8660_msimage.mbn is released in SW by default, actually, it includes the all the boot images and partition table there. MPRG8660.hex will download this image and reset to mass-storage mode. If customers have different HW settings, such as GPIO/DDR, the default 8660_msimage.mbn may not work for them, so customers need build their own 8660_msimage.mbn by themselves with following ways.
1. Have the QPST 2.7.366 or higher version installed.
2. Make a local folder, copy sbl1/sbl2/sbl3/rpm/tz images to this folder.
3. copy the emmcswdownload.exe from C:\Program Files\Qualcomm\QPST\bin to this folder.
4. Prepare the partition_boot.xml as below and copy the partition_boot.xml to the same folder as above.
<?xml version="1.0"?>
<image>
<physical_partition number="0">
<primary order="1" type="4d" bootable="true" label="SBL1" size="1000" readonly="false">
<file name="sbl1.mbn" offset="0"/>
</primary>
<primary order="2" type="51" bootable="false" label="SBL2" size="3000" readonly="false">
<file name="sbl2.mbn" offset="0"/>
</primary>
<primary order="3" type="45" bootable="false" label="SBL3" size="1500" readonly="false">
<file name="sbl3.mbn" offset="0"/>
</primary>
<primary order="4" type="5" bootable="false" label="EXT" size="1000000">
<extended order="1" type="47" label="RPM" size="1000" readonly="false">
<file name="rpm.mbn" offset="0"/>
</extended>
<extended order="2" type="46" label="TZ" size="1000" readonly="false">
<file name="tz.mbn" offset="0"/>
</extended>
</primary>
</physical_partition>
</image>
5. Run the emmcswdownload.exe tool to create OEM boot image with a command below.
emmcswdownload.exe -f 8660_msimage.mbn -x partition_boot.xml -s 1G -g 4M
6. The 8660_msimage.mbn will be generated in the folder.
[/COLOR]
vijay2 said:
8660_msimage.mbn is released in SW by default, actually, it includes the all the boot images and partition table there. MPRG8660.hex will download this image and reset to mass-storage mode. If customers have different HW settings, such as GPIO/DDR, the default 8660_msimage.mbn may not work for them, so customers need build their own 8660_msimage.mbn by themselves with following ways.
1. Have the QPST 2.7.366 or higher version installed.
2. Make a local folder, copy sbl1/sbl2/sbl3/rpm/tz images to this folder.
3. copy the emmcswdownload.exe from C:\Program Files\Qualcomm\QPST\bin to this folder.
4. Prepare the partition_boot.xml as below and copy the partition_boot.xml to the same folder as above.
<?xml version="1.0"?>
<image>
<physical_partition number="0">
<primary order="1" type="4d" bootable="true" label="SBL1" size="1000" readonly="false">
<file name="sbl1.mbn" offset="0"/>
</primary>
<primary order="2" type="51" bootable="false" label="SBL2" size="3000" readonly="false">
<file name="sbl2.mbn" offset="0"/>
</primary>
<primary order="3" type="45" bootable="false" label="SBL3" size="1500" readonly="false">
<file name="sbl3.mbn" offset="0"/>
</primary>
<primary order="4" type="5" bootable="false" label="EXT" size="1000000">
<extended order="1" type="47" label="RPM" size="1000" readonly="false">
<file name="rpm.mbn" offset="0"/>
</extended>
<extended order="2" type="46" label="TZ" size="1000" readonly="false">
<file name="tz.mbn" offset="0"/>
</extended>
</primary>
</physical_partition>
</image>
5. Run the emmcswdownload.exe tool to create OEM boot image with a command below.
emmcswdownload.exe -f 8660_msimage.mbn -x partition_boot.xml -s 1G -g 4M
6. The 8660_msimage.mbn will be generated in the folder.
Click to expand...
Click to collapse
hello. I wonder if there is a way you can help me create a similar file for my Asus Zenfone 2 Laser ZE550KL
Qualcomm MSM8916 Snapdragon 410
These are the firmware files provided by Asus with their stock rom https://drive.google.com/open?id=0B3...DhhYXdpWE10Sjg
I don't know any other files or info you may need, but i can provide if required
8936_msimage.mbn is released in SW by default, actually, it includes the all the boot images and partition table there. MPRG8936.hex will download this image and reset to mass-storage mode. If customers have different HW settings, such as GPIO/DDR, the default 8936_msimage.mbn may not work for them, so customers need build their own 8936_msimage.mbn by themselves with following ways.
1. Have the QPST 2.7.366 or higher version installed.
2. Make a local folder, copy sbl1/sbl2/sbl3/rpm/tz images to this folder.
3. copy the emmcswdownload.exe from C:\Program Files\Qualcomm\QPST\bin to this folder.
4. Prepare the partition_boot.xml as below and copy the partition_boot.xml to the same folder as above.
<?xml version="1.0"?>
<image>
<physical_partition number="0">
<primary order="1" type="4d" bootable="true" label="SBL1" size="1000" readonly="false">
<file name="sbl1.mbn" offset="0"/>
</primary>
<primary order="2" type="51" bootable="false" label="SBL2" size="3000" readonly="false">
<file name="sbl2.mbn" offset="0"/>
</primary>
<primary order="3" type="45" bootable="false" label="SBL3" size="1500" readonly="false">
<file name="sbl3.mbn" offset="0"/>
</primary>
<primary order="4" type="5" bootable="false" label="EXT" size="1000000">
<extended order="1" type="47" label="RPM" size="1000" readonly="false">
<file name="rpm.mbn" offset="0"/>
</extended>
<extended order="2" type="46" label="TZ" size="1000" readonly="false">
<file name="tz.mbn" offset="0"/>
</extended>
</primary>
</physical_partition>
</image>
5. Run the emmcswdownload.exe tool to create OEM boot image with a command below.
emmcswdownload.exe -f 8936_msimage.mbn -x partition_boot.xml -s 1G -g 4M
6. The 8936_msimage.mbn will be generated in the folder.
lot of z9 mini users and work on this thread
Please help me to remove com.android.sc (known as Android/Syringe.AD System Application) on Evercoss Genpro X Pro S50 MT6735. This Trojan exisit in the officeal firmware http://evercoss.com/img/software/EVERCOSS_S50_7_0_021_P1_180314_OE_CPB.zip
I use mtk-su to gain access to remove this trojan.
EVERCOSS_S50:/ $ cd /data/local/tmp
EVERCOSS_S50:/data/local/tmp $ ./mtk-su -v
armv7l machine
param1: 0x1000, param2: 0x8040, type: 4
Building symbol table
kallsyms_addresses pa 0x40bc2460
kallsyms_num_syms 54191, addr_count 54191
kallsyms_names pa 0x40bf7330, size 646794
kallsyms_markers pa 0x40c951c0
kallsyms_token_table pa 0x40c95510
kallsyms_token_index pa 0x40c95890
Patching credentials
Parsing current_is_single_threaded
c0362760: MOVW R0, #0x8d50
c0362764: MOVT R0, #0xc102
Possible list_head tasks at offset 0x290
comm swapper/0 at offset 0x400
Found own task_struct at node 1
cred VA: 0xc667e500
init_task VA: 0xc1028d50
Parsing avc_denied
c0aeca70: MOVW R12, #0x1278
c0aeca74: MOVT R12, #0xc113
selinux_enforcing VA: 0xc1131278
Setting selinux_enforcing
Selinux is already permissive
starting /system/bin/sh
UID: 0 cap: 3fffffffff selinux: permissive
EVERCOSS_S50:/data/local/tmp # pm list package com.android.sc
package:com.android.screenrecord
package:com.android.sc -> bloatware Android/Trojan.Syringe.AD (System Application)
EVERCOSS_S50:/data/local/tmp # pm uninstall com.android.sc
Failure [DELETE_FAILED_INTERNAL_ERROR]
EVERCOSS_S50:/data/local/tmp # pm uninstall -k --user 0 com.android.sc
Success
It still exists when I query list package
EVERCOSS_S50:/data/local/tmp # pm list package com.android.sc
package:com.android.screenrecord
package:com.android.sc -> bloatware Android/Trojan.Syringe.AD (System Application)
After I reboot the device, com.android.sc will installed its self.
Any suggestion?
Thank you
Sincerey, Dedetok
build.prop
# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=NRD90M
ro.build.display.id=EVERCOSS_S50_V13_7.0_09022018
ro.build.version.incremental=1521000161
ro.build.version.sdk=24
ro.build.version.preview_sdk=0
ro.build.version.codename=REL
ro.build.version.all_codenames=REL
ro.build.version.release=7.0
ro.build.version.security_patch=2018-03-05
ro.build.version.base_os=
ro.build.date=Wed Mar 14 12:02:39 CST 2018
ro.build.date.utc=1521000159
ro.build.type=user
ro.build.user=zhuangsf
ro.build.host=freecom8
ro.build.tags=release-keys
ro.build.flavor=full_len6737m_35_n-user
ro.product.model=S50
ro.product.brand=EVERCOSS
ro.product.name=EVERCOSS_S50
ro.product.device=EVERCOSS_S50
ro.product.board=EVERCOSS_S50
# ro.product.cpu.abi and ro.product.cpu.abi2 are obsolete,
# use ro.product.cpu.abilist instead.
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.cpu.abilist=armeabi-v7a,armeabi
ro.product.cpu.abilist32=armeabi-v7a,armeabi
ro.product.cpu.abilist64=
ro.product.manufacturer=EVERCOSS_S50
ro.product.locale=en-US
ro.wifi.channels=
ro.board.platform=mt6737m
# ro.build.product is obsolete; use ro.product.device
ro.build.product=len6737m_35_n
# Do not try to parse description, fingerprint, or thumbprint
ro.build.description=full_len6737m_35_n-user 7.0 NRD90M 1521000161 release-keys
ro.build.fingerprint=EVERCOSS/EVERCOSS_S50/EVERCOSS_S50:7.0/NRD90M/1517820838:user/release-keys
ro.build.characteristics=default
# end build properties
ro.product.sub_flash=yes
ro.product.alsps=stk3x1x-new
ro.product.fingerprint=yes
ro.product.tp_ges=true
ro.product.gyroscope_support=yes
ro.product.aecamera_support=yes
ro.product.doujia=yes
ro.custom.build.version=EVERCOSS_S50_V13_7.0_09022018
ro.build.realversion=ZH096_TRX_L5032_360OS_N23112_C99ba_20180314_37m35_32G3G_DDR3_HD_G4W18L135840K_GpsS_ALS_FP_
ro.build.realversion2=OTG_GYRO_120051
ro.antos.model=wt-6-ZH096-TRX-0-EVERCOSS-S50
#
# from device/lentek/len6737m_35_n/system.prop
#
#
# system.prop for generic sdk
#
rild.libpath=mtk-ril.so
rild.libargs=-d /dev/ttyC0
# MTK, Infinity, 20090720 {
wifi.interface=wlan0
# MTK, Infinity, 20090720 }
# MTK, mtk03034, 20101210 {
ro.mediatek.wlan.wsc=1
# MTK, mtk03034 20101210}
# MTK, mtk03034, 20110318 {
ro.mediatek.wlan.p2p=1
# MTK, mtk03034 20110318}
# MTK, mtk03034, 20101213 {
mediatek.wlan.ctia=0
# MTK, mtk03034 20101213}
#
wifi.tethering.interface=ap0
#
ro.opengles.version=196609
#ro.kernel.qemu=1
#ro.kernel.qemu.gles=0
wifi.direct.interface=p2p0
#dalvik.vm.heapgrowthlimit=128m
#dalvik.vm.heapsize=256m
# USB MTP WHQL
ro.sys.usb.mtp.whql.enable=0
# Power off opt in IPO
sys.ipo.pwrdncap=2
ro.sys.usb.storage.type=mtp
# USB BICR function
ro.sys.usb.bicr=no
# USB Charge only function
ro.sys.usb.charging.only=yes
# audio
ro.camera.sound.forced=0
ro.audio.silent=0
ro.zygote.preload.enable=0
# temporary enables NAV bar (soft keys)
qemu.hw.mainkeys=1
#=0
ro.kernel.zio=38,108,105,16
#ro.kernel.qemu=1
#ro.kernel.qemu.gles=0
#ro.boot.selinux=disable
ro.sf.lcd_density=320
#240
# performance
ro.mtk_perf_simple_start_win=1
ro.mtk_perf_fast_start_win=1
ro.mtk_perf_response_time=1
ro.setupwizard.suppress_d2d_nfc=true
ro.product.otg_support=yes
#
# ADDITIONAL_BUILD_PROPERTIES
#
ro.qiku.version.hardware=P1
ro.qiku.version.date=180314
ro.qiku.version.kernel=3.18.35+.P1.180314.NRD90M
ro.qiku.version.software=7.0.001.P1.180314.WW6_TRX_TRXZH096L5032_OE
ro.qiku.version.release=7.0.021.P1.180314.TRXZH096L5032.WW6_TRX_TRXZH096L5032_OE
ro.qiku.globality=0
ro.qiku.efuse.type=0
persist.qiku.ctstest=1
ro.qiku.gms=1
persist.sys.sw.vdd=2.8
persist.sys.sw.touch.para.r=0x06
persist.sys.sw.touch.para.c=0x0c
persist.sys.sw.touch.level=0x18
persist.sys.sw.speed.max=6000
persist.sys.sw.pix.area=60
persist.sys.sw.enroll.double=1
persist.sys.sw.enroll.frm.num=0
persist.sys.sw.enroll.quality=30
persist.sys.sw.key.mod=1
persist.sys.sw.key.nav_dir=UDLR
persist.sys.sw.key.screenoff=1
persist.sys.sw.verify.retry=1
persist.sys.sw.light.mod=0
persist.sys.sw.light.devs=/dev/input/event2
persist.sys.sw.light.uevet=leds-mt65xx/leds/lcd-backlight
persist.sys.sw.idh.nums=0
persist.sys.sw.transsion.f14=0
ro.carrier=unknown
ro.mediatek.chip_ver=S01
ro.mediatek.platform=MT6737M
ro.telephony.sim.count=2
persist.radio.default.sim=0
ril.specific.sm_cause=0
bgw.current3gband=0
ril.external.md=0
ro.sf.hwrotation=0
persist.radio.fd.counter=150
persist.radio.fd.off.counter=50
persist.radio.fd.r8.counter=150
persist.radio.fd.off.r8.counter=50
drm.service.enabled=true
fmradio.driver.enable=1
ril.first.md=1
ril.flightmode.poweroffMD=1
ril.telephony.mode=0
dalvik.vm.mtk-stack-trace-file=/data/anr/mtk_traces.txt
mediatek.wlan.chip=CONSYS_MT6735
mediatek.wlan.module.postfix=_consys_mt6735
ril.read.imsi=1
ril.radiooff.poweroffMD=0
ro.frp.pst=/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/frp
ro.mtk_protocol1_rat_config=Lf/Lt/W/G
ro.mediatek.version.branch=alps-mp-n0.mp1
ro.mediatek.version.release=alps-mp-n0.mp1-V1.0.2_len6737m.35.n_P192
ro.mediatek.version.sdk=4
ro.setupwizard.mode=OPTIONAL
ro.com.google.gmsversion=7.0_r13
ro.num_md_protocol=2
persist.radio.multisim.config=dsds
ro.mtk_besloudness_support=1
ro.mtk_wapi_support=1
ro.mtk_bt_support=1
ro.mtk_wappush_support=1
ro.mtk_agps_app=1
ro.mtk_audio_tuning_tool_ver=V1
ro.mtk_wlan_support=1
ro.mtk_gps_support=1
ro.mtk_omacp_support=1
ro.mtk_search_db_support=1
ro.mtk_dialer_search_support=1
ro.mtk_dhcpv6c_wifi=1
ro.have_aacencode_feature=1
ro.mtk_fd_support=1
ro.mtk_oma_drm_support=1
ro.mtk_widevine_drm_l3_support=1
ro.mtk_eap_sim_aka=1
ro.mtk_fm_recording_support=1
ro.mtk_send_rr_support=1
ro.mtk_emmc_support=1
ro.mtk_tetheringipv6_support=1
ro.telephony.default_network=9,9
ro.mtk_shared_sdcard=1
ro.mtk_enable_md1=1
ro.mtk_flight_mode_power_off_md=1
ro.mtk_pq_support=2
ro.mtk_pq_color_mode=1
ro.mtk_miravision_support=1
ro.mtk_wifi_mcc_support=1
ro.mtk_sim_hot_swap=1
ro.mtk_bip_scws=1
ro.mtk_world_phone_policy=0
ro.mtk_perfservice_support=1
ro.mtk_sim_hot_swap_common_slot=1
ro.mtk_cam_mfb_support=0
ro.mtk_lte_support=1
ro.mtk_cam_cfb=1
ro.mtk_rild_read_imsi=1
ro.sim_refresh_reset_by_modem=1
ro.mtk_external_sim_only_slots=0
ro.mtk_bg_power_saving_support=1
ro.mtk_bg_power_saving_ui=1
ro.have_aee_feature=1
ro.sim_me_lock_mode=0
ro.mtk_dual_mic_support=0
ro.mtk_is_tablet=0
persist.mtk_nlp_switch_support=1
persist.mtk_ims_support=1
ro.mtk_multiple_ims_support=1
persist.mtk_volte_support=1
persist.mtk.volte.enable=1
persist.mtk_vilte_support=1
ro.mtk_vilte_ut_support=0
wfd.dummy.enable=1
wfd.iframesize.level=0
ro.mediatek.project.path=device/lentek/len6737m_35_n
ro.mtk_microtrust_tee_support=1
persist.mtk.wcn.combo.chipid=-1
persist.mtk.wcn.patch.version=-1
persist.mtk.wcn.dynamic.dump=0
service.wcn.driver.ready=no
service.wcn.coredump.mode=0
persist.mtk.connsys.poweron.ctl=0
ro.com.android.mobiledata=true
persist.radio.mobile.data=0,0
persist.meta.dumpdata=0
ro.mtk_md_sbp_custom_value=0
dalvik.vm.heapgrowthlimit=128m
dalvik.vm.heapsize=256m
persist.radio.mtk_dsbp_support=1
persist.mtk_dynamic_ims_switch=0
persist.radio.mtk_ps3_rat=G
ro.boot.opt_c2k_lte_mode=0
ro.boot.opt_md1_support=5
ro.boot.opt_lte_support=1
persist.log.tag.AT=I
persist.log.tag.RILMUXD=I
persist.log.tag.RILC-MTK=I
persist.log.tag.RILC=I
persist.log.tag.RfxMainThread=I
persist.log.tag.RfxRoot=I
persist.log.tag.RfxRilAdapter=I
persist.log.tag.RfxController=I
persist.log.tag.RILC-RP=I
persist.log.tag.RIL-DATA=I
ro.boot.opt_using_default=1
mtk.vdec.waitkeyframeforplay=1
ro.sys.sdcardfs=1
persist.mtk.datashaping.support=1
persist.datashaping.alarmgroup=1
persist.runningbooster.support=1
persist.runningbooster.upgrade=1
ro.media.maxmem=500000000
ro.mtk_disable_navigation_bar=1
persist.sys.timezone=Asia/Jakarta
ro.com.google.clientidbase.am=android-evercoss
ro.com.google.clientidbase.ms=android-evercoss
ro.com.google.clientidbase=android-evercoss
persist.mtk_ussi_support=1
ro.qiku.xlocker.capture=1
persist.qiku.fingerprint=0
persist.sys.st.value=0
ro.com.android.dateformat=dd-MM-yyyy
ro.config.agenda_alert=Schedule.ogg
ro.config.alarm_alert=Feeling.ogg
ro.config.notification_sound=Evercoss_Message.wav
ro.config.ringtone=Evercoss_Ringtone.mp3
ro.config.ringtone_2=Evercoss_Ringtone.mp3
ro.config.smstone=Evercoss_Message.wav
ro.config.smstone_2=Evercoss_Message.wav
ro.qiku.bt.voicerecord=0
ro.qiku.version.tag=LC
ro.qiku.sales.channel=2
ro.qiku.display.360logo=0
ro.vendor.channel.number=WW6_TRX_TRXZH096L5032_OE
ro.vendor.name=WTWD6
ro.product.model=S50
ro.product.brand=EVERCOSS
ro.product.manufacturer=EVERCOSS
persist.sys.language=en
persist.sys.country=US
persist.qiku.allmode.operator=0
persist.qiku.version.bm=0
ro.qiku.product.devicename=EVERCOSS_S50
ro.qiku.app.safetydialog=0
ro.build.uiversion=360UI:V2.0
ro.build.ota.type=stable
ro.qiku.oldman.phone=0
persist.qiku.oldman.mode=0
persist.qiku.children.mode=0
ro.qiku.hotknot=0
ro.qiku.product.type=LE
ro.qiku.privacyspace.support=0
persist.qiku.operators.mode=0
persist.qiku.cmcc.mode=0x00
persist.qiku.defaultmode=0
persist.qiku.comm.runmode=0000
persist.qiku.cmcc.brand=0x00
persist.sys.dm=0
persist.qiku.perf_opt=0
persist.qiku.log.level=YWW4
persist.qiku.operators.isabroad=1
ro.qiku.lucky.money.alert=0
persist.sys.dalvik.vm.lib.2=libart.so
dalvik.vm.isa.arm.variant=cortex-a53
dalvik.vm.isa.arm.features=default
net.bt.name=Android
dalvik.vm.stack-trace-file=/data/anr/traces.txt
# begin fota properties
ro.fota.platform=MTK6737_7.0
ro.fota.type=phone
ro.fota.app=5
ro.fota.oem=qiku_sz6737_7.0
ro.fota.device=S50
S50
ro.fota.version=7.0.021.P1.180314.TRXZH096L5032.WW6_TRX_TRXZH096L5032_OE
ro.fota.token=a42e45927e8210def34b83a3ef65477b
# end fota properties
ro.expect.recovery_id=0x4a993bb2198cac1fe86bb34af8da1aff28888304000000000000000000000000
dedetok said:
Please help me to remove com.android.sc (known as Android/Syringe.AD System Application) on Evercoss Genpro X Pro S50 MT6735. This Trojan exisit in the officeal firmware http://evercoss.com/img/software/EVERCOSS_S50_7_0_021_P1_180314_OE_CPB.zip
I use mtk-su to gain access to remove this trojan.
Android/Trojan.Syringe.AD (System Application)
After I reboot the device, com.android.sc will installed its self.
Any suggestion?
Thank you
Sincerey, Dedetok
Click to expand...
Click to collapse
It use this to achieve its permanency.
GitHub - DroidPluginTeam/DroidPlugin: A plugin framework on android,Run any third-party apk without installation, modification or repackage
A plugin framework on android,Run any third-party apk without installation, modification or repackage - GitHub - DroidPluginTeam/DroidPlugin: A plugin framework on android,Run any third-party apk w...
github.com
Sure, it does look suspicious, but is it a trojan?
Does it show ads? Or do some other weird stuff?
System apps do not uninstall. Just remove its folder to do it, i.e. "/system/priv-app/SystemClean". This might cause boot problems though. Depends...
What you could do is install a firewall at least to disable it receiving data from qiku.com or whatever...
CXZa said:
It use this to achieve its permanency.
GitHub - DroidPluginTeam/DroidPlugin: A plugin framework on android,Run any third-party apk without installation, modification or repackage
A plugin framework on android,Run any third-party apk without installation, modification or repackage - GitHub - DroidPluginTeam/DroidPlugin: A plugin framework on android,Run any third-party apk w...
github.com
Sure, it does look suspicious, but is it a trojan?
Does it show ads? Or do some other weird stuff?
System apps do not uninstall. Just remove its folder to do it, i.e. "/system/priv-app/SystemClean". This might cause boot problems though. Depends...
What you could do is install a firewall at least to disable it receiving data from qiku.com or whatever...
Click to expand...
Click to collapse
I used Malware Bytes to scan my device, and it's reported as Syringe.AD. in apk decompile "com.android.com", it has has url string: http:// api <dot> os <dot> qiku <dot> com. I decompile the APK using JavaDecompiler online, and can be download from https://garasiku.my.id/android_malware_source/com.android.sc-1.3.3-1033_source_from_JADX.zip. But I have no skill to read the code.
"application inspector" by uniquesoft report unknown applications was installed, they are:
1. "App Settings" source code by JavaDecompiler online (APK Decompile) , and can be download from https://garasiku.my.id/android_malware_source/com.app.settings.amtapp-2.66-266_source_from_JADX.zip
2. "com.viysr.wkcx" source code by JavaDecompiler online (APK Decompile) , and can be download from https://garasiku.my.id/android_malware_source/com.viysr.wkcx-1.0-1_source_from_JADX.zip
I just looked the system.img file through the hex editor, so not that deep. It looked like it or some other app might try to hook some of the browsers. Then that firewall could be useless. Block at least https://api.os.qiku.com and https://api-en.os.qiku.com if you can. Although that qiku firm seems to be okay...
Odd that the stock firmware would contain a trojan...
But if so, it has planted there on purpose...
It's maybe included in some other stocks too...
English Community-Lenovo Community
https://community.umidigi.com/forum.php?mod=redirect&goto=findpost&ptid=16559&pid=92962
command verbose to block api.os.qiku.com and api-en.os.qiku.com:
$ adb pull /system/etc/hosts ./
edit hosts
127.0.0.1 localhost
127.0.0.1 api.os.qiku.com
127.0.0.1 api-en.os.qiku.com
::1 ip6-localhost
::1 api.os.qiku.com
::1 api-en.os.qiku.com
$ adb push ./hosts /data/local/tmp/
$ adb shell
EVERCOSS_S50:/ $ cd /data/local/tmp
EVERCOSS_S50:/data/local/tmp $ ./mtk-su
UID: 0 cap: 3fffffffff selinux: permissive
EVERCOSS_S50:/data/local/tmp # mount -o rw,remount /system
EVERCOSS_S50:/data/local/tmp # cat hosts
127.0.0.1 localhost
127.0.0.1 api.os.qiku.com
127.0.0.1 api-en.os.qiku.com
::1 ip6-localhost
::1 api.os.qiku.com
::1 api-en.os.qiku.com
EVERCOSS_S50:/data/local/tmp # cp hosts /system/etc/
EVERCOSS_S50:/data/local/tmp # cat /system/etc/hosts
127.0.0.1 localhost
127.0.0.1 api.os.qiku.com
127.0.0.1 api-en.os.qiku.com
::1 ip6-localhost
::1 api.os.qiku.com
::1 api-en.os.qiku.com
EVERCOSS_S50:/data/local/tmp # mount -o ro,remount /system
dedetok said:
command verbose to block api.os.qiku.com and api-en.os.qiku.com:
$ adb pull /system/etc/hosts ./
edit hosts
Click to expand...
Click to collapse
Yes, that does that does the trick - blocks those urls....
But I think that it's just a false alarm.
You seem to have this in it...
360os - 概述 - 360手机
360 OS基于Android 5.1深度定制,以多种出色而自然的方式,让你的Android系统变得更加好用。
www.qiku.com
360OS - 全球领先OS智能生态服务提供商
360OS是全球领先的OS智能产品及生态服务提供商,致力于驱动以OS+为核心的智能互联。以OS+安全产业互联网、OS+AI、OS+UI的商业闭环模式,覆盖全球多个地区市场生态。
www.360os.com
360 OS - All you need to Know about Android based 360 OS
Here is all you need to about 360 OS. 360 OS is new Android based OS. Have a look at unique features in 360 OS.
www.digitalstacks.org
was a double post because of the error message while posting..
Oops! We ran into some problems. Please try again later. More error details may be in the browser console.
Click to expand...
Click to collapse
CXZa said:
Yes, that does that does the trick - blocks those urls....
But I think that it's just a false alarm.
You seem to have this in it...
360os - 概述 - 360手机
360 OS基于Android 5.1深度定制,以多种出色而自然的方式,让你的Android系统变得更加好用。
www.qiku.com
360OS - 全球领先OS智能生态服务提供商
360OS是全球领先的OS智能产品及生态服务提供商,致力于驱动以OS+为核心的智能互联。以OS+安全产业互联网、OS+AI、OS+UI的商业闭环模式,覆盖全球多个地区市场生态。
www.360os.com
360 OS - All you need to Know about Android based 360 OS
Here is all you need to about 360 OS. 360 OS is new Android based OS. Have a look at unique features in 360 OS.
www.digitalstacks.org
Click to expand...
Click to collapse
No ...... It is Not False alarm....
I use App Inspector to monitor any change on my Evercoss S50 ( I have 3 similar devices ). I know exactly what happened to those handsets.
These 2 apks were installed before I changed /system/etc/hosts.
Maybe S50 using 360 OS..... You can download the firmware http://evercoss.com/download/detail/s50 and help me where those 2 files came from.
Please share the patch for the rest of S50 users.
Ops, blocking via /system/etc/hosts did very effective. I still got the "malware" dropped in my device with name "App UI" (Screen shoot)
The easiest way is to use NoRoot Firewall created by Grey Shirts.
In Home Screen there is option to checked "Auto start on boot"
You need to enable VPN, NoRoot Firewall will create local VPN on your phone to filter any application connected to internet.
in Apps, you need to set which application allow or not to connect to internet
For my device I blocked (sign with red X)
1. 360 security
2. Aging Test, Android SYstem, BT Tool,......
3. Anti-Theft
4. CaptivePortalLogin
5. com.mediatek.ims, ....
6. ConfigCenter
7. ConfigUpdater
8. Initiator
9. Intent Filter Verification Service
10. Market Feedback Agent
11. Power Master
12. System
13. System-UI
14. Work profile setup
May be the list is to much.... LOL.... but you won't get "App UI" dropped into your phone anymore....
The other way is to use /system/bin/iptables......
These are backgroud connections capture in NoRoot Firewall by Grey Shirts
Anti Theft
ip 36.110.234.87 port 80 whois: CHINANET-BJ 36.110.0.0 - 36.110.255.255 CIDR 36.110.0.0/16
ip 104.192.109.67 port 5227 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 211.151.195.194 port 80 whois: CHINA-21VIANET 211.151.0.0 - 211.151.255.255 CIDR 211.151.0.0/16
com.android.sc
ip 47.90.110.234 port 80 whois: AL-3 47.88.0.0 - 47.91.255.255 CIDR 47.88.0.0/14
ip 104.192.110.206 port 80 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 104.192.110.243 port 80 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 124.156.123.59 port 443 whois: ACEVILLEPTELTD-SG 124.156.96.0 - 124.156.191.255 CIDR 124.156.96.0/19 124.156.128.0/18
ip 180.163.251.181 port 80 whois:CHINANET-SH 180.160.0.0 - 180.175.255.255 CIDR 180.160.0.0/12
Config Center
ip 104.182.110.205 port 443 whois: SIS-80-7-29-2014 104.176.0.0 - 104.191.255.255 CIDR 104.176.0.0/12
Initiator
ip 101.198.192.187 port 80 whois: QIHOO 101.198.196.0 - 101.198.199.255 CIDR 101.198.196.0/22
ip 101.198.192.189 port 80 whois: QIHOO 101.198.196.0 - 101.198.199.255 CIDR 101.198.196.0/22
Create script s50_iptables.sh
#!/bin/sh
echo "Inserting iptables"
if [ "$(/system/bin/iptables -S INPUT | grep -ce '36.110.0.0/16 -j DROP')" != 0 ]
then
echo "Skiped 36.110.0.0/16 -j DROP"
else
/system/bin/iptables -I INPUT -s 36.110.0.0/16 -j DROP
echo "Added 36.110.0.0/16 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '104.192.108.0/22 -j DROP')" != 0 ]
then
echo "Skiped 104.192.108.0/22 -j DROP"
else
/system/bin/iptables -I INPUT -s 104.192.108.0/22 -j DROP
echo "Added 104.192.108.0/22 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '211.151.0.0/16 -j DROP')" != 0 ]
then
echo "Skiped 211.151.0.0/16 -j DROP"
else
/system/bin/iptables -I INPUT -s 211.151.0.0/16 -j DROP
echo "Added 211.151.0.0/16 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '47.88.0.0/14 -j DROP')" != 0 ]
then
echo "Skiped 47.88.0.0/14 -j DROP"
else
/system/bin/iptables -I INPUT -s 47.88.0.0/14 -j DROP
echo "Added 47.88.0.0/14 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '124.156.96.0/19 -j DROP')" != 0 ]
then
echo "Skiped 124.156.96.0/19 -j DROP"
else
/system/bin/iptables -I INPUT -s 124.156.96.0/19 -j DROP
echo "Added 124.156.96.0/19 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '124.156.128.0/18 -j DROP')" != 0 ]
then
echo "Skiped 124.156.128.0/18 -j DROP"
else
/system/bin/iptables -I INPUT -s 124.156.128.0/18 -j DROP
echo "Added 124.156.128.0/18 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '180.160.0.0/12 -j DROP')" != 0 ]
then
echo "Skiped 180.160.0.0/12 -j DROP"
else
/system/bin/iptables -I INPUT -s 180.160.0.0/12 -j DROP
echo "Added 180.160.0.0/12 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '104.176.0.0/12 -j DROP')" != 0 ]
then
echo "Skiped 104.176.0.0/12 -j DROP"
else
/system/bin/iptables -I INPUT -s 104.176.0.0/12 -j DROP
echo "Added 104.176.0.0/12 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '101.198.196.0/22 -j DROP')" != 0 ]
then
echo "Skiped 101.198.196.0/22 -j DROP"
else
/system/bin/iptables -I INPUT -s 101.198.196.0/22 -j DROP
echo "Added 101.198.196.0/22 -j DROP"
fi
echo "Done"
To run the script, open Termux and run mtk-su to gain root
Download the script
# wget http://garasiku.my.id/folder/s50_iptables.sh.txt
Rename and change permission
# mv ./s50_iptables.sh.txt ./s50_iptables.sh
# chmod 744 ./s50_iptables.sh
Run it
# ./s50_iptables.sh
To check it run
# /system/bin/iptables-save | grep INPUT
Or
# /system/bin/iptables -S INPUT
Known Problem: After restarting or boot the device, the firewall rules will be flush! In the future, I will fix to to put it in /system/etc/init and run it when the device finish booting.
To run on ADB, replace #!/bin/sh to #!/system/bin/sh.
Credit:
MTK-SU by Diplomatic
NoRoot Firewall by Grey Shirts
Application Inspector by UBQSoft
I put my work on garasiku.my.id
Okay. this is weird. Viruses from the factory.
Tried searching that app file name from all files. Got stuck because anti-virus. Trojan in /system/lib/libcheckperlib.so
File name search finds that you're not the only one.
Might be that you cannot make it clean if it's deep in the system.
Yet another [almost] non-removable trojan for Android
At the end of 2019, system-monitoring routines on some of our customers' smart phones detected changes in the file /system/lib/libc.so.
news.drweb.com
Fortunately evercoss has a solution... LOL
Cara Jitu Menghapus Virus Trojan di Smartphone Android
Banyak kerugian dari virus Trojan yang tidak segera ditangani, termasuk bocornya data personal. Inilah solusi menghapus virus trojan di smartphone EVers!
blog.evercoss.com
Have you re-flashed it? Does the same start again even if those urls are blocked?
CXZa said:
Okay. this is weird. Viruses from the factory.
Tried searching that app file name from all files. Got stuck because anti-virus. Trojan in /system/lib/libcheckperlib.so
File name search finds that you're not the only one.
Might be that you cannot make it clean if it's deep in the system.
Yet another [almost] non-removable trojan for Android
At the end of 2019, system-monitoring routines on some of our customers' smart phones detected changes in the file /system/lib/libc.so.
news.drweb.com
Fortunately evercoss has a solution... LOL
Cara Jitu Menghapus Virus Trojan di Smartphone Android
Banyak kerugian dari virus Trojan yang tidak segera ditangani, termasuk bocornya data personal. Inilah solusi menghapus virus trojan di smartphone EVers!
blog.evercoss.com
Have you re-flashed it? Does the same start again even if those urls are blocked?
Click to expand...
Click to collapse
thank you for your help.
flashing device does not help. after it connect to internet, it starts pull some apk from internet.
I'll try to search /system/lib/libcheckperlib.so as your sugestion.
CXZa said:
Okay. this is weird. Viruses from the factory.
Tried searching that app file name from all files. Got stuck because anti-virus. Trojan in /system/lib/libcheckperlib.so
File name search finds that you're not the only one.
Might be that you cannot make it clean if it's deep in the system.
Yet another [almost] non-removable trojan for Android
At the end of 2019, system-monitoring routines on some of our customers' smart phones detected changes in the file /system/lib/libc.so.
news.drweb.com
Fortunately evercoss has a solution... LOL
Cara Jitu Menghapus Virus Trojan di Smartphone Android
Banyak kerugian dari virus Trojan yang tidak segera ditangani, termasuk bocornya data personal. Inilah solusi menghapus virus trojan di smartphone EVers!
blog.evercoss.com
Have you re-flashed it? Does the same start again even if those urls are blocked?
Click to expand...
Click to collapse
Yes, /system/lib/libcheckperlib.so contains Android.DownLoader.4930 trojan.
I deleted it and let device without net filtering to monitor any change in android system.
Thank you for your clue.
After removing /system/lib/libcheckperlib.so that contains Android.DownLoader.4930 trojan, and monitor the device for two months, there is no more unwanted installed on device.
Here is step to remove /system/lib/libcheckperlib.so that contains Android.DownLoader.4930 trojan:
Requirement:
rooted android or temporary root using mtk-su create by Diplomatic
pc with adb or Termux
This are steps to remove malware Android.Downloader.4930 /system/lib/libcheckperlib.so using Termux created by Grey Tshirts:
Create these bash script and save it as s50_patch2021.sh
#!/system/bin/sh
FILE="/system/lib/libcheckperlib.so"
echo "checking $FILE"
if [ -f $FILE ]; then
echo "File $FILE exists."
echo "Try remount system rw."
/system/bin/mount -o rw,remount /system
echo "Backing up $FILE."
/system/bin/mkdir /sdcard/dedetok
/system/bin/cp $FILE /sdcard/dedetok
echo "Removing $FILE"
/system/bin/rm $FILE
echo "Remount system ro"
/system/bin/mount -o ro,remount /system
echo "Done, reboot your Evercoss S50"
else
echo "File $FILE does not exist."
fi
Or you can download it from this site. Open Termux and type
$ wget http://garasiku.my.id/folder/S50_patch2021.sh.txt
rename it
$ mv ./S50_patch2021.sh.txt ./S50_patch2021.sh
change permission
$ chmod 744 ./S50_patch2021.sh
run mtk-su and run the cript
# ./S50_patch2021.sh
reboot your phone
Don't forget to run your antivirus after reboot your phone. android is not save operating system. Use application inspector to inspect unwanted application and remove it.
Garasiku - Evercoss Genpro X Pro S50 removing malware Android.Downloader.4930 /system/lib/libcheckperlib.so
Garasiku
garasiku.my.id
I downloaded the file (img), with firmware, mounted the image, and I can't open it
What is the model of your phone ?
LR7875 said:
What is the model of your phone ?
Click to expand...
Click to collapse
car radio EONON for VW, 8 core 64-bit CPU Coretex-A53, 1/5 G,
MTCR_HT_V2.84_1
So what is the problem? The car radio does not boot up and restoration attempts failed?
LR7875 said:
So what is the problem? The car radio does not boot up and restoration attempts failed?
Click to expand...
Click to collapse
downloaded the firmware, in img format, and can not open it
You can just install the firmware in the img format without opening it. Use a PC for the steps that will be mentioned below.
First learn about fastboot.
Install this, choose y and y
[OFFICIAL][TOOL][WINDOWS] ADB, Fastboot and Drivers - 15 seconds ADB Installer v1.4.3
15 seconds ADB Installer v1.4.3 ADB, Fastboot and Drivers What is this? This is All-in-One installer for 3 most needed PC tools for Android. No need to download big SDK for 3 small things. I originaly made it for my Kurdish friend AnGrY DuDe in...
forum.xda-developers.com
Then download and extract this.
SDK Platform Tools release notes | Android Studio | Android Developers
Android SDK Platform-Tools is a component for the Android SDK.
developer.android.com
After that connect your car radio to the computer.
After that reboot you car radio into fastboot mode( try volume up + power, if it shows up a boot menu choose bootloader or fastboot, if it is in something as android recovery or no command try volume down + power, If it shows black screen or the words fastboot then it is good to go)
After that move that .IMG files to the platform tools folder.
After that right click in the platform tools folder.
After that choose open command prompt here OR open power shell here.
If it shows a black window, type in fastboot flash system system.img
If it is blue window type .\fastboot flash system system.img
LR7875 said:
Можно просто установить прошивку в формате img, не открывая ее. Используйте ПК для шагов, которые будут упомянуты ниже.
Сначала узнайте о fastboot.
Установите это, выберите y и y
[URL Unfurl = "true"] https://forum.xda-developers.com/t/...vers-15-seconds-adb-installer-v1-4-3.2588979/ [/ URL]
Затем загрузите и распакуйте это.
[URL Unfurl = "true"] https://developer.android.com/studio/releases/platform-tools [/ URL]
После этого подключите автомагнитолу к компьютеру.
После этого перезагрузите автомобильное радио в режим быстрой загрузки (попробуйте увеличить громкость + питание, если появится меню загрузки, выберите загрузчик или быструю загрузку, если это что-то вроде восстановления Android или нет команды, попробуйте уменьшить громкость + питание, если он показывает черный экран или слова fastboot тогда хорошо)
После этого переместите файлы .IMG в папку инструментов платформы.
После этого щелкните правой кнопкой мыши папку инструментов платформы.
После этого выберите здесь открытую командную строку ИЛИ откройте здесь оболочку питания.
Если отображается черное окно, введите fastboot flash system system.img
Если это синее окно типа. \ Fastboot flash system system.img
Click to expand...
Click to collapse
Спасибо
12alesha12 said:
Спасибо
Click to expand...
Click to collapse
thank you
quiero rootear mi Redmi 9a, pero cuál recovery es el adecuado que me ayude ?
unlock bootloader, flash twrp (or similar) recovery in fastboot, boot to recovery, factory reset, format data, flash ROM, boot to android, install magisk manager, patch boot in magisk manager, go to recovery, flash patched boot
Jose Luis Sanch Red. said:
quiero rootear mi Redmi 9a, pero cuál recovery es el adecuado que me ayude?
Click to expand...
Click to collapse
this method if you do not want to flash the recovery
-------------------------------------------------- ------------------------------
английский
-------------------------------------------------- ------------------------------
это подходит для тех у кого есть заблокированный загрузчик и разблокированный загрузчик
1. скачать официальную прошивку
2. находим BOOT.img переносим его на телефон в любую папку
3. загрузите последнюю версию Magisk
4. нажимаем установить, выбираем BOOT.img куда переносили
5. После прошивки BOOT.img подключите телефон к ПК и перенесите BOOT.img на рабочий стол.
6. Установите драйвер ADB, скачайте файл, который вы скачали
7. у вас есть папка adb на диске c
8. переносим BOOT.img в папку ADB
9. Переведите телефон в режим быстрой загрузки
10. открыть командную строку от имени администратора
11. Вставьте код в командную строку
12. Поздравляем, вы получили root
13. если ваш телефон перезагрузится, прошейте стоковый BOOT.img
-------------------------------------------------- ------------------------------
Русский
-------------------------------------------------- --------------
---------------
этот способ если не хотите прошивать рекавери
это подходит для тех у кого есть заблокированный загрузчик и разблокированный загрузчик
1. качаем официальную прошивку
2. находим BOOT.img переносим его на телефон в любую папку
3. скачать последнюю версию Magisk
4. нажимаем установить, выбираем BOOT.img куда вы перенесли
5. После того, как вы прошили BOOT.img, подключите телефон к ПК и перенесите BOOT.img на рабочий стол.
6. Установите драйвер ADB, скачайте файл, который вы скинули
7. у вас есть папка adb на диске c
8. переносим BOOT.img в папку ADB
9. Переведите телефон в режим быстрой загрузки
10. открыть командную строку от имени администратора
11. Вставьте код в командную строку
12. Поздравляем, вы получили root
13. если ваш телефон перезагрузится, прошейте стоковый BOOT.img
-------------------------------------------------- -----------------------------
код командной строки:
1. компакт-диск c:\ADB
2. устройства быстрой загрузки
3. fastboot flash boot boot.img
4. перезагрузка фастбут
-------------------------------------------------- -----------------------------
тут скачать adb драйвер
download adb driver here
adb-setup-1.4.3.exe
drive.google.com
Flash magisk.zip via custom recovery