Related
This isnt my work and this is the hardwork of Diablo67 and i thought that this would be useful in our forum. All thanks to Diablo67
I figured i would post this thread to help all of the new members and experienced understand the Android slang,there are actually a few i did'nt know the meaning of until i made this thread.I have compiled most of the terms,definitions and slang i could dig up,if theres anything i missed,let me know and i will add it to the thread,otherwise i will update this thread as new slang,terms and definitions are presented to me.
Apps2SD:A method of storing applications and cache on the device's microSD card.
ADB:Android Debug Bridge (adb) is a versatile command line tool that lets you communicate with an emulator instance or connected Android-powered device. It is a client-server program that includes three components:
•A client, which runs on your development machine. You can invoke a client from a shell by issuing an adb command. Other Android tools such as the ADT plugin and DDMS also create adb clients.
•A server, which runs as a background process on your development machine. The server manages communication between the client and the adb daemon running on an emulator or device.
•A daemon, which runs as a background process on each emulator or device instance.
Android:A Linux-based operating system for mobile devices such as HTC EVO.Versions are alphabetically codenamed after snacks: Donut, Eclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Donut.
AMOLED:Active Matrix Organic Light Emitting Diode. Basically, a very colorful, bright, display found in some smartphones.
APK:Android application package file. Each Android application is compiled and packaged in a single file that includes all of the application's code (.dex files), resources, assets, and manifest file. The application package file can have any name but must use the .apk extension. For example: myExampleAppname.apk. For convenience, an application package file is often referred to as an ".apk".
Alpha:The alpha phase of the release life cycle is the first phase to begin software testing (alpha is the first letter of the Greek alphabet, used as the number 1). In this phase, developers generally test the software using white box techniques. Additional validation is then performed using black box or gray box techniques, by another testing team. Moving to black box testing inside the organization is known as alpha release.[1]
Alpha software can be unstable and could cause crashes or data loss. The exception to this is when the alpha is available publicly (such as a pre-order bonus), in which developers normally push for stability so that their testers can test properly. External availability of alpha software is uncommon in proprietary software. However, open source software, in particular, often have publicly available alpha versions, often distributed as the raw source code of the software.
The alpha phase usually ends with a feature freeze, indicating that no more features will be added to the software. At this time, the software is said to be a feature complete.
Boot Animation:Boot animation is a term for a graphical representation of the boot process of the operating system.
Boot animation can be a simple visualisation of the scrolling boot messages in the console, but it can also present graphics or some combinations of both.
Unlike splash screens, boot screen or boot animation is not necessarily designed for marketing purposes, but can be to enhance the experience of the user as eye candy, or provide the user with messages (with an added advantage of color coding facility) to diagnose the state of the system.
Bootloader:This small program's only job is to load other data and programs which are then executed from RAM.Often, multiple-stage boot loaders are used, during which several programs of increasing complexity load one after the other in a process of chain loading.
Bootloop:When your system recycles over and over without entering the main OS.
Beta: is the software development phase following alpha. It generally begins when the software is feature complete. Software in the beta phase will generally have many more bugs in it than completed software, as well as speed/performance issues. The focus of beta testing is reducing impacts to users, often incorporating usability testing. The process of delivering a beta version to the users is called beta release and this is typically the first time that the software is available outside of the organization that developed it.
The users of a beta version are called beta testers. They are usually customers or prospective customers of the organization that develops the software, willing to test the software without charge, often receiving the final software free of charge or for a reduced price.
Beta version software is often useful for demonstrations and previews within an organization and to prospective customers. Some developers refer to this stage as a preview, prototype, technical preview (TP), or early access.
Some software is kept in perpetual beta—where new features and functionality is continually added to the software without establishing a firm "final" release.
CPU:It stands for Central Processing Unit and handles all the complex mathematical formulas necessary to do everyday things like surfing the Internet.
Custom:Independent developers who like to customize their devices beyond the standard options provided often tend to release the fruits of their labor for the rest to enjoy, in form of custom ROMs.
Cache:A component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere. If requested data is contained in the cache (cache hit), this request can be served by simply reading the cache, which is comparatively faster. Otherwise (cache miss), the data has to be recomputed or fetched from its original storage location, which is comparatively slower. Hence, the greater the number of requests that can be served from the cache, the faster the overall system performance becomes.
CDMA:Mobile phone standards called cdmaOne, CDMA2000 (the 3G evolution of cdmaOne) and WCDMA (the 3G standard used by GSM carriers), which are often referred to as simply CDMA, and use CDMA as an underlying channel access method.
CIQ:Carrier IQ. A piece of preinstalled software that runs with elevated access in the background of portable devices by default and records everything. Potentially can be exploited to steal information.
Dual Core:A dual core processor is a central processing unit (CPU) that has two separate cores on the same die, each with its own cache. It essentially is two microprocessors in one. This type of CPU is widely available from many manufacturers. Other types of multi-core processors also have been developed, including quad-core processors with four cores each, hexa-core processors with six, octa-core processors with eight and many-core processors with an even larger number of cores.
Dalvik:The Android platform's virtual machine. The Dalvik VM is an interpreter-only virtual machine that executes files in the Dalvik Executable (.dex) format, a format that is optimized for efficient storage and memory-mappable execution.
Dalvik Cache:Writable cache that contains the optimized bytecode of all apk files (apps) on your Android device. Having the information in it's own cache makes applications load faster and perform better.
EXT2:The ext2 or second extended filesystem is a file system for the Linux kernel. It was initially designed by Rémy Card as a replacement for the extended file system (ext).
ext2 was the default filesystem in several Linux distributions, including Debian and Red Hat Linux, until supplanted more recently by ext3, which is almost completely compatible with ext2 and is a journaling file system. ext2 is still the filesystem of choice for flash-based storage media (such as SD cards, and USB flash drives) since its lack of a journal minimizes the number of writes and flash devices have only a limited number of write cycles. Recent kernels, however, support a journal-less mode of ext4, which would offer the same benefit along with a number of ext4-specific benefits.
EXT3:Third extended filesystem, is a journaled file system that is commonly used by the Linux kernel. It is the default file system for many popular Linux distributions, including Debian. Stephen Tweedie first revealed that he was working on extending ext2 in Journaling the Linux ext2fs Filesystem in a 1998 paper and later in a February 1999 kernel mailing list posting, and the filesystem was merged with the mainline Linux kernel in November 2001 from 2.4.15 onward.Its main advantage over ext2 is journaling, which improves reliability and eliminates the need to check the file system after an unclean shutdown. Its successor is ext4.
EXT4:It was born as a series of backward compatible extensions to ext3, many of them originally developed by Cluster File Systems for the Lustre file system between 2003 and 2006, meant to extend storage limits and add other performance improvements.However, other Linux kernel developers opposed accepting extensions to ext3 for stability reasons,and proposed to fork the source code of ext3, rename it as ext4, and do all the development there, without affecting the current ext3 users. This proposal was accepted, and on 28 June 2006, Theodore Ts'o, the ext3 maintainer, announced the new plan of development for ext4.
FC/FC's:Short for "force close," meaning an app that has crashed.
Fastboot:A diagnostic protocol used primarily to modify the flash filesystem in Android smartphones from another computer over a USB connection. It is part of the Android Debug Bridge library.
Utilizing the Fastboot protocol requires that the device be started in a boot loader or Second Program Loader mode in which only the most basic hardware initialization is performed. After enabling the protocol on the device itself it will accept any command sent to it over USB via a command line. Some of most commonly used fastboot commands include:
•flash - Overwrites a partition in flash with a binary image stored on the host computer.
•erase - Erases a partition in flash.
•reboot - Reboots the device into the either the main operating system or the system recovery partition.
•devices - Displays a list of all devices (with Serial #) connected to the host computer.
Flashing:The ROM memory used in smartphones and tablets etc. is often same as flash memory found in SD cards and USB flash drives, simply optimized for better speed and performance while running the operating system.
Hotspot:A spot that offers Internet access over a wireless local area network through the use of a router connected to a link to an Internet service provider. Hotspots typically use Wi-Fi technology.You can connect wifi campatible devices to it.
HDMI:High-Definition Multimedia Interface) is a compact audio/video interface for transmitting encrypted uncompressed digital data.It is a digital alternative to consumer analog standards, such as radio frequency (RF) coaxial cable, composite video, S-Video, SCART, component video, D-Terminal, or VGA (also called D-sub or DE-15F). HDMI connects digital audio/video sources (such as set-top boxes, DVD players, HD DVD players, Blu-ray Disc players, AVCHD camcorders, personal computers (PCs), video game consoles (such as the PlayStation 3 and Xbox 360), AV receivers, tablet computers, and mobile phones) to compatible digital audio devices, computer monitors, video projectors, and digital televisions.
Hboot:It’s mainly responsible for checking and initializing the hardware and starting the phone’s software. It can also be used for flashing official software releases, as well as a few other things. HBoot can be compared to the BIOS on a computer.
HAVS:a control system that dynamically adjusts the voltage based on CPU load. This has proven to be a battery saver, but it can actually have the opposite effect when multiple control systems are operating (like setCPU).
JIT:The Just-in-Time Compiler. Released with Android 2.2, it's a method of greatly speeding up apps in Android on the software side.
Kang:Someone writes a code,someone else modifies the code to make their own release,its concidered a kang release.
Kernel:A kernel is a layer of code that allows the OS and applications to interface with your phone's hardware. The degree in which you can access your phone's hardware features depends on the quality of code in the kernel. The homebrew (rooting) community for HTC has made several kernel code improvements that give us additional features from our hardware that the stock kernel does not. When you flash a custom ROM, you automatically get a kernel. But you can also flash a standalone kernel ROM on top of the existing one, effectively overwriting it. These days, the difference in custom kernels is less about new features and more about alternate configurations. Choosing a custom kernel is basically choosing one that works best with your ROM.
Launcher:Collectively, the part of the Android user interface on home screens that lets you launch apps, make phone calls, etc. Is built in to Android, or can be purchased in the Android Market.
LCD Densityixel density is a measurement of the resolution of devices in various contexts; typically computer displays, image scanners, and digital camera image sensors.
First of all you need to understand that the Android User Interface uses something called a "display independent pixel" or a "dip" (yes, it's confusing because the density settings are in "dots per inch" or "dpi" which are considered the same as "ppi" or "pixels per inch" as well).
The default LCD Density setting on Android is 160 dpi. As far as the operating system is concerned 1 dip @ 160 dpi = 1 screen pixel. It doesn't mean that's actually true, but you've gotta start somewhere. In my opinion it would have been a lot nicer if they'd chosen 100 dpi because then it would be an easy percentage thing, but they didn't so we're stuck with this formula.
Mod:The act of modifying a piece of hardware or software or anything else for that matter, to perform a function not originally conceived or intended by the designer.
Nandroid:To backup the current running rom.
Nightly:A build that is performed at the end of each day of development. If you use a continuous integration server, it will generally be configured to build the code and run the unit tests on every check in. At the end of each day you may want to run more extensive tests, regression test and integration tests for example, which take too long to run on each check in and these would be triggered after the nightly build. If you have a full continuously delivery pipeline the nightly build may also be used to deploy the built code to environments for user testing.
Open GL:An open source 3D graphics library used in many devices, including Android devices.
Open & Closed Betaevelopers release either a closed beta or an open beta; closed beta versions are released to a select group of individuals for a user test and are invitation only, while open betas are from a larger group to the general public and anyone interested. The testers report any bugs that they find, and sometimes suggest additional features they think should be available in the final version.
Overclock:To increase the speed of your CPU.
Partition:The phone's internal memory (not the SD card) is solid-state (flash) memory, AKA NAND. It can be partitioned much like a normal hard drive can be partitioned. The bootloader exists in its own partition. Recovery is another partition; radio, system, cache, etc are all partitions.
Here are the standard partitions on an Android phone:
/misc - not sure what this is for.
/boot - bootloader, kernel
/recovery - holds the recovery program (either clockworkmod or RA recovery for a rooted Evo)
/system - operating system goes here: Android, Sense, boot animation, Sprint crapware, busybox, etc
/cache - cached data from OS usage
/data - user applications, data, settings, etc.
The below partitions are not android-specific. They are tied to the hardware of the phone, but the kernel may have code allowing Android to interact with said hardware.
/radio - the phone's radio firmware, controls cellular, data, GPS, bluetooth.
/wimax - firmware for Sprint's flavor of 4G, WiMax.
PRL:The Preferred Roaming List, basically a way of telling your phone which towers to connect to first.
RUU:a complete software package released by HTC, it can contain many things they are trying to update. Radio, ROM, bootloader, etc... Installing an ruu is like installing an image on a hard drive it wipes the phone and installs the image. It will wipe everything data and all so if you install one be prepared.
Recovery Mode:A small separate operating mode you can boot your device into, used for device administration. Two popular custom recovery modes are Amon Ra and Clockwork.
Rom/Firmware:Read-Only Memory and technically speaking, it refers to the internal storage of a device, which is supposed to contain the operating system instructions that needn’t be modified at all during the device’s normal operation.
Radios:On the HTC side of things,the radios persist of:
•WiFi, which operates at 2.4-5ghz depending on what channel it's running
•Cellular/3G, which carries voice and data
•4G/WiMAX, which only carries data
•GPS, which is receive-only
•Bluetooth, which talks to WiiMotes and headsets
Flashing a radio means updating the code that controls the phones way of sending and recieving a signal.
RamRandom Access Memory) A group of memory chips, typically of the dynamic RAM (DRAM) type, which function as the computer's primary workspace. When personal computers first came on the market in the late 1970s, 64KB (64 kilobytes) of RAM was the upper limit. Today, 64MB (64 megabytes) of SDRAM is entry level for a desktop computer, a thousand times as much (see SDRAM).
The "random" in RAM means that the contents of each byte of storage in the chip can be directly accessed without regard to the bytes before or after it. This is also true of other types of memory chips, including ROMs and PROMs. However, unlike ROMs and PROMs, RAM chips require power to maintain their content, which is why you must save your data onto disk before you turn the computer off. To learn about the types of RAM chips and how to upgrade your memory, see memory module. To learn how memory is used to process data, see computer or memory. See also dynamic RAM and static RAM.
Recovery:RecoverySystem contains methods for interacting with the Android recovery system (the separate partition that can be used to install system updates,wipe user data,etc).
Root:The first level of a folder.
Rooting:A process allowing users of mobile phones, tablet PCs, and other devices running the Android operating system to attain privileged control (known as "root access") within Android's subsystem. Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices, resulting in the ability to alter or replace system applications and settings, run specialized apps that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user. Rooting is analogous to jailbreaking devices running the Apple iOS operating system or the Sony PlayStation 3. On Android, rooting can also facilitate the complete removal and replacement of the device's operating system.
SBCthe ability to charge your battery beyond the default safe limit). The concept is similar to overclocking a processor: you're overriding the safety limits established to achieve additional performance. The benefit here is that you may gain more use of your battery per charge. The drawback is that you can damage the battery and significantly reduce its longevity. Some kernels claim they are using a safe technique to prevent battery damage. Just be aware of the potential risks.
Sideloading:It means installing applications without using the official Android Market.
Splash Screen:A splash screen is an image that appears while android is loading.Splash screens cover the entire screen or simply a rectangle near the center of the screen. The splash screens of operating systems and some applications that expect to be run full-screen usually cover the entire screen.
Superuser/SU:On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor.
Normal work on such a system is done using ordinary user accounts, and because these do not have the ability to make system-wide changes any viruses and other malware - or simple user errors - do not have the ability to adversly affect a whole system. In organizations, administrative privileges are often reserved for authorized experienced individuals.
Script:The Scripting Layer for Android (abridged as SL4A, and previously named Android Scripting Environment or ASE) is a library that allows the creation and running of scripts written in various scripting languages directly on Android devices. SL4A is designed for developers and is still alpha quality software.
These scripts have access to many of the APIs available to normal Java Android applications, but with a simplified interface. Scripts can be run interactively in a terminal, in the background, or via Locale.
SDKSDK or "devkit") is typically a set of software development tools that allows for the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar platform.
Stock:This is the operating system in its default form, without any modifications made to it except for any device-specific support required to run it on the particular device.
S-On:Security on,means no acces to the phones operating system.
S-Off:Security was exploited,now have access to the operating system.
Tethering:Means sharing the Internet connection of an Internet-capable mobile phone with other devices. This sharing can be offered over a wireless LAN (Wi-Fi), Bluetooth, or by physical connection using a cable. In the case of tethering over wireless LAN, the feature may be branded as a mobile hotspot.The Internet-connected mobile phone acts as a portable router when providing tethering services to others.
Userspace(Governor):This governor, exceptionally rare for the world of mobile devices, allows any program executed by the user to set the CPU's operating frequency. This governor is more common amongst servers or desktop PCs where an application (like a power profile app) needs privileges to set the CPU clockspeed.
Underclock:To reduce the speed of your CPU.
Undervolt:Undervolting means taking some of the voltage from the CPU which in return gives a longer battery life and lower temperature during intensive use of the CPU.
USB:Stands for Universal Serial Bus. Is a method of connecting devices to a computer. Most smartphones now use microUSB cables to charge and sync.
Updater Script:When Android devices install updates via 'update.zip' files using recovery mode they have to perform a wide range of functions on files and permissions. Instead of using a minimal shell such as {b,d,c}sh the Android designers decided to create a small functional language that can be extended by device manufacturers if necessary. Since the Android "Donut" release (v1.6) the scripting language is called Edify and is defined primarily in the bootable/recovery/{edify,edifyscripting,updater} directories of the Android source-code tree.
Wireless N:Wireless N technology increases wireless internet connection. Wireless 'N' routers also work with Wireless 'G' and 'B' wireless adapters.
WiiMaxWorldwide Interoperability for Microwave Access) is a communication technology for wirelessly delivering high-speed Internet service to large geographical areas.
YAFFS:Yaffs1 is the first version of this file system and works on NAND chips that have 512 byte pages + 16 byte spare (OOB;Out-Of-Band) areas.[clarification needed] These older chips also generally allow 2 or 3 write cycles per page,which YAFFS takes advantage of - i.e. dirty pages are marked by writing to a specific spare area byte.
Newer NAND flash chips have larger pages, 2048 bytes + 64 bytes spare areas, and stricter write requirements.Each page within an erase block (128 kilobytes) must be written to in sequential order, and each page must be written only once.YAFFS2 was designed to accommodate these newer chips.YAFFS2 is based on the YAFFS1 source code,with the major difference being that internal structures are not fixed to assume 512 byte sizing,and a block sequence number is placed on each written page. In this way older pages can be logically overwritten without violating the "write once" rule.[clarification needed]
YAFFS is a robust log-structured file system that holds data integrity as a high priority.A secondary YAFFS goal is high performance.YAFFS will typically outperform most alternatives.It is also designed to be portable and has been used on Linux, WinCE, pSOS, eCos,ThreadX and various special-purpose OSes.A variant 'YAFFS/Direct' is used in situations where there is no OS, embedded OSes and bootloaders: it has the same core filesystem but simpler interfacing to the OS and NAND flash hardware.
Zipalign: An archive alignment tool introduced first time with 1.6 Android SDK (software development kit). It optimizes the way an Android application package (APK) is packaged. Doing so enables the Android operating system to interact with the application more efficiently, and hence has the potential to make the application and overall the whole system much faster. Execution time is minimized for zipaligned applications, resulting is lesser amount of RAM consumption when running the APK.
original thread - http://forum.xda-developers.com/showthread.php?t=1466228
http://forum.xda-developers.com/showthread.php?t=1510729
Thom Holwerda at Real-Time Embedded OS specialized website OSnews reports about vulnerabilities that lurk in closed-sourced radio chips.
The second operating system hiding in every mobile phone
The insecurity of baseband software is not by error; it's by design. The standards that govern how these baseband processors and radios work were designed in the '80s, ending up with a complicated codebase written in the '90s - complete with a '90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.
(...)
With this in mind, security researcher Ralf-Philipp Weinmann of the University of Luxembourg set out to reverse engineer the baseband processor software of both Qualcomm and Infineon, and he easily spotted loads and loads of bugs, scattered all over the place, each and every one of which could lead to exploits - crashing the device, and even allowing the attacker to remotely execute code. Remember: all over the air. One of the exploits he found required nothing more but a 73 byte message to get remote code execution. Over the air.
Click to expand...
Click to collapse
Source, via HN
Comments at HN are also worth reading, I think.
Do note, that the study run on some old generation of MSM chips.
Here is a counter argument for instance:
Comment by OsQar
by OsQar on Wed 13th Nov 2013 09:51 UTC
I'm not a security expert at all, but I've been working on mobile radio access technologies for several years, so I feel quite confident to say that some or your claims are wrong. E.g:
"The standards that govern how these baseband processors and radios work were designed in the '80s, ending up with a complicated codebase written in the '90s - complete with a '90s attitude towards security."
Well, GSM's baseband was developed from late 80's to early 90's, UMTS' from late 90's to early 00's, and LTE's can be now be considered almost finished. I know that GSM is not secure at all now (it was when it was released, but now it has been cracked), but I'm not so sure about UMTS (CDMA is very hard to demodulate, so cracking is even worse) and LTE (OFDMA is quite a headache).
"What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted."
This is NOT TRUE. At all. Even from GSM times. Handheld devices run a bunchload of ID checks to know what basestation is sending data; and basestations also carefully allocate and check mobile ID's. This is especially true in UMTS (where you have to discriminate interferring users by using pseudorandom codes) and LTE (where you even need angle-of-arrival information to reach more users).
So, I'm not claiming that mobile basebands are inherently secure, but they're definitively not based on 80's security technology.
On the other hand, I agree with your viewpoint that the closed implementations and the huge standards are not the best way to allow the community to check for security bugs. But manufacturers are the main supporters of actual standardization bodies, so it's quite complicated to fight against it.
Click to expand...
Click to collapse
(please note: I would like to post this to the developer forum, but since I just registered, I'm not allowed to do so. furthermore, I'm not allowed to post direct links (see below))
I would like to announce a new library for GPU-based processing on mobile systems – ogles_gpgpu.
As many of you know, it is often beneficial in terms of performance and energy efficiency to execute certain processing tasks on the GPU instead of the CPU. This is especially the case for image processing tasks. ogles_gpgpu enables fast and portable, GPU-powered processing by using OpenGL ES 2.0 shaders.
Since transferring data to and from the GPU is often a bottleneck for GPU processing, platform-specific fast texture access is also implemented. The library is written in well documented, clear C++ code. An interface for Android systems via JNI is provided. Example applications show how to use this library. All code is LGPL licensed.
There are several scenarios on how to use this library: You can for example pass image data (or arbitrary byte data) to ogles_gpgpu, which creates an OpenGL texture from it. You can then process it on the GPU by applying a series of filters (OpenGL shaders) on it. This kind of rendering happens off-screen. Afterwards, you can lock the result data and obtain a pointer to it. You can then copy this data for future processing or directly analyze or modify it. Another possible scenario is to directly pass an OpenGL texture ID as input for ogles_gpgpu. This is for example beneficial if you can obtain camera frames as OpenGL texture from the camera API of your target platform (both Android and iOS allow this and example projects or provided for this). Now ogles_gpgpu can directly run the filters on this camera frame texture. This can happen off-screen or optionally on-screen, which means that the result image is also displayed to a render surface. After processing on the GPU side, you can access the result data again as described in the first scenario. By this, you can do further CPU-based processing of the result data. This is for example necessary, if certain algorithms can not (efficiently) be implemented as OpenGL shaders.
At current development stage, there are not so many image processing filters implemented, yet, but this is about to change in the future. The most important thing is that a portable architecture for GPU-based processing is available, which allows fast texture access by using platform-specific optimizations.
You can check out the project on github: github.com/internaut/ogles_gpgpu
More information can be found on my personal website: mkonrad.net/projects/ogles_gpgpu.html
Thank you.
Hi fellow hammerheads,
I'm running the last kitkat milestone of liquidsmooth on my nexus 5 and have it so perfectly customized that I hesitate to upgrade.
It doesn't help that a substantial number of users are unhappy with lollipop, i.e. battery drain, memory leaks, various bugs, cumbersome notifications etc. Besides the fact that liquidsmooth is not officially maintained for lollipop, the lack of xposed would be problematic because I've grown to rely on xprivacy, amplify battery extender, YouTube adaway and a few other modules.
Most importantly though is that Android 4.4.4 has a few vulnerabilities ranked high by belarc security advisor and which have been patched in lollipop.
I don't know enough to gauge whether these security holes are actually serious enough to warrant an upgrade, or if they are something that is unlikely to be used to compromise my phone.
Thanks in advance.
Here are the results of a scan by belarc security advisor:
Security Advisor v1.0.25
Last scan: Mar 21, 2015 3:02:50 PM
Vulnerable software: 2
Total Vulnerabilities: 5
Vulnerable Software
Android OS / version 4.4.4
Vulnerabilities: 4
Severity: 3 High, 1 Low
Severity: 7.5, CVE-2014-8507
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
Severity: 7.2, CVE-2014-7911
luni/src/main/java/java/io/ObjectInputStream.java in the java.ibjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
Severity: 7.2, CVE-2014-8609
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.
Severity: 3.3, CVE-2014-8610
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.
XDA Free / version 3.9.8 / com.quoord.tapatalkxda.activity
Vulnerabilities: 1
Severity: 1 Moderate
Severity: 5.4, CVE-2014-5681
The XDA-Developers (aka com.quoord.tapatalkxda.activity) application 3.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Bump to the top for increased visibility.
This is not specific to the Nexus 5 so I would suggest you the Security forum: http://forum.xda-developers.com/general/security
Utility for background calibration, curation and tuning of the device towards an intuitive interface.
Subsystems being battery, entropy, encryption, disk, cpu, memory, filesystem, ui, scheduler, and network, all safe and open source technology.
Presented in this educational gaming metric format with infinite feedback and an interestingly assymetric chance. scribble anywhere, check in some stress, or find the 8!
waut.ch! does one hope to receive from this?
Well, increasing degrees and amounts of a certain "Je ne sais quoi" or responsiveness from the user interface for a start. Better battery life perhaps. Better quality of life, maybe.
And waut.ch! can only perhaps be described as "A qualified quantification of the placebo effect"
waut.ch! might benefit from this?
In the Android device space:
Designers
Users
Manufacturers
Recyclers
Developers
Compilers
Support personnel
OEMs
The Friendly Neighborhood Nerd/Technician.
“Make the most of yourself....for waut.ch! is all there is of you.” - Ralph Waldo Emerson ( paraphrase )
All along the waut.ch! tower - Bob Dylan
waut.ch! - Sometimes used in some colloquium as "watch!", keen upon reducing the TDP of mobile devices to 1.0 watt!
ARM variants of Android only Donut 1.6+
Please uninstall either Seeder or CrossBreeder prior to using this.
Root recommended, else reactivity metric is interesting and introduces uniqueness into the entropy pool anyway. Metric may demonstrate a certain asymmetry that is expected from predictable human actions. Efforts have been made to remove time seed logic from haveged in order to improve upon encryption and system-wide performance and security.
Also numerous other subsystems require careful calibration to facilitate this process.
Rewritten code, subset of functionality for upstream project - CrossBreeder ( https://forum.xda-developers.com/showthread.php?t=2113150 )
Please feel free to view and analyze source and functionality and report bugs and discuss etc on the XDA forum:
( https://forum.xda-developers.com/android/apps-games/app-waut-ch-calibration-android-t3549967 )
Google Play store:
( https://play.google.com/store/apps/details?id=ch.waut )
Please visit: /data/data/ch.waut/files/bin on the device itself for partial shell source code and XDA Downloads section and Github for full source code.
Reboot at convenience liberally or sparingly to reseed the entropy pool or as is known in common parlance, for good luck!
Thanks.
Havged source code:
https://github.com/Openand-I/haveged
Adhoc Payment URL to support development efforts : https://paypal.me/openand/10
Frappe ( "free-paid" ) same-version to support development efforts : http://waut.ch
Custom haveged source code as used in this piece of software: https://github.com/Openand-I/haveged
=====
Version Name: 59a6333e-9ed9-43f8-8dad-51ed46c17e28
cb.sh: cache pressure - 500
cb_io.sh: read_ahead - 0
cb_io.sh: nr_requests - 0
$ md5sum *.apk
661c30b02b2321300624af98feaa5bad *145-waut.ch.apk
661c30b02b2321300624af98feaa5bad *oi.apk
$ sha256sum *.apk
6d23b8da87dc5516583a55a3203c9f5068ea8fe8765ece489080ef663c8aee15 *145-waut.ch.apk
6d23b8da87dc5516583a55a3203c9f5068ea8fe8765ece489080ef663c8aee15 *oi.apk
https://github.com/Openand-I/haveged
https://github.com/openand-inc/waut.ch
https://forum.xda-developers.com/devdb/project/?id=19218#downloads
https://forum.xda-developers.com/android/general/app-waut-ch-calibration-android-version-t3858365
https://github.com/openand-inc/waut.ch/raw/cb0c60025f86a4fdc4778506e97ee80eb1c00b45/oi.apk
https://github.com/openand-inc/waut.ch/raw/master/145-waut.ch.apk
-------------------------
Recommended:
- ntp: automatic system time update from internet is enabled.
please check the clock and fiddle around with the timezone settings in case of any issues. one may need to set the timezone manually.
then simply run the app to initiate a time sync
the network time sync happens at around 3am. so the time to check is in the morning.
- Please disable mount namespace separation in the superuser app to take advantage of the mount optimisations.
- Reboot once and occasionally to reseed the entropy pool. It's good luck!
- Do ensure that the waut.ch service has started upon reboot. Just run if it doesn't start it automatically!
Note: Please note that the haveged binary in the APK is a static binary and works on both PIE and non-PIE environments. It is also UPX compressed. UPX for Android didn't compile. So UPX for linux was used to compress the executable file. It is an elegant solution as both on disk and in memory space(?) is reduced by 70% per executable. One is welcome to decompress the file using 'upx -d'.
Full source code is provided on Github and build scripts are attached here and on Github.
There is no license required to both install the app or distribute it, both within the developer ROM community or in commercial form. Adhoc payment URL to support development - https://www.paypal.me/openand/10
Again do note that the license to use the APP and source code is free worldwide and irrevocable in full or partial form. All other open source components simply inherit their license. But under no circumstances is any use thereof legally binding or relevant.
--------
Utility for background calibration, curation and tuning of the device towards an intuitive interface.
Subsystems being battery, entropy, encryption, disk, cpu, memory, filesystem, ui, scheduler, and network, all safe and open source technology.
Presented in this metric format with infinite feedback and an interestingly assymetric chance. scribble anywhere, check in some stress, or get lucky for that matter!
-----
ARM variants of Android only Donut 1.6+ ( should even be compatible with the latest ARM Android 9+ )
Please uninstall either Seeder or CrossBreeder prior to using this. And other "mods" or "tweaks".
Root recommended, else reactivity metric is interesting and introduces uniqueness into the entropy pool anyway. Metric may demonstrate a certain asymmetry that is expected from predictable human actions. Efforts have been made to remove time seed logic from haveged in order to improve upon encryption and system-wide performance and security.
Also numerous other subsystems require careful calibration to facilitate this process.
Rewritten code, subset of functionality for upstream project - CrossBreeder ( https://forum.xda-developers.com/showthread.php?t=2113150 )
Please feel free to view and analyze source and functionality and report bugs and discuss etc on the XDA forum:
( https://forum.xda-developers.com/android/apps-games/app-waut-ch-calibration-android-version-t3858365 )
Google Play store:
( https://play.google.com/store/apps/details?id=ch.waut )
Please visit: /data/data/ch.waut/files/bin on the device itself for partial shell source code and XDA Downloads section and Github for full source code.
The app will amongst other maintenance tasks tune sqlite databases regularly and reseed the entropy pool or as is known in common parlance, for good luck!
Thanks.
Payment URL: https://paypal.me/openand/10
XDAevDB Information
waut.ch!, App for all devices (see above for details)
Contributors
idcrisis
Source Code:
[url]https://github.com/Openand-I/haveged[/URL]
[url]https://github.com/openand-inc/waut.ch[/URL]
[url]https://forum.xda-developers.com/devdb/project/?id=19218#downloads[/URL]
Previous Version Information - 144
305bd30f-0c8a-40d8-baf5-330c68f62d51
Status: Stable
Created 2017-01-01
Last Updated 2020-08-18
$ md5sum *.apk
8ea8e8c132a584767a12e394f7975654 *144-waut.ch.apk
8ea8e8c132a584767a12e394f7975654 *oi.apk
$ sha256sum *.apk
4925066a106c83b18ac6e563f03331c56b72777e66973db591c9776d706595e3 *144-waut.ch.apk
4925066a106c83b18ac6e563f03331c56b72777e66973db591c9776d706595e3 *oi.apk
https://github.com/Openand-I/haveged
https://github.com/openand-inc/waut.ch
https://github.com/openand-inc/waut.ch/raw/master/144-waut.ch.apk
https://github.com/openand-inc/waut.ch/raw/f699d3763507ec1f91d82b9ce25c53036b460a9e/oi.apk
-----
Version notes:
haveged: static non upx binary used
cb.sh: lock fixes
Recommended:
- ntp: automatic system time update from internet is enabled.
please check the clock and fiddle around with the timezone settings in case of any issues. one may need to set the timezone manually.
then simply run the app to initiate a time sync
the network time sync happens at around 3am. so the time to check is in the morning.
- Please disable mount namespace separation in the superuser app to take advantage of the mount optimisations.
- Reboot once and occasionally to reseed the entropy pool. It's good luck!
- Do ensure that the waut.ch service has started upon reboot. Just run if it doesn't start it automatically!
Please support development, simply use https://paypal.me/openand/10 or the payment URL.
Or you can simply buy the "frappe" ( free-paid ) version of the app: http://waut.ch
Recommended:
- ntp: automatic system time update from internet is enabled.
please check the clock and fiddle around with the timezone settings in case of any issues. one may need to set the timezone manually.
the network time sync happens at around 3am. so the time to check is in the morning.
- Please disable mount namespace separation in the superuser app to take advantage of the mount optimisations.
- Reboot once and occasionally to reseed the entropy pool. It's good luck!
- Do ensure that the waut.ch service has started upon reboot. Just run if it doesn't start it automatically!
Issues:
- superuser - Please disable mount namespace separation in the superuser app ( for optional but recommended mount options ). Also please revisit the app entry inside the superuser app to ensure the waut.ch service can run on boot unattended. One can see the logs on another day to ensure that the scheduler ran correctly in the night.
- Non root users - User Interface can help in clearing the random device. Please try and obtain root to avail of most features
- Some Samsung users - One is also requested to raise a ticket with Samsung who may be running old PE detection rules that flag any compressed EXE.
- x64 users - Reports are that the binaries run on 64 bit as they are static! Please compile one's variant of the binary if required. Entropy generations removes CPU jitter and hence runs cooler and more secure.
- Intel users - User Interface can help in clearing the random device. Please compile one's variant of the binary if required. Entropy generations removes CPU jitter and hence runs cooler and more secure.
- Maintenance scheduler VACCUUMS and INDEXES "ALL" SQLITE databases. Some folks may not like that. But given that they're no WAL mode anyway, it's a bottleneck worth removing safely.
- There is a concerned effort to state that 32-bit ARM Android Go/One < 1 GB RAM devices are all that's required for long term functioning. Higher no issues.
- Please try and use a heap size of 96MB. Attempts have been made to set heap size dynamic but ideally this should be done in the build.
- Please clear cache or factory reset upon issues to gain at least another year of MTTR ( Mean Time To Recovery ) for each device.
Thank you!
License
License concerns:
haveged - inherited - https://github.com/Openand-I/haveged
busybox - inherited - https://github.com/openand-inc/busybox
- Busybox simple extract, possibly edit the .config file in 'vi' and type 'make'
The requisite tools are installed using:
apt-get install gcc-arm-linux-gnueabi
apt-get install libncurses5-dev
apt-get install gawk
The following is a step in another direction as the 'make' command works perfectly after extraction, but this is provided for posterity:
wget http://busybox.net/downloads/busybox-1.24.1.tar.bz2
tar -xjf busybox-1.24.1.tar.bz2
cd busybox-1.24.1/
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- defconfig
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- menuconfig
At the menu, you can configure BusyBox options. Once configured, you can build BusyBox:
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi-
sqlite3 - inherited - https://github.com/openand-inc/sqlite
waut.ch - 'none', non legally binding, and non legally relevant on a worldwide scale and irrevocable ( derived works are allowed to add their own licenses as long as the import ( meaning ) of the phrase "non legally binding and non legally relevant" is implied throughout ( not required to include text at all )) and does not reflect upon future updates of this software in any manner adversely.
He is back! Welcome back! Looking forward to this great new project! The only thing I might be missing is the dnsmasq filtering, which in my opinion if by far better solution than any kid of firewall/blocker
Sent from my Galaxy Tab 2 3G using Tapatalk
qWantUS said:
He is back! Welcome back! Looking forward to this great new project! The only thing I might be missing is the dnsmasq filtering, which in my opinion if by far better solution than any kid of firewall/blocker
Sent from my Galaxy Tab 2 3G using Tapatalk
Click to expand...
Click to collapse
Mate!
There are some serious issues with DNSMASQ.
- It crashes on wrong syntax of any option. Cannot do for a server.
- Command line syntax changes between original branch, Android and Cyanogen MOD. Not merged.
- Android fork far behind main branch
- Consumes port 53 on server run without sharing interfaces. This is on the Android branch. Main branch has this resolved.
- CPU loop for most Android DNS versions that show up only upon server run, rather than the tethering run. Possibly hijacked open source branch.
- Tethering modifications to Android branch ( command line addons ) not required any more as the main branch has incorporated methods to dynamically change IP addresses on the fly.
- It is probably encumbered by coding standards and export issues with only one developer. It is emblematic of most such over-reused projects.
- Hash table in memory, therefore future block list will use up RAM. Some others have disk based caching.
- Static blocklists are fairly not scalable for 10 years hence. Needs wildcard blocklists.
- DNS cache poisoning/overloading ( leading to denial of service) possible by any process/app.
It is therefore recommended to use either of:
pdnsd
unbound
djbdns
and standalone dhcp clients and servers from the Entware repository. And also these are interesting:
DANE
DNSSEC over TLS
BTW, all Android is encumbered by simple denial of service attack simply by reading from /dev/random by any app.
In order to try and package this into a simplish product, deleting /dev/random was not implemented.
idcrisis said:
Mate!
There are some serious issues with DNSMASQ.
- It crashes on wrong syntax of any option. Cannot do for a server.
- Command line syntax changes between original branch, Android and Cyanogen MOD. Not merged.
- Android fork far behind main branch
- Consumes port 53 on server run without sharing interfaces. This is on the Android branch. Main branch has this resolved.
- CPU loop for most Android DNS versions that show up only upon server run, rather than the tethering run. Possibly hijacked open source branch.
- Tethering modifications to Android branch ( command line addons ) not required any more as the main branch has incorporated methods to dynamically change IP addresses on the fly.
- It is probably encumbered by coding standards and export issues with only one developer. It is emblematic of most such over-reused projects.
- Hash table in memory, therefore future block list will use up RAM. Some others have disk based caching.
- Static blocklists are fairly not scalable for 10 years hence. Needs wildcard blocklists.
- DNS cache poisoning/overloading ( leading to denial of service) possible by any process/app.
It is therefore recommended to use either of:
pdnsd
unbound
djbdns
and standalone dhcp clients and servers from the Entware repository. And also these are interesting:
DANE
DNSSEC over TLS
BTW, all Android is encumbered by simple denial of service attack simply by reading from /dev/random by any app.
In order to try and package this into a simplish product, deleting /dev/random was not implemented.
Click to expand...
Click to collapse
Very comprehensive explanation indeed! I am no expert in Linux, only an average user [emoji6]
I was not aware of so many obstacles using dnasmasq, but aware of it's unreliability while using it for blocking stuff in pfsense. But I must say, I had similar experience with unbound, however, probably due to the lack of linux knowledge.
The way I understand is that host blocking is no longer viable due to scales of blocking required today. But sadly there is no alternative for that on android. I have been trying another tool, called sharkmasq but developer sadly abandoned it, while it seems very unfinished and unreliable. I also understand the reasons behind leaving netfiltering out of your development, just, in desperation, I search for the hope [emoji3]
P. S.
Thank you very much for your reply and for your time putting it together. Nevertheless I will look forward to further developments of this new exciting project!
Sent from my LG-D855 using Tapatalk
Uhm, my device seems more responsive even when I use a very low CPU frequency, but is it normal that the app doesn't ask for root permission even if I'm fully rooted? I'm using a Nexus 5 running Nougat. Thank you
Inviato dal mio Nexus 5 con Tapatalk 2
Hi, yes, part of the design criteria. Without root, the metric is interesting. With root, it will automatically start the background processes including the daily cleanups.
Best way to know that the background processes are running is to install Seeder ( but whatever you do don't start it! . Entropy should show around 4096.
Still in the testing phase, does it worth excluding the app from "android optimisation list"? I also use "power nap", not sure will that cause any side effects...
Sent from my LG-D855 using Tapatalk
Let us know If Seeder has RNGD off and still reports ~ 4096 entropy then all is hunky dory.
The new update asked me for root permission, all right here now
Have been busy lately with life, but had occasionally played with phone. So my findings so far: I use this app on my old galaxy tab 2 3g on slim6. Seeder shows entropy being filled in no time at all. Can't really say much about performance, but it seems that it behaves a little smoother. I also use it on my daily LG G3 on stock MM rom with custom kernel, but seeder is reporting very low entropy, if seeded is left on for 1 minute, I can see that entropy never goes above 900? Goes up slowly but then gets used, and then very slowly goes up again and gets used.
Sent from my LG-D855 using Tapatalk
Reboot once after first install kicks in the animation changes. And good luck
New version uploaded with haveged updates. Build scripts also added.
Feedback solicited about the compiler flags etc. Basically the idea is that the ARM v5 binaries should work for all past and future versions of 32-bit Android without modification.
UPX binary could only be compiled for x86 linux.
To answer question, second device, not running, may need to check su logs
Also backend binaries are 32 bit, may not work on 64 bit. GUI's ok.
I am very confused about the frontend of this app that looks like some number game that I really don't understand . Also, I don't understand the description very well. Finding the 8??? Reboot when animation kicks in? What animation?? Nothing seems to happen. I just see a still of a beach with a red number
But something DID happen though, so I am in business. I will keep you curious for a moment, while firstly giving you a good reason for a hard laugh:
I am trying to revive an LG L3 E400! Yep, that's right . Just for fun and educion. In fact I already succeeded quite a bit. I flashed JellyCast V7rev1, used some stuff from V6 SuperCharger (not entropy thingie coz I already intended to use CrossBreeder for that) and 3 scripts from Fly-On Mod. I came here via the CrossBreeder thread (of course). I have already tried CrossBreeder 7.2.13 (I followed advise from @f3tus here, he advised to use that older version). Entropy went up (so it worked) but I did not experience much performance improvement. I did experience more "not responding" issues though. So I reverted to the pre-CrossBreeder backup. And then came your app.....
So that's a very short summary of the many, many, many hours I spent last 2 weeks on this ancient minimalistic but very adorable phone. Now... back to this Waut.ch! app. Presuming that it had done something, I checked the entropy level after first reboot: still a jumpy number between 150 and 200 or so. Despite the fact that the service shows up as running. Then, a lot more playing with the "game" without understanding what I was doing. Just hoping for some wonder. Some message.... just...... something! But nothing. Just a beach with a red number. And a clock. And a questionmark. Or exclamation mark. Pffffff.. So.... let's reboot again. Then eat a sandwich and drink (more) coffee. Then check entropy again. And there it is! Steady at 4089! At first I thought his app was failing because the number didn't change anymore. Just steady. With the old CrossBreeder 7.2.13 I got 4096 a lot but it was a very jumpy number, going even below 1000 a lot. Well, some time passed while writing this post so let's check again: Wow, right now it says 4091 (99%)! One hour later: 4092! (It had spontaneous reboots inbetween).
I am testing it now for a few hours and have these problems:
"Not responding" issues (same as old CrossBreeder).
Spontaneous reboots (3 already). One of them failing to boot at all (stuck at JellyCast logo).
Two times, after a reboot, GPS was disabled. Not consistently though.
No noticable performance gain.
By the way, I am testing like real world usage. Just opening, using and closing apps. I use the same apps all the time so that gives a very good feeling about performance. More meaningful than benchmarks to me. My goal is to make this phone suitable for normal daily usage.
Your app is using a combination of serveral mods, right? I would like to be able to enable / disable each one separately. How can I do that? For example, I have a gut feeling that my "not responding" issues (and reboots?) do not come from the entropy mod but perhaps from governor tweaks or something else. Any chance that you will add enable buttons in the app? Or supply seperate scripts?
Update: I DO have performance gain! Not consitently though. Apps sometimes starting faster than ever. Also still the aforementioned quirks. Last hours no more auto-reboots. Entropy reaching 4096 now, just a little bit wobbly. There seems to be a lot of potential.
The stutter was an issue with the last version.
Do try the latest one and let us know.
Also better if you install the Play store also so the updates are automatic.
Version name is changed GUID if comparing. Better than comparing version numbers.
GUI is non functional, just a visual representation of haptic feedback and actual randomness spread.
It's like drawing points in the whites of a poached egg. If you can see a pattern, you'll be rich in the stock market
Today I removed the app. The biggest problem is random reboots for me. As said, it has potential because sometimes apps started faster than ever on my ancient LG L3. But not consistently. So maybe I 'll try again later.
Sorry for my first post, probably tl;dr. I will repeat my most important question: can you provide us with separate scripts? I mean: I would like to test the entropy thing without the other tweaks as you described in the OP.
Dude!
You're probably using an old version. We'll never know. Will we? Will we now?
There's a small trick that borders on superstition. The famous random device block gremlin tends to disappear if you run the GUI in scribble mode. Basically what may be happening is the block is hit and then the stupid kernel makes whatever decision it makes. Usually at the cost of usability in favour of some stupid religious Linux fervour. Someone should report that to LINUX.
Or another entropy generator, haveged or RNGD or Seeder may be running. Which is a big no! Best to run it on stock ROMS or full custom ROMs ( please ask the developer if they're running any variant of above and to recommend coexistence or better variant of any subcomponents or piece of code. ). In other words, open source!
Also, the separate scripts are in the /bin directory on the phone itself. May require bash and ADB skills.
And full source on XDA and GitHub.
I'll construe this as a possible request to also post the shell scripts from GitHub into the XDA project as separate attachments. Which I can do. In due course
Cheers.
Well, I took it from Play Store. Is that an old version?