OnePlus (Android) log report? - OnePlus 8T Questions & Answers

[SOLVED]​
Hey XDA community,
I was wondering, if OnePlus (or Android in general) have some sort of log of apps running in system. I mean, not only apps but whole proccesses, errors and everything that's running in background. This question came to my mind because of being unable to connect to my OpenVPN server (see my post here https://forums.openvpn.net/viewtopic.php?t=34624). Now, I was able to connect to OpenVPN server before rooting my device. After rooting, i can only connect to Blokada 5 which acts as adblock on non-rooted devices (via VPN). The thing is, i can only see one VPN service in system settings-VPN (before rooting, there was Blokada 5 and OpenVPN). The exact issue of what is going on is captured via screen recording and it's posted in topic mentioned in the link.
I understand that this forum (and OnePlus 8T specific) isn't aimed for solving such an exact issue, so my question is if Android systems have built-in logging mechanism which i can access in realtime or as an exported file. I am rooted so there should be some hope for understanding of what is going on.
I hope I made myself clear, my English isn't best and I partially use the DeepL translator to choose the right words. But if you check that topic I've made, you will understand what's my point that I'm trying to solve.

CaptainFedora said:
Hey XDA community,
I was wondering, if OnePlus (or Android in general) have some sort of log of apps running in system. I mean, not only apps but whole proccesses, errors and everything that's running in background. This question came to my mind because of being unable to connect to my OpenVPN server (see my post here https://forums.openvpn.net/viewtopic.php?t=34624). Now, I was able to connect to OpenVPN server before rooting my device. After rooting, i can only connect to Blokada 5 which acts as adblock on non-rooted devices (via VPN). The thing is, i can only see one VPN service in system settings-VPN (before rooting, there was Blokada 5 and OpenVPN). The exact issue of what is going on is captured via screen recording and it's posted in topic mentioned in the link.
I understand that this forum (and OnePlus 8T specific) isn't aimed for solving such an exact issue, so my question is if Android systems have built-in logging mechanism which i can access in realtime or as an exported file. I am rooted so there should be some hope for understanding of what is going on.
I hope I made myself clear, my English isn't best and I partially use the DeepL translator to choose the right words. But if you check that topic I've made, you will understand what's my point that I'm trying to solve.
Click to expand...
Click to collapse
I don't know the exact cause of the problem in your case, but it may be a conflict of Blokada5 and OpenVPN apps as they both use vpn or OOS12 issue.
If you have root you can view android logs with Logcat. Maybe it'll help you to resolve your issue.

Thank you for the tip with Logcat. I would say it didn't help me, although i saw some errors . By the way, I tried what seemed like most logical solution, and that was uninstalling Blokada 5 (and also OpenVPN) and then installing only OpenVPN. Finally, after reading instruction message, the system asked me about allowing to create VPN profile which I did and after that i installed Blokada 5 again and now both apps works together. I can switch between one and another without any problems. So i solved this problem by myself i guess. To be fair, without your point of view I wouldn't try to uninstall in the first place, so... Thank you

Related

[Q] Wifi connection, no internet access.

Hi all,
This question has probably been asked; the problem is not a lack of solutions but there simply being too many - I've no idea where to begin with troubleshooting. Everything I've seen is just to general to be of any use.
Basically...
I installed CM11 (nightly build for my Motorola Moto G, AKA falcon). I've stripped down some of the GAPPS using the 'Barebones' guide on the CM wiki, e.g. removing the Google+ program I don't use, and the stock broswer (replacing with Lightning from the F-Droid repo). I've also installed various other programs to enable me to have absolute control over the device - AdAway, AFWall+ probably being the only two of interest.
I have no internet access either through data or via the house wifi; I have confirmation the problem is confined to my device since no one else in the house has problems, and my laptop and desktop work without trouble (incidently, the router has recently been changed also, so I now have the problem confirmed on two access points). It's not a reception issue either - the device connects fine to the router (albeit with fairly weak reception because of my distance away), in the 'Settings' dialogue I can see it 'Obtains IP address' etc without any obvious error message/hangs/stalling (and in settings displays itself as 'Connected').
Aside from being directed to a fix, I'd really appreciate it if someone could give me some kind of 'here's how you troubleshoot Android internet access' tutorial; I've got a bit of experience with desktop Linux, and more still with Windoze (albeit unwillingly) - I'm quite comfortable fiddling with the network manager or trying different kernel modules out. On Android, I've just no idea.
So far I have tried:
- Reinstalling the ROM (on both installs, the problem occurs after a few days to ~ a week of normal functioning).
- Uninstalling the AFWall+ (I think it's a DroidWall fork - acts as a frontend for iptables) on the last install, and on this one fiddling with the settings (unticking and re-ticking all boxes to allow on roaming/mobile data/wifi connections
- Uninstalling AdAway (on the last install only)
- Issuing 'ping' in the terminal. It's now just returning an "Error: Unknown host" message, yesterday when I was having trouble with the router, it was returning to do with insufficient privileges (even after I'd ran su to login as root).
-Turning the device on and off (in desperation only).
- I can also confirm the internet access affects not just Lightning (i.e. my browser) but is system wide - Skype, BBC iPlayer, weather updates in cLock etc.
As is probably obvious, I feel I've done little more than bash the screen with a rock and hoped for the best (metaphorically speaking).
I'm wondering if maybe there's something wrong with my hosts file - or else the way packets are sent/received, since Adaway will have altered that, and AFWall+ also. Maybe some bug whereby rules applied by AFWall+ are misinterpreted by iptables to block all access? Any help investigating this avenue in particular would be really helpful.
Also, just in case it wasn't clear, I've got full functionality of everything else, no crashes, able to make/receive calls and SMSes fine etc.
Cheers,
AA.
ArminasAnarchy said:
Hi all,
This question has probably been asked; the problem is not a lack of solutions but there simply being too many - I've no idea where to begin with troubleshooting. Everything I've seen is just to general to be of any use.
Basically...
I installed CM11 (nightly build for my Motorola Moto G, AKA falcon). I've stripped down some of the GAPPS using the 'Barebones' guide on the CM wiki, e.g. removing the Google+ program I don't use, and the stock broswer (replacing with Lightning from the F-Droid repo). I've also installed various other programs to enable me to have absolute control over the device - AdAway, AFWall+ probably being the only two of interest.
I have no internet access either through data or via the house wifi; I have confirmation the problem is confined to my device since no one else in the house has problems, and my laptop and desktop work without trouble (incidently, the router has recently been changed also, so I now have the problem confirmed on two access points).
Aside from being directed to a fix, I'd really appreciate it if someone could give me some kind of 'here's how you troubleshoot Android internet access' tutorial; I've got a bit of experience with desktop Linux, and more still with Windoze (albeit unwillingly) - I'm quite comfortable fiddling with the network manager or trying different kernel modules out. On Android, I've just no idea.
So far I have tried:
- Reinstalling the ROM (on both installs, the problem occurs after a few days to ~ a week of normal functioning).
- Uninstalling the AFWall+ (I think it's a DroidWall fork - acts as a frontend for iptables) on the last install, and on this one fiddling with the settings (unticking and re-ticking all boxes to allow on roaming/mobile data/wifi connections
- Uninstalling AdAway (on the last install only)
- Issuing 'ping' in the terminal. It's now just returning an "Error: Unknown host" message, yesterday when I was having trouble with the router, it was returning to do with insufficient privileges (even after I'd ran su to login as root).
-Turning the device on and off (in desperation only).
As is probably obvious, I feel I've done little more than bash the screen with a rock and hoped for the best (metaphorically speaking).
I'm wondering if maybe there's something wrong with my hosts file - or else the way packets are sent/received, since Adaway will have altered that, and AFWall+ also. Maybe some bug whereby rules applied by AFWall+ are misinterpreted by iptables to block all access? Any help investigating this avenue in particular would be really helpful.
Cheers,
AA.
Click to expand...
Click to collapse
maybe is a problem with ROM, flash different rom.
Paget96 said:
maybe is a problem with ROM, flash different rom.
Click to expand...
Click to collapse
AFAIK the dev has had no problems, and the two different installs I've had have been different builds.
Also I've no idea where to start to find a new ROM; Linux has the fantastic DistroWatch, but no such resource exists for ROMs (AFAIK).
Finally...I'm quite fussy . CM is just the right balance of features - if you want 'em - and stock, vanilla (or even barebones) if you don't. I had a HOX+ in the past, and so many of the ROMs for that were all about eyecandy and glitter - fat I'd rather trim.
ArminasAnarchy said:
AFAIK the dev has had no problems, and the two different installs I've had have been different builds.
Also I've no idea where to start to find a new ROM; Linux has the fantastic DistroWatch, but no such resource exists for ROMs (AFAIK).
Finally...I'm quite fussy . CM is just the right balance of features - if you want 'em - and stock, vanilla (or even barebones) if you don't. I had a HOX+ in the past, and so many of the ROMs for that were all about eyecandy and glitter - fat I'd rather trim.
Click to expand...
Click to collapse
you try to wipe cache?
Paget96 said:
you try to wipe cache?
Click to expand...
Click to collapse
When I installed the ROM, yep. My method is to wipe everything then sideload (IMO it seems cleaner ).
Otherwise, no, and don't see why it would make a difference, and would have no idea how to do it anyway...through the recovery, or is there a way to do it when booted?
No offence, but I get the feeling this is the blind leading the blind xD.
ArminasAnarchy said:
When I installed the ROM, yep. My method is to wipe everything then sideload (IMO it seems cleaner ).
Otherwise, no, and don't see why it would make a difference, and would have no idea how to do it anyway...through the recovery, or is there a way to do it when booted?
No offence, but I get the feeling this is the blind leading the blind xD.
Click to expand...
Click to collapse
I dont know, try to flash different rom and see if it will happen again or not. If not, problem is in that rom you already have.
Paget96 said:
I dont know, try to flash different rom and see if it will happen again or not. If not, problem is in that rom you already have.
Click to expand...
Click to collapse
Any suggestions on where to find one? Or of a particular ROM?
ArminasAnarchy said:
Any suggestions on where to find one? Or of a particular ROM?
Click to expand...
Click to collapse
[ROM] [4.4.4] [OFFICIAL] ParanoidAndroid 4.4 [FINAL/STABLE]
you can try this
[ROM][4.4.2] SlimKat 2.6 RC2 | Unofficial
bugs:
Problems with GPS.
- Sometimes recovery takes a LONG time to install the ROM.
[ROM] Infusion Beta III [Google Play Edition Based] [27th Jan 2014]
---------- Post added at 02:21 PM ---------- Previous post was at 02:19 PM ----------
all ROMs
http://alchemistar.blogspot.com/2014/02/moto-g.html

[Q] blocking ads in apps

hello all,
i just bought nexus 5.... i am kind of noob when it comes to android.
is there i can block all annoying ads that crops up within apps and browser?
i dont want to risk rooting my phone.
pls suggest me easiest, secure way to do this....
thanks.
You can try opting out from Ads from Google Settings but the only way to get rid of all the ads is to use an app like adaway which needs root. I don't know why you think it's a risk rooting your phone?? You can get back to stock anytime to claim warranty.
vin4yak said:
You can try opting out from Ads from Google Settings but the only way to get rid of all the ads is to use an app like adaway which needs root. I don't know why you think it's a risk rooting your phone?? You can get back to stock anytime to claim warranty.
Click to expand...
Click to collapse
hello
since i am new to android, i dont want to mess up/experiment on my phone. atleast till i get hang of it.
i used play a lot with my N95 before. so, till i get firm grasp on android inner workings, i wouldnt want to do anything with its in built features.
further, rooting is bit too technical for me..... there is no application that can root with just a click like it existed with S60 V3 OS.....
so will wait till such a thing comes up.
Try to find in playstore
lambo98 said:
Try to find in playstore
Click to expand...
Click to collapse
thank u for this grt suggestion.
fyi: all ad blocking apps r removed from playstore. only detectors r whats there.
ags84 said:
further, rooting is bit too technical for me..... there is no application that can root with just a click like it existed with S60 V3 OS.....
so will wait till such a thing comes up.
Click to expand...
Click to collapse
Even though there are tools available to do this (simple search on xda will locate those), you really should take the time to understand the 4-5 (simple) steps involved in rooting. That way, you know exactly what is happening (versus a toolkit that will attempt to do everything for you, and just tell you "all done" - without you having a clue about what really happened). The advantage of understanding these steps is that later, if you want to install an update or want to switch kernels and read a guide that tells you to flash "xyz", or restore from nandroid etc, you will not be clueless. Or if somebody tries to help you with an issue, and asks you to go your recovery, you won't be asking "how do I go to recovery screen"
My suggestion: If you are ever planning to root your Nexus 5, read the first 2 posts at http://forum.xda-developers.com/goo...ide-nexus-5-how-to-unlock-bootloader-t2507905 - especially the parts highlighted in red.
Then, read it again <-- repeat till you understand it. If you have questions, read/search that thread to see if somebody already asked that question - and if not, ask in that thread.
The Nexus is probably the easiest device to root. But don't root till you are comfortable with it, and understand the steps involved.
Since you mentioned in your first post that you didn't want to root, you could try https://adblockplus.org/en/about
I must admit that I tried it once and wasn't able to get it to work right, and so I just installed adaway (that requires root) instead.
jj14 said:
Even though there are tools available to do this (simple search on xda will locate those), you really should take the time to understand the 4-5 (simple) steps involved in rooting. That way, you know exactly what is happening (versus a toolkit that will attempt to do everything for you, and just tell you "all done" - without you having a clue about what really happened). The advantage of understanding these steps is that later, if you want to install an update or want to switch kernels and read a guide that tells you to flash "xyz", or restore from nandroid etc, you will not be clueless. Or if somebody tries to help you with an issue, and asks you to go your recovery, you won't be asking "how do I go to recovery screen"
My suggestion: If you are ever planning to root your Nexus 5, read the first 2 posts at http://forum.xda-developers.com/goo...ide-nexus-5-how-to-unlock-bootloader-t2507905 - especially the parts highlighted in red.
Then, read it again <-- repeat till you understand it. If you have questions, read/search that thread to see if somebody already asked that question - and if not, ask in that thread.
The Nexus is probably the easiest device to root. But don't root till you are comfortable with it, and understand the steps involved.
Since you mentioned in your first post that you didn't want to root, you could try https://adblockplus.org/en/about
I must admit that I tried it once and wasn't able to get it to work right, and so I just installed adaway (that requires root) instead.
Click to expand...
Click to collapse
thank you for the insight.
i am reading it and will root only after i fully understand it.
i did try adblockplus. got it when i searched on google.
as u said, it doesnt work right..... so i thought of asking it here as it is comman problem faced by many android users.
cheers.
ags84 said:
thank you for the insight.
i am reading it and will root only after i fully understand it.
i did try adblockplus. got it when i searched on google.
as u said, it doesnt work right..... so i thought of asking it here as it is comman problem faced by many android users.
cheers.
Click to expand...
Click to collapse
Ad Block Plus got nuked by Google, unfortunately. You need root to do this for all apps and on all connection types.
ags84 said:
i am reading it and will root only after i fully understand it.
Click to expand...
Click to collapse
Good on you to take the time to learn.
Short of rooting your phone and installing an ad-blocker, you would have to pay for "pro" versions of apps you use, which often remove ads from the app as part of the upgrade.
MoaAB hands down is the best add blocker! But u need root...
(Mother of all Add Blockers)
Nothing is going to fully block ads without root. Nope. ?
For unrooted try Andblock (not ABP) http://code.google.com/p/andblock/
You need to import a host file (menu > import), and set Port to 8080
Blocks web ads only
Lord Childe said:
For unrooted try Andblock (not ABD) http://code.google.com/p/andblock/
You need to import a host file (menu > import), and set Port to 8080
Blocks web ads only
Click to expand...
Click to collapse
So just for browsers you mean? If that's the case you can just use AdBlock Plus extensions/addons for your respective browser.
Adblock (unrooted, side load APK) will still work for WiFi just not on a data connection and needs to be setup as a proxy, or is it just for data? Can't remember.
bblzd said:
So just for browsers you mean? If that's the case you can just use Ad Block Plus extensions/addons for your respective browser.
Adblock (unrooted, side load APK) will still work for WiFi just not on a data connection and needs to be setup as a proxy, or is it just for data? Can't remember.
Click to expand...
Click to collapse
It’s plugged as ‘Andblock’, yet the app is named ‘Adblock’ – very confusing. And I’m sure it’s intentional, given the similarities with ABP.
Before I rooted my device I used Andblock (Adblock) – it works with 3g/4g, whereas ABP unrooted only works over wifi. Anyway, standalone ABP for Android is riddled with bugs and inconsistencies – brilliant as a FF addon in Windows, might be good as a browser ext. for Android - but if you're unrooted and use a browser that hasn’t got an ABP ext. then you’re buggered.
A device isn’t completely free of ads even with root - the famed MoaAB doesn't block every app ad.

[Q] My android phone is being keylogged, please help!!

I believe nothing is secure in my phone including passwords, security pin and even what i'm typing now. Recently, my facebook acct got hacked too.I think my phone is being keylogged. So, I did the following things:
1.First of all, I resetted mydevice
2. Then, I even changed the rom
But, still I feel insecure. I want to know is there any way that the keylogging is kernel masked? Do I need to update the kernel? I need to know about the things I should do to make sure that my phone is completely keylogger free. Please help!
dreamer04 said:
I believe nothing is secure in my phone including passwords, security pin and even what i'm typing now. Recently, my facebook acct got hacked too.I think my phone is being keylogged. So, I did the following things:
1.First of all, I resetted mydevice
2. Then, I even changed the rom
But, still I feel insecure. I want to know is there any way that the keylogging is kernel masked? Do I need to update the kernel? I need to know about the things I should do to make sure that my phone is completely keylogger free. Please help!
Click to expand...
Click to collapse
Im no expert in this subject, but what I would do is Flash a new Rom and kernel, then Monitor packets send and recieved by the phone with an app, or with a router. The rooting method also matters. So, Flash the original OEM Software first. Rooting methods that harvest IMEIs have been reported. So, dont go with the "one clickers" to root your device method, but do it the Long way.
I am curretly also using a Firewall in my phone and also my Connection goes through a router with a Firewall.
Normally, I never enter sensitive data when in a dangerous enviroment, such as an unprotected Caffe WiFi.
If you are concerned about a keylogger, then you should be more concerned on how you got your device infected.
I usually refrain from using the Google Appstore. I mostly use Open Source programs/apps that can be compiled or tested
You should look into Fdroid, which Hosts open source apps, not many, but there are some.
Tell me what to do?
My phone is over heating too. So I installed network log from play store and watched the log. I found my phone sending and receiving packets through kernel.
I have uploaded the screenshots with this. Please have a look and tell me is this normal or if it isn't, what to do?.
Also, before unlocking the lock screen shows some messages as in the screenshot. But, after unlocking there is no such messages exist.
Please help.
dreamer04 said:
My phone is over heating too. So I installed network log from play store and watched the log. I found my phone sending and receiving packets through kernel.
I have uploaded the screenshots with this. Please have a look and tell me is this normal or if it isn't, what to do?.
Also, before unlocking the lock screen shows some messages as in the screenshot. But, after unlocking there is no such messages exist.
Please help.
Click to expand...
Click to collapse
I'm not sure about the message in your lockscreen but the IP's in your kernel log seem to be corresponding with these domains:
Host 24.9.193.104.in-addr.arpa. not found: 3(NXDOMAIN)
Host 233.127.230.115.in-addr.arpa. not found: 3(NXDOMAIN)
Host 54.213.160.61.in-addr.arpa. not found: 3(NXDOMAIN)
Host 108.213.160.61.in-addr.arpa. not found: 3(NXDOMAIN)
233.24.249.123.in-addr.arpa domain name pointer error-cdnzz-com.cdnzz.net.
188.200.125.74.in-addr.arpa domain name pointer sa-in-f188.1e100.net.
As you can see, the first 4 are unresolved, hence there is no domain linked to the IP.
The last 2 do have a domain linked, but I'm have no idea if they are used for malicious stuff.
But like shadowcore said, shouldn't you be more concerned about where you got this infection from?
After resetting and reinstalling a new rom, there are little places left for a logger/malicous-app to have been hiding.
What you could do is install OSMonitor. This is yet another logging app, but it provides you with a list of all the current running processes and connections, with the option to watch it, or kill it. Maybe you can use this to filter out any loggers still on running your device. You can find it on the Play Store.
You can also restrict networktraffic with AFWall+, which is a firewall app. It takes some time to configure, but it does wonders.
Also: Unclefab has written a really good tutorial about securing your phone, in a multitude of ways.
It's here: http://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077
Traffic through the kernel is normal see:
Code:
https://github.com/ukanth/afwall/wiki/FAQ#34-why-the-kernel-need-an-internet-connection-all-the-time-afwall-shows-appid--11-blocked
You should probably install afwall+ to restrict internet access to some apps.

[Q] Application specific password for google account in Lollipop

Howdy (and apologies ahead of time if this is a dup, I _did_ search, didn't find anything),
Is it just me or did application specific passwords break with Lollipop? Googled a bit and couldn't find any details. I just see postings stating that 2fa works now, but I don't see how that negates the need for app specific passwords.
I know 2fa is now supported but I'm a bit concerned to use my normal password as I'm not sure if it's stored in any way. Anyone know of any links that explain what exactly is stored and how the auth is persisted across reboots? Maybe I'm misunderstanding, but I thought that if my device was lost, with app passwords I could revoke the device without changing my main password.
The other issue is, since I'm using 2fa with the google auth app on this phone I wouldn't even be able to setup if I wiped this phone (which I will need to). At least prevously I could login to my google account on my PC, create the app specific password and sign on that way.
- TIA for any info
I have just upgraded my Nexus 5 from 4.4.4 into 5.0.1 (I didn't install 5.0.0). What I did:
1. Factory reset on 4.4.4
2. Install system update into 5.0.1
2. Factory reset on 5.0.1
3. Application specific password NOT accepted on initial account setup on Nexus 5. I had to use my master password and code list because you can't read sms before account is added on the phone.
Is this really broken? I haven't found any info on this either.
Wow, someone else who was using this feature. That makes 2 of us at least. I guess that's why they removed it...? Yeah, unless I'm missing something it appears it's indeed broken.
The best part is this isn't really part of Android, but part of gapps; no way to report bugs for that (at least that I've found). Someone opened a bug against AOSP but they closed it as this stuff isn't part of AOSP:
{scheme}code.google.com/p/android/issues/detail?id=57863&can=1&q=app%20specific%20password&colspec=ID%20Type%20Status%20Owner%20Summary%20Stars
They suggested using the "google mobile help forum"; I guess this page links to it: {scheme}googlemobile.blogspot.com/2008/11/got-questions-try-new-google-mobile.html - following the link just gives an error "no group mobile found" or something similar.
All I could see to do was to post a response to their help page on signing in with app specific password to Play pointing out the inaccuracy of the article. I can't find that article anymore, it looks like it might've been removed? I received no response to that.
I can't imagine this being a very difficult feature to support, so I'm a little surprised it was removed. But hey, at least they added all sorts of eye candy and other crap I don't really care about.
I think this is a deal breaker for me. Unless I'm misunderstanding here, if someone were to acquire my phone and extract the password the key or whatever it's storing, they would then be able to access my account settings and take full ownership. If it only had the app specific password, I don't think that'd allow them to modify security settings. If it's tieing the key to the device, that's great but I still can't revoke it (doesn't show up in the app specific password page). Unacceptable (again, unless I'm misunderstanding something?).
Maybe it's time to start looking for alternatives. Wonder if any Maemo derivatives can run on the M8? It was miles ahead of Android in all departments except eye candy anyways...
I'll reply here if I see any more info - please do the same.
This is totally broken.
My company uses App Specific Passwords and I just updated my Droid Turbo to Lollipop.
After the update, everything worked fine. However, I started getting google play service errors and had to wipe.
Now I need to log in using my authenticator password instead of my app specific password.
Not good
dragonash said:
This is totally broken.
My company uses App Specific Passwords and I just updated my Droid Turbo to Lollipop.
After the update, everything worked fine. However, I started getting google play service errors and had to wipe.
Now I need to log in using my authenticator password instead of my app specific password.
Not good
Click to expand...
Click to collapse
Agreed. Quite unfortunate, but I can't find anyone outside of this thread and a few random posts that seem to actually care.
Thanks for confirmation that this is still a problem, btw. I'm still not sure if there's anyplace to even raise this to Google...
i just spent an hour trying to understand why this smart feature wasn't working on my new mobile with a stock andorid lollipop! at least i feel less lonely now...
i sent a feedback to google even if i don't think they'll reply.. i opened a ticket on AOSP website (Issue 189310) if you want to check their reply.. sorry but i can't post outside links

Security Issues. a must see and read

Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
The Android community isn't what it used to be that's for sure. No help, no suggestions. Just nothing.
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Ref his other post
https://forum.xda-developers.com/general/security/security-global-family-credientals-t3665851
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
IronRoo said:
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
Click to expand...
Click to collapse
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
And code.auroa? What is this
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection, it only scans apps on demand, so you should run a good antivirus also)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
---------- Post added at 05:12 AM ---------- Previous post was at 05:02 AM ----------
BLEEDCOLORYOU said:
And code.auroa? What is this
Click to expand...
Click to collapse
edit: not Firefox then.
org.codeaurora.bluetooth is a legit part of Bluetooth .... Well unless it's flagged by virustotal then it probably is a malicious app just given a common name to try and hide
IronRoo said:
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
Click to expand...
Click to collapse
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
BLEEDCOLORYOU said:
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
Click to expand...
Click to collapse
And alot of the overlay apps n simtoolkit are all questionmarked
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function, not sure what you mean). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
BLEEDCOLORYOU said:
And IV never encrypted this phone.
Click to expand...
Click to collapse
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
IronRoo said:
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
Click to expand...
Click to collapse
Okay so now I'm trying to post screenshots of when I'm connected to wifi and it's not letting me
Pairwise cyphers and
Group cyphers
Sim_num
?
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
Tap those with question marks to submit to virustotal for analysis
IronRoo said:
Tap those with question marks to submit to virustotal for analysis
Click to expand...
Click to collapse
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
BLEEDCOLORYOU said:
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
Click to expand...
Click to collapse
Now I'm not stupid, this is facts. I just need defined and solution!!!
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
IronRoo said:
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
Click to expand...
Click to collapse
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
BLEEDCOLORYOU said:
Pairwise cyphers and
Group cyphers
Sim_num
?
Click to expand...
Click to collapse
These are for encryption of your connection, not your phone
BLEEDCOLORYOU said:
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
Click to expand...
Click to collapse
I'm no coding/security guru, but I have worked on telecoms, military electronics, etc but my coding & network security knowledge is limited.
I would run this app Fing to check your local network, are there any unknown devices connected?
https://play.google.com/store/apps/details?id=com.overlook.android.fing
note: this only finds currently connected devices, so you'd want to do this several times & especially when you see suspect behavior.
Also check for open ports, easiest way is probably this site, it will scan the first 1000 ports or so (select all)
https://www.grc.com/
go to shields up
but you really need to scan ALL possible ports with a tool like Zenmap (for PC) if you think you are compromised
https://nmap.org/zenmap/
However it's not clear to me if you ever installed a proper antivirus and whether it found and deleted anything? Virustotal seemed to find some suspect apks, I had a quick look at Trendmicro database but it didn't list details of the one it found in your screenshot, but the fact some of those antivirus companies called the suspect apk names with "joke" in it may suggest it's just a joke app your mate has installed, though probably not a joke app if your other devices are really also compromised, from memory there is also real malware with that name which may be able to infect other devices. Running a proper antivirus should easily find and clean any "joke" app on your phone & hopefully any real malware. If you've done this and still seeing indications you are compromised then do what I suggested above. (Also repeat malware checks on other devices and removable storage media)
You should also log into your router as admin and check settings, are you using a secure router password? Is firmware up to date. Is firewall set up correctly? Also close any open ports that you don't use. Turn off remote admin, if router has it. Etc etc what do your router logs show (turn on more detailed logging if necessary) Factory reset or reinstall firmware if you think changes have been made to your router by someone else.
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Spidder77 said:
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Click to expand...
Click to collapse
I'm having the same issmy ues. Did anyone ever resolve or figure out what is happening? I think I'm under investigation by the DOD and they own my devices. My uploads/downloads are blocked, internet searches filtered, pics/screenshots of evidence deleted off my phone, etc.

Categories

Resources