Related
I just got my OTA update w/new radio and software #
also, the PRL updated to 60667....
dsarch21 said:
I just got my OTA update w/new radio and software #
also, the PRL updated to 60667....
Click to expand...
Click to collapse
can you post all the info from about phone software versions?
pri?
baseband: 2.05.00.06.10
software 1.47.651.1
prl 60067
pri 1.34_003
my Wifi signal seems much stronger...not sure of any other changes.
some widgets needed to be reloaded, but all is well now.
So they didn't do anything worthwhile like lift fps cap?
Did it break root?
hopefully this does not break root.
Ill be the test dummy....backing everything up now. will let you guys know how it works out in about 15 minutes
don't know if it broke root or not, i went back to stock a week ago
It breaks unrevoked. I haven't tested for frame rate, but it does get rid of that "grounding" issue. Also system is much more responsive. before when I tried to add a widget it took a good 5-10 seconds for it to appear on screen, now it's instantaneous. Also opening up manage applications is a good 30 seconds faster than it was for me before and it can scroll through the list much faster. Downloading fps2d now. Multitouch visualizer 2 still shows a bit of a lag, so I can't notice much of a difference there than from before.
Edit: Yes 30fps cap still there.
there is a recovery.img included in the firmware.zip within the package that will likely overwrite any custom recovery you've installed already.
I'd be interested in if this breaks nand rooting given that there is a raido update included as well. Anyone given this a look yet?
frankenstein\ said:
there is a recovery.img included in the firmware.zip within the package that will likely overwrite any custom recovery you've installed already.
I'd be interested in if this breaks nand rooting given that there is a raido update included as well. Anyone given this a look yet?
Click to expand...
Click to collapse
md5sums are different on 3 files - http://forum.xda-developers.com/showpost.php?p=6981144&postcount=27
RADIO:
the radio is updated through a radio.diff.
SYSTEM:
no system/app files are changed - my initial glance was wrong, there is a LOT going on here ...
updated files:
wifi module - BCM4329B1_002.002.023.0396.0402.hcd
android.hardware.camera.flash-autofocus.xml
android.hardware.telephony.cdma.xml
ton of framework files
libCamera_donut.so
libCamera_eclair.so
joeykrim said:
md5sums are different on 3 files - http://forum.xda-developers.com/showpost.php?p=6981144&postcount=27
RADIO:
the radio is updated through a radio.diff.
SYSTEM:
no system/app files are changed
updated files:
wifi module - BCM4329B1_002.002.023.0396.0402.hcd
android.hardware.camera.flash-autofocus.xml
android.hardware.telephony.cdma.xml
ton of framework files
libCamera_donut.so
libCamera_eclair.so
Click to expand...
Click to collapse
So does running the update break Toast's root? I have been holding off on getting the update.
Don't ever push an OTA update from Sprint if you want to keep root. There's a chance it's going to break it everytime.
Let the XDA mages cast improved .zip on the update so you can flash it from recovery.
Or wait until one of the ROM devs integrates the fixes into their ROMs and flash those. I know TrevE is already putting them into DamageControl.
well my first post. All other post have been helpful. For the update it does give much better connection on 4g. Was able to download rate near 5Mb. Prev. I was able to download around 3.2 - 3.5
warnotes said:
well my first post. All other post have been helpful. For the update it does give much better connection on 4g. Was able to download rate near 5Mb. Prev. I was able to download around 3.2 - 3.5
Click to expand...
Click to collapse
Does it do anything for 3G?
So.....is anyone going to drop the radio .zip?
Sounds like some good stuff.
Cant wait for the Devs to start integrating these improvements into their ROMS!
Sorry i dont have any info on 3g before so i dont know but due to weather now could not trust current result but i get less on download then upload. Both less then half .
3G is the same crap it was before the update... not worth the flash.
well you will lose recovery. im about to finish the update.zip for everything except radio. i recommend you wait for me or someone to put out an update.zip before flashing.
Calkulin already released an update for everything except the radio.
Guys, I need some advice.
If I'm rooted and I solely depend on Xposed for tweaks (that means I don't modify system files), will my moto g be fit for OTA updates? like I read here somewhere that if you're rooted and no system files were tweaked, OTA updates won't be a problem.
Thank you so much. New XT1033 Moto G owner here running Stock 4.4.2 rom. Still on the fence when it comes to rooting tbh. Also, I haven't been able to find changelogs for the 4.4.4 update. Thank you!
@OldYellowBricks
The short answer
If you have stock recovery and have not modified any system files, you will be able to OTA without a problem. Did it myself from 4.4.2 to 4.4.3.
The long answer
Here is how updating works:
The updater has a list of files that are going to be modified by the update. It first calculates the checksum of every file that is going to be modified and compares it to the cheksum it has on a list. If there is a checksum mismatch, the update process is aborted. If all the checksums agree, the updater starts patching the files.
Now, since the updater doesn´t expect you to have xposed and supersu on your system partition, it doesn´t look for them and it does not care about them - it just patches the files on the list. That´s all.
knizmi said:
@OldYellowBricks
The short answer
If you have stock recovery and have not modified any system files, you will be able to OTA without a problem. Did it myself from 4.4.2 to 4.4.3.
The long answer
Here is how updating works:
The updater has a list of files that are going to be modified by the update. It first calculates the checksum of every file that is going to be modified and compares it to the cheksum it has on a list. If there is a checksum mismatch, the update process is aborted. If all the checksums agree, the updater starts patching the files.
Now, since the updater doesn´t expect you to have xposed and supersu on your system partition, it doesn´t look for them and it does not care about them - it just patches the files on the list. That´s all.
Click to expand...
Click to collapse
Okay now I get! Thank you so much. I would like to keep to stock ROM andbrun some xposed modules for stability and to be honest, I'm pretty reluctantbto flash ROMs on this dual sim phone cause support is pretty wonky from what I've read (no disrespect to the developers!)
Android bug: MMS attack affects 'one billion' phones - http://www.bbc.co.uk/news/technology-33689399
Can the patch be manually downloaded from somewhere and manually installed in rooted phones? Where?
Prefer to not go the OTA route because I am rooted and use xposed framework.
Is the patch issued out and available by Google yet?
Running Cataclysm, but don't see an update for it yet for the MMS bug.
Patched stagefright libraries for AOSP 5.1.1
For those who are interested: I patched AOSP 5.1.1 (LMY48B) with the code changes that were submitted to CM by the researcher who detected the flaw, see e.g. here. The attached archive contains the 17 (!) modified libraries. I just pushed the files to my device running stock 5.1.1 and it boots fine. I do not not have any information on whether the patch actually does what it is supposed to do or whether the new libs result in breakage somewhere else.
Update: added three additional patches to libstagefright submitted to CM by the same security researcher (jduck) as detailed here.
Update (August 14): added latest stagefright vulnerability patch as described here
From what I have read this should not really affect our devices. It is more older devices that have issues.
wangdaning said:
From what I have read this should not really affect our devices. It is more older devices that have issues.
Click to expand...
Click to collapse
Well, from what I've read/seen it appears that the Nexus 5 on 5.1.1 is fully exploitable. However, sandboxing and "address space layout randomization" make it a lot more difficult to actually achieve anything with the exploit, but the probability is not zero. We will probably know more after the hacker conference next week.
Note that I have updated the patched libraries that I attached to my previous post. In the update I added three additional patches to libstagefright that have been submitted to CM by the security researcher who has found the exploit back in April, see here
chdloc said:
For those who are interested: I patched AOSP 5.1.1 (LMY48B) with the code changes that were submitted to CM by the researcher who detected the flaw, see e.g. here. The attached archive contains the 17 (!) modified libraries. I just pushed the files to my device running stock 5.1.1 and it boots fine. I do not not have any information on whether the patch actually does what it is supposed to do or whether the new libs result in breakage somewhere else.
Edit: added three additional patches to libstagefright submitted to CM by the same security researcher (jduck) as detailed here.
Click to expand...
Click to collapse
Added the patched libs and my phone didn't blow up so that's a good sign. Too bad there isn't a good way to test it.
chdloc said:
Well, from what I've read/seen it appears that the Nexus 5 on 5.1.1 is fully exploitable. However, sandboxing and "address space layout randomization" make it a lot more difficult to actually achieve anything with the exploit, but the probability is not zero. here
Click to expand...
Click to collapse
Is the rooted nexus 5 on 4.4.4 (with xposed) any safer?
How to sandbox? Is there an app for that?
Thanks.
Anderson2 said:
Is the rooted nexus 5 on 4.4.4 (with xposed) any safer?
Click to expand...
Click to collapse
A rooted device is less secure than a non-rooted device. A device with Xposed is theoretically less secure than that.
Anderson2 said:
How to sandbox? Is there an app for that?
Click to expand...
Click to collapse
Application sandboxing is done by default in Android.
chdloc said:
For those who are interested: I patched AOSP 5.1.1 (LMY48B) with the code changes that were submitted to CM by the researcher who detected the flaw, see e.g. here. The attached archive contains the 17 (!) modified libraries. I just pushed the files to my device running stock 5.1.1 and it boots fine. I do not not have any information on whether the patch actually does what it is supposed to do or whether the new libs result in breakage somewhere else.
Update: added three additional patches to libstagefright submitted to CM by the same security researcher (jduck) as detailed here.
Click to expand...
Click to collapse
Just an fyi; if you're waiting for your rom to be updated, swapping in these patched libs will close the hole (at least according to zImperium's Stagefright check app).
FYI, added latest stagefright vulnerability patch as described here to post #3.
As before, you need to push the libraries manually to /system/lib/, followed by an adjustment of permissions (644), if required.
The latest Zimperium Stagefright Detector app, updated today, returns "not vulnerable" to the (as of today) seven known security vulnerabilities of stagefright.
chdloc said:
FYI, added latest stagefright vulnerability patch as described here to post #3.
As before, you need to push the libraries manually to /system/lib/, followed by an adjustment of permissions (644), if required.
The latest Zimperium Stagefright Detector app, updated today, returns "not vulnerable" to the (as of today) seven known security vulnerabilities of stagefright.
Click to expand...
Click to collapse
Works like a charm... until the next hole is discovered.
chdloc said:
I just pushed the files to my device running stock 5.1.1 and it boots fine. I do not not have any information on whether the patch actually does what it is supposed to do or whether the new libs result in breakage somewhere else.
Click to expand...
Click to collapse
Thanks so much for doing this! I've unzipped these to Dirty Unicorns OFFICIAL-v9.5 (5.1.1) and things appear to be booting/running OK. Zimperium detector also says everything is now good.
I am on rooted nexus 5, version 5.1.1
By manually pushing it do you mean through custom recovery or for example by using flashify app to flash the file, or directly copy pasting it?
And by adjusting permission if required, can you explain how that is done?
Thank you
+1
Are they the same patches for 4.4.4?
persianrisk said:
I am on rooted nexus 5, version 5.1.1
By manually pushing it do you mean through custom recovery or for example by using flashify app to flash the file, or directly copy pasting it?
And by adjusting permission if required, can you explain how that is done?
Thank you
Click to expand...
Click to collapse
To be safe, backup your device before proceeding.
By "pushing files to phone" I mean unpack the archive attached to the third post in this thread and manually copy the resulting files to your device by either using
adb push [...]
or (assuming you use Windows on your host machine)
Explorer
to copy all files to the "sdcard" on your phone.
Then use a file explorer on your phone, such as Root Explorer, to copy the files into place, i.e. /system/lib/
To adjust permissions, again, use the file explorer on your device to verify the "permissions" property of each of the new files. If you don't see rw-r--r, or 644, adjust the permissions appropriately.
Anderson2 said:
+1
Are they the same patches for 4.4.4?
Click to expand...
Click to collapse
No, the patched files posted in the third post of this thread were built on Android (AOSP) 5.1.1. They will not work on KitKat.
Are there similar patched files for 4.4.4?
Anderson2 said:
Are there similar patched files for 4.4.4?
Click to expand...
Click to collapse
Unless patches are forthcoming from Google, I don't think there will be. KK development is essentially dead.
Thank you very much. I followed your steps (used Root Explorer as ES File Manager did not work).
When I run Stage fright detector App by Zimperium INC. and the one by Michael Kohl it says that I am not vulnerable.
But, when I run the one by LookOut Security says I am vulnerable. Any thoughts?
OK, I guess I will move to 5.1.1. May sound easy to pros like you but it's a scary step to users like me. ?
Hello,
Today I have found myself the victim of Stagefright. Specifically CVE-2015-6602. The attacker gained remote code execution and attempted to copy all my data to a server. Luckily nothing sensitive was on the phone since it was my test unit. Still, this is important to note that attackers are still looking at exploiting older phones.
The phone in question was on android 5.0 : OptimalROM 15-5, with PB1 firmware. I had applied all the available security zips, still leaving two stagefright vulnerabilities:
CVE-2015-3864 (Mediaserver)
CVE-2015-6602 (libutils)
Please be aware if you are on a locked bootloader and choose to stay on older ROMs to keep root you are putting yourself at risk.
To see if you could have suffered the same fate as me if you were the attacker's target, use Zimperium's SF detector.
https://play.google.com/store/apps/details?id=com.zimperium.stagefrightdetector
This thread aims to provide flashable zips or manual instructions to patch any additional vulnerabilities existing in 5.0 that have been fixed in newer versions or 6.0.
--
First success! 1/2/2017
Implementation to patch ALL stagefright vulns on ALL 5.0 ROMs that have vulnerabilities!
see thread:
https://forum.xda-developers.com/ve...om-patch-optimalrom-15-5-stagefright-t3530922
Resources:
https://groups.google.com/forum/#!topic/android-security-updates/iv1BF0f0XY4
^ Main information, gives us the two commits:
Commit (Vuln patch)
https://android.googlesource.com/platform/system/core/+/5b85b1d40d619c2064d321364f212ebfeb6ba185
Commit (Compile error after, fixed on this commit)
https://android.googlesource.com/platform/system/core/+/e0dce90b0de2b2b7c2baae8035f810a55526effb
This tells is the vulnerability in libutils is specifically String8.cpp
/system/lib/libutils.so is the binary file that needs to be updated.
With this info, we can compile ourselves from the latest android, but the question is what will happen on replace? Will the system reject signature?
https://android.googlesource.com/platform/system/core/+/e0dce90b0de2b2b7c2baae8035f810a55526effb
^ Compiling a new libutils.so from the above commit.
I am not vulerable. 5.0 rooted.
gayflag said:
I am not vulerable. 5.0 rooted.
Click to expand...
Click to collapse
Interesting. What ROM are you on and what firmware?
Is the ROM based on that firmware?
Edit:
Thank you for this valuable information.
Stock PB1 ROMs are not vulnerable to stagefright.
This will make things easier for ROMs based on pre-PB1!
It is because of your post that I easily found a way to patch stagefright on OG5 and below based ROMs!
https://forum.xda-developers.com/ve...om-patch-optimalrom-15-5-stagefright-t3530922
Note: None of these files have been tested mainly because I want to keep root on my device. If someone (preferably a recognized developer) can confirm that you can still root the device on this update, I will edit the thread to appear safe to novice/semi-inexperienced users. Because I haven't tested these files, I'm gonna assume its a January security patch.
Here I have pulled the latest FOTA update for the SM-T337A. I know right, I thought this device would never get another update, but it did! Down below I have uploaded the original, untouched .CFG update file and my own compiled .ZIP update file. Not that any of them are different, but if one fails to flash, there's the other file to try.
New PDA Version: T337AUCU2BOH5
New CSC Version: T337AATT2BOH5
Bootloader Version: Bootloader V2 (So you can downgrade back to the BOH4 firmware)
Please feel free to ask any questions or report any problems down below.
EDIT: I will begin creating Odin packages for this update and release them in place of the zip files if/when they are completed.
--Download Links--
Original .CFG File: https://mega.nz/#!r940XJLB!OUne16ltPYkOqfNBbzA5W08f8LwvYT_os--agbGzFq4
Compiled .ZIP File: https://mega.nz/#!fkoW0JKB!aR2uZYlthtmW7Us0uBmP6-BZrmhKiJrRaVrbdkq-bx8
Cheers!
Thank you very much as always @KingOfTheNet , is there any chance you can make an Odin firmware file too, or would that require you taking the update (which I understand very much why you wouldn't want to, without knowing for sure)?
Also I shall mirror the update.zip file on AFH if you'd like (it doesn't accept cfg files)
thisisapoorusernamechoice said:
Thank you very much as always @KingOfTheNet , is there any chance you can make an Odin firmware file too, or would that require you taking the update (which I understand very much why you wouldn't want to, without knowing for sure)?
Also I shall mirror the update.zip file on AFH if you'd like (it doesn't accept cfg files)
Click to expand...
Click to collapse
I'm 99% sure it's just a January security patch, so I'm not sure if it would be worth making an Odin file for it. If AT&T where to release a Marshmallow or Nougat update (which we all know isn't gonna happen) then I would make one for that. Making the Odin file for the Lollipop firmware took me like 4 months
Also feel free to mirror the file(s) to AFH, please be sure to credit me though, assuming they flash without issues. I didn't test it on mine because I want to keep root until I can verify that it can still be achieved on this new update. I'm just surprised AT&T is still updating this thing.
Cheers!
Do you have patch notes, what was fixed?
Thanks.
KGB7 said:
Do you have patch notes, what was fixed?
Thanks.
Click to expand...
Click to collapse
I would imagine AT&T or Samsung would release them somewhere on their website. In my opinion, security updates are made to keep your device guarded against new root methods and viruses, which is exactly why I didn't flash the update myself, to keep root.