mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
ogresavage said:
mods: maybe this could get moved to Android Dev and Hacking/Misc Dev? This is my first post, and there's a minimum 10 post rule to post on the dev forums. I searched the forums and could not find a similar post, and it could be useful for ROM hackers.
I've been keeping track of a few upcoming risky vulnerabilities that modern devices may be vulnerable to, and possible patches. For those of you that embed custom kernels in your ROM, or want a secure kernel for your custom ROM, this should be useful. Hopefully we can have people chime in and post patches they think are needed. Now, these may be commonly used to root your device, but for those of you creating pre-rooted ROMs, you will probably want the patch to protect your devices from malicious activity.
http://www.cvedetails.com/cve/CVE-2012-4220/ also 4221 and 4222:
affects Android versions from 2.3 to 4.2 with a Qualcomm processor
patch here: https://www.codeaurora.org/particip...es/cve-2012-4220-cve-2012-4221-cve-2012-4222/
code execution, local priv, DoS
http://www.cvedetails.com/cve/CVE-2011-3874/
the infamous zergRush exploit for the vulnerability in libsysutils.so
PoC: https://github.com/revolutionary/zergRush/blob/master/zergRush.c
patch: http://code.google.com/p/android/issues/attachmentText?id=21681&aid=216810001000&name=patch.diff&token=zyMox2r00ZIPN7qD_zdjHy2cf10%3A1358973107051
affects Froyo and Gingerbread, which a lot of people are still working with. As a ROM dev, you might not be working with older Android versions, but this allows code execution.
samsung exynos flaw - I don't see a CVE for this yet
http://forum.xda-developers.com/showthread.php?t=2048511
"This device is R/W by all users and give access to all physical memory"
patch here, but another patch in that thread as well: http://review.cyanogenmod.org/#/c/29910/
"Ram dump, kernel code injection and others could be possible via app installation from Play Store" ouch
2012 CVEs:
http://www.cvedetails.com/vulnerabi...roduct_id-19997/year-2012/Google-Android.html
Anyone else know some good vulns and patches??
Hope this is helpful!
Click to expand...
Click to collapse
I just installed Belarc Security and it discovered the first issues with the two others, 4220. 4221, 4222, not sure if I should be concerned...
The source code to the Equiso Pro kernel has been released.
I am starting this thread in hopes of getting a development effort started on a custom android build for the pro device which is based on the Nufront NS115 SoC.
I am willing to put up 30$ towards a pool for a bounty for such a custom ROM. I might also be convinced to ship a PRO unit to a verified developer who is willing to assist me and others with this effort.
Anyone interested?
Ill add to the pool. Ill also include the source code
saw a post that cyanogenmod devs may of gotten a few. some are probably xda members too
HTC might need a gentle reminder about releasing kernel sources, none of the U series have been released yet, they are required for us to have SlimRoms/LineageOS/aosp/caf style ROM support.
https://twitter.com/NickFlintham/status/871975171120406528
I've tweeted....
Nick.
In a nutshell, we are developing an app for the disabled community that would require root and a few system permissions as well as some minor tweaks to android security settings in order to perform the way we need it to, but the device we are targeting does not currently have a custom ROM developed for it, so my supervisor wanted me to check in these forums to see if there is anyone who develops ROMs professionally or who knows someone who does. If so, could you please direct me to them? Thanks!
It would be great if any developer shares his/her work procedure about building any ROM for Oneplus 6 (enchilada).
A lot of new ROMS are there in the market and for people like me who want to learn custom ROM developement and have only this phone at the moment to test, not a lot of resources are present in the web market to help us.
Therefore, it's my humble request to any DEV who can share with us the procedure for building custom ROMS like from scratch. This can include, getting ROM sources, device tree, kernel tree or vendor tree to be used and other modifications. It will help the community a lot. Discussions can be made based on various issues people encounter and it would be appreciated a lot.
Closed at the OP's request.