thanks..
/Joe72
what you are asking for is the autorun.exe found in the extended rom,
look for 'extended rom batch language' on the forum for details.
problem is that the autorun.exe from the extended rom uses the config.txt
pointed to by the "[HKEY_LOCAL_MACHINE\Comm] AutoRunCfg" registry value. which always is '\Extended_ROM\Config.txt"
what you could do, is change the 'autoruncfg' string in the autorun.exe binary in to something else. and then fill your own config.txt path in that registry value.
Thanks - that sounds like the way to do it. I guess I would copy the original config.txt, add my .cab-files, put it on the flash-card and then change the key in the registry to point to the card. Is that how it would go?
Now another stupid question: How do I access the registry? There is apparently no regedit.exe like on my desktop?
/Joe72
Joe72 said:
Thanks - that sounds like the way to do it. I guess I would copy the original config.txt, add my .cab-files, put it on the flash-card and then change the key in the registry to point to the card. Is that how it would go?
Now another stupid question: How do I access the registry? There is apparently no regedit.exe like on my desktop?
/Joe72
Click to expand...
Click to collapse
Managed to access the registry using Windows CE Remote Registry Editor. But whooops.. After a cold boot, the registry is reset to factory settings?! Hence my changes of the path to config.txt are also lost..? What to do?
/Joe72
Hi everyone,
I'm trying to run from an app a script that it's located in the Data/data/.... directory and i'm having problems setting the exec. attribute for that file. Is there any trick in the implementation of the permission method??? or is there anything special at the moment of creating such file.
Thanks
You're going to have to be a bit more specific. I have no idea where to start.
Examine the method prepareSu() from Superuser's UI:
http://code.google.com/p/superuser/...koushikdutta/superuser/SuperuserActivity.java
I have a script that i need to run from an application but the file doesn't have the executable attribute, and the java method to change those atributtes doesn't work, i hope that makes a little more clear my problem...
I am newbie in Windows Phone 7 development.
I am trying to unzip a file that was downloaded to isolatedstorage in WP7.
I have tried with ShapZipLib but with no success. Does anyone have an example on how to do this in WP7?
Thanks a lot !
seems like there is no way to unzip a file in isolated storage ,but you can browse a zip file via IE........ if that zip file is on the internet
坏天使 said:
I have tried with ShapZipLib but with no success. Does anyone have an example on how to do this in WP7?
Click to expand...
Click to collapse
Use DotNetZip library, it has a SL implementation (works fine on WP7 but requires some minor tweaking).
By the way, if you have problems with SharpZipLib (also works fine on WP7 but also requires some tweaking/reassembling), I'll recommend you to learn more about WP7/Silverlight programming first. Sorry I have no time to teach you how to write programs on WP7...
WP7 actually has a Silverlight API to extract specific files from a ZIP archive directly. This is technically an undocumented use of this API, but it does work:
Uri filename, zipname;
filename = new Uri("<FILE_TO_UNZIP_FROM_ARCHIVE>", UriKind.Relative);
zipname = new Uri(@"\Applications\Data\<APP_GUID_HERE>\Data\IsolatedStore\<ZIP_ARCHIVE_NAME.ZIP>", UriKind.Relative);
Stream filestream = Application.GetResourceStream(Application.GetResourceStream(zipname), filename).Stream;
Then, you can use standard Stream functions to read the file from within the ZIP, including write it to an IsolatedStore file.
The only undocumented part of this is that you actually can pass fully-qualified paths to the Uri constructor and then open them using GetResourceStream... just so long as the Uri is constructed as Relative (even though it's not) and the file is one that the app has permissions to read (which typically means its Install directory, its data directory, and the Windows directory). The use of nested Application.GetResourceStream to read inside a ZIP file is actually documented.
Do there exist any means to monitor file changes and process access to file in android?
May be something like auditctl in linux.
Thanks
Anything?
I was looking for a similar topic but I did not find one. Refers to problems with running applications added to "system.img".
I bought UMIDIG S for my father-in-law. It is based on a mediatec chipset. Unfortunately, soft is tragic, and there is no full translation, so I decided to bury it a bit in "system.img".
I can easily install the file in Linux and make changes in it. I can delete applications, I can make changes in configuration files and "buikd.prop".
Unfortunately, all APK files were uploaded to "system.img" even though I set permissions 755 for directories, and 644 for directories. Although the files are root: root, after uploading such "system.img" none of these applications works for the phone. The system sees them and tries to load. Unfortunately, applications hang because of errors. The system informs that the application hangs, and does not load its window. The icons of these applications and the names do not appear either (applications have green robocik as icon, and domain name, e.g. com.android.clock ....)
I am asking for advice. How to add APK files to the unzipped "system.img" so that after packing and uploading to the phone there were no errors ???
Do you have found how add app in system.img?
It's all around, but you can replace apps with others. In the linux system, unpack the img, and mount them. Then you can freely rename files as well as move files within the .img mount point
I chose the applications or other files I did not need, and moved them to the directories (which I named my applications). If the application needed libraries, you also had to get files in a similar way, and place them in arm or arm64 directories.
Then prepared files "stuffed" with data, using the command DD. That is, dd if = (source file) of = (the recipient file at the system.img mount point).
Thanks for reply, so this only on Linux? For Windows there is something?
Markosv76 said:
Thanks for reply, so this only on Linux? For Windows there is something?
Click to expand...
Click to collapse
I do not know, I do not use Windows. Certainly you can in a similar way from BSD systems, probably from Android and MacOS. I read something that Microsoft can somehow support linux shell, but I do not know the details. You can always use some distribution that works with a pendrive.
Thanks, I will try again
Markosv76 said:
Thanks, I will try again
Click to expand...
Click to collapse
You can use Virtual Box to run a Linux distro inside Windows or you can try using Cygwin.
Sent from my LGL84VL using Tapatalk
jaroslawstrauchmann said:
I was looking for a similar topic but I did not find one. Refers to problems with running applications added to "system.img".
I bought UMIDIG S for my father-in-law. It is based on a mediatec chipset. Unfortunately, soft is tragic, and there is no full translation, so I decided to bury it a bit in "system.img".
I can easily install the file in Linux and make changes in it. I can delete applications, I can make changes in configuration files and "buikd.prop".
Unfortunately, all APK files were uploaded to "system.img" even though I set permissions 755 for directories, and 644 for directories. Although the files are root: root, after uploading such "system.img" none of these applications works for the phone. The system sees them and tries to load. Unfortunately, applications hang because of errors. The system informs that the application hangs, and does not load its window. The icons of these applications and the names do not appear either (applications have green robocik as icon, and domain name, e.g. com.android.clock ....)
I am asking for advice. How to add APK files to the unzipped "system.img" so that after packing and uploading to the phone there were no errors ???
Click to expand...
Click to collapse
did you find a solution to this? please reply if yes, I am having the same problem