Malware disguised as system app: how to remove it? - Security Discussion

Hi guys! I'm here asking for your help for a problem that is riddling me.
My mother got (against my advices..) a chinese Yuntab E706 tablet. She has been using it for a while, but she started noticing abnormal popups, installed apps etc.
Tried running Avast and Malwarebytes that found some PUPs. two of them found by avast kept on being reactivated on reboot. Malwarebytes found this:
Android/PUP.Riskware.SilentInst.a in /system/priv-app/Xfota/Xfota.apk
Suggesting me to remove it: impossible, because it was a system app called "Online Update"! So it suggested to disable it: neither this option was available!
So I tried wiping cache and restore to factory setting.
After that, I tried firing up again Malwarebytes and voilà, it found the same malware, again in "Online Update" app. Also android marks this, in notification bar, as potentially harming for the devices, suggesting to disable it. The button disable doesn't work, though the app is listed under disabled app. Also Malwarebytes says it is disabled and could not do harm; I'm worried anyway about all this story, what should I do? The tablet is not rooted anyway.
Thanks everyone in advance!

try these tricks
Nice one. I feel ur pain. 1st u must find & do everything possible to root the phone. Then once rooted successfully via Kingroot and sorts. Download rootuninstaller, titaniumbackup or 3c toolbox pro to force remove the virus after granting root access.
Alternatively, u can boot into safe mode by preesing power button to display power options, then press-holding the "power off" option to reveal "boot into safe mode" which when booted into allows you to undo changes done by apps that can damage your phone.
Pls feel free to ask questions.
Gud luck!

[]

HellFire90 said:
Hi guys! I'm here asking for your help for a problem that is riddling me.
My mother got (against my advices..) a chinese Yuntab E706 tablet. She has been using it for a while, but she started noticing abnormal popups, installed apps etc.
Tried running Avast and Malwarebytes that found some PUPs. two of them found by avast kept on being reactivated on reboot. Malwarebytes found this:
Android/PUP.Riskware.SilentInst.a in /system/priv-app/Xfota/Xfota.apk
Suggesting me to remove it: impossible, because it was a system app called "Online Update"! So it suggested to disable it: neither this option was available!
So I tried wiping cache and restore to factory setting.
After that, I tried firing up again Malwarebytes and voil
---------- Post added at 01:34 PM ---------- Previous post was at 01:30 PM ----------
FFS, WHAT INS WRONG WITH THIS THREAD, IT KILLS DELETING MY ANSWERS, I GIVE UP!
Laths try a link
See this
https://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
Edit:
Though that original post doesn't work on all phones, this is an alternative method that has been shown to work on phones like the S8 that the above method does not work on
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
Click to expand...
Click to collapse

IronRoo said:
[]
Click to expand...
Click to collapse
IronRoo said:
HellFire90 said:
Hi guys! I'm here asking for your help for a problem that is riddling me.
My mother got (against my advices..) a chinese Yuntab E706 tablet. She has been using it for a while, but she started noticing abnormal popups, installed apps etc.
Tried running Avast and Malwarebytes that found some PUPs. two of them found by avast kept on being reactivated on reboot. Malwarebytes found this:
Android/PUP.Riskware.SilentInst.a in /system/priv-app/Xfota/Xfota.apk
Suggesting me to remove it: impossible, because it was a system app called "Online Update"! So it suggested to disable it: neither this option was available!
So I tried wiping cache and restore to factory setting.
After that, I tried firing up again Malwarebytes and voil
---------- Post added at 01:34 PM ---------- Previous post was at 01:30 PM ----------
FFS, WHAT INS WRONG WITH THIS THREAD, IT KILLS DELETING MY ANSWERS, I GIVE UP!
Laths try a link
See this
https://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294
Click to expand...
Click to collapse
Thanks very much for your reply and your efforts in posting it! I'll give it a try!
donwizzy said:
Nice one. I feel ur pain. 1st u must find & do everything possible to root the phone. Then once rooted successfully via Kingroot and sorts. Download rootuninstaller, titaniumbackup or 3c toolbox pro to force remove the virus after granting root access.
Alternatively, u can boot into safe mode by preesing power button to display power options, then press-holding the "power off" option to reveal "boot into safe mode" which when booted into allows you to undo changes done by apps that can damage your phone.
Pls feel free to ask questions.
Gud luck!
Click to expand...
Click to collapse
Thanks very much for your reply. May I ask you the best way to root this device, since TWRP is not available?
Click to expand...
Click to collapse

HellFire90 said:
Thanks very much for your reply and your efforts in posting it! I'll give it a try!
Thanks very much for your reply. May I ask you the best way to root this device, since TWRP is not available?
Click to expand...
Click to collapse
1st try to find out ur processor type, whether it's qualcomm, or mtk or powervr, or whatever. try gsmarena.com to check ur fone's specs or manufacturer's website. knowing fone's processor type make choice of rooting process easier.
well most china fones meant for international market ought to be mtk
try latest version of kingroot apk app[requires internet] in rooting d fone
And if fone is "mtk", we can use mtkdroidtool pc app & spflashtool pc app to create scatter file & extract, from d fone, the boot.img & recovery.img which can both be used to create a twrp custom recovery tailored specifically for ur fone.
pls try all these out diligently & give feedback.
best of luck!
P.S.
i actually found out the fone is mtk i.e. mt83321; dwnld & install out latest kingroot apk on ur fone with internet connection
then head over to http://www.theandroidhow.com/2014/05/how-to-make-backup-stock-boot-recovery.html?m=0, read those instructions carefully, download the required softwares and get the processes started.
best of luck!

@HellFire90
BTW, xfota is not malware it's the Over The Air updater used by some Chinese phones, that said it pretty much behaves like malware so I'd say it is.
I don't know how to root your device but if that nonroot method I posted works then you don't have to. Be wary of root apps, some will be worse than your current problem… especially if from some random website.

i've decided to help u all the way & i've created assortment of files for u to download. First head to https://drive.google.com/uc?id=0BygHnAHGWWirc1JKZWdFUWZGR2M&export=download, and download and extract the zip file. Then read the read_me_1st.txt, and get back to me.

@HellFire90
Kingroot is one of the most effective rooting apps but it comes with adware! Also I have doubts about just what info is sent back to China so I've never used it. See the XDA thread about it, they suggest replacing it with supersu after rooting or whatever, I can't remember exactly,

IronRoo said:
@HellFire90
Kingroot is one of the most effective rooting apps but it comes with adware! Also I have doubts about just what info is sent back to China so I've never used it. See the XDA thread about it, they suggest replacing it with supersu after rooting or whatever, I can't remember exactly,
Click to expand...
Click to collapse
In my gdrive attachment above u find my careful assortment of softwares, files & folder hand-picked by me.
1st install all android usb drivers [those .inf files] from Computer Management, and then Device Drivers.
Those install all necessary adb driver from the adb software and folders.
My solution with Total Commander [with adb plugin, and provided those adb drivers&usb drivers are installed] allows u to access the entire file system of ur android without root access(i'm still currently using this method on my PC) to edit root directories and access phone's internal memory.
Pls give it a try and give me ur feedbacks.
Enjoy!
---------- Post added at 09:20 PM ---------- Previous post was at 09:20 PM ----------
In my gdrive attachment above u find my careful assortment of softwares, files & folder hand-picked by me.
1st install all android usb drivers [those .inf files] from Computer Management, and then Device Drivers.
Those install all necessary adb driver from the adb software and folders.
My solution with Total Commander [with adb plugin, and provided those adb drivers&usb drivers are installed] allows u to access the entire file system of ur android without root access(i'm still currently using this method on my PC) to edit root directories and access phone's internal memory.
Pls give it a try and give me ur feedbacks.
Enjoy!
---------- Post added at 09:22 PM ---------- Previous post was at 09:20 PM ----------
HellFire90 said:
Hi guys! I'm here asking for your help for a problem that is riddling me.
My mother got (against my advices..) a chinese Yuntab E706 tablet. She has been using it for a while, but she started noticing abnormal popups, installed apps etc.
Tried running Avast and Malwarebytes that found some PUPs. two of them found by avast kept on being reactivated on reboot. Malwarebytes found this:
Android/PUP.Riskware.SilentInst.a in /system/priv-app/Xfota/Xfota.apk
Suggesting me to remove it: impossible, because it was a system app called "Online Update"! So it suggested to disable it: neither this option was available!
So I tried wiping cache and restore to factory setting.
After that, I tried firing up again Malwarebytes and voilà, it found the same malware, again in "Online Update" app. Also android marks this, in notification bar, as potentially harming for the devices, suggesting to disable it. The button disable doesn't work, though the app is listed under disabled app. Also Malwarebytes says it is disabled and could not do harm; I'm worried anyway about all this story, what should I do? The tablet is not rooted anyway.
Thanks everyone in advance!
Click to expand...
Click to collapse
In my gdrive attachment above u find my careful assortment of softwares, files & folder hand-picked by me.
1st install all android usb drivers [those .inf files] from Computer Management, and then Device Drivers.
Those install all necessary adb driver from the adb software and folders.
My solution with Total Commander [with adb plugin, and provided those adb drivers&usb drivers are installed] allows u to access the entire file system of ur android without root access(i'm still currently using this method on my PC) to edit root directories and access phone's internal memory.
Pls give it a try and give me ur feedbacks.
Enjoy!

HellFire90 said:
Hi guys! I'm here asking for your help for a problem that is riddling me.
My mother got (against my advices..) a chinese Yuntab E706 tablet. She has been using it for a while, but she started noticing abnormal popups, installed apps etc.
Tried running Avast and Malwarebytes that found some PUPs. two of them found by avast kept on being reactivated on reboot. Malwarebytes found this:
Android/PUP.Riskware.SilentInst.a in /system/priv-app/Xfota/Xfota.apk
Suggesting me to remove it: impossible, because it was a system app called "Online Update"! So it suggested to disable it: neither this option was available!
So I tried wiping cache and restore to factory setting.
After that, I tried firing up again Malwarebytes and voilà, it found the same malware, again in "Online Update" app. Also android marks this, in notification bar, as potentially harming for the devices, suggesting to disable it. The button disable doesn't work, though the app is listed under disabled app. Also Malwarebytes says it is disabled and could not do harm; I'm worried anyway about all this story, what should I do? The tablet is not rooted anyway.
Thanks everyone in advance!
Click to expand...
Click to collapse
https://drive.google.com/uc?id=0BygHnAHGWWirc1JKZWdFUWZGR2M&export=download
https://drive.google.com/uc?id=0BygHnAHGWWirOE9jTlZSdUMtVGc&export=download

And if neither of the afore mentioned methods work there's also the following one, that works on some phones that my first method does not eg S8 ,(not sure if swizzy's method will work on all phones so posting this just in case)
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
(link is same as my edited post above)

IronRoo said:
And if neither of the afore mentioned methods work there's also the following one, that works on some phones that my first method does not eg S8 ,(not sure if swizzy's method will work on all phones so posting this just in case)
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
(link is same as my edited post above)
Click to expand...
Click to collapse
[emoji2] [emoji2] [emoji2]
Tnx for appreciating my efforts. Tested 2 fones already & will let u know wen i test more! My method worked for all mtk android[infinix hot note(X551), as case study], and for Samsung Galaxy Ace. More testing underway.....
[emoji41] [emoji41] [emoji41]
Sent from my Infinix-X551 using XDA-Developers Legacy app

Related

[q] huawei u8812d

Can I root Huawei U8812D? pls someone advice me.
babbird said:
Can I root Huawei U8812D? pls someone advice me.
Click to expand...
Click to collapse
I am a new user so I cannot post a links yet but google your phone and there should be a link to ANDROID net forum. There you will find a video showing you how to do it.
found something on chinese site that looks good
babbird said:
Can I root Huawei U8812D? pls someone advice me.
Click to expand...
Click to collapse
This looks really rough, but apparantly there is a boot.img, then other cracking tools can be used.
I'd love to try it, but... well... my chinese is limited to google-translate.
The URL won't post so this is a big hint:
products . mobileuncle . com / thread-202642-1-1 . html
I think I got it root on g302d u8812d
j_chytown said:
This looks really rough, but apparantly there is a boot.img, then other cracking tools can be used.
I'd love to try it, but... well... my chinese is limited to google-translate.
The URL won't post so this is a big hint:
products . mobileuncle . com / thread-202642-1-1 . html
Click to expand...
Click to collapse
Currently on that URL is a approx 14 MB rar file download, I _think_ I just got it sorted!
I don't have time now to make this pretty, but some others who want to hack. add links, etc feel free to work with this...
in fact I dont know if all these steps are required.
General Broad steps (ymmv, you are doing this to your own dang phone, dont blame me for bricks viruses or earthquakes etc, etc/ etc).
on your computer, uninstall adb, pdanet and any other tools that use the adb drivers and dlls, reboot as needed.
install the mt6575 drivers (I forgot whether I downloaded these or if they were part of the 14 meg file) reboot as needed
power down phone.
remove battery from phone, don't plug into computer.
launch flash_tool.exe
load the included scatterloading file MT6575...emmc.txt
press the download button
plug in phone to usb
put battery in phone
watch the blinkinlights for a few seconds, wait for the big green O
then I disconnect phone and ensure power down.
install SDK
power up phone and plug in
test adb (adb shell)
kill adb server
download and install superoneclick
download extra superoneclick exploits
launch superoneclick
click the big root button.
Test (you can use something like rom manager)
Now people should be able to try to install various CWMs.
I haven't gotten that far yet.
CWM for u8812d g302d ?
j_chytown said:
Currently on that URL is a approx 14 MB rar file download, I _think_ I just got it sorted!
I don't have time now to make this pretty, but some others who want to hack. add links, etc feel free to work with this...
in fact I dont know if all these steps are required.
General Broad steps (ymmv, you are doing this to your own dang phone, dont blame me for bricks viruses or earthquakes etc, etc/ etc).
on your computer, uninstall adb, pdanet and any other tools that use the adb drivers and dlls, reboot as needed.
install the mt6575 drivers (I forgot whether I downloaded these or if they were part of the 14 meg file) reboot as needed
power down phone.
remove battery from phone, don't plug into computer.
launch flash_tool.exe
load the included scatterloading file MT6575...emmc.txt
press the download button
plug in phone to usb
put battery in phone
watch the blinkinlights for a few seconds, wait for the big green O
then I disconnect phone and ensure power down.
install SDK
power up phone and plug in
test adb (adb shell)
kill adb server
download and install superoneclick
download extra superoneclick exploits
launch superoneclick
click the big root button.
Test (you can use something like rom manager)
Now people should be able to try to install various CWMs.
I haven't gotten that far yet.
Click to expand...
Click to collapse
Okay I may have found a working CWM clockworkmod recovery, but I don't have access to the chinese site, so others out there may be able to download it and try it out.
mm-mpxteam . net / forum . php ? mod = viewthread & tid = 4203
or maybe this one:
products . mobileuncle . com / thread-203098-1-1 . html
got the uncles recovery on the phone!
j_chytown said:
Okay I may have found a working CWM clockworkmod recovery, but I don't have access to the chinese site, so others out there may be able to download it and try it out.
mm-mpxteam . net / forum . php ? mod = viewthread & tid = 4203
or maybe this one:
products . mobileuncle . com / thread-203098-1-1 . html
Click to expand...
Click to collapse
it isn't clockwork, but I got a mobileuncle recovery on the phone. Is kinda fun to try to translate!
pan . baidu . com / share / link ? shareid = 63706 & uk = 2483368669
---------- Post added at 06:39 PM ---------- Previous post was at 06:25 PM ----------
j_chytown said:
it isn't clockwork, but I got a mobileuncle recovery on the phone. Is kinda fun to try to translate!
pan . baidu . com / share / link ? shareid = 63706 & uk = 2483368669
Click to expand...
Click to collapse
installed gapps 20110828 (via mobileuncle recovery) and I now have a market that doesn't force-close!
still getting "partners" to force close, but a lot of other stuff is working.
Great work!!! I'll try this on my phone or wait until is working?
Are the recovery and rom in chinese?
Thank a lot for testing.
working well
hiosin said:
Great work!!! I'll try this on my phone or wait until is working?
Are the recovery and rom in chinese?
Thank a lot for testing.
Click to expand...
Click to collapse
It is working very well.
No need for you or anyone to wait.
Just please know what you are doing (do you have basic understanding of recovery mode, roms, factory mode, and the dangers) in other words, if this is your first time doing this on a phone.. ask someone who knows what they are doing for help because I am not able to put together a documented procedure, but the findings above should allow someone else to do that. Additionally, I have no idea of the legality or safety of the software at URLs above.
conceptually this is 4 steps
1) flash boot.img that will allow cracking
2) crack to get SU installed
3) install Mobile Uncle Recovery mode and app
4) install gapps.
The MobileUncle recovery mode is Chinese, But the mobileuncle app is kinda like rom manager, it lets you set up what happens at next boot so you don't need to read the chinese in recovery text mode.
The patched rom is working for me in English with root, no detectable problem except FC on google partners (and I can't tell if that actually does anything). Remember this is not a new rom, just a patch to the huawei rom that allows a root crack.
There are about 4 chinese apps that I am afraid to uninstall..
one appears to be a chinese app store too, kinda fun to browse
gapps must be flashed with mobileuncle recovery (don't just unzip them)
US google play store is working.
I am fully migrated to this phone now and use it for daily work.
Good luck, and remember that this is why you got an android instead of a i-Thing.
Thanks thanks again. I'll try it and don't worry this is not the first time to modify a mobile. If it is all ok i posted here.
Working u8812d
Ok... It was successfully working on my phone. I have root and change recovery and then installing gapps. Almost of the apps is working of the play store. Thanks again and hope there is a release of ICS or JB rom for our phones.
See ya!!!:good:
j_chytown said:
It is working very well.
No need for you or anyone to wait.
Just please know what you are doing (do you have basic understanding of recovery mode, roms, factory mode, and the dangers) in other words, if this is your first time doing this on a phone.. ask someone who knows what they are doing for help because I am not able to put together a documented procedure, but the findings above should allow someone else to do that. Additionally, I have no idea of the legality or safety of the software at URLs above.
conceptually this is 4 steps
1) flash boot.img that will allow cracking
2) crack to get SU installed
3) install Mobile Uncle Recovery mode and app
4) install gapps.
The MobileUncle recovery mode is Chinese, But the mobileuncle app is kinda like rom manager, it lets you set up what happens at next boot so you don't need to read the chinese in recovery text mode.
The patched rom is working for me in English with root, no detectable problem except FC on google partners (and I can't tell if that actually does anything). Remember this is not a new rom, just a patch to the huawei rom that allows a root crack.
There are about 4 chinese apps that I am afraid to uninstall..
one appears to be a chinese app store too, kinda fun to browse
gapps must be flashed with mobileuncle recovery (don't just unzip them)
US google play store is working.
I am fully migrated to this phone now and use it for daily work.
Good luck, and remember that this is why you got an android instead of a i-Thing.
Click to expand...
Click to collapse
This does not work for my u8812d, gives an error using flash tool
Still not rooting
j_chytown said:
Currently on that URL is a approx 14 MB rar file download, I _think_ I just got it sorted!
I don't have time now to make this pretty, but some others who want to hack. add links, etc feel free to work with this...
in fact I dont know if all these steps are required.
General Broad steps (ymmv, you are doing this to your own dang phone, dont blame me for bricks viruses or earthquakes etc, etc/ etc).
on your computer, uninstall adb, pdanet and any other tools that use the adb drivers and dlls, reboot as needed.
install the mt6575 drivers (I forgot whether I downloaded these or if they were part of the 14 meg file) reboot as needed
power down phone.
remove battery from phone, don't plug into computer.
launch flash_tool.exe
load the included scatterloading file MT6575...emmc.txt
press the download button
plug in phone to usb
put battery in phone
watch the blinkinlights for a few seconds, wait for the big green O
then I disconnect phone and ensure power down.
install SDK
power up phone and plug in
test adb (adb shell)
kill adb server
download and install superoneclick
download extra superoneclick exploits
launch superoneclick
click the big root button.
Test (you can use something like rom manager)
Now people should be able to try to install various CWMs.
I haven't gotten that far yet.
Click to expand...
Click to collapse
Thanks for the steps though the problems are still coming thick and fast, I have a new U8812D from China, no China unicom splashscreen but lots of 'bloatware' still. I've been trying for days to root this thing and nothing's working.
I'm pretty sure I need root access becasue the phone is currently preventing me from adding my Gmail account and using the google play market and apps, other bits and pieces like assigning incoming call number to a contact are supposedly fixed by getting the google thing right. The phone is good but I'm missing alot of functionality.
If the above description sounds like rooting is not the solution, please let me know and point me to the right forum, if rooting is the obviously the only way out, I'm hoping to clarify a few step in the above walkthrough to help me and others.
1. I cant install the mt6575 MediaTek drivers, installing directly gives error 'driver cannot be installed this way' there is no COM-LPT port in my device manager to attach it to as a manually locate driver, I can add a COM port with add remove hardware but I have Code 10 error, device cannot start and doesnt seem to accept the mt6575 driver as an update even when forced to it with locate new driver, apparently this is no problem from other forums, still bugging me. Maybe I havent the right files? how do i get COM-LPT ports to show up properly?
2. when 'install m6575 drivers ... reboot' is the phone plugged in? to what device do we install the drivers or should it be automatic?
3. launch flash tool, i have located two versions of the MT6575...emmc.txt file, one delivers error, block count fail and has no files paths for the item in the main table, the other refuses to open, giving error, incorrect scatter file format. The latter has considerably more data in it when read in notepad.
4. Becasue of these errors, SP flash tool does not download to phone. all subsequent steps fail.
Assuming the initial flashing steps are successful, I must to use SuperOneClick to root the phone, where do I find the extra exploits needed? or are tehy automoatically sourced by SOC? Succeeding the root access step, I assume i can freeze the apps causing problems to my google sign in or delete them. Or could I please be directed to the ATTPlain rom mentionned by JohnnyParanoia in 'Almost All Huawei Stock Roms (Firmware) - Updated 28/06/12' board.
Since so many of the resource files I've trawled through are bung, anyone who can point me to reliable/tested files known to work with the U8812d I'd greatly appreciate in on top of the great appreciation I already have for your patience with a Noob. I located the 14Mbit .rar file mentioned above but not all parts worked, had to dl the different programs individually and some files had to hunt down form fileshare sites.
Lastly, i am using an HP laptop, Windows 7 64-bit, Thanks in advance.
Michael

[Q] FileMate Clear 7" T720 tablet

Does anyone know if Z4Root will work on this tablet? Thanks!
I've been looking for one for 3 days now, I tryed onclickroot and z4root or something like that,, cant find anything Anyone please help!!
I'm still waiting for my tablet to be delivered...I'm gonna try SuperOneClick (crosses fingers)
I got one of these for my daughter for xmas. I spent a few days trying to root it with no luck. I'm not intimately familiar with android (some unix experience), but I tried all the options I could find for rooting Allwinner a10 devices. At first I ran into problems with adb unable to recognize the device for most one-click methods. I downloaded the android tools and was able to connect with the included adb. After studying the scripts, they all use the "adb root" command to gain root access on the device and copy the necessary files. Unfortunately, this command fails using adb from the tools. At first I thought this was due to my adb version, but after doing some research I think it is actually due to the device kernel. I believe it requires reflashing or some exploit to be able to gain root. I was able to install root explorer and I can browse all the necessary directories but I can't modify or copy the necessary files into them. Busybox told me there was an older version installed, but wouldn't let me install a newer version (again I think due to the permissions). Also, superuser would say it installed but the su binary did not show up on the bin directory. As the necessary directories are all owned by root, I couldn't figure out a way to modify the permissions...
I wound up returning the FileMate and got a Lenovo IdeaTab. Got that rooted in no time.
sorry i never saw this post i've bought 2 of these and i rooted them,
i wish i could get a better build for them though, too many app crashes and the internet connectivity sucks
i used a method by Bin4ry called root with restore, v17 worked any ways i have the zip if you would like it
ferny_dx said:
sorry i never saw this post i've bought 2 of these and i rooted them,
i wish i could get a better build for them though, too many app crashes and the internet connectivity sucks
i used a method by Bin4ry called root with restore, v17 worked any ways i have the zip if you would like it
Click to expand...
Click to collapse
Screw it, here it is for future reference.
How'd you do it!?!?
ferny_dx said:
Screw it, here it is for future reference.
Click to expand...
Click to collapse
FileMate Clear T720
Thank you very much for being the only person ever to have posted in regards to this tablet. I just got mine for christmas and have been trying to get it rooted. I've tried a lot of those one-click methods, and I've even tried this Bin4ary method. but it just hangs up on "daemon started sucessfully*"
Can you please direct me to the filemate drivers (if needed)
also, I have usb debugging endable, allowing 3rd party (not secure) files enabled. and pulling my hair out (enabled).
Thanks again.
Also, I'm running windows 7 and 8, (((maybe i should try win7))) hmm. i'll get back to you on that. Anyhow, any advice would be greatly appreciated, since returning it doesn't sound very fun.
jiberish05 said:
FileMate Clear T720
pulling my hair out (enabled)..
Click to expand...
Click to collapse
I laughed so hard. ok your going to have to install drivers by force,
first off do you happen to have android sdk installed? if you don't there is another way but its going to sound weird,
if you do have the android SDK installed:
1. go to your computer manager (by opening explorer, right click on the "computer" group on the left column and select manager)
2. look for any unrecognized item that appears, ( it will most likely be labeled "Clear" with a faded icon and a "?" sign on top
3. right click and choose "Update drivers", it will give you options, choose "Browse my computer for driver software", another option screen will show,
4. at the bottom of the window there will be an option that says "let me pick from a list of device drivers on my computer"
5. on the screen that appears there should be an option that says "ADB Interface", choose this
6. choose "Google, Inc.">"ADB Testing Interface version x.x.x.x" (I chose version 2.1.0.0)
that should do it next time you plug in the tablet try running ddms or open the cmd and type in "adb devices" (assuming you have adb installed) and it should show.
if this helps just hit the thanks button
[edit] I am running windows 8 btw [/edit]
ADB interface doesn't show up
Thank you very much for getting me farther, however I dont see ADB interface. I'm looking into it right now. I just re-installed the sdk drivers and will keep at it.
BTW, is it even worth doing this? the main reason I want to do it, is so i can connect my ps3 remote via bluetooth, and possibly a little overclocking. Have you had any luck OC it?
Thanks again Much appreciated:good:
jiberish05 said:
Thank you very much for getting me farther, however I dont see ADB interface. I'm looking into it right now. I just re-installed the sdk drivers and will keep at it.
BTW, is it even worth doing this? the main reason I want to do it, is so i can connect my ps3 remote via bluetooth, and possibly a little overclocking. Have you had any luck OC it?
Thanks again Much appreciated:good:
Click to expand...
Click to collapse
open up SDK manager and go to Extras>"Google USB Drivers"
also install everything in the "Android 4.0 (API 14)" section, I have other options installed if this still doesn't work.
its worth it just for the extra stuff that root comes with like titanium backup, but you cant over clock, if you go any higher than 1200 MHz it will lock up and you have to force it to reset.
cyberkeeper1 said:
HERE is the link to root as provided earlier
Click Here to download ADB universal drivers. they should work better than the google USB drivers.
---------- Post added at 12:20 AM ---------- Previous post was at 12:11 AM ----------
this seems kind of spammy. What backs up my claim is that you dont have more than 5 posts...
Click to expand...
Click to collapse
Thanks for the link to my post on android central, the link in that post just comes back the xda thread
Root MANY ANDROID! [Upd: 20.11.2013] - Added Z1 Root
Sent from my XT862 using Tapatalk
Rooted Filemate Clear
I just wanted to confirm I have also rooted the Clear with the Bin4ry v33 exploit using option 1. Although I received the following error:
remote object '/system/bin/ric' does not exist
.
Going to copy files to it's place
Rebooting again, please wait!
Could Not Find C:\Documents and Settings\Graham School\My Documents\Downloads\Ro
ot_with_Restore_by_Bin4ry_v33\ric
Restoring previous Backup! Please select the RESTORE MY DATA option now on your
device!
SuperSu installed and root apps working.
Rooted With Kingo
I just bought one of these cheap to play with and used Kingo to root it. Worked first time, no problem. The only issue I am having is that the SuperSu binaries are failing to update but root is still working. Titanium is working and Root Explorer so I can debloat. Hope that helps is anyone is still trying to use these
Jfender1005 said:
I just bought one of these cheap to play with and used Kingo to root it. Worked first time, lem. The only issue I am having is that the SuperSu binaries are failing to update but root is still working. Titanium is working and Root Explorer so I can debloat. Hope that helps is anyone is still trying to use these
Click to expand...
Click to collapse
please tell me where in the world you got the Kingo root?
As far as being unable to update binaries, try to find a custom recovery and install. From there, you can inject them via su-binary update.zip and bam!
Kingoroot
cyberkeeper1 said:
please tell me where in the world you got the Kingo root?
As far as being unable to update binaries, try to find a custom recovery and install. From there, you can inject them via su-binary update.zip and bam!
Click to expand...
Click to collapse
http://www.kingoapp.com/android-root.htm
That is the link for the Kingo site. The first time I saw it on here there was some question about whether it was safe becase it is not open source and used a Chinese SuperSu app. I felt safe using it on a tablet because I do no banking on it or anything, but the newest posts I have seen are that Kingo is safe. Hope that helps. And if you know where to find a custom recovery that will work with this app please let me know.

SM-T210 Root without ODIN!

Hey guys, since I wanted the flashcounter to keep from climbing up too high, I was looking for a rooting method, that would not involve Odin.
I searched all day long and finally had luck with THIS ONE.
Works like a charm, but leaves a chinese version of superuser behind. But I guess everyone who is looking for root and makes it, should be able to change the superuser.apk (dont forget to set the correct permissions ).
To grant Superuser permissions, you need to hit the right button at the superuser prompt!
-sidenote- mine updated during the setup process, so wait till it goes all the way to 100% and installs again.
Well other than that, have fun and now I need to look into mobile Odin, because then I guess we wont need Odin anymore and can keep the flash-O-meter from climbing
Maybe someone can also create a full system-dump, so we can restore untouched partitions if needed. Would be great if someone who is new here could do so!
TWRP ADB flasher(no Odin-no flashcounter):
http://d-h.st/xde
Credits go to @gr8nole (TWRP) @Ilko (the script) @redy2006 (the package)
If I forgot you here, please PM me and I ll add you ASAP!
Hope it helps some fellows out
Oh and maybe I can find out about the exploit they are using, so we can make our own software, without having to install their software
root
Thanks for the post this worked once I remembered to set to USB bugging mode good thing I read Chinese (joking)
Cool!
Too bad I already rooted my SM-T210 with Odin by now. Still an interesting find!
LEECH666 said:
Cool!
Too bad I already rooted my SM-T210 with Odin by now. Still an interesting find!
Click to expand...
Click to collapse
I also had it rooted before already, flashed back, rooted it this way, flashed TWRP and guess what, I think I also found a simple way to turn you custom status to official again both in the tab and in downnload mode, so I got root, TWRP and am still status: official and able yo update already made a nandroid, so others can test it as well
Sent from my SM-T210 using xda app-developers app
Does anyone wanna try to restore my backup and see if you also get a rooted but still "official" device? If yes, PM me and I ll upload it
N00BY0815 said:
Does anyone wanna try to restore my backup and see if you also get a rooted but still "official" device? If yes, PM me and I ll upload it
Click to expand...
Click to collapse
Nice, the value has to be stored somewhere where flashing neither custom ROMs nor Recovery touch it...shouldn't be too hard to find it - but probably dangerous...(bootloader partition?)
k.aibutsu said:
Nice, the value has to be stored somewhere where flashing neither custom ROMs nor Recovery touch it...shouldn't be too hard to find it - but probably dangerous...(bootloader partition?)
Click to expand...
Click to collapse
Try the following:
I first flashed the ROM released in October 2013, then rooted and installed TWRP.
Then:
Delete Sysscope data
Stop the process
Stop Enterprise vpn (not sure, if this is necessary)
Delete Enterprise sysscope data
Shut your tablet down,
Reboot to upload mode, enter it and check for the change, then hold the powerbutton for 10 secs to reboot and also check in Settings-About phone-Status
And please report back
Sent from my LG-P760 using xda app-developers app
N00BY0815 said:
Try the following:
I first flashed the ROM released in October 2013, then rooted and installed TWRP.
Then:
Delete Sysscope data
Stop the process
Stop Enterprise vpn (not sure, if this is necessary)
Delete Enterprise sysscope data
Shut your tablet down,
Reboot to upload mode, enter it and check for the change, then hold the powerbutton for 10 secs to reboot and also check in Settings-About phone-Status
And please report back
Sent from my LG-P760 using xda app-developers app
Click to expand...
Click to collapse
Did it but it didn't help, would probably have been too easy . Still 2 Flashs and both on "custom". In settings, too. I don't care too much about it, but if you'd like me to try something else, I'll try to help.
EDIT:
I did find this though: http://forum.xda-developers.com/showthread.php?t=2315942
Maybe I'll check it out later.
---------- Post added at 08:00 PM ---------- Previous post was at 07:40 PM ----------
k.aibutsu said:
I did find this though: http://forum.xda-developers.com/showthread.php?t=2315942
Maybe I'll check it out later.
Click to expand...
Click to collapse
I tried it - did't kill my phone but now I can't access "Settings". This seems like a good time to try your Backup...is it for the T210? Can I flash it via CWM or do I need TWRP?
Mine is made via TWRP and is forthe 210 version. Ill upload it, one it get to it and poat a link here. If I forget it, please PM me after lets say 12 hours
Sent from my LG-P760 using xda app-developers app
N00BY0815 said:
Mine is made via TWRP and is forthe 210 version. Ill upload it, one it get to it and poat a link here. If I forget it, please PM me after lets say 12 hours
Sent from my LG-P760 using xda app-developers app
Click to expand...
Click to collapse
After flashing stock I tried your rooting method but it did't work... I also found this: http://forum.xda-developers.com/showthread.php?t=1886460 wich was originally designed for Sony Phones but is reported to work on Samsung devices, too. Unfortunately it didn't work for me either...
I flashed CWM (from the forums) and rooted via CWM afterwards. Continuing with CM 10.2 now
U could also root the tab 3 t210 using cydia impactor. It didnt increase my flash counter since this tool uses adb to root although u have to install busy box and superuser apk from play store
Sent from my SM-T210 using xda app-developers app
---------- Post added at 10:41 PM ---------- Previous post was at 10:40 PM ----------
U could also root the tab 3 t210 using cydia impactor. It didnt increase my flash counter since this tool uses adb to root although u have to install busy box and superuser apk manually from play store.
Sent from my SM-T210 using xda app-developers app
It works! I just gained root permissions on my new gtab
Thank you N00BY0815 !!!
[email protected] said:
It works! I just gained root permissions on my new gtab
Thank you N00BY0815 !!!
Click to expand...
Click to collapse
Does this mean that my current sm-t210 (in fw 4.1.2) which is stock and non rooted can be rooted without losing warranty ?
and the mention about a chinese superuser is easy to "repair" and get back my French status ?
Or what about this other method from Ironman38102:
U could also root the tab 3 t210 using cydia impactor. It didnt increase my flash counter since this tool uses adb to root although u have to install busy box and superuser apk from play store
Click to expand...
Click to collapse
Ironman38102 : could you detail the procedure ? I'm very intrested in any mean to root my tablet without losing warranty..
ricorico94
ricorico94 said:
Does this mean that my current sm-t210 (in fw 4.1.2) which is stock and non rooted can be rooted without losing warranty ?
and the mention about a chinese superuser is easy to "repair" and get back my French status ?
Or what about this other method from Ironman38102:
Ironman38102 : could you detail the procedure ? I'm very intrested in any mean to root my tablet without losing warranty..
ricorico94
Click to expand...
Click to collapse
First make sure all the drivers are installed then go to this website http://www.cydiaimpactor.com/ and download the tool. Then launch the tool and u may see option #drop supersu etc. Etc. And then press start. After when its completed download and install supersu then download busybox and install busybox via busy box app.
Done(Hope I was clear enough)
Its Going to be LEGEND--wait for it--DARY!-Barney Stinson(How I Met Your Mother)
Ironman38102 said:
First make sure all the drivers are installed then go to this website http://www.cydiaimpactor.com/ and download the tool. Then launch the tool and u may see option #drop supersu etc. Etc. And then press start. After when its completed download and install supersu then download busybox and install busybox via busy box app.
Done(Hope I was clear enough)
Its Going to be LEGEND--wait for it--DARY!-Barney Stinson(How I Met Your Mother)
Click to expand...
Click to collapse
Thanks.
In Cydiaimpactor, do we need to change anyoption ? (you mention "#drop supersu, etc." : do we need such options or just leave them as they are ?)
Is it the cydiaimpactor which is allowing root, or the supersu and busybox ? Those apps (busybox and supersu) are supposed to require root, but I didn't know they are used to root.
ricorico94
ricorico94 said:
Thanks.
In Cydiaimpactor, do we need to change anyoption ? (you mention "#drop supersu, etc." : do we need such options or just leave them as they are ?)
Is it the cydiaimpactor which is allowing root, or the supersu and busybox ? Those apps (busybox and supersu) are supposed to require root, but I didn't know they are used to root.
ricorico94
Click to expand...
Click to collapse
Leave them as they are and when u run that tool it roots ur device but does not install the busybox and superuser so install those after u run cydia impactor.
Its Going to be LEGEND--wait for it--DARY!-Barney Stinson(How I Met Your Mother)
Ironman38102 said:
Leave them as they are and when u run that tool it roots ur device but does not install the busybox and superuser so install those after u run cydia impactor.
Its Going to be LEGEND--wait for it--DARY!-Barney Stinson(How I Met Your Mother)
Click to expand...
Click to collapse
I downloaded cydiaimpactor, but It doesn't find my device. When I connect tablet on PC, the PC can see the tablet. Just in case, I downloaded some drivers (not found on samsung which apprently only lists in downloads some manuals.. but google drove me to some pages with samsung drivers) and my PC can discuss with tablet.
But when clicking "start" in Cydia, I receive an error message "no device found" and if I tru the USB/scan menu, I also receive an error message "no such device". Any idea ?
Cydia had no installer, so I unzipped all files in a temporary folder (c:\temp\cydiaimpactor) and double click on the .exe .
ricorico94
ricorico94 said:
I downloaded cydiaimpactor, but It doesn't find my device. When I connect tablet on PC, the PC can see the tablet. Just in case, I downloaded some drivers (not found on samsung which apprently only lists in downloads some manuals.. but google drove me to some pages with samsung drivers) and my PC can discuss with tablet.
But when clicking "start" in Cydia, I receive an error message "no device found" and if I tru the USB/scan menu, I also receive an error message "no such device". Any idea ?
Cydia had no installer, so I unzipped all files in a temporary folder (c:\temp\cydiaimpactor) and double click on the .exe .
ricorico94
Click to expand...
Click to collapse
Try reinstalling the drivers by connecting it in a different usb port. It will search and install the drivers then try again
Ironman38102 said:
Try reinstalling the drivers by connecting it in a different usb port. It will search and install the drivers then try again
Click to expand...
Click to collapse
I'm stupid... I had forgotten to enable "usb debug".. Once enabled, I run cydia with same error, but retrying 1 minute later, it worked !
After cydia, I did not install supersu, but only rootkeeper, which detected the tablet as rooted.
What is the advantage of supersu ? Description lists many features, but are those really helpfull when usage is not to develop but rather to enable use of apps such as adblocking, security, etc. ?
Thanks a lot for your help, and bravo for having found and published ths method which allows my device to remain with "official" status !
ricorico94
ricorico94 said:
I'm stupid... I had forgotten to enable "usb debug".. Once enabled, I run cydia with same error, but retrying 1 minute later, it worked !
After cydia, I did not install supersu, but only rootkeeper, which detected the tablet as rooted.
What is the advantage of supersu ? Description lists many features, but are those really helpfull when usage is not to develop but rather to enable use of apps such as adblocking, security, etc. ?
Thanks a lot for your help, and bravo for having found and published ths method which allows my device to remain with "official" status !
ricorico94
Click to expand...
Click to collapse
U need supersu and busybox for most scripts and apps here in xda and playstore so I suggest you install it. Also pressing thanks is alot better than saying it

Why is KINGROOT connecting these IPs all the time? (2 months after ROOTing)

I have already made two posts about this, under another topic/tread, but as good answers has not yet returned, I start a new tread here.
(I will include the info from my previous posts, in the bottom of this post)
Original Question:
I used KingRoot to ROOT my phone, and I am fully aware that during this process the app will download an exploit, based on my phonetype/android version....
But from I rooted my phone (several months ago) and to this day, the KingRoot app is trying to connect to TWO different IP ranges in China.
It tries to do so, upto 40 times in only 5 minutes.
NB: And I have auto-update disabled, and also wifi update disabled.
The IP's it most often tries to connect to is:
14.17.43.* (on port 80)
183.61.47.* to 183.61.51.* (on port 80)
and sometimes it also tries to connect on port 443
So why is is that KingRoot tries to "call somewhere in China" several hundred times a day?
www ( geoiptool.com/en/?ip=14.17.43.150 )
www ( geoiptool.com/en/?ip=183.61.47.36 )
My system gets SLOW everytime the KingRoot app starts back up, and connects or tries to connect, as it is using a lot of system resources, while trying to do so..
Can I get an honest story of why it connects to your servers, again and again, after the ROOT process has been completed? (two months ago) ??
And the only interaction I have with the KingRoot app is to FORCE KILL it every time my phone gets cloggy/slow again. And when the KingRoot app gets FORCE KILLED, my phone starts working as normal, until KingRoot starts up again...
I would love to get a honset story about why it tries to connect to your servers everyday... And I wonder what information got passed on to you folks, before I installed my firewall apps, VPN apps, and proxy apps that gave me a clue to WHY the KingRoot app slowed my system down.
SOLUTION-BEFORE-REAL-SOLUTION:
The best idea so far (until we get an answer) is to install the following apps:
For a NON-ROOT solution, but I guess you already have root,hehe, please use:
NoRoot Firewall (NO ROOT REQUIRED) (EXCELLENT LOGGING IN-APP)
( play.google.com/store/search?q=noroot%20firewall&c=apps&hl=en )
To block the above IP ranges, and other things you'd like to block..
--> Xprivacy (ROOT REQUIRED) (XPOSED FRAMEWORK)
( play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer&hl=en )
>> App Premission Editor - Turn on and off permissions for different apps.
>> You can use it to "turn on/off" network/internet access for ANY installed app.
>> This app helps you to install XPOSED framework (It also has good apps/modules)
--> AFwall+ (ROOT REQUIRED)
( play.google.com/store/apps/details?id=dev.ukanth.ufirewall&hl=en )
>> Firewall. Deny all internet access for any app that has internet permissions
--> Hosts Editor (ROOT REQUIRED)
( play.google.com/store/apps/details?id=com.treb.hosts&hl=en )
>> Almost like a Firewall - Block some IPs from working
>> A good list of things to block would be the IP ranges above.
>> Also you can block ADS and TRACKING the same way.
Original posts:
http://forum.xda-developers.com/showpost.php?p=63790626&postcount=2651
http://forum.xda-developers.com/showpost.php?p=63790626&postcount=2641
do you remember where you downloaded the kingroot app?
Nexus5-32GB said:
do you remember where you downloaded the kingroot app?
Click to expand...
Click to collapse
Yes, from KingRoot.net (KingRoot Official Site)
Found out about it from some online article, and went straight to source (as always)
I might also have tried a version from this site, since the KingRoot.net site is slow loading, as in slower than the good old adsl....
http://forum.xda-developers.com/devdb/project/?id=9793#downloads
alexdata said:
Yes, from KingRoot.net (KingRoot Official Site)
Found out about it from some online article, and went straight to source (as always)
I might also have tried a version from this site, since the KingRoot.net site is slow loading, as in slower than the good old adsl....
http://forum.xda-developers.com/devdb/project/?id=9793#downloads
Click to expand...
Click to collapse
Try reading here.
But that should not be related to device slowness...
well...
Slowness is bad, but....
What I consider WORSE is the fact that it tries to communicate, all day long, with servers in china....
Why is this? Auto-Update is turned off. Rooting is completed, so no more need for using my internet, right?!!?!
What is this communication, and why is it any communication going on, at all ?!?
alexdata said:
Slowness is bad, but....
What I consider WORSE is the fact that it tries to communicate, all day long, with servers in china....
Why is this? Auto-Update is turned off. Rooting is completed, so no more need for using my internet, right?!!?!
What is this communication, and why is it any communication going on, at all ?!?
Click to expand...
Click to collapse
Good point. The king root developers have been keen to stress there is no spy ware in the app. They try to justify the internet use in that post above but to blast Chinese servers many times a day?
I can confirm this behaviour. I haven't noticed any slow down as a result though.
Perhaps one of the developers would care to explain?
Maybe a stupid one, but why keep the app if root is completed?
Cant you just uninstall it and install SuperSU for further root jobs?
Cheers
sure, but...
Sgace said:
Maybe a stupid one, but why keep the app if root is completed?
Cant you just uninstall it and install SuperSU for further root jobs?
Cheers
Click to expand...
Click to collapse
Well, after downloading SuperSU# you will get the question:
> "The SU binary needs to be updated. Continue?"
I press continue, and get this question/statement:
> "If you have a custom recovery like TWRP or CWM, that can be used to (try to) install the SU binary. This is recommended for HTC devices. How would you like to install the SU binary."
I choose "Normal" (and the other choise were "TWRP/CWM")
( do't think i have a TWRP/CWM as I have never tried that yet )
When I press "Normal" it starts to install, tells me to wait, I wait for about a minute
and then it fails, with the following message:
> "Installation failed! Please reboot and try again!"
So good idea, but im stuck on how to get that to actually work....
alexdata said:
Well, after downloading SuperSU# you will get the question:
> "The SU binary needs to be updated. Continue?"
I press continue, and get this question/statement:
> "If you have a custom recovery like TWRP or CWM, that can be used to (try to) install the SU binary. This is recommended for HTC devices. How would you like to install the SU binary."
I choose "Normal" (and the other choise were "TWRP/CWM")
( do't think i have a TWRP/CWM as I have never tried that yet )
When I press "Normal" it starts to install, tells me to wait, I wait for about a minute
and then it fails, with the following message:
> "Installation failed! Please reboot and try again!"
So good idea, but im stuck on how to get that to actually work....
Click to expand...
Click to collapse
Hmmm, well thats a bummer then.
Isnt there a superuser app already installed besides the kingroot app?
Cause something needs to take care of SU requests i think.
Cheers
---------- Post added at 01:29 PM ---------- Previous post was at 01:27 PM ----------
Sgace said:
Hmmm, well thats a bummer then.
Isnt there a superuser app already installed besides the kingroot app?
Cause something needs to take care of SU requests i think.
Cheers
Click to expand...
Click to collapse
What phone model and software do you use by the way?
alexdata said:
Well, after downloading SuperSU# you will get the question:
> "The SU binary needs to be updated. Continue?"
I press continue, and get this question/statement:
> "If you have a custom recovery like TWRP or CWM, that can be used to (try to) install the SU binary. This is recommended for HTC devices. How would you like to install the SU binary."
I choose "Normal" (and the other choise were "TWRP/CWM")
( do't think i have a TWRP/CWM as I have never tried that yet )
When I press "Normal" it starts to install, tells me to wait, I wait for about a minute
and then it fails, with the following message:
> "Installation failed! Please reboot and try again!"
So good idea, but im stuck on how to get that to actually work....
Click to expand...
Click to collapse
If you have root then you should also be able to install a custom recovery. Why don't you just download flash SuperSU from recovery AFTER removing King root instead of doing it through normal mode? I personally would not keep an app with such a behaviour installed on my phone...
Sent from my SM-N910W8 using Tapatalk
Sgace said:
What phone model and software do you use by the way?
Click to expand...
Click to collapse
>> Phone: Samsung Galaxy Core LTE (SM-G360F)
>> Country: Europa/Norway
>> Android version 4.4.4
>> Kingroot version 4.5.0
err0r76 said:
If you have root then you should also be able to install a custom recovery. Why don't you just download flash SuperSU from recovery AFTER removing King root instead of doing it through normal mode? I personally would not keep an app with such a behaviour installed on my phone...
Sent from my SM-N910W8 using Tapatalk
Click to expand...
Click to collapse
I agree but I would still like to know of why the app constantly connects. So far no one has any clue yet.
err0r76 said:
If you have root then you should also be able to install a custom recovery. Why don't you just download flash SuperSU from recovery AFTER removing King root instead of doing it through normal mode? I personally would not keep an app with such a behaviour installed on my phonek
Click to expand...
Click to collapse
First off, your steps are almost unreadable for a non-naitive english speaker...
"Why don't you just download flash SuperSU from recovery AFTER removing King root instead of doing it through normal mode"? doing what? and how was I doing that unnormally?
Secondly, my question still is "why does KingRoot connect to these IP adresses all the time" (flashing supersu from recovery does not fix/explain my original question)
My idea is to keep the app, as long as it doesn't sendt ital personal information away from my phone (that I have not already opted YES to send)
The app itself, does the job I want it to do (Rooting, enable/disable autorun) but it has some unknown data-transfers... my concern is with the data-transfers...
(I wanted to test the SuperSU idea as previously posted, as I could do much the same with SuperSU (but without the unknown data transfers that KingRoot does) - The test I did to remove KingRoot and install SuperSU, ended in me having to reinstall KingRoot to gain root again, SuperSU did not load correctly, and could not update its binarys. But apps that previously had gained root, now struggles to find their already previously granted root permissions, so after trying this, im basically worse off than before....Root apps that doesn't work properly, root permissions that doesn't work properly, and still KingRoot sending information away... (tested with NoRootFirewall)
Still have KingRoot installed (to obtain root) and SuperSU did not install properly (when KingRoot is already there) so for the time being, Im stuck with KingRoot...
(unless someone knows a link to a STEP-BY-STEP, well explained -noob like explaining, guide for rooting Samsung SM-G360F using other tools)
I started messing around with king root and had to install again over the top to regain root permissions. I'd disabled a couple of its services to try and stop the pinging. I think it worked but it broke other stuff. Can't you use no root fire wall and maybe servicely to kill it on a regular basis?
alexdata said:
I have already made two posts about this, under another topic/tread, but as good answers has not yet returned, I start a new tread here.
(I will include the info from my previous posts, in the bottom of this post)
Original Question:
I used KingRoot to ROOT my phone, and I am fully aware that during this process the app will download an exploit, based on my phonetype/android version....
But from I rooted my phone (several months ago) and to this day, the KingRoot app is trying to connect to TWO different IP ranges in China.
It tries to do so, upto 40 times in only 5 minutes.
NB: And I have auto-update disabled, and also wifi update disabled.
The IP's it most often tries to connect to is:
14.17.43.* (on port 80)
183.61.47.* to 183.61.51.* (on port 80)
and sometimes it also tries to connect on port 443
So why is is that KingRoot tries to "call somewhere in China" several hundred times a day?
www ( geoiptool.com/en/?ip=14.17.43.150 )
www ( geoiptool.com/en/?ip=183.61.47.36 )
My system gets SLOW everytime the KingRoot app starts back up, and connects or tries to connect, as it is using a lot of system resources, while trying to do so..
Can I get an honest story of why it connects to your servers, again and again, after the ROOT process has been completed? (two months ago) ??
And the only interaction I have with the KingRoot app is to FORCE KILL it every time my phone gets cloggy/slow again. And when the KingRoot app gets FORCE KILLED, my phone starts working as normal, until KingRoot starts up again...
I would love to get a honset story about why it tries to connect to your servers everyday... And I wonder what information got passed on to you folks, before I installed my firewall apps, VPN apps, and proxy apps that gave me a clue to WHY the KingRoot app slowed my system down.
SOLUTION-BEFORE-REAL-SOLUTION:
The best idea so far (until we get an answer) is to install the following apps:
For a NON-ROOT solution, but I guess you already have root,hehe, please use:
NoRoot Firewall (NO ROOT REQUIRED) (EXCELLENT LOGGING IN-APP)
( play.google.com/store/search?q=noroot%20firewall&c=apps&hl=en )
To block the above IP ranges, and other things you'd like to block..
--> Xprivacy (ROOT REQUIRED) (XPOSED FRAMEWORK)
( play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer&hl=en )
>> App Premission Editor - Turn on and off permissions for different apps.
>> You can use it to "turn on/off" network/internet access for ANY installed app.
>> This app helps you to install XPOSED framework (It also has good apps/modules)
--> AFwall+ (ROOT REQUIRED)
( play.google.com/store/apps/details?id=dev.ukanth.ufirewall&hl=en )
>> Firewall. Deny all internet access for any app that has internet permissions
--> Hosts Editor (ROOT REQUIRED)
( play.google.com/store/apps/details?id=com.treb.hosts&hl=en )
>> Almost like a Firewall - Block some IPs from working
>> A good list of things to block would be the IP ranges above.
>> Also you can block ADS and TRACKING the same way.
Original posts:
http://forum.xda-developers.com/showpost.php?p=63790626&postcount=2651
http://forum.xda-developers.com/showpost.php?p=63790626&postcount=2641
Click to expand...
Click to collapse
Why not just get rid of Kingoroot and install Supersu?
ratbags said:
I started messing around with king root and had to install again over the top to regain root permissions. I'd disabled a couple of its services to try and stop the pinging. I think it worked but it broke other stuff. Can't you use no root fire wall and maybe servicely to kill it on a regular basis?
Click to expand...
Click to collapse
I am currently using "NoRoot Firewall" as I realized that all firewalls not using a VPN type connection, actually leaks stuff on other ports (non standard ports)...
So the only way to stop most of the leaking, is using "NoRoot Firewall" until someone with a packetsniffer/proxy/wireshark type program, finds out about what is really transferred (and then maybe also why it is transferred)
But, if "KingRoot" did not 'leak' info (or whatever it does) then there would be no big need for the "NoRoot Firewall".... So still im curious about what KingRoot is doing with those connections....
(PS: I've also done a "factory reset" on my phone today, and reinstalled only "Kingroot" and "NoRoot Firewall" but that app is still leaking....)
Thanks for your tip about "Servicely" ( play.google.com/store/apps/details?id=com.franco.servicely&hl=en )
I will install that right away, and give that a test aswell, since whatever kills "KingRoot" also makes sure that no info is transferred...
If possible, ALWAYS try a different method than kingroot. Sorry to the devs but the way they design they're exploit, you can't uninstall kingroot without breaking something. It's a shady Chinese app that i wouldnt trust.
Why the app is connecting to their servers? The reply is obvious...
I asked many times on the app thread,just filter on my nickname.
Do you really think a Chinese company will pay devs for this kind of free app?
Envoyé de mon Nexus 7 en utilisant Tapatalk
alexdata said:
First off, your steps are almost unreadable for a non-naitive english speaker...
"Why don't you just download flash SuperSU from recovery AFTER removing King root instead of doing it through normal mode"? doing what? and how was I doing that unnormally?
Secondly, my question still is "why does KingRoot connect to these IP adresses all the time" (flashing supersu from recovery does not fix/explain my original question)
My idea is to keep the app, as long as it doesn't sendt ital personal information away from my phone (that I have not already opted YES to send)
The app itself, does the job I want it to do (Rooting, enable/disable autorun) but it has some unknown data-transfers... my concern is with the data-transfers...
(I wanted to test the SuperSU idea as previously posted, as I could do much the same with SuperSU (but without the unknown data transfers that KingRoot does) - The test I did to remove KingRoot and install SuperSU, ended in me having to reinstall KingRoot to gain root again, SuperSU did not load correctly, and could not update its binarys. But apps that previously had gained root, now struggles to find their already previously granted root permissions, so after trying this, im basically worse off than before....Root apps that doesn't work properly, root permissions that doesn't work properly, and still KingRoot sending information away... (tested with NoRootFirewall)
Still have KingRoot installed (to obtain root) and SuperSU did not install properly (when KingRoot is already there) so for the time being, Im stuck with KingRoot...
(unless someone knows a link to a STEP-BY-STEP, well explained -noob like explaining, guide for rooting Samsung SM-G360F using other tools)
Click to expand...
Click to collapse
First: I'm not a native English speaking person. If you didn't understand what I meant with my post it's not due to my "simplified" english but in regards to your language barriers.
Second: I wasn't telling you how to do it. It can be put simply as "flash SUPERSU from recovery after removing KingRoot". Google and search in xda will help you with that. Get used to getting your answers from those instead of expecting others to give you step by step instructions on how to do something that is so widely known and posted.
On a side note, it seems to me that the ONLY people that can give you the answer to the question of "why" King root does what it does are its developers. If they don't answer you, that on its own should be enough for you to just stay away from it and find another rooting method. Same thing as saying that something you're eating is causing abdominal pain, and instead of stop eating that all together, you keep on eating it while taking a ton of medication to aliviate the symptoms and attempt for someone to do some sort of analysis of that food and explain why that's happening...
Sent from my SM-N910W8 using Tapatalk
You're just about right...
err0r76 said:
First: I'm not a native English speaking person. If you didn't understand what I meant with my post it's not due to my "simplified" english but in regards to your language barriers.
Second: I wasn't telling you how to do it. It can be put simply as "flash SUPERSU from recovery after removing KingRoot". Google and search in xda will help you with that. Get used to getting your answers from those instead of expecting others to give you step by step instructions on how to do something that is so widely known and posted.
Click to expand...
Click to collapse
Now your English was more readable to me, so I guess simplified English, when explaining steps, isn't my thing - Reason I believed you were native, is because native people can use quite a lot of that simplifying in their writing, so thats my bad... Truce?
Reason I asked for a detailed step-by-step is becuase i've already tried to replace KingRoot with something else (like SuperSU) - I did test this guide:
( www.w0lfdroid.com/2015/05/How-to-Remove-Replace-KingUser-KingRoot-with-SuperSU.html )
But that ended up in the following way: KingRoot was partially removed, SuperSU got partially installed (installed, but not updated, so not usable), All the apps that had ROOT, lost their real root acccess, only 2 out of 15 apps managed to keep their root, and SuperSU could not "take over root for KingRoot", so I had to do a "factory reset" of the phone, and reinstalled KingRoot (only working way I've found to root that phone -yet) and then installed "NoRoot Firewall" (to prevent KingRoot from leaking) and "Servicely" (to kill the KingRoot service, over and over again)
err0r76 said:
On a side note, it seems to me that the ONLY people that can give you the answer to the question of "why" King root does what it does are its developers. If they don't answer you, that on its own should be enough for you to just stay away from it and find another rooting method. Same thing as saying that something you're eating is causing abdominal pain, and instead of stop eating that all together, you keep on eating it while taking a ton of medication to aliviate the symptoms and attempt for someone to do some sort of analysis of that food and explain why that's happening...
Click to expand...
Click to collapse
I do agree, its a bit like that, but with "NoRoot Firewall" and "Servicely" I have managed to remove the two "problems" with that app (and other apps with the same behaviour) -- So I guess im gonna keep eating my medicine, so to speak, until I figure out if the traffic is some update stuff/some heartbeat stuff/just logging of the app, and what the app finds out about the system, and its usage while being KingRooted, or if they do indeed leak personal information aswell...
And i'd really like to know - do they leak personal info? So guess i'll keep trying, and asking... hehe...
FOR EVERYONE:
But for those that has seen a good page, for rooting, using some PC-Cable-Phone-solution, instead of an one-click-app, for a Samsung Core PRime LTE (SM-G360F), then please tell me... (preferrably a method you've tested with a similar phone)

Triada.aw trojan in brand new Ulefone S8 Pro [MT6737]

Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.
r1kkman said:
Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.
Click to expand...
Click to collapse
Don't know about your phone specifically but you should be able to find a way to disable that app (others too maybe) their are many tutorials on web eg
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
Or maybe apps like Package Disabler or Debloater etc will work for you. But if you can find a root method & custom ROM, that may be better (best to use a well known one from a trusted dev here on XDA)
same problem with ulefone
r1kkman said:
Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.
Click to expand...
Click to collapse
Hello, I have the same problem and I have sent several emails to the company to eliminate the Trojan of the sound recorder ... but they still do not answer.
I'll keep sending more emails, but ... if some developer does twrp for our phone, we can root it and delete it.
Workaround
mfonemaello said:
Hello, I have the same problem and I have sent several emails to the company to eliminate the Trojan of the sound recorder ... but they still do not answer.
I'll keep sending more emails, but ... if some developer does twrp for our phone, we can root it and delete it.
Click to expand...
Click to collapse
Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.
Trojan in recorder of ulefone s8 pro
r1kkman said:
Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.
Click to expand...
Click to collapse
The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you
mfonemaello said:
The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you
Click to expand...
Click to collapse
They will not remove it it's what they built into system & it is working exactly as it was designed to work, I believe. It's just that most people would probably class it as a Trojan due to it's behavior.
you should freeze it like @r1kkman.
freeze it
mfonemaello said:
The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you
Click to expand...
Click to collapse
Yes, with TWRP or CWM we could root it and delete the apk, but with ADB you can uninstall it. Then just the apk package sits in the priv-apps folder, without harming the OS.
thnxs unninstalling with adb metod
r1kkman said:
Yes, with TWRP or CWM we could root it and delete the apk, but with ADB you can uninstall it. Then just the apk package sits in the priv-apps folder, without harming the OS.
Click to expand...
Click to collapse
Hi, thanks for the help, I uninstalled it by the ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.
:good:
---------- Post added at 04:40 PM ---------- Previous post was at 04:38 PM ----------
IronRoo said:
Don't know about your phone specifically but you should be able to find a way to disable that app (others too maybe) their are many tutorials on web eg
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
Or maybe apps like Package Disabler or Debloater etc will work for you. But if you can find a root method & custom ROM, that may be better (best to use a well known one from a trusted dev here on XDA)
Click to expand...
Click to collapse
Hi, thanks for the help, I uninstalled it by that ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.
---------- Post added at 04:43 PM ---------- Previous post was at 04:40 PM ----------
IronRoo said:
They will not remove it it's what they built into system & it is working exactly as it was designed to work, I believe. It's just that most people would probably class it as a Trojan due to it's behavior.
you should freeze it like @r1kkman.
Click to expand...
Click to collapse
Hi, thanks for the help, I uninstalled it by that ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.
---------- Post added at 04:46 PM ---------- Previous post was at 04:43 PM ----------
r1kkman said:
Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.
Click to expand...
Click to collapse
Hi, thanks for the help, uninstalled:good:
Mobile Uncle Tools might fix it, download on your computer and plug in your device and click "Remove China". It deletes all detected Chinese apps.
thxs Dark ... unninstalled with adb metod
TheDarkLord098 said:
Mobile Uncle Tools might fix it, download on your computer and plug in your device and click "Remove China". It deletes all detected Chinese apps.
Click to expand...
Click to collapse
thxs for all, I unninstalled by ADB metod. :good:
mfonemaello said:
thxs for all, I unninstalled by ADB metod. :good:
Click to expand...
Click to collapse
Oh ok, switch to Doogee
mfonemaello said:
thxs for all, I unninstalled by ADB metod. :good:
Click to expand...
Click to collapse
Do you mind giving details about how you did without root? I tried the following
Code:
adb shell pm uninstall com.android.soundrecorder
and got the following error: Failure [DELETE_FAILED_INTERNAL_ERROR]
Never mind, found it:
Code:
pm uninstall -k --user 0 com.android.soundrecorder
fixed trojan in ULEFONE
devitrified said:
Do you mind giving details about how you did without root? I tried the following
Code:
adb shell pm uninstall com.android.soundrecorder
and got the following error: Failure [DELETE_FAILED_INTERNAL_ERROR]
Never mind, found it:
Code:
pm uninstall -k --user 0 com.android.soundrecorder
Click to expand...
Click to collapse
Hello, follow the instructions in this tutorial, and you can remove the Trojan from your ULEFONE :good:
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
Hi there!
Thanks for the help regarding Ulefone S8 Pro Tojan.
Just received my brand new S8 Pro yesterday 14.02.2018.
Shipped from the "Ulefone Official Store" at Aliexpress.
However, so far everything fine, beside the fact that they still ship out devices with the Trojan in the ROM.
Checking with ESET, IKARUS and Malwarebytes confirms the result.
Build Number: F9G62C.GQU.Ulefone.HB.H.SSXSJS5MH.0718.V3.01
However I could successfully remove the soundrecorder.apk by using ADB shell.
Nethertheless Ulefone doesn't offer FOTA update after 3 months of detecting the virus in the firmware.
Best regards
Napfgeist said:
Nethertheless Ulefone doesn't offer FOTA update after 3 months of detecting the virus in the firmware.
Best regards
Click to expand...
Click to collapse
I believe they are unlikely to change the trojan app as they do not regard it as such, it's working as they intended, .... one man's Trojan is another man's feature :silly:
I have just updated to V3.03
Found on needrom.com
And there are no hidden Spy Apps like on V3.01
I tried but no success
Napfgeist said:
I have just updated to V3.03
Found on needrom.com
And there are no hidden Spy Apps like on V3.01
Click to expand...
Click to collapse
I found it in needrom.com. I used MP MDT. It contains everything including device driver. I followed all the steps as
the author said. First of all, my OS 's (tried Win10 and Win8) do not detect my Ulefone. I checked device manager but
no port appears. Needless to say, SP_MDT does not detect anything in step 9).
What version of OS did you use? You used device driver included in the SP_MDT package?
Please describe (briefly) about your success story.
Thanks.
Solved
After posting my problem, I kept trying and solved. The solution is easy. Use the newest version of SP_Flash_Tool.
The version is 5..1804 at this moment. Everything was smooth on this tool. I tried with my Win8. Drivers seems successfully installed with the installer on needrom.com. Only the point I found is that when you plug Ulefone S8 pro
after click 'Download' button on Flash_Tool, better detection is expected if you keep pressing the Vol Down button
of the smartphone then connect the USB plug.
I am now V3.02, yes you can go to V3.03 but a post on needrom.com says there is some problem with V3.03. If the
problem will be solved, I will go to V3.03 (or V3.04 at that time?).
Korin67 said:
After posting my problem, I kept trying and solved. The solution is easy. Use the newest version of SP_Flash_Tool.
The version is 5..1804 at this moment. Everything was smooth on this tool. I tried with my Win8. Drivers seems successfully installed with the installer on needrom.com. Only the point I found is that when you plug Ulefone S8 pro
after click 'Download' button on Flash_Tool, better detection is expected if you keep pressing the Vol Down button
of the smartphone then connect the USB plug.
I am now V3.02, yes you can go to V3.03 but a post on needrom.com says there is some problem with V3.03. If the
problem will be solved, I will go to V3.03 (or V3.04 at that time?).
Click to expand...
Click to collapse
OK, good to see that you solved the problem by using latest version of flashtool.
What I am facing on both versions is following.
Scheduled On/Off does not work when the phone is connected at charger.
I am using this feature with the phone is connected at the charger to automatically switch on/off during night.
On all my old Android 6.0 devices this works great. However in the Ulefone S8 Pro the scheduled On/Off does work only when the timer is set at arround 1h. Setting up to 8h and connecting to the charger, the phone does not wake up and switch on.
It seems to be a problem of the Doze, battery mode of Android 7.0.
Can someone try this feature?
Thank you.
Does anyone know if Ulefone s8 pro has screen mirroring function. (Cast)

Categories

Resources