So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
TheDonL said:
So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
Click to expand...
Click to collapse
I'm no expert but if your rom is no longer maintained you would have to build your own with the latest Cyanogenmod/PacMan, device tree, etc etc which will have all the security patches in it. It's a mission http://xda-university.com/as-a-developer/introduction-how-an-android-rom-is-built
Note that there will be loads of other security patches released since your rom was built, depending on how old it is, that do not have an app to show if you are vulnerable, look at the date of the "Android security patchs level" shown in about phone & compare to the monthly security bulletins to find them all.
https://source.android.com/security/bulletin/index.html
running CM ? might want to check this thread :
http://forum.xda-developers.com/showthread.php?t=2862061
err on the side of kindness
TheDonL said:
So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
Click to expand...
Click to collapse
There have been 100s of security patches for Android kernel, but if your bootloader is locked, you can't implement them. If you unlock your bootloader, you can use a custom kernel and you can manually implement each patch. But keep in mind, CM has abandoned LP kernels, meaning they are not implementing security patches after October-November 2015. With regard to non-kernel patches (also hundreds), most of them are in sources for LP and MM.
I wouldn't rely on any app that tells you whether or not you have the patch. You can do it simply by looking at the date of your build. Pretty much everything after that date is Not included...
optimumpro said:
There have been 100s of security patches for Android kernel, but if your bootloader is locked, you can't implement them. If you unlock your bootloader, you can use a custom kernel and you can manually implement each patch. But keep in mind, CM has abandoned LP kernels, meaning they are not implementing security patches after October-November 2015. With regard to non-kernel patches (also hundreds), most of them are in sources for LP and MM.
I wouldn't rely on any app that tells you whether or not you have the patch. You can do it simply by looking at the date of your build. Pretty much everything after that date is Not included...
Click to expand...
Click to collapse
Thanks for the response! Yeah, I have the latest version of PAC ROM for my phone and it says Nov 2015 is the latest android security level. So I am open to finding a different, custom kernel if that means I can manually implement each patch. But what's the process for that? How would I do that? My bootloader is already unlocked.
TheDonL said:
Thanks for the response! Yeah, I have the latest version of PAC ROM for my phone and it says Nov 2015 is the latest android security level. So I am open to finding a different, custom kernel if that means I can manually implement each patch. But what's the process for that? How would I do that? My bootloader is already unlocked.
Click to expand...
Click to collapse
If you are not a developer, have no programming experience, it would be almost impossible to do. You need to work with sources. Learn how to compile a rom.... It is not easy...
optimumpro said:
If you are not a developer, have no programming experience, it would be almost impossible to do. You need to work with sources. Learn how to compile a rom.... It is not easy...
Click to expand...
Click to collapse
Ah. So I am guessing it is not as easy as simply copying and pasting the code that the website mentioned? Into the bootloader? Because codeaurora.com gives you the exact code to manually enter in for the patch. I have coded before but not much and it was a while ago...
Related
mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
ogresavage said:
mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
Click to expand...
Click to collapse
I just installed Belarc Security and it discovered the first issues with the two others, 4220. 4221, 4222, not sure if I should be concerned...
Well as you all know, Nougat just landed officially on Newer Nexuses & AOSP Source code. and unfortunately N5 wasn't "good enough" to get official google support, but we'll soon get Nougat test on our beloved N5 thanks to great Dev community supporting it.
but i was wondering the Question that title says !
though AOSP Source code is uploaded for 7.0 release , there are some binaries that i believe closed source https://developers.google.com/android/nexus/drivers#hammerhead , and i think they should be updated as well to properly work any new update on device , that's why we see binary files updated by google till now for every official update.
but as N5 is now drop-out of Official support,so google surly will not provide updated binary patches, so does hardware company (Broadcom, Qualcomm , LG ) provides these patches after official support OR our Dev do some digging even though they are closed source and finally by trial & error they fix/updates these binaries ? if it's done by Devs individually, wouldn't everyone's thought for dealing with problem might be different which ends up making some ROMs more stable on one area and others in some different area !
( PS: Well you might got it from Question it self that i'm not a proper technical person in Android and even in that matter in coding , i'm just a guy who wonder these thing & tried to find answer on google but didn't get any satisfactory so end up asking in new thread instead on QA thread so that some one like me also get to know about it also , my previous device (Samsung i9070 ), having closed source CPU (NovaThor U8500) & CPU maker drifted from business , gave insane trouble to XDA devs while porting unofficial updates, so they fed-up and drifted away to new device within months which makes me more curious about this Question, hopefully i'll get proper answer from a Dev/Experienced Member )
jineshpatel30 said:
Well as you all know, Nougat just landed officially on Newer Nexuses & AOSP Source code. and unfortunately N5 wasn't "good enough" to get official google support, but we'll soon get Nougat test on our beloved N5 thanks to great Dev community supporting it.
but i was wondering the Question that title says !
though AOSP Source code is uploaded for 7.0 release , there are some binaries that i believe closed source https://developers.google.com/android/nexus/drivers#hammerhead , and i think they should be updated as well to properly work any new update on device , that's why we see binary files updated by google till now for every official update.
but as N5 is now drop-out of Official support,so google surly will not provide updated binary patches, so does hardware company (Broadcom, Qualcomm , LG ) provides these patches after official support OR our Dev do some digging even though they are closed source and finally by trial & error they fix/updates these binaries ? if it's done by Devs individually, wouldn't everyone's thought for dealing with problem might be different which ends up making some ROMs more stable on one area and others in some different area !
( PS: Well you might got it from Question it self that i'm not a proper technical person in Android and even in that matter in coding , i'm just a guy who wonder these thing & tried to find answer on google but didn't get any satisfactory so end up asking in new thread instead on QA thread so that some one like me also get to know about it also , my previous device (Samsung i9070 ), having closed source CPU (NovaThor U8500) & CPU maker drifted from business , gave insane trouble to XDA devs while porting unofficial updates, so they fed-up and drifted away to new device within months which makes me more curious about this Question, hopefully i'll get proper answer from a Dev/Experienced Member )
Click to expand...
Click to collapse
Short answer: they don't. Either they use old binaries that still work, or they use binaries from similar devices that are updated. For example, the nougat build available here for the nexus 5 has been built on old marshmallow binaries. Only the kernel can be modified since it's open source. There is not much we can do with closed source blobs unfortunately...
Hi.
I've edited android framework code to make HCE(card emulation) feature without turning the screen on.
But I have no device to test this feature because of samsung knox .
So I built a test rom for bullhead.
This rom is based on OPR5.170623.014.
And I want to get feedback about this rom
1. The off screen mobile payment (HCE) feature works well?
2. Then Please let me know the battery time is acceptable or not.
compared to AOSP.
Plus! I do not guarantee this rom is not work properly
If your device broke with my rom, I can't do anything for that
Download Link :
https://drive.google.com/file/d/1w-vO80Jo7O55uUeqCqG0Y83OFqToi7vs/view
Opensource :
https://github.com/HyungJu/hce-always
Apply this patch to frameworks/
Download Gapps for 8.0.0.
Thank you.
No offense, but I think whoever tests this may want to see the source code for whatever you changed.
In my case I wouldn't test this unless I looked at the code and then compiled it myself. Really, it's nothing personal.
The "chain of trust" of most ROMs is that you can easily reproduce the binary version that you can download elsewhere by building from the available source code instead if you wanted to.
Paul L. said:
No offense, but I think whoever tests this may want to see the source code for whatever you changed.
In my case I wouldn't test this unless I looked at the code and then compiled it myself. Really, it's nothing personal.
The "chain of trust" of most ROMs is that you can easily reproduce the binary version that you can download elsewhere by building from the available source code instead if you wanted to.
Click to expand...
Click to collapse
Thank you for your advice.
I uploaded a patch file that I made to github
https://github.com/HyungJu/hce-always
Thank you.
vendor.img..? opr5 14...?
Mi 8/Mi 8 Explorer Edition/Poco F1 Same Branch
https://github.com/MiCode/Xiaomi_Kernel_OpenSource/tree/dipper-o-oss
najjurocks619 said:
Mi 8/Mi 8 Explorer Edition/Poco F1 Same Branch
https://github.com/MiCode/Xiaomi_Kernel_OpenSource/tree/dipper-o-oss
Click to expand...
Click to collapse
Blimey! That's a very good sign!
Hopefully they're intact and usable
thesoupthief said:
Blimey! That's a very good sign!
Hopefully they're intact and usable
Click to expand...
Click to collapse
Indeed, Hoping for great future and development for this device, The cheapest SD 845 yet.
isnt this a security lapse
prabaharanaece said:
isnt this a security lapse
Click to expand...
Click to collapse
Lol are you joking? Xiaomi have themselves released the kernel sources. How does that make it a security lapse when they themselves announced this during the phone launch?
Great news! Hope to see LineageOS soon for this phone.
kishore1998 said:
Lol are you joking? Xiaomi have themselves released the kernel sources. How does that make it a security lapse when they themselves announced this during the phone launch?
Click to expand...
Click to collapse
It is rather a question from me, I know mi released the codes but question is can it be used by someone for hacking this phone. I guess it would be more easier for the hackers now.
prabaharanaece said:
It is rather a question from me, I know mi released the codes but question is can it be used by someone for hacking this phone. I guess it would be more easier for the hackers now.
Click to expand...
Click to collapse
POCO F1 is not the only phone with it's kernel source released. You will find kernel sources released for many phones by different brands (Sony, Samsung, LG, OnePlus and so many more). The purpose of releasing the source is to accommodate custom ROM and Kernel development by developer community (like XDA) and find out vulnerability (if any) in the process. Any vulnerability found is usually patched in updates. Yes the source can be used to compile a kernel or ROM with malicious code or an app which'd try to exploit the vulnerability but it will only affect those who'd install any such app/kernel/ROM. Now any flashaholic you'd meet will tell you how they'd only install apps from trusted sources and flash ROMs/Kernels available on XDA etc. In nutshell, I don't think trying to hack a phone using kernel source is worth it as it targets very limited people who are cautious enough on what to install on their phones making it more difficult to hack. Any developer can enlighten you more on the issue as I might be totally wrong on the issue too.
P.S. It's because of such source code releases that community like XDA is thriving.
prabaharanaece said:
isnt this a security lapse
Click to expand...
Click to collapse
All linux based kernels are open source
Also it is mandatory for OEMs to release kernel sources per GPL license rules.
I got my phone today, waiting for some awesome development..
Thank you everyone for comments :good:. I got my phone today as well
Will only buy it if any rom(i wish for Omni) is built from sources(not ported rom) and officially supports Treble <3
Otherwise simply useless phone for me :X
Would suggest the same for others too
xuser_ said:
Will only buy it if any rom(i wish for Omni) is built from sources(not ported rom) and officially supports Treble <3
Otherwise simply useless phone for me :X
Would suggest the same for others too
Click to expand...
Click to collapse
All roms are build from aosp and other sources, this is not 2012 where ported roms exists here. What are you talking about? Also, the phone is launched with 8.1 so it officially supports treble out of the box. You high or what?
Btw: good to see early release of kernel source but on the other hand, the unlocking of bootloader showing me 30 days (720hours). How will I live for 30 days using MIUI?
I am talking about https://www.zdnet.com/article/google-we-just-fixed-these-three-critical-android-bugs-with-april-update/
I an trying to understand the limitations of custom roms.
Thx in advance
It depends on your custom rom and device.
In official versions of LineageOS, Android security patches get merged regularly. This means, vulnerabilities like the ones mentioned in the linked article get fixed over time if you update your LineageOS every now and then. But there are also potential vulnerabilities hidden in proprietary OnePlus components. These cannot be fixed by any custom rom and rely on updates from the manufacturer.
You might want to read up on this here.