Related
Dear XDA users,
I am looking to find a really secure rom. I dont want to run OEM corrupted roms which do gods knows what. I have googled for a good bit and I have found some areas which are interesting from a security perspective. However, there does not seem to be a holy grail when it comes to a secure rom at the moment. Paranoid Rom sounded oh so promising but has no additional security related features. Cyanogenmod is a nice custom rom with root disabled by default, which is a great improvement and makes it interesting as a secured non-OEM rom. You also have the NSA developed SE Android rom which you need to compile yourself but comes with a great list of additional features.
Can anyone recommend me a rom which is build to be secure?
Also lets have a discussion on features which you would like to have in a secure rom:
Hidden-TrueCrypt partition on SD card.
Fully encrypted memory
Password protected recovery
Tor network enabler with apps for the various anon services on onion networks (such as torchat, onionmail, etc.)
Location scrambler
Strict firewall with easy enable/disable mode
Remote lock-down
First question. Why?! Are you a spy or something?! There's nothing wrong with standard ROMs. There are antitheft apps available that can remote wipe the entire device including SD card if its ever lost or stolen. I can't think of any reason why you need that level of security on your device.
I believe a truecrypt partition can be mounted on the SDcard. As far as hiding it goes, I'm not sure.
As far as password protecting recovery, there's no tweak/hack for it. I understand the security concern with someone meddling with your phone and flashing a rom but it's called 'recovery' for a reason.
I believe tor is available for Android.
You can spoof your location with several apps. Wouldn't hurt to google it.
Cerberus can remotely lock-down your phone, retrieve contacts/call logs from a sim, etc...
Try compiling your own rom and cater it to your needs.
Whoa, why would you need that much security? I do suggest creation of your own Rom as mentioned this way all you're security needs can be met.
Sent from my Sensation Z710e using xda premium
privacy
Thanks for all the replies. I am not a spy rather i just want to be secure. I just don't like the idea of my information being used for reasons i do not choice it to be used for. I don't want my carrier to see which websites i visit on my phone, which locations i visit, which people i contact. I just want my carrier to provide me access to the net and ensure that i am available for calls.
Currently i run ARHD with the following options/apps:
sim card password protected (3 login chances)
memory and SD card password protected (8 login chances)
TOR network connection
Orweb
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
My name is Bond. James Bond.
To answer your question no you cannot have that kinda ROM here. Root disabled?? pretty much every ROM here has it enabled. GPS can be disabled with one click. I'd suggest SIM lock through phones security settings, face lock for apps pro from the market and a nice cold beer to make you less paranoid. No offence but not even presidents want that much security.. Its a phone..
hjfkuiper said:
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
Click to expand...
Click to collapse
Your network provider is never going to know you use recovery or that you can gain access to your system partitions. They're not going to know you use root apps or that you have root access either. firewall you can obtain via the avast antivirus app in the market.
And I don't think you'll ever be able to cover your tracks when it comes to hiding who you call and text. The network company holds records of all calls and texts for billing purposes and only relase these in case of police investigations, with your permission. You can turn off your GPS, but you can still be located using the cell towers, which you need for reception, so you can't hide yourself completely. If you want internet access with out this just use wifi with a vpn or other such ip hider/rerouter and remove the sim card all together.
There is genuinely no need for this level of security on your phone. Like I said in my last post, if your phone is lost or stolen, you can always remote wipe your device so no one will know what you had on it, it'll just be a shiny brick.
hjfkuiper said:
Thanks for all the replies. I am not a spy rather i just want to be secure. I just don't like the idea of my information being used for reasons i do not choice it to be used for. I don't want my carrier to see which websites i visit on my phone, which locations i visit, which people i contact. I just want my carrier to provide me access to the net and ensure that i am available for calls.
Currently i run ARHD with the following options/apps:
sim card password protected (3 login chances)
memory and SD card password protected (8 login chances)
TOR network connection
Orweb
I would like to have a password protected recovery, truecrypt based security (with hidden partition if possible), root disabled, firewall, full GPS enable disable, spoofing options, and more cool stuff. I don't think i would like to compile my own roms. If someone wants to jump on this and help me create a hardened android ROM it would be awesome.
Click to expand...
Click to collapse
what you seem to be talking about is Carrier IQ? that was disabled last year in an earlyish htc sense RUU leak and has not appeared since.
Sent from my YP-G50 using xda premium
Jonny said:
what you seem to be talking about is Carrier IQ? that was disabled last year in an earlyish htc sense RUU leak and has not appeared since.
Sent from my YP-G50 using xda premium
Click to expand...
Click to collapse
And Carrier IQ is not in any custom roms, and even if it was it can be easily deleted.
Cyanogen most certainly does NOT have root access disabled by default. Half the features on it wouldnt work without root access.
If you really need that kind of security the best answer is to not do whatever you need that kind of security for on your phone. Use another device.
Also, invest in a high quality tin foil hat.
Sent from my HTC Sensation using xda app-developers app
Hi,
First, not even 1% care about security and privacy in thiers phones. People just having fun not knowing what data is being leaked from thier phones.
I know what you mean, if you want to have secure ROM, use CyanogenMod and patch it with autopatcher - PDroid2.0, then block almost all permission to all apps (including system) and this will give you the best privacy. Also don't use gaps and remove bluetooth if you don't use it.
Use K-Mail with APG to encrypt your emails, use Ostel to make anonymous calls, use Tor as a browser.
I think CyanogenMod9 for Sensation has already Pdroid patch merged. I suggest it over CM10 as is more stable and faster.
Below are links that may be useful for you.
PDROID:
http://forum.xda-developers.com/showthread.php?t=1923576
Autopatcher:
http://forum.xda-developers.com/showthread.php?t=1719408
Guardian Project:
http://forum.xda-developers.com/showthread.php?t=1840929
Hardening Android Guide
http://forum.xda-developers.com/showthread.php?t=1954513
Have fun
THE_GENIUS
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
burakgon said:
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Dun Dun Duuuuuuuuunnnnnnnnnnnn!! (sorry, couldnt resist ) :silly:
burakgon said:
Any simple system app can access your ALL data. Yes, without any permission.
Sent from my GT-I9000 using xda app-developers app
Click to expand...
Click to collapse
Without DroidWall - yes, anything can leak, but with - no chance.
Thank you! This is the only helpful reply in a thread full of morons.
I'm in the same boat
I would like something similar. I know we have remote wipe, etc. However I would like to know that if I loose my device, the only thing I am loosing would be the device. Currently I am using ARHD 50.0. I can not get the local storage to encrypt. The Micro SD however can be encyrpted. So I am working to try and install all the apps I need, then move them to the microSD and force them to write data there instead of the default location.
It is a bit strange that this seems to not work well at all.
Android is rather secure. Every non-system runs in its own sandbox.
Follow these steps to get you phone really secure:
1. Encrypt internal storage as well as sdcard.
2. Go S-ON. Relock your device.
3. Remove custom recovery after ROM installation. Otherwise encryption can be broken. Especially if you're scared of NSA.
4. Use superuser to remove all apps you don't need, then disable superuser.
5. Disable ADB. Both USB and wireless.
Any "trusted" ROM capable of this is secure.
Happy to help.
Far_SighT said:
1. Encrypt internal storage as well as sdcard.
Click to expand...
Click to collapse
Hi!
I'm interested in encrypting sdcard. Do you have a hint how to achieve this with the HTC Sensation?
Thanks!
imma gonna get ma tinfoil hat
bastei said:
Hi!
I'm interested in encrypting sdcard. Do you have a hint how to achieve this with the HTC Sensation?
Thanks!
Click to expand...
Click to collapse
You need to use a ROM that supports it. I use ViperS 5.1.0 (Vipers 4 also supports this).
Not that because SD card encryption, other cards that you put into your phone will be read only until you decrypt external storage
Hi guys & girls,
I have a Desire HD, not a sensation smartphone, however maybe I can add helpful Info here.
I am just exploring the activity on all smartphones, so I can discover which devices have the most developers, people and support now =D
Which Smartphones have the most Developers and Users now, by the way? Thanks
Well, the Best Secure Rom, I think is only the Guardian Rom.
That Rom is develloped just with the propose to be most secure, emphatize on just security as a priority, after all the NSA & government & Intelligency Agencies Surveillance.
Era Post-Edward Snowden =D
I think the name of the great Developer is "x942".
The problem is, He is just one Develloper working on that, so not so fast developing and very few devices are supported.
(I think only Galaxy Nexus, Nexus 4 and Galaxy S2, not certain)
He has other security projects also, like "Secdroid" and his hardened kernel.
Second to "Guardian ROM" maybe:
BlackPhone
(But i think for while not so worth because all software and apps is just 3rd party apps opensource that we can install too on our smartphone. And not worth spend 600 euros/dollars i think. But is very good and opensource hardware).
CryptoPhone is a security project on Germany/EU too, based on era Post-Snowden.
But just a smartphone based on Galaxy S2 with software we can install by our methods too =)
I think the best and most secure but simultaneous with very strong developing/support/updates for future proof is really CyanogenMod.
But we need to deposit our trust on them still, even now that they are now a Company, not anymore opensource community like on old early days, when Cyanogen started =)
The best is Guardian ROM.
However just one great develloper can not support many devices and long and faster develloping like CyanogenMod as a fact.
About software and apps we have many:
But the popular/best are:
All apps of "TheGuardianProject" site like:
Orbot; Orweb; GPG; ChatSecure (Gibberbot); Ostel; Pixlknot; Obscura Cam; and so on...
Whisper Security apps:
RedPhone; TextSecure (WhisperPush on Cyanogen);
SilentCircle apps se can trust but i think are Paid.
Tor (orbot) , I2P, and MacChanger (MacMan, etc...) apps for Anonymity.
SecDroid as i said.
PDroid (but with kitkat i think se do not need anymore).
AfWall+ (Sucessor and total opensource of DroidWall, linux iptables firewall).
WiFi Protector (by Gurkedev, opensource wireless that protect us from Arp poisoning, MITM attacks like droidsheep, faceniff, other sniffers and packets captures...)
AdAway (opensource blockers of adware, spyware ads and popups)
Virustotal app =D
KeePassDroid (Password manager protected with encryption data base).
K-9 Mail with APG (opensource email with open PGP implementation).
And for TrueCrypt similar encryption and containers i think exist many apps already on market, but do not know which is the best yet.
EncFS is good also.
One great market just with opensource apps and a must have is
F-Droid.
If you want use your data connection with a VPN (Virtual Private Network) on my researches i discover and read some of the best are:
Free - > SpotFlux; HotSpot Shield; CyberGhost; SecurityKiss; HideMan; ...
Now the Best ones are Paid.
Some of the best ones:
MullVad
iVPN
NordVPN
TorGuard
Proxy.sh
BolehVPN
AirVPN
And the Countries with the Best Privacy Laws and Protection are:
Iceland ; Norway ; Romania ; Serbia ; Sweden ; Swiderland ; Luxenbourg ; Panama ; Seichelles ; Taiwan ; Hong Kong ; Malaysia ; ...
Well, hope I can help with something, and please if anyone know more Info about Security, Privacy & Anonymity tell also, and let all us know more knowledge =)
Cheers, Guys & Girls.
As far as I can tell there are no significant Android roms that utilize custom keys. What's more, it's not even up for discussion. I've proposed it to multiple developers and it's been embarrassed by exactly ZERO. I've installed the overwhelming majority of ROMs for Flo, Grouper and myriad legacy Android device and haven't so much as stumbled on a single rom boasting this very basic security precaution.
So my question is: how are we going to change that?
I'll admit I know precious little about anything concerning 'code.' My development really pretty much ended at "power user." (An emphasis on 'user').
That said, I have to ask the following:
Is something like a key customizer possible? Perhaps something like a PC based patcher utility that could automatically import the appropriate test key credentials for the user selected rom and then repackage it using user &/or PC generated random data??
pan.droid said:
As far as I can tell there are no significant Android roms that utilize custom keys. What's more, it's not even up for discussion. I've proposed it to multiple developers and it's been embarrassed by exactly ZERO. I've installed the overwhelming majority of ROMs for Flo, Grouper and myriad legacy Android device and haven't so much as stumbled on a single rom boasting this very basic security precaution.
So my question is: how are we going to change that?
I'll admit I know precious little about anything concerning 'code.' My development really pretty much ended at "power user." (An emphasis on 'user').
That said, I have to ask the following:
Is something like a key customizer possible? Perhaps something like a PC based patcher utility that could automatically import the appropriate test key credentials for the user selected rom and then repackage it using user &/or PC generated random data??
Click to expand...
Click to collapse
Omni rom uses private keys in official builds I believe, and after much prodding cyanogenmod has started to as well. Solution is to resign the firmware.
I thought Omni might be taking things seriously. I seem to remember it's Delta updates having a pre-checked 'Secure' box, probably meaning they were transferred using HTTPS or some other secure transfer method.
So what about an automated tool that could resign the firmware on a user's PC prior to flashing? Is that theoretically possible?
pan.droid said:
I thought Omni might be taking things seriously. I seem to remember it's Delta updates having a pre-checked 'Secure' box, probably meaning they were transferred using HTTPS or some other secure transfer method.
So what about an automated tool that could resign the firmware on a user's PC prior to flashing? Is that theoretically possible?
Click to expand...
Click to collapse
Yes easy, even and update.zip could be done to do it.
So, I guess the question is: who's leg do I have to hump to get this kick-started?
PenTesters_Paradise
Code:
[b][center]DISCLAMER[/center][/b]
I can not be held responsible for how you use this package.
I am also not to be held responsible if flashing this package
damages your device in anyway. This package is for
educational use only and should not be taken lightly. This is
the exact package that I use for my 2nd job, and is not meant
to just be played with willy nilly. Ask permission before doing
anything in public OR private.
PenTesters_ParadiseThis package was originally supposed to be a custom ROM, but I wanted to give everyone an equal opportunity to enjoy this package, so I converted it to something everyone can use! This package isn't for the faint of heart. This is for those of you curious about Pen Testing and for those who basically want to feel like they're bringing Watch_Dogs to the real world. Below I will explain the package, and what each item can actually do. I will also have YouTube videos (when I get the time to record them) explaining each app and package. I also have some custom content coming, some that will be shown off and not released as well. Please enjoy and remember to play it safe and always ask permission first before using any of these packages or tweaks.
What's A Pen Tester?If you're asking yourself this question, this package MIGHT NOT be for you. A Pen Tester is either a White Hat or Grey Hat hacker that gets hired by individuals or companies to basically purposely hack their products, networks, or any other sorts of electronically based applications. Pen Testers are becoming a big deal especially in the Gaming world. Dev companies are starting to get smart and are realizing that they honestly can't BEAT the hackers with out TRUE HACKERS of their own. This is slowly becoming a big money life style and more and more people want into it. This is basically your "License to Kill" when it comes to a product/project/ect. when the company or individual gives you the green light to crack in and have at it.
Package Includes
Screen Shots will be added to the 3rd post of this thread, tutorials for each app and the change log to the 2nd
AnDOSid
This app is an Android-based DOS attacker. Basically, this app allows you to simulate a DOS attack (Denial of Service) as a HTTP POST flood attack on either another person or a web server.
NetSpoofer
Network Spoofer lets you change websites on other people’s computers from an Android phone. Simply log onto a Wifi network, choose a spoof to use and press start. This can be a lot of fun, but always ask first.
AndroidVNC
please see this thread for all the info about this
http://forum.xda-developers.com/showthread.php?t=497187
aWPScan
This app lets you scan wordpress based sites for exploitable entrances to the sites admin panel. Fairly simple to use and can sometimes come in handy when working for a client and building them a WP based site.
DroidSheep and FaceNiff
These apps were popular for a very short time but are very powerful. They both kind of have the same functions as they work as a MITM (Man In The Middle) attacker service. Basically, login to any WiFi hot spot, and you will start capturing web traffic. You can manipulate the web traffic to do as you want from here.
DroidSheep Guard
This app guards you from anyone else using Droid Sheep. I'm not entirely sure if it will guard against FaceNiff as well.
DriveDroid
This app turns your device basically into a disc image mounting device. Basically, you can take an ISO or IMG file, mount it with this app, and install full operating systems to another PC. Read below on how to work it with the Galaxy S5 Specifically, as there's 1 special step you need to know
1.) Run the app and go through the setup.
2.) When you get to the selection about selecting a driver, select the 3rd item, which should be a "Legacy USB Driver"
3.) When you get to the point abut TESTING it and restarting your PC, this is where the trick lies.
3a.) As your PC boots up, boot directly to your BIOS (for HP and ASUS its either Escape or F2. not sure about others off the top of my head)
4.) From here, make sure your phone as connected successfully in MTP mode.
4a.) Go into Drive Droid (After MTP has been set), and select the IMG or ISO you wish to emulate from your device.
4b.) In the BIOS, Save Settings and restart (I know you didn't change anything, hear me out)
5.) From here, you need to test...
5a.) You'll either (after the bios loading screen) boot directly to the ISO or IMG, or into your standard OS.
6.) If you boot directly to your standard OS, reattempt from step 3 onwards, but at step 5, go to 6a
6a.) When the PC restarts, bring up your Boot Menu of options (F12 I believe on ASUS and HP)
6b.) From here, select the Samsung device listed, and it should boot!
dSploit
dSploit is a package of all sorts of tools ranging from MITM attacks to DOS attacks, and other testing abilities. Plenty of videos around on how to use this app.
HackAppData
This is for any app on your device. This app lets you modify the AppData of any application installed on your device.
Hackers Keyboard
Just a highly customizable keyboard.
Network Mapper
This app simply maps out the WiFi Network you are currently connected to, showing you every device connected.
Shark
Basically WireShark for Android. Lets you see incoming and outgoing data packets from your device and other things on the network.
Penetrate Pro
No this isn't a dirty joke (couldn't resist), This app works with decoding WiFi connections to allow you to connect to locked and private connections.
SQLMap
SQLMap is one of the most highly used tools around for SQL Injection attacks as its basically the best automated tool for it. There's tons of tutorials out there about it and soon I'll post one of my own.
LockScreen Widgets Tweak
Created by BigBot96, this tweak lets you apply Widgets to your lock screen. PLEASE Make sure you download the correct file. Currently, only the NE9 builds are supported with this tweak, but I'll have an option available for you to not have to worry about this.
Coming Soon...
Future Additions will be coming around soon for this, so keep checking the thread!
Kali Linux NetHunter Features.
So far, only supported by the Nexus devices, I'm attempting to port over the apps and data for this to the S5 as the first non-Nexus device to have support for Kali Linux control. Below will be the list of what will be included.
KaliLauncher
This is the heart of the NetHunter features. This controls everything, and launches all the different exploits available through Kali Linux. To learn more, keep reading
BadUSB
BadUSB is a form of undetectable Malware that is applied to specific USB devices that match the exploit. Basically, this hijacks your USB plug while your device is connected to a computer (windows based), and lets you install a faulty driver to it that houses your malware files. You could use this to transfer things like BotNets, Trojans, and many other forms of malware to a users system and they'd never even know.
DNSSpoofer
Basically, this tool just spoofs the DNS connection you're using or the other person/s are using and lets you reroute people. DNS Attacks are few and far between, but they're slowly getting easier.
PowerSploit
I'll admit, I haven't read up on this yet, but when I have, I'll edit this lol.
NoUpStream
This stops any up stream data entirely.
Other Future Additions
Basically, I'd like to convert this to something like a "Mini-ROM" that gives you a Launcher, themed Gapps, themed system apps, and much more, but for now, this is the temp solution. Next Update should have at least a custom boot animation.
How-To Install1.) Transfer the Zip file that matches your device to your SD card or Internal Storage
2.) Boot up into recovery mode and Flash the ZIP
3.) Done!
Special thanks to the creators of all these apps, scripts and tweaks that are being applied to this package. The ZIP packages below simply just need to be flashed to your Android device via SafeStrap (only method I can test). If someone could test a standard TWRP on a Dev Edition or another unlocked device, that'd be awesome.
Download Links Below
UPLOADING NEW ONES AFTER THE NEXT FLASH Test.
Thought it was ready, and realized it wasn't.
All apps are force closing -_- I'll fix it when I wake up. I've been at it for 12 hours now
Planning on updating this/adding a download?
Nice waiting anxiously for this
Waiting like wagging dog.... I went to source and got working nice..like to wait for add ons.
http://forum.xda-developers.com/showthread.php?p=3518324
Subscribed.
Sent from my SM-G900V using Tapatalk
lol he posted this weeks ago.. he respondin in his rom thread also saying he was working on a new rom which isnt out yet and said a week or two ago that his tmo budfy got 5.0 lollipop which was false lol so not sure if and when this will actually be uploaded.. its been here for weeks with no zip or apks at all in the themes n apps section..
most of these apks are stuff you can manually install if you dont want to wait :-/
Reinventing the wheel
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
dmayniak said:
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
Click to expand...
Click to collapse
lol the last comment was me about 2 years ago
elliwigy said:
lol the last comment was me about 2 years ago
Click to expand...
Click to collapse
i know right? lol i gave up on this because at the time i sucked at making flashable zip's
Vortell said:
It would be cool if you started it back up!
Click to expand...
Click to collapse
The reason I haven't is because Kali Linux has an official release for this phone as long as your bootloader is unlocked and you're on CM
Update (5/18/2019)
Since the first tool was released, HappyZ has improved many features so I think I can just refer to
* HappyZ's rooting guide: https://github.com/HappyZ/dpt-tools/wiki/The-Ultimate-Rooting-Guide
- The only thing I want to add as Windows user is (because the guide is for Mac/Linux users) it gets much easier if you use Linux terminal like cygwin, and the port name should be something like COM# where # can be found in Device Manager by comparing before/after you attach the device.
* HappyZ's upgrade guide: https://github.com/HappyZ/dpt-tools/wiki/The-Upgrade-Guide (Recommend to read this before/after you update the new firmware.)
You may donate a cup of coffee to him there Thanks to all others who contributed a lot.
--
Update (12/02/2018) -- These are outdated.
Finally we manage to root the device! Many thanks to all of your efforts.
Just refer to HappyZ's well written guide: https://github.com/HappyZ/dpt-tools
For whom have never used python like me (and probably using Windows):
(1) Install Python 3 and add it to PATH.
(2) Install MINGW64 and run scripts here instead of Powershell due to xxd issue if you are on Windows.
(2) pip httpsig pyserial on bash.
(3) Download HappyZ's dpt-tools and unzip.
(4* this issue is fixed by HappZ)
(5) Follow HappyZ's guide. You should execute dpt-tools.py in the folder you unzipped to use get-su-bin because of how the script is written.
Some suggestions after rooting (let me know if you have better ideas):
Here is my setup: install "E-ink Launcher" and "Multi action home button" using adb install.
Use adb shell am start -a android.intent.action.MAIN to change the main launcher to your launcher.
Then change the setting of Multi Action Home button (say, the height should be large to be visible in the bottom) and assign its function to be Home for click and Back for double-click.
Whenever you want to use Sony's apps (these are good for pdf markup), just push the home button to open the pop-up menu.
Otherwise, touch the Multi Action Home Button to access to other Android apps. So far I've never experience any crash.
Yet more tips:
Some complain fonts are too small after installing generic apps.
adb shell wm density 320 changes your DPI by 2 times (160 is a default value.) EDIT: I found 200 is quite enough that does not distort Sony apps too much.
My application is using "Tasker" to execute the above code when specific apps are open and execute wm density reset when the apps are closed.
The reason why we cannot change the global DPI is sadly because it makes the default apps by Sony so awkward.
Alternatively, I could successfully install Xposed to try App Settings but this app crashed.
You can also install Gboard (but it has no hide button, so prepare with virtual back button) if you need another keyboard.
Enjoy your DPT devices
--
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
And here you can find source codes.
oss.sony.net/Products/Linux/dp/DPT-RP1.html
sartrism said:
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
Click to expand...
Click to collapse
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
Click to expand...
Click to collapse
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
sartrism said:
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
Click to expand...
Click to collapse
Without some kind of way to flash or interface with the device there isn't much you can do.
I have a kindle fire HD that didn't come with a typical android system but does have a typical bootloader. The Amazon OS was removed and now it's full blown android but it required a "second" bootloader. You don't have a bootloader so I'm not sure what your options are with that device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
MarkBell said:
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
I tend to read too deeply into everything. It's the way I am. Lol.
Sent from my SM-G928T using Tapatalk
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
happy to help with simple things
thisvip said:
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
Click to expand...
Click to collapse
Bus 001 Device 008: ID 054c:0be5 Sony Corp.
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
sartrism said:
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
Click to expand...
Click to collapse
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
mcplectrum said:
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
Click to expand...
Click to collapse
Hope you get some result from wifi side. I also realized they use the port 8443 but couldn't get further as you.
For whom trying to hack it, here is the link for the already 'hacked' system apps (including the original files) - that of the famous hacked RP1 video. Inside the subfolder S1, there are also the hacked system apps for DPT-S1 just in case.
https://www.dropbox.com/sh/dvtvokdzrgwjc83/AACXOJA-E56nUpUfiWUOzrM3a?dl=0
George Malas said:
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
Click to expand...
Click to collapse
The stock device has no web browser, no sd-card, no usb connection, and no typical system. I think SONY was haunted by some security issues maybe because they thought the major users are lawyers or very important people? lol
Any chance to create a buffer overflow PDF to attack RP1's pdf reader?
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
jess91 said:
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
Click to expand...
Click to collapse
If you're interested and supportive of this then go buy one anyway and apply yourself to going forward figuring out how to get it done. Other than that, you're not supportive, you're just hopeful that someone figures it out and then you'll probably go get one.
DO NOT CONTACT ME VIA PM TO RECEIVE HELP, YOU WILL BE IGNORED. KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Paderico said:
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Click to expand...
Click to collapse
Just a little update from my side. I'm currently tryng to recreate the steps @mcplectrum was using. It seems that my RP1 also uses other ports. I tried to wireshark the USB and WiFi connection. By that I saw that often GET /registration/information is called for Host: localhost:58052. Moreover the first call is GET /register/serial_number also on port 5808. This was via USB.
Trying to trigger the /auth/ call via Telnet returns nothing unfortunately. But also the 8080 port is open. Trying to call digitalpaper.local:8443/auth/ returns nothing on firefox.
@mcplectrum: how did you get the client_id and what would one need that for?
I also tried to change the config.DEVBUILD to true but that seemed to change nothing at all.
So to sum up what we know:
The device is using some kind of android structure, the source code seems to use the uboot bootloader, all communication is done by a rest restlet framework. So actually there should be some kind of way to use the restlet framework to PUT or POST the modified files.
The other option would be directly flash the eMMC right? I would take the risk and just load it on my device and see what happens. Any hints on how to do that?
Hi,
I would like to flash few android devices with very basic operating system and one app only - like vPos system.
What will be ideal is:
Replace starting screen of the oem device with my own graphics.
Start my own app when the device is fully booted.
Have ability to change wifi network within the app.
Use 3g/4g connection within the app.
I know about locking device for one app only (kiosk mode), but this is now what I'm asking for here.
I will really appreciate any kind of help.
Many thanks...
FlexRoad
If u want to replace OS of ur phone with another one, you may try miracle box.
Run One App or Few Selected Apps with ease!
Absolutely, all that you have mentioned under the "ideal" part can be done easily with a kiosk lockdown software that needs no technical skills to set the device with one app or few selected apps from a web-based dashboard using a laptop or a desktop.
flexroad said:
Hi,
I would like to flash few android devices with very basic operating system and one app only - like vPos system.
What will be ideal is:
Replace starting screen of the oem device with my own graphics.
Start my own app when the device is fully booted.
Have ability to change wifi network within the app.
Use 3g/4g connection within the app.
I know about locking device for one app only (kiosk mode), but this is now what I'm asking for here.
I will really appreciate any kind of help.
Many thanks...
FlexRoad
Click to expand...
Click to collapse
This is a pretty common thing to do, actually.
What I would recommend you do is start with an AOSP build for the devices you want use, either by building one yourself (as in this tutorial, which has a similar goal), or by finding a pre-built AOSP-based rom around on these forums. (AOSP is kind of the closest one gets "just installing the OS"). After that, you could consider tweaking the build or modifying the image, but another alternative is just to use some type of MDM (mobile device management) solution for deploying your app, customizing the available options, locking things down, etc. (There are other MDM vendors beside Google as well.) This might be a good idea for something like a vPOS, because it inherently also gives you some amount of traceability and a "paper trail".
---------- Post added at 12:13 AM ---------- Previous post was at 12:08 AM ----------
geoff-codes said:
This is a pretty common thing to do, actually.
What I would recommend you do is start with an AOSP build for the devices you want use, either by building one yourself (as in this tutorial, which has a similar goal), or by finding a pre-built AOSP-based rom around on these forums. (AOSP is kind of the closest one gets "just installing the OS"). After that, you could consider tweaking the build or modifying the image, but another alternative is just to use some type of MDM (mobile device management) solution for deploying your app, customizing the available options, locking things down, etc. (There are other MDM vendors beside Google as well.) This might be a good idea for something like a vPOS, because it inherently also gives you some amount of traceability and a "paper trail".
Click to expand...
Click to collapse
This was going to be a much more helpful response, but apparently I can't link outside this site. So maybe Google search:
"intellectsoft blog build and run android from aosp source code to a nexus 7", "g suite manage your organization's mobile devices", and "G Suite Compare mobile management features"