Greetings,
Watched the noob video and searched for this particular topic...didn't find anything.
I run Whisper Systems (Moxie Marlinspike's company, bought out by Twitter) Whisper Core Full Phone Encryption on my Nexus S. I'm looking for a way to take a complete image of the phone if something catastrophic happens to the phone, or I lose it...so I can install it on a new Nexus S. I have v0.5.2 of the installer, but the latest version of the software was 0.5.5 before the Twitter buy out. I unfortunately used the WC Update installer on the last 3 releases, and didn't download the installers...now they can't be found. So I want to take an image of the current 0.5.5.
I looked at Nandroid, but other than installing WC (which was point and click easy on Win64), I know nothing about imaging. I'm worried that messing with Nandroid may somehow interact badly with WhisperCore and lock me out.
Is what I want to do possible, taking into account the WC software?
Thank you,
RF
When android updates the OS, does the entire /system get formatted or do just individual files get updated?
Private Pyle said:
When android updates the OS, does the entire /system get formatted or do just individual files get updated?
Click to expand...
Click to collapse
From one who is totally unqualified to answer:
I believe when a major Android OS is offered it is a pretty much a minor kernel rewrite.
Most likely new hardware drivers and so on.
It is my understanding that Google was supposed to implement Android updates to keep phones and other devices current.
Typically the incremental updates are slow and the major version changes are 2-3 years coming.
There's a changelog posted on XDA in one of the Jelly Bean threads going on.
I forgot which thread it was...the change list for 4.1 appeared minimal to me.
There is probably a lot more to it than what I know however.
Perhaps some of the more knowledgeable will offer an accurate answer here.
Good post IMO!
Private Pyle said:
When android updates the OS, does the entire /system get formatted or do just individual files get updated?
Click to expand...
Click to collapse
What you are probably concerned with is whether it is a full wipe or "reset" of the device, though you did not state that specifically. In any event the answer is that NO, it is not a "FULL" system replacement, in the sense that all of your apps will still be installed after the OTA (Over the Air) update. That does NOT guarantee that all of your installed apps will be compatible with the update, but the update process does attempt to keep your home screens, icons, widgets etc. wherever possible. some folks like to wipe the Tablet/Phone regardless, to have a "clean" install, preventing any older issues to propagate to the newly updated system. In fact, some, like myself take major steps to ensure a ful version update, such as ICS to JB goes smoothly. This means factory wiping the tablet before applying the update (then securing root with Voodoo OTA Root Keeper and superuser or supersu, then wiping the tablet AGAIN directly AFTER the update. This is one way to help ensure you get the full benefit of a "clean" install, vs. issues carrying over from the previous version's installation. It all depends on your level of comfort, and how much time and effort you are willing to devote to making sure it works as good as possible. Granted some folks just let that update apply and have little or no problems. I hope that helps in some way.
Hello! I am running a Samsung S6 Active. I am posting this here because the S6 Active forum gets only a few posts per day and my question can be applied to this device as well.
I am curious if it is possible to take a package in an update file for the S6, and inject it into the update file for the S6A. I have absolutely no access to root with this device. The main reason I wish to do this is due to an error by Samsung where the Camera App for the S6A is one major version behind the standard S6, and I would like to update the camera app. If it is possible, I would be okay with resetting my device for the modification. However, since I do not know if it is possible, I'm asking first.
Any ideas?
EDIT: I mean update files. Sorry for the confusion.
Dear friends,
i am struggling with a strange APP named "Chromes". It seems to be undocumented (i googled a lot).
The only thing i know is that IT INSTALLS ALONE without any visibile message. After a Factory reset i found it (AGAIN) in the phone.
I couldn't SEEK what / when / Who installs it in my phone.
It gains telephone and archive rights without any ask to me.
I also know that my doogee phone suffers of a vulnerability (never closed) by DOOGEE and i don't know if it'd be related with it.
No clue.
Does anyone have had the same experience? Does anyone have EVER seen it?
Let me know please.
Best Regards.
EDIT: ****warning: I remember to everyone that ROOTING/HACKING/INSTALLING a different ROM in your phone may void the warranty AND can potentially BRICK your phone . Do it ONLY IF YOU KNOW WHAT YOU ARE DOING . I warned you.*****
edit 13/11/2017 *LIST OF REPORTED DEVICE AFFECTED WITH CHROMES (Malware) app *:
----------------------------------------------
Doogee Shoot 1
Gretel A9
UHANS A101
NOMU S10
Leagoo M8
leagoo M8 pro
----------------------------------------------
Report if you have it. Thank you.
i just found it on my phone too and started googling it.. and yours seem to be the only instance ive found so far.. i dont know what it does or where it comes from.. i can close it from the task manager but itll start itself again 3 processes that itself have about 2-3 services.. mostly ChromesService DaemonService and ChromesService2 the main proces seems to be signed from com.appclone.lyhj the second one doesnt have the daemonService and is signed from com.android.qnsettings and the third one had com.yunshi.market listed. again i dont know there they come from or whats their purpose.. and if they have anything to do with the ad popups i get since a few days now that dont seem to be app related since its the same popups for most apps .. apps that dont have those popups natively like whatsapp or facebook. i have since uninstalled pretty much anything and tried some antivirus but i guess its gonna be rooted and gets a custom rom. it is also a china cell called nomu s20 . after googling a bit it seems there are a lot security problems with my device.
edit: ive found something on this link i cant post because i am not a trusted user yet
also after running kaspersky antivirus it did indeed find something (as opposed to the comodo antivirus that kept silent)
it found Trojan.androidOS.Boogr.gsh as the chromesBase.apk and another one i just deleted without writing the name. it seems though this might be related to the Triada-Virus/trojan .. soo.. yeah it might be a good idea to save your stuff and not only try with a factory reset but completely reinstall the whole rom.
edit2: just deinstalling them hasnt solved anything .. the problem sits way deeper meaning it is definitely related to the triada virus. it just reinstalls the software again without anything showing.
edit3: found it.. it is indeed the triada virus on my phone ..
I have been dealing with that damned "Chromes" app for two or three weeks now (BTW, they appear two of them with the same icon and logo.)
MalwareBytes detects it as malware (Avast sometimes does, sometimes does'nt)
I have trie , for sure , uninstalling (completely unuseful) stopping all the apps I can (seems to have an effect in the reinstalling time ), and also keeping them installed but removing the Phone, Storage and SMS permissions, which, surprisingly, remain removed (until you uninstall the app)
I dealed in the past with the virus app on the Shoot 1 firmware, which turnaround solution (disabling the fake app) worked OK for me. But recently there have not been any fw update, so this time is not the firmware the responsible.
Any hint or help will be greatly appreciated.
¡Cheers!
Hi guys!
I'm having the same problem as you two. I can't believe that Doogee has screwed up on this again... (I also have the shoot 1 [nice screen ]) I'm surprised that, as you said, I've not found anything on the internet about this*. In addition, the application consumes a large amount of mobile data!
I hope there is an update soon, and that the problem is solved
Thank you all for your comments! Greetings from Spain!!
*Well, here they have the same problem
https ://android.stackexchange.com/questions/185520/how-to-get-rid-of-a-malware-app-chromes
Don't wait too much from Doogee. In fact don't wait nothing at all. They didn't solved yet the firmware virus that came with the first OTA update. We're alone...
And your GPS signal how is it going? In my case it does not get fixed to any satellite. Has someone managed to root it successfully? The truth is that I do not understand much about this, that's why I'm a bit afraid to do it.
I found this in a spanish forum, look at the last post (#19). (I think you have to translate it )
http: //ww w.htcmania. com/showthread.php?t=1291106
Summing up a bit, he says that Doogee sells mobiles with malware in the system. The fact is that they do it conscientiously. And then put a "solution", which is to install a firewall, so that you can control the internet connection of the applications.
Thanks again!
Some updates...
let me give you some updates :
1) the Shoot 1 phone is not easy to root with standard tools (kingroot & others: i tried a lot of them);
1) i successfully installed twrp with the FLASHTOOL and a specific recovery image TWRP + SU (if needed i can help about it);
2) I backupped everything (included malware of course) just to be sure i could go back in case of brick;
*** 3) I downloaded and installed the FANTASTIC lineage OS without any STUPID bloatware. ***
My phone is secure and fast NOW.
i warmly RECOMMEND all of you to root and update to lineage OS 7.1.2 (ver 14). Thankx to the lineage team! **they deserve a donation!!****
* about Shoot1 GPS *
i still didn't test it with the new LINEAGE and i will update you
Before i discovered the malware inside the GPS was not fixing correctly and in general not working like my previous LG or HTC
I was using an external BLUETOOTH antenna by using a middleware driver named Bluetooth GPS. Once you configured the driveer it works like a charm with tomtom and all GPS software ( i tested a lot). The external GPS solution lets the phone cold and free to charge during long gps travel session.
I will test anyway with the internal GPS again with the new LINEAGE ROM.
For any test or info write here and send me a PV message.
UPDATE: the lineage team is releasing the version 15 (development) with OREO. Anyway i will not install it soon. I am SOOOO SOLID now!
jmam said:
Any hint or help will be greatly appreciated.
¡Cheers!
Click to expand...
Click to collapse
Unfortunately you can't get rid of it. No one knows if there is another fake app or background service that loads it again. It seems to appear (after a factory reset) some days later (i.e. just the time to download from whoknowswhere).
The fact is that I CAN'T TRUST ANYMORE the Doogee and the entire ROM so i warmly suggest you to ROOT (via TWRP + SU) , backup all, and install a LINEAGE fresh n° 14 release for shoot 1.
i did it and it worked like a charm.
Chromes
I have phone that is not rooted or changed firmware. Antivirus said that i have chomes and facebook apps that are not safe, but i do not have facebook installed. I tried factory reseting the phone twice, but it still comes back....
Have got the same "Chromes" problem on Gretel A9 mobile. Not rooted, only used Google Playstore for few apps. So frustrated and so little information on how to solve it for a non techie like me. Tried to contact Gretel who never reply. Still under an AliExpress warranty but not sure if malware stuff is covered. Needrom have the official stock rom for the A9. Do I have to root the phone to reinstall a clean stock rom? Can anyone point me to instructions on how to replace the stock rom? Thanks for any help.
I am really sorry to say that. The SUPPORT from some of these Chinese Supplier is really poor. I can't help you with your GRETEL . Please search on this XDA forum is anyone can do .
Root it and install a reliable distro. Be careful: when you root your phone you loose your WARRANTY and (sometime) some functions of your phone is not available or not available at 100%.
Custom ROMs should be considered ALWAYS as "bleeding" and "in development".
As i said i will never buy anymore low cost China phones DUE to this lack of support and this (unbelievable) disattention to release malwared firmware.
Deki-bg said:
I have phone that is not rooted or changed firmware. Antivirus said that i have chomes and facebook apps that are not safe, but i do not have facebook installed. I tried factory reseting the phone twice, but it still comes back....
Click to expand...
Click to collapse
I struggled a lot to remove it with normal antivirus and antimalware.
It seems to BE NOT POSSIBLE without a rooted phone.
In my phone there were 2 problems:
1) the malware CHROMES
2) the injected system library (dunno what it does).
So , once i removed the CHROMES %$£"%$£% app....i could not know if it was related (or somehow connected) with the malware injected system library. So i couldn't trust anymore that factory o.s. and i replaced it with LINEAGE (atm something not working 100% like GPS) but at least it's clean and works.
I hope LINEAGE could support more chinaphones to get rid of the buggy malwared firmware from Doogee, Gretel and others Chinamakers
UHANS A101 affected as well!
CHROMES and
fake FACEBOOK app
garibald75 said:
I am really sorry to say that. The SUPPORT from some of these Chinese Supplier is really poor. I can't help you with your GRETEL . Please search on this XDA forum is anyone can do .
Root it and install a reliable distro. Be careful: when you root your phone you loose your WARRANTY and (sometime) some functions of your phone is not available or not available at 100%.
Custom ROMs should be considered ALWAYS as "bleeding" and "in development".
As i said i will never buy anymore low cost China phones DUE to this lack of support and this (unbelievable) disattention to release malwared firmware.
Click to expand...
Click to collapse
Thanks for the reply.
Do warranties usually cover an infected Rom (I'd need to send it to a Poland service centre)
Is it hard to flash a new clean stock rom over an infected stock rom?
owlsman said:
Thanks for the reply.
Do warranties usually cover an infected Rom (I'd need to send it to a Poland service centre)
Is it hard to flash a new clean stock rom over an infected stock rom?
Click to expand...
Click to collapse
If you can't ROOT it, try to open RMA or open a ticket, try (at least). I hope we can MOUNT CASE and create a bit of hype around this CRAZY THINGS .
In my case it doesn worth. The DOOGEE has a really poor website and we yellew there a lot about this malware.
No way to return. IT doesn't worth.
However tell them and try to have it swapped.
Hey guys, I just got the apk. If a dev can make it "peaceful", I will really appreciate that. Just rename the chromes(blablabla).txt to chromes(blablabla).apk
jimmy1235 said:
Hey guys, I just got the apk. If a dev can make it "peaceful", I will really appreciate that. Just rename the chromes(blablabla).txt to chromes(blablabla).apk
Click to expand...
Click to collapse
WARNING for all the users: THIS APK IS FOR DEVELOPERS. This apk CONTAINS a malware. it's *ONLY* FOR RESEARCH purposes. so Don't try to install it!!
the really interesting THING would be to know if it RECALLS some system service or other RESIDENT modules to complete the cleaning and to allow US to use the original firmware again.
Let's see if anyone can help us.
Well... This is getting REALLY deeply...
https://www.kaspersky.com/blog/triada-trojan/11481/
i tested KAV and other antivirus and malware removal tools.
KAV was not able to remove and to detect it.
the 1st (maybe not the only one) that warned me has been DR WEB ANTIVIRUS and it (also) couldn't remove it without rooting.
It's impossibile, though, to know WHAT / WHICH process is linked in memory or injected in the original ROM since the Chinese CRAPPYPHONES are full of bloatware and "weirdware" .
The trust is ZERO for them ATM.
Ok. Last year someone was able to tunnel into my network at home. Alot of crazy s*** went down. Long story short, I think there's something fishy going on again.. let me explain.
Everytime I get a new phone, laptop, desktop, etc. I start finding a ridiculous amount of hidden files and folders. The PC side is no longer the issue, now its moved to Android, I think?..
The question I want to know, is how can I compare my what my phone should be installing after a factory reset, file wise? I've looked for a list online to compare with and no luck so far. I also found that there is a partition of the internal storage, completely hidden and inaccessible. Like.. I can't see anything. Add that with permissions being changed randomly so I'm not able to take full control over these pesky little buggers.
In short, I'm either wayyyy to high off that last dab, or my phone is being tampered with. What can I do? Here's what I'm working with.
Samsung A21 (SM-S215DL) using Straight Talk. Attached is a screenshot of the SW mumbo jumbo. I really hope someone can help. TIA!
namdrop22 said:
The question I want to know, is how can I compare my what my phone should be installing after a factory reset, file wise? I've looked for a list online to compare with and no luck so far.
Click to expand...
Click to collapse
IMO nobody can tell you what apps to install after a Factory Reset: it's alone your decision what apps you want to run.
jwoegerbauer said:
IMO nobody can tell you what apps to install after a Factory Reset: it's alone your decision what apps you want to run.
Click to expand...
Click to collapse
No no. You're missing the question here.
namdrop22 said:
No no. You're missing the question here.
Click to expand...
Click to collapse
May be.
A Factory Reset doesn't install anything, it wipes all user apps and data. A Factory Reset never touches Android OS itself.
Look at the running apps and services, anything utilizating root or kernel or system privileges will not be in that list unless it's using a app to bootstrap but if you have a weird duplicate system app or an app with a strange name could help you narrow it down. if you have usb debugging enabled you may be able to run a logcat as well to see what messages the system is generating.
Does samsung offer any tools to read the boot log? You might find something In that too. Lastly, well you should do this first, check if there are any exploits or vulnerabilities with your phones software and hardware. Google search " chipset-or-software-name-here + escalate vulnerable cve exploit "
Check past software versions too, you could get hit while the vuln is unknown or lesser known then it patches the manufacturers patches.
Can u elaborate on these file systems or folders you say you have that are invisible?
Unless you loaded malware, a trojan etc on to the phone either in data from the PC, email download, an app you installed or a download from the internet.
Even so it would die with a factory reset... so do another factory reset so if you think so.
Then be careful what you allow into it.
Don't let anyone use your phone or access any of your devices ie flashcards, PC etc.
Run
SafetyNet Test - Apps on Google Play
SafetyNet device compatibility test
play.google.com
to check whether phone's Android got tampered or not