Are we protected against stuff like this? - ONE Q&A, Help & Troubleshooting

I am talking about https://www.zdnet.com/article/google-we-just-fixed-these-three-critical-android-bugs-with-april-update/
I an trying to understand the limitations of custom roms.
Thx in advance

It depends on your custom rom and device.
In official versions of LineageOS, Android security patches get merged regularly. This means, vulnerabilities like the ones mentioned in the linked article get fixed over time if you update your LineageOS every now and then. But there are also potential vulnerabilities hidden in proprietary OnePlus components. These cannot be fixed by any custom rom and rely on updates from the manufacturer.
You might want to read up on this here.

Related

Android Security Vulnerabilities

mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
ogresavage said:
mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
Click to expand...
Click to collapse
I just installed Belarc Security and it discovered the first issues with the two others, 4220. 4221, 4222, not sure if I should be concerned...

Help Manually Applying Security Patches

So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
TheDonL said:
So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
Click to expand...
Click to collapse
I'm no expert but if your rom is no longer maintained you would have to build your own with the latest Cyanogenmod/PacMan, device tree, etc etc which will have all the security patches in it. It's a mission http://xda-university.com/as-a-developer/introduction-how-an-android-rom-is-built
Note that there will be loads of other security patches released since your rom was built, depending on how old it is, that do not have an app to show if you are vulnerable, look at the date of the "Android security patchs level" shown in about phone & compare to the monthly security bulletins to find them all.
https://source.android.com/security/bulletin/index.html
running CM ? might want to check this thread :
http://forum.xda-developers.com/showthread.php?t=2862061
err on the side of kindness
TheDonL said:
So I recently rooted my HTC One M7 which I've had now for almost three years. I love this phone. I gave it the latest version of PAC ROM and have loved customizing the crap out of it. I am trying to get every ounce of life out of it before I eventually upgrade.
Anyway, I used many different resources for checking the security and eventually ran the QuadRoot Scanner which is an app from the Play Store. It told me that I am affected by the following vulnerabilities: CVE-2016-2059 and CVE-2016-2504. It then directs me to codeaurora.org where it explains what each vulnerability is and then tells me to apply certain security patches. There's only one problem: I have no idea how to apply patches and nowhere on the website does it tell me how to do it. I tried searching online for some answers but had little luck. If anyone can specifically tell me what to do and how to do it, I would be eternally grateful.
I tried posting the URLs for each vulnerability but XDA won't let me until I've posted 10 times or something. You can find the exact page by googling Code Aurora and then the name of the vulnerability (CVE-2016-2059 and CVE-2016-2504).
Thanks in advance for your expertise!!!
Click to expand...
Click to collapse
There have been 100s of security patches for Android kernel, but if your bootloader is locked, you can't implement them. If you unlock your bootloader, you can use a custom kernel and you can manually implement each patch. But keep in mind, CM has abandoned LP kernels, meaning they are not implementing security patches after October-November 2015. With regard to non-kernel patches (also hundreds), most of them are in sources for LP and MM.
I wouldn't rely on any app that tells you whether or not you have the patch. You can do it simply by looking at the date of your build. Pretty much everything after that date is Not included...
optimumpro said:
There have been 100s of security patches for Android kernel, but if your bootloader is locked, you can't implement them. If you unlock your bootloader, you can use a custom kernel and you can manually implement each patch. But keep in mind, CM has abandoned LP kernels, meaning they are not implementing security patches after October-November 2015. With regard to non-kernel patches (also hundreds), most of them are in sources for LP and MM.
I wouldn't rely on any app that tells you whether or not you have the patch. You can do it simply by looking at the date of your build. Pretty much everything after that date is Not included...
Click to expand...
Click to collapse
Thanks for the response! Yeah, I have the latest version of PAC ROM for my phone and it says Nov 2015 is the latest android security level. So I am open to finding a different, custom kernel if that means I can manually implement each patch. But what's the process for that? How would I do that? My bootloader is already unlocked.
TheDonL said:
Thanks for the response! Yeah, I have the latest version of PAC ROM for my phone and it says Nov 2015 is the latest android security level. So I am open to finding a different, custom kernel if that means I can manually implement each patch. But what's the process for that? How would I do that? My bootloader is already unlocked.
Click to expand...
Click to collapse
If you are not a developer, have no programming experience, it would be almost impossible to do. You need to work with sources. Learn how to compile a rom.... It is not easy...
optimumpro said:
If you are not a developer, have no programming experience, it would be almost impossible to do. You need to work with sources. Learn how to compile a rom.... It is not easy...
Click to expand...
Click to collapse
Ah. So I am guessing it is not as easy as simply copying and pasting the code that the website mentioned? Into the bootloader? Because codeaurora.com gives you the exact code to manually enter in for the patch. I have coded before but not much and it was a while ago...

[UNOFFICIAL][ROM][10.0/9.0] LineageOS 17.1/16.0 [violet][Q/PIE]

Introduction
A spinoff thread from the previously-supported-official thread by Atman.
This thread will contain my unofficial builds for violet. On the 16.0 version, the only real fix (so far...) have been the fingerprint scanner sepolicy denials. I aim to do monthly/bimonthly builds to keep up to date with security patches, as so far I haven't encountered any other issues (let me know).
On the 17.1 version, I have slowly figured out how to make it work, but it is highly experimental.
The 16.0 ROM is stable (I use it as my daily driver).
If you find any bugs, please do take screenshots, give a way for me to replicate it on my device, and send a logcat. If you're super smart, use a logcat and filter for the keyword so I don't have to do even more digging
Please don't tell me to use PE/Mokee commits.
Yet another update. I've got 17.1 builds working without having to resort to cheap tricks and commits (sort of).
Flash instructions
Same as usual:
Reboot to fastboot and flash recovery with fastboot (You have to use the TWRP linked below. Other versions likely won't boot.)
Reboot to recovery TWRP
Wipe to format data, wipe again to wipe system and cache (not necessary if you're updating, only if you're switching ROMs)
Flash firmware (ADB sideload) (this step is dated. The newer builds have a higher target firmware so you should try to flash without the firmware first, then flash the firmware if the ROM doesn't work.)
Flash the ROM (sideload)
Flash GApps, Magisk, etc. as necessary
Done
Downloads (16.0) (STABLE)
Firmware (Dated firwmare)
Recovery (TWRP)
11-Jun-2021 build (with 05-May-2021 security patch), and MD5 Digest
For previous builds see below
Downloads (17.1)
Here's the 17.1 ROM. Here's the md5 hash. It has the March security patch.
It currently does not boot. If you would like to try and help with development, flash the ROM, and then flash the Chinese Q firmware on top of it (this can be downloaded from xiaomifirmwareupdater). Be warned that there is a risk that the newest android keymaster may re-encrypt your device, which in the worst case may require you to format data and/or reflash recovery and/or flash a fastboot MIUI rom. So, it's a bit risky, but likely won't be an issue.
Credits, Sources, etc.
Too many to mention. Atman Shah for getting this device supported earlier last year. ThE_MarD (Marc Bougoin) for other help. Various other names I've seen - Bruno Martins, Weikai Kong, Wang Han... all of the Lineage dev team. I'm sure I'm missing many people who have been involved in the project. I am new, and very much a latecomer to all of this.
Device Tree: https://gitlab.com/mzha/android_device_xiaomi_violet
Kernel Tree: https://gitlab.com/mzha/android_kernel_xiaomi_violet
Other things see my gitlab: https://gitlab.com/mzha
A telegram group to discuss development for 16.0/17.1: t.me/lineageos_violet
Previous builds
07-Nov-2020 (incl. Oct-2020 security patch), with 07-Nov-2020 MD5 Hash
13-Jul-2020 (incl. Jul-2020 security patch), with 13-Jul-2020 MD5 Hash
11-May-2020 (incl. May-2020 security patch), with 11-May-2020 MD5 Hash
Good to see some devs showing interest on this os
will you be adding any customisation? or does it continue as pure lineage os?
e2vinay said:
Good to see some devs showing interest on this os
will you be adding any customisation? or does it continue as pure lineage os?
Click to expand...
Click to collapse
Pure LineageOS. There's more than enough customised ROMs for violet already in my opinion... and I also don't have that much time
hcnulma said:
Pure LineageOS. There's more than enough customised ROMs for violet already in my opinion... and I also don't have that much time
Click to expand...
Click to collapse
That's great
by any chance will you consider adding signature spoofing support? that would be really great. it would help many users go for microG instead of gapps
I completely understand you're starter.
great work. good luck.
Thank you
e2vinay said:
will you consider adding signature spoofing support?
Click to expand...
Click to collapse
No, but there are a few alternatives:
Merge the changes from this RFC and build it
Download the spoofer from https://download.lineage.microg.org/violet/, or get the (ed)Xposed module, or other possibilities...
Will be official Lineage Os?
Can we expect los 17 soon?
himanshu fulmali said:
Can we expect los 17 soon?
Click to expand...
Click to collapse
As per OP: I'm waiting on both Android 10 firmware blobs + kernel to be released by Xiaomi... I'm not sure how the other ROM devs get around this, if it's easy to forward-port or not. But for now, only LOS 16.
Heyyo @hcnulma good to see you got your thread up and going!
As for 17.1? You can work with your current kernel and cherry-pick the fixes that other maintainers of violet are using and same for the device tree and vendor blobs.
As an example, LeEco msm8996 devives are using kernel source code from Marshmallow just rebased on a CAF Q Tag for our kernel since we never got anything newer...
Even once Xiaomi release their kernel source code for Android 10? It would probably take quite a bit of work to shave it down to what you specifically need and then importing it on top of a fresh CAF tag for the kernel or even more work to try and inplement it into uour current kernel.
To get official builds of LOS 16.0 going again for violet you would need to show that you are capable of fixing any major bugs that arise as well.
https://wiki.lineageos.org/submitting_device.html
anywho, hope this information helps bud!
hcnulma said:
As per OP: I'm waiting on both Android 10 firmware blobs + kernel to be released by Xiaomi... I'm not sure how the other ROM devs get around this, if it's easy to forward-port or not. But for now, only LOS 16.
Click to expand...
Click to collapse
I am pretty sure you can use the pixel experience device tree and kernel to compile the ROM just like every other rom
Thank you. If he is stable enough I will use it to build RR PIE
Zjh0094 said:
Thank you. If he is stable enough I will use it to build RR PIE
Click to expand...
Click to collapse
It's definitely stable...
prajwal2001 said:
I am pretty sure you can use the pixel experience device tree and kernel to compile the ROM just like every other rom
Click to expand...
Click to collapse
From what I understand, using their kernel tree will mean I'll have to change a lot of references in my own device tree, and using their device tree on top of that is essentially just building PE, not Lineage.
In any case, I did find the Snapdragon 675 (ie sm6150) kernel trees for Q in several places, https://github.com/sm6150-dev/android_kernel_xiaomi_sm6150 and https://github.com/PixelExperience-Devices/kernel_xiaomi_sm6150. I'll take a closer look into this...
I did find the most recent CAF kernel under sm6150 here, but there seems to be an issue of this not showing up in /quic/la... Something will be resolved. Hopefully.
Request to create group for discussion in Telegram
hcnulma said:
It's definitely stable...
From what I understand, using their kernel tree will mean I'll have to change a lot of references in my own device tree, and using their device tree on top of that is essentially just building PE, not Lineage.
In any case, I did find the Snapdragon 675 (ie sm6150) kernel trees for Q in several places, https://github.com/sm6150-dev/android_kernel_xiaomi_sm6150 and https://github.com/PixelExperience-Devices/kernel_xiaomi_sm6150. I'll take a closer look into this...
I did find the most recent CAF kernel under sm6150 here, but there seems to be an issue of this not showing up in /quic/la... Something will be resolved. Hopefully.
Click to expand...
Click to collapse
you won't have to make any changes in the kernel as far as I know and as for the device tree you just have to make some changes according to the ROM
as every ROM uses the same device tree
and you won't be making pe instead of lineage as the same device tree and kernel are used in every Q ROM except EvoX which uses crimson kernel
hcnulma said:
It's definitely stable...
Click to expand...
Click to collapse
Thanks. I will use it as my benchmark to build RR pie.
---------- Post added 15th February 2020 at 12:03 AM ---------- Previous post was 14th February 2020 at 11:57 PM ----------
hcnulma said:
In any case, I did find the Snapdragon 675 (ie sm6150) kernel trees for Q in several places, https://github.com/sm6150-dev/android_kernel_xiaomi_sm6150 and https://github.com/PixelExperience-Devices/kernel_xiaomi_sm6150. I'll take a closer look into this...
I did find the most recent CAF kernel under sm6150 here, but there seems to be an issue of this not showing up in /quic/la... Something will be resolved. Hopefully.
Click to expand...
Click to collapse
/quick/la/msm-4.14
prajwal2001 said:
you won't have to make any changes in the kernel as far as I know and as for the device tree you just have to make some changes according to the ROM
Click to expand...
Click to collapse
It is precisely the device tree that I'm worried about. From experience, PE has a lot of platform-specific stuff that Lineage doesn't (and the same the other way), and also from trying to figure out the fix to 16.0 I realised there's a lot of context/definition differences between the two device trees. I'd still give it a look, but I suspect it might be easier to just modify the current 16.0 device tree.
RupeshRN said:
Request to create group for discussion in Telegram
Click to expand...
Click to collapse
https://t.me/lineageos_violet.
Zjh0094 said:
/quick/la/msm-4.14
Click to expand...
Click to collapse
Yeah I already figured it was msm-4.14. Have already cloned it but am also considering cherrypicking changes that other devs have done to their kernel trees from 16.0 -> 17.1 as opposed to starting with the CAF kernel. A work in progress.
Sir I'm noob but mokee dev released android 10 and i think mokee and los are pretty same, will he not help you if you contact him?
An update on where I am:
I'm not sure whether to use the PE or Mokee vendor trees. Neither of them have much resemblance to 16.0 tree I have so cherry picking changes will be a nightmare.
The PE vendor tree has a lot of device-tree-specific commits, which will make it a headache to untangle later on. The Mokee vendor tree also has a lot of differing firmware files, though is a bit more similar to the LOS tree.
I'm doing a bit of experimentation to figure out which one will last better in the long run, since I can't seem to get my hands on any MIUI Android Q firmware blobs.
An update on where I am:
I'm not sure whether to use the PE or Mokee vendor trees. Neither of them have much resemblance to 16.0 tree I have so cherry picking changes will be a nightmare.
The PE vendor tree has a lot of device-tree-specific commits, which will make it a headache to untangle later on. The Mokee vendor tree also has a lot of differing firmware files, though is a bit more similar to the LOS tree.
I'm doing a bit of experimentation to figure out which one will last better in the long run, since I can't seem to get my hands on any MIUI Android Q firmware blobs.
Yet another update. I've got 17.1 builds working without having to resort to cheap tricks and commits (sort of).
Here's the 17.1 ROM. Here's the md5 hash. Needless to say, it's very experimental, not stable in the least (expect to get past boot maybe 70% of the time) - I'm getting very mixed results when experimenting myself. Nevertheless, try it out, see what you get. Install it the same way as usual. Keen to get as many eyes on this as possible

List with devices having official releases of TWRP, LineageOS and other roms

Dear community, I think this list is the first of its kind.
Purpose
The main purpose of the whole project is to help newcomers find the relevant TWRP and Roms for their devices and ultimately make the installation process as easy as possible. This list also serves the purpose of giving an overview of devices which can run custom android roms for people who do not have such a device yet and would like to buy one but don't know which ones to choose from.
Goal
Its goal is to contain as many devices (with name, model name and codename) as possible which also have official releases of TWRP, LineageOS, Resurrection Remix, Omnirom or Carbonrom. The list also contains some working TWRP builds and roms that I saved to a personal archive some time along the last years - mainly for older devices without newer roms and for good roms that just did not made it to an official release.
The Free-Droid project
The creation and continuous update of this list is tied to the Free-Droid project, mainly because it is scraped and put together by the same ruby code that is used inside the Free-Droid One-Click Rom Installation Assistant.
Why only these chosen roms? Can another rom be added?
The choice of roms showing in the list is constrained by these factors:
free and open source (no google apps included)
The website with the official releases can be scraped (programmatically read and evaluated) with ruby code down to the individual download links for the roms
(Preferred) The rom zips have signature spoofing support or are patchable with the NanoDroid patcher
A lot of roms fail at one of these constraints. I tried to add crDroid, but their website is pure javascript and can't be scraped easily. AospExtended was added by using the OTA API, but it turned out that the API server is way too unreliable. What might be possible and get added are mokee and /e/.
Updates
The list is automatically updated weekly and should always point to the latest available roms.

Lineage OS

Can we expect Lineage OS to be released for realme X3? I have a feeling that it is one of the phones that can really benefit from lineage OS as despite having excellent specifications it is bogged down by terrible software support by realme?
jaidosajh said:
Can we expect Lineage OS to be released for realme X3? I have a feeling that it is one of the phones that can really benefit from lineage OS as despite having excellent specifications it is bogged down by terrible software support by realme?
Click to expand...
Click to collapse
There is no way to know if or when any device will get any kind of custom ROMs. That is a matter of whether someone with the knowledge to create custom ROMs owns one of those devices or not and whether or not they choose to build a ROM for that device and that is only "if" the stock source code has been made available to the public. If the stock source code has not been made available to the public, custom ROMs cannot be built for the device because stock source code is required in the building process.
The short answer is you will just have to wait and see or take it upon yourself to try building LineageOS for your device for yourself. Trying to build it yourself might get you there faster because you might be in for a long wait if you wait for someone else to do it or may never happen at all.

Categories

Resources