Found this thread reading through the Fascinate subforum, they had this stickied, for good reason.
Here's the original thread: http://forum.xda-developers.com/showthread.php?t=977154
Rodderik said:
Who is affected? All phones pre-gingerbread
Who should act? Users and developers using pre-gingerbread roms
How do I fix? Flash attached .zip at the bottom of this post or use one of the alternate methods down there
What if I think I was infected? Completely wipe your device, format sdard, go back to stock and re-apply rom, then flash the attached .zip (before installing any apps)
Why should I care? read below...
http://www.androidpolice.com/2011/0...your-phone-steal-your-data-and-open-backdoor/
Link to publishers apps here. I just randomly stumbled into one of the apps, recognized it and noticed that the publisher wasn’t who it was supposed to be.
Super Guitar Solo for example is originally Guitar Solo Lite. I downloaded two of the apps and extracted the APK’s, they both contain what seems to be the "rageagainstthecage" root exploit – binary contains string "CVE-2010-EASY Android local root exploit (C) 2010 by 743C". Don’t know what the apps actually do, but can’t be good.
I appreciate being able to publish an update to an app and the update going live instantly, but this is a bit scary. Some sort of moderation, or at least quicker reaction to malware complaints would be nice.
EDIT: After some dexing and jaxing, the apps seem to be at least posting the IMEI and IMSI codes to http://184.105.245.17:8080/GMServer/GMServlet, which seems to be located in Fremont, CA.
I asked our resident hacker to take a look at the code himself, and he’s verified it does indeed root the user’s device via rageagainstthecage or exploid. But that’s just the tip of the iceberg: it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.
Click to expand...
Click to collapse
The offending apps from publisher Myournet:
* Falling Down
* Super Guitar Solo
* Super History Eraser
* Photo Editor
* Super Ringtone Maker
* Super Sex Positions
* Hot Sexy Videos
* Chess
* ????_Falldown
* Hilton Sex Sound
* Screaming Sexy Japanese Girls
* Falling Ball Dodge
* Scientific Calculator
* Dice Roller
* ????
* Advanced Currency Converter
* App Uninstaller
* ????_PewPew
* Funny Paint
* Spider Man
* ???
Click to expand...
Click to collapse
http://www.androidpolice.com/2011/0...-android-nightmare-and-weve-got-more-details/
Now, on to some more details of the virus. We should point out that this vulnerability was patched with Gingerbread, meaning any device running Android 2.3+ should be fine. In other words, if you’re looking to play the blame game (which I’m not, but having read all the comments on the original post, many people are), then there’s plenty to go around. The hole was fixed by Google, but it’s relatively useless since many phones aren’t yet running a version of Android that is protected. It’s noteworthy that some manufacturers released updates that patched the exploit for devices without updating to Gingerbread; unfortunately, it appears that minority is quite a small one.
Perhaps most important is the question of what infected users can do about their situation; unfortunately, the answer is not much of anything. Because the virus opens up a backdoor and can bring in new code at any time, the only way to really rid an infected device of any damage is to completely wipe the device – not exactly the optimal solution, but it looks like the only one available, at least for now.
Finally, Justin notes that ROM developers working with pre-Gingerbread versions of Android can prevent the virus from backdooring in code by putting a dummy file at /system/bin/profile.
Click to expand...
Click to collapse
As you can see androidpolice.com reports on this backdoor and roots and steals personal information. The apps are removed from the market but that doesn't mean they got them all. Attached is a flashable fix as suggested by androidpolice.com
So users can flash this .zip or simply create a blank file called profile and place it in /system/bin/ (developers are encouraged to include this file in future releases. A blank file is not going to affect performance at all)
Alternate methods:
Using 'adb shell' or terminal emulator (should work on any ROOTED phone) as suggest by xaueious here
Code:
$ su
su
# remount rw
Remounting /system (/dev/stl9) in read/write mode
# touch /system/bin/profile
# chmod 644 /system/bin/profile
#
Alternate 2:
Download blank profile file from here (or create one and name it profile)
Use a program like Root Explorer to copy it to /system/bin/
Then longpress on it and check the permissions should be read/write for user, read for group, and read for others.
Alternate 3:
cyansmoker has put together an apk for the patch here https://market.android.com/details?id=com.voilaweb.mobile.droiddreamkiller
Thanks for pointing this out photoframd and androidpolice.com for investigating and reporting!
UPDATE: I renamed the .zip file and reuploaded it (350 hits wow). Also in the edify scripted version I added 644 permissions to the file (but if you already flashed it then it should have defaulted to that). I also added a pre-edify version of the patch thanks to xaueious for people using a recovery that does not yet understand edify.
Click to expand...
Click to collapse
thankyou for bringing this to our attention.
Fretless said:
thankyou for bringing this to our attention.
Click to expand...
Click to collapse
I second that! many thanx!
Of course. It surprised me that I hadn't seen this earlier.
I've already committed this to the Incredible S rom base, I suggest other devs do so as well.
How would someone without root plug the hole??? or does this only effect the root users?
The Malware uses rageagainstthecage to root the phone, then does all the dirty work. So I'd guess that it would leave your phone rooted.
Apparently the infected phones are already clean according to Google. They have a way to remote wipe the affected app from your phone and clean up any traces it left, as well as hopefully plugging the whole in the process.
So wait..... I had Cyanogen 7 RC1 running.... And I had Spider man (infected app) installed.... but since then I've changed roms....
Since RC1 is 2.3 am I safe???
Zerox8610 said:
So wait..... I had Cyanogen 7 RC1 running.... And I had Spider man (infected app) installed.... but since then I've changed roms....
Since RC1 is 2.3 am I safe???
Click to expand...
Click to collapse
Well, seeing as the article says that the vulnerability only applies to pre-gingerbread roms, yes. You are safe.
wdfowty said:
Well, seeing as the article says that the vulnerability only applies to pre-gingerbread roms, yes. You are safe.
Click to expand...
Click to collapse
Google pushed out an market update with the mal-ware plug a couple of days after the problem showed up. i forgot where i read the article and if i find it i will post.
the apps that had the back door sniffer built in were reversed engineered and the made the patch according to there findings.
synisterwolf said:
Google pushed out an market update with the mal-ware plug a couple of days after the problem showed up. i forgot where i read the article and if i find it i will post.
the apps that had the back door sniffer built in were reversed engineered and the made the patch according to there findings.
Click to expand...
Click to collapse
I think it's one of the articles linked in the original thread qoute.
wdfowty said:
I think it's one of the articles linked in the original thread qoute.
Click to expand...
Click to collapse
lol. yeah your right. i should have checked the op before speaking.
Lol it's all good
Kinda unclear? Ifi have cm7(2.3) and installed one of those apps am i good?
sent from dinc
Rom-Addict said:
Kinda unclear? Ifi have cm7(2.3) and installed one of those apps am i good?
sent from dinc
Click to expand...
Click to collapse
As they said, the problem is for any software version below Gingerbread. And since you're running GB (2.3), you don't have to worry about it. You're safe.
Sent from my Droid Incredible running Myn's Warm TwoPointTwo RLS5.3.
changed the title to ease the confusion...
that sucked, that spider man game was actually kinda cool ;P
Zerox8610 said:
that sucked, that spider man game was actually kinda cool ;P
Click to expand...
Click to collapse
I believe it was a developer that kanged an app, and smali'd in some malicious code. Just use gingerbread or a rom with a dummy /system/bin/profile
Related
This morning there is a new item in the notification pull down screen.
Updates Available
1 update found
I'm scared to even click on it, thinking it will automatically download and install the patch that kills root. I am currently running Fresh 2.1 and don't want to change a darn thing!
I had followed these instructions:
DISABLE OTA UPDATES!!!!
To disable OTA updates that will patch this exploit, (after rooting and booted after creating a nandroid backup) run the following commands from Command Prompt.
Code:
cd C:\android-sdk-windows\tools
Code:
adb remount
Code:
adb shell
Code:
mv /system/etc/security/otacerts.zip /system/etc/security/otacerts.zip.bak
After doing this, the OTA updates WILL still download, BUT they will not pass signature checks to flash because of the code you just entered.
So do I just clear the notice? Has anyone clicked this thing?
That's for your market apps, perfectly safe
nebenezer said:
That's for your market apps, perfectly safe
Click to expand...
Click to collapse
Indeed it was...Autokiller updating as I type this.
Thank you, Nebenezer.
You have helped eased my tender nerves since the very first time I posted on XDA.
/bow
Chaid said:
Indeed it was...Autokiller updating as I type this.
Thank you, Nebenezer.
You have helped eased my tender nerves since the very first time I posted on XDA.
/bow
Click to expand...
Click to collapse
Chaid, between you and me - Don't listen to anything neb ever tells you. He will ONLY get you in trouble.
Kcarpenter said:
Chaid, between you and me - Don't listen to anything neb ever tells you. He will ONLY get you in trouble.
Click to expand...
Click to collapse
puh-sha
yeah, if by "trouble" you mean "awesome state of coolness few people have ever experienced" then yes, KC is absolutely correct
nebenezer said:
puh-sha
yeah, if by "trouble" you mean "awesome state of coolness few people have ever experienced" then yes, KC is absolutely correct
Click to expand...
Click to collapse
Well of course that's what I ment - Urban dictionary defintion of Trouble: Awesome state of coolness few people have ever experienced. the only known cause is the presence of either Nebenezer or Chuck Norris.
Ha! Both of you where the first to give me help! Too funny.....
Ok, since I have you both here, I have a silly question.
After I re-rooted after the 2.1 RUU, one of the first ROM's I flashed was Fresh 2.1.2.....I can't for the life of me remember why I didn't like it. Flashed Damage and a few others and ended up with Fresh 2.1, which I love.
So, after reading about both Fresh's ROMs, I don't see much difference.
Did 2.1.2 just fix things? There is absolutely nothing wrong with 2.1 (at least for me), but feel like I might be missing out on something I overlooked.
Whatchu think?
Chaid said:
Ha! Both of you where the first to give me help! Too funny.....
Ok, since I have you both here, I have a silly question.
After I re-rooted after the 2.1 RUU, one of the first ROM's I flashed was Fresh 2.1.2.....I can't for the life of me remember why I didn't like it. Flashed Damage and a few others and ended up with Fresh 2.1, which I love.
So, after reading about both Fresh's ROMs, I don't see much difference.
Did 2.1.2 just fix things? There is absolutely nothing wrong with 2.1 (at least for me), but feel like I might be missing out on something I overlooked.
Whatchu think?
Click to expand...
Click to collapse
I can't keep up any more LOL.
I think 2.1.2 was de-odexed and might be a little faster for you in that case.
I am on a fresh 2.1.2 with friend stream that JSChi put out yesterday.
You still have to be careful with those updates. There has been cases where an update has either basically removed itself or severely gimped features of the program and that is either because it infringes on a copyright or the author decided to go the paid route and firebombed his old free app. It has happened in the past.
There have also been cases of major bugs being introduced that don't get fixed for awhile.
Just make sure to read the comments as people will usually mention those things.
This is brought to you by Drod2169: here is some info, please follow the link to download and for support. http://www.droidxforums.com/forum/droid-x-roms/8428-rom-rubix-focused-0-3-a.html Post #68 at Droid X forums has the brightness and calender fixes.
"You may know me from my Rubik releases for the droid 1.. Well recently I purchased a Droid X. I couldn't stand the phone stock, so of course I got busy. I've been working on this for quite a while, gone through quite a bit of bricks, sbf flashes, and passing it to my testers cause I couldn't afford to brick at the time.
I bring you the first release of the rubiX series for the Droid X. rubiX Focused, It is a blurless rom
Tranquility 2.3.5 base (2.2.3.15 base) thanks to p3droid, motorola (hah) and google
Build.Prop tweaks (thanks to Beesley)
Market fix
All apps optimized/zipaligned (Credit to me)
ADW Launcher as stock launcher (No more laggy blur home!)
Bloatware removed (Credit to me)
135.42 MB free in System! Speedy (Credit to me)
Google market apps removed (download from market)
Auto Brightness Hack (credit to Pete)
Speed and battery tweaks (Credit to me. Thanks Nenolod and Pete for inspiration on sysctl tweaks)
Few more things that I'd like to keep secret for the time being "
Are all of the Motorola account management crap gone?
Gimpeh said:
Are all of the Motorola account management crap gone?
Click to expand...
Click to collapse
Yes. Accounts managed through settings. The brightness patch for stock brightness and the calendar fix are also in the 1st post now so you don't have to search through the thread
Thanks for posting this, FSR. Can't post links yet
Installed for 12 hours and still running great.
I appreciate your work.
Sent from my DROIDX using XDA App
Hmmm, well if I am gonna have to wipe for this I may as well SBF back and get the official OTA.
Seems pretty decent so far. My linpak and quadrant scores are even with what I was getting with the OTA after getting rid of some bloat. Calendar fix hasn't fixed my sync issue yet. Any idea why when I post my scores to linpak my notes show build 2.2.20? I'm not familiar with that particular version. Phone info shows 2.3.15 as it should but this is obviously not built off the official 2.2 as I've notice certain things change back to leak versions.
I'll give this rom a few days but I'm probably heading back to the OTA.
Can someone share the stock backup assistant apk with me? I'm lazy enough that I was just using that instead of a3rd party app so now I'm missing a HUGE chunk of my contacts. If it can't be used on this rom I'm doingan sbf right away when I get home.
Gimpeh said:
Hmmm, well if I am gonna have to wipe for this I may as well SBF back and get the official OTA.
Click to expand...
Click to collapse
I was thinking the same thing.
Let me know how it goes for you
Although, I'm a little concerned about losing the ability to SBF back to 2.1 ... really on the fence about this.
Gimpeh said:
Hmmm, well if I am gonna have to wipe for this I may as well SBF back and get the official OTA.
Click to expand...
Click to collapse
Why would you want the OTA? There is nothing magical about it, except Moto decided to lock the system down some more with new Bootloader keys.
Check out the threads around the forums, everyone is enjoying RubiX.
FSRBIKER said:
Why would you want the OTA? There is nothing magical about it, except Moto decided to lock the system down some more with new Bootloader keys.
Check out the threads around the forums, everyone is enjoying RubiX.
Click to expand...
Click to collapse
There is in fact a difference. Newer Baseband and New Kernel which results in better performance. These two objects were left out of the leak for fear of it leading back to the leaker.
drod2169 said:
Yes. Accounts managed through settings. The brightness patch for stock brightness and the calendar fix are also in the 1st post now so you don't have to search through the thread
Thanks for posting this, FSR. Can't post links yet
Click to expand...
Click to collapse
Im curious ....aren't you Jake Day? The downloads are from his site.....
acidbath5546 said:
Im curious ....aren't you Jake Day? The downloads are from his site.....
Click to expand...
Click to collapse
Ouch, if true I may be rethinking installation of this.
Gimpeh said:
Ouch, if true I may be rethinking installation of this.
Click to expand...
Click to collapse
Lol...not trying to be rude or start drama...im just curious before download something ...I always wanna know.the source.
and when I click on the download link, I noticed the download is coming from ninebysix.com, which is jake days website.
Flashed it. It's pretty damn fast. Perhaps this is Jake's reconciliation.
Fast is true and easy to install when following directions. The one thing that is strange and wondering if anyone else is experiencing.
I keep getting FC when trying to access my calendar. Yes I am trying to access my google calendars with default calendar program and even Jorte.
Anyone else?
Perhaps ideas for me?
admiral70 said:
Fast is true and easy to install when following directions. The one thing that is strange and wondering if anyone else is experiencing.
I keep getting FC when trying to access my calendar. Yes I am trying to access my google calendars with default calendar program and even Jorte.
Anyone else?
Perhaps ideas for me?
Click to expand...
Click to collapse
Happened to me...flash the rom zip following the instructions. Reboot the phone. Then bootstrap and reboot back into recovery and flash the calendarfix zip from page 7 of this thread: http://www.droidxforums.com/forum/droid-x-roms/8428-rom-rubix-focused-0-3-a-7.html
I had this instaled but could'nt get google maps to work so I went back to flyx rom. The market is stuck downloading google maps I hit cancel and it has force closed
Sent from my DROIDX using XDA App
I also had some FC problems. It FC's everytime you try to stop a download in the market. It FC's every time you click on the battery manager to see what's sucking juice and it FC'd when messing around with the Calendar.
Because of those reasons, plus not being any faster than I had gotten my OTA after bloatware removal and some build.prop tweaks, not being able to use Backup Assistant (losing 80% of my contacts) and the fact that I actually like the native 2.2 txt app led me back to my OTA 2.2 through the nandroid backup I made before installing rubiX.
This is one I will definitely keep an eye on and will be testing in further revisions, but it's not where I want a rom to be right now.
I appreciate all the hard work that went into it but it's just not for me right now.
shaninNH said:
Happened to me...flash the rom zip following the instructions. Reboot the phone. Then bootstrap and reboot back into recovery and flash the calendarfix zip from page 7 of this thread:
Click to expand...
Click to collapse
Winner, winner chicken dinner. That is exactly what I needed. Thank you very much.
Other than that one thing I am pleased so far with the build.
Sorry guys, I've been at work and haven't had much time to check threads except for the ones that push to my email, and for some reason xda didn't..
acidbath5546 said:
Im curious ....aren't you Jake Day? The downloads are from his site.....
Click to expand...
Click to collapse
no
I'm Derek Rodriguez (thats my full name), and have honestly barely conversed with jake. He was nice enough to let me host my files through his ftp alongside with Boostdscoob (dominator/eliminator roms for d1) when we were collaborating for roms, and still lets me. Jake is a great guy from what I know of him, and makes pretty bad ass kernels.
It's hosted there, as well as alldroid, and androiddoes.net.
arlan_jacob, a reboot might of fixed it. I chose not to include market apps with how fast updates have been coming out lately, didn't wanna leave any behind and people not able to update correctly. Sorry about the issue, I'll make an update.zip with the market apps included if it'd help out.
drod2169 said:
Sorry guys, I've been at work and haven't had much time to check threads except for the ones that push to my email, and for some reason xda didn't..
no
I'm Derek Rodriguez (thats my full name), and have honestly barely conversed with jake. He was nice enough to let me host my files through his ftp alongside with Boostdscoob (udominator/eliminator roms for d1) when we were collaborating for roms, and still lets me. Jake is a great guy from what I know of him, and makes pretty bad ass kernels.
It's hosted there, as well as alldroid, and androiddoes.net.
arlan_jacob, a reboot might of fixed it. I chose not to include market apps with how fast updates have been coming out lately, didn't wanna leave any behind and people not able to update correctly. Sorry about the issue, I'll make an update.zip with the market apps included if it'd help out.
Click to expand...
Click to collapse
Kk...thanks for clearing that up.
Lol...and my name is Blair, nice to meet ya and kudos for the ROM ...any future plans?
Cheers!
So, according to drakon.us, Samsung has provided factory bootloader unlocker in the Samsung App store.
Search for "CROM Service", You can see the process here:
https://youtu.be/KTTgXqaP7Rk
I'm in preorder hell waiting for my gold S6E from Verizon so I can't verify independently. Is this something we can use?
Seems it's not showing up in the US Store. I'll see if anyone I know in that region can grab the app for us. Might be worth looking into.
So there was a link here to a place to find the app, then poof it magically disappeared. LOL gotta love how that happens. Regardless, the app that was linked did not work, it downloaded and installed fine, but when trying to open it, it just force closes.
androidoholic said:
So there was a link here to a place to find the app, then poof it magically disappeared. LOL gotta love how that happens. Regardless, the app that was linked did not work, it downloaded and installed fine, but when trying to open it, it just force closes.
Click to expand...
Click to collapse
fc here also
Sent from my SM-G925V using XDA Free mobile app
elliwigy said:
fc here also
Sent from my SM-G925V using XDA Free mobile app
Click to expand...
Click to collapse
Like I said, can't download it... If anyone could post it I'd be grateful. Wondering if it could be decompiled.
The.Jericho.Initiative said:
Like I said, can't download it... If anyone could post it I'd be grateful. Wondering if it could be decompiled.
Click to expand...
Click to collapse
I PM'd ya a link, it's in my google drive.
androidoholic said:
I PM'd ya a link, it's in my google drive. Since it was deleted, I am assuming the fine folks at xda for some reason don't want it shared.
Click to expand...
Click to collapse
Can you hook me up as well please
androidoholic said:
I PM'd ya a link, it's in my google drive. Since it was deleted, I am assuming the fine folks at xda for some reason don't want it shared.
Click to expand...
Click to collapse
No posts have been edited or removed from this thread. I believe the OP was talking about the link was deleted from the Youtube video link.
skylinegtr116 said:
Can you hook me up as well please
Click to expand...
Click to collapse
Skyline,
No need for a hook up.There's a thread in the hacker/dev forum with both versions of the apk that I've come across... They're available to download there.
http://forum.xda-developers.com/and...sung-factory-bootloader-unlocker-apk-t3086609
So is there a way to make this work .... FC for me after installing
Well like I said earlier, I'm trying to relearn all this after not using it for six or so years... My intuition tells me that this tool is invaluable, and we know it is functional as we've seen on a Galaxy Tab, it does install and load, but after the disclaimer, it FC's. This is telling me it is probable that the device is simply failing a version or class checker.
If that is true, depending on how this was created, the source can be altered to work with our devices. What's critical here is that these are official Samsung apps; we're not recreating the wheel here. What we're doing is looking at an unencrypted tool that was designed specifically for the purpose of unlocking our device. That's why I posted these to Hacking/Dev. While I am starting almost from square one, someone who is familiar with the environment and scripting language would be far ahead of me on the curve.
Will it work out of the box? Nope, but there is the potential it can be made to work.
The.Jericho.Initiative said:
Well like I said earlier, I'm trying to relearn all this after not using it for six or so years... My intuition tells me that this tool is invaluable, and we know it is functional as we've seen on a Galaxy Tab, it does install and load, but after the disclaimer, it FC's. This is telling me it is probable that the device is simply failing a version or class checker.
If that is true, depending on how this was created, the source can be altered to work with our devices. What's critical here is that these are official Samsung apps; we're not recreating the wheel here. What we're doing is looking at an unencrypted tool that was designed specifically for the purpose of unlocking our device. That's why I posted these to Hacking/Dev. While I am starting almost from square one, someone who is familiar with the environment and scripting language would be far ahead of me on the curve.
Will it work out of the box? Nope, but there is the potential it can be made to work.
Click to expand...
Click to collapse
Good lord I hope you or someone else gets it to work. There's hope!
Decompiled the apk and explored around a little, heres the strings.xml. Just wanting to share what it shows.
I really hope this goes somewhere. If this gets ported than I will be so thankful. If there is anything I can do to help I would but I have not much experience with programming
Title is misleading. I would edit it
Done.
Any updates on progress or is it completely dead?
By the looks of it you can get it to work you just need to obtain root first... Which means it serves no use seeing as the phones that have root are already bootloader unlocked
Wiseor said:
By the looks of it you can get it to work you just need to obtain root first... Which means it serves no use seeing as the phones that have root are already bootloader unlocked
Click to expand...
Click to collapse
But phones with locked BL's can be rooted given the right tool is created. And if it is then once rooted we can unlock our BL's and flash Roms like everyone else.
Sent from My Samsung Galaxy S6 "Pure" Black
Root doesn't guarantee any bootloader unlock. If that was true, then every phone with root would have an unlocked bootloader, which isn't the case.
Root would be nice, but without an unlocked bootloader I see many bricks happening from inexperienced users pushing things too far and not knowing a way out.
This is not your typical Nexus crowd in here.
Hi all, appreciate best practice is always to read posted guides but I'm getting kinda old and too many threads are only relevant at particular points in time when the 5th Gen Fire was newer. So basically I'm lost in conflicting info on the guides and need some direction.
Starting point is i) I've got 'basic' experience of rooting and flashing roms, so my PC has got ADB drivers etc. ii) I have a stock OS 5.4.0.0 5th Gen Fire which is my elderly mothers and the intention is to get the crap OS removed and make it a simple Nexus 7'like device.
Can somebody please give me some step-by-step advice. I'm at the point where the device is developer enabled and ABD enabled. But the guides I've seen are all based on old OS's so I fear the whatever I try next will just brick the unit.
Thx in advance
As of now, 5.3.2.1 - 5.4.0.0 can not be rooted, much less have the bootloader unlocked to install a custom ROM.
aww bummer
OK second question : How should I treat the term "As of now"? Do you think there is any likelihood of a 5.4.0.0 root solution happening soon? i.e. weeks or months?
If its not gonna be a while, then I might just install the non-root google-play stuff and just shift the bloaty stuff out of sight if I can.
ebod said:
aww bummer
OK second question : How should I treat the term "As of now"? Do you think there is any likelihood of a 5.4.0.0 root solution happening soon? i.e. weeks or months?
If its not gonna be a while, then I might just install the non-root google-play stuff and just shift the bloaty stuff out of sight if I can.
Click to expand...
Click to collapse
EDIT: The usual warning: I am not responsible for any damage done to your device. If using ANY of these guides, you're doing so at your own risk.
That's about your only option at the moment. You can use the guide here, which will install the appropriate google services needed. You can then use this guide to manually 'uninstall' system/Amazon applications (you aren't really uninstalling them, just disabling them). Or use the automatic tool here, which will uninstall a significant number of the Amazon 'bloatware' and install the Google services and a few other Google related apps.
I CANNOT STRESS THIS NOTE ENOUGH: Whether you uninstall apps manually or automatically, please be aware you have to replace the Amazon apps BEFORE you uninstall them. For example, if you want to use contacts, you should install the necessary Google Contact APKs, open 'Contacts' then uninstall Amazon contacts. DO NOT UNINSTALL the Amazon Contact Storage APK or no contact applications will function properly, if at all. There is a guide here where you can install Google Contacts and get a fun little surprise as a result of doing so.
A factory reset will bring back all system apps you uninstall whether you uninstall them manually or automatically. So if anything stops working or you uninstall something that broke something else, factory resetting will fix the tablet, but you'll have to start over.
If you want to use a custom launcher like Nova Launcher, you can read this post which will describe how to do so. In this post I explain how to disable Fire Launcher without breaking the home button. Please read the WHOLE post, including the very bottom where there's a link that describes a 'fix' for the recent apps button (square button) which has a fit when you uninstall Fire Launcher (even on rooted devices). Just tap on 'hide Fire Launcher BEFORE' at the bottom which will take you to a page where you can activate widgets. Read the very bottom and it will tell you how to 'fix' the recent apps button. When you swipe closed apps using the recent apps button, swiping the last one will kick you to the lock screen or black you out for a moment. The fix is kinda cheesy, but it is a fix. I use it on my HD 8.
In this post I describe what Amazon apps I did NOT uninstall. Note this list of apps will differ slightly from the ones installed on the HD 7, but not by very much. This list MIGHT allow you to use Gmail (which doesn't work on any tablet model) and a few other apps.
Very soon, I plan to make a thread with a detailed tutorial on how to do all of this, so it's in one single spot for everyone to find.
Jake1702_ said:
As of now, 5.3.2.1 - 5.4.0.0 can not be rooted, much less have the bootloader unlocked to install a custom ROM.
Click to expand...
Click to collapse
For awareness/clarity: root and SuperSU (no other root manager) are the only prerequisites for installing a custom ROM on this device via FlashFire. The bootloader does not need to be unlocked.
Davey126 said:
For awareness/clarity: root and SuperSU (no other root manager) are the only prerequisites for installing a custom ROM on this device via FlashFire. The bootloader does not need to be unlocked.
Click to expand...
Click to collapse
Thanks Davey, yeah I'm not ultimately looking for a rooted device, I just want a clean Nexus'like rom with no bloated crap on it. As a plan-B I will follow the other guide notes that DragonFire kindly provided. But primarily if you are still staying I can get Flashfire to install a custom Nexus rom, then please can you guide me to the appropriate instructions to make Flashfire come to life.
I have Flashfire installed...but it just warns there are no permissions etc.
Thanks
ebod said:
Thanks Davey, yeah I'm not ultimately looking for a rooted device, I just want a clean Nexus'like rom with no bloated crap on it. As a plan-B I will follow the other guide notes that DragonFire kindly provided. But primarily if you are still staying I can get Flashfire to install a custom Nexus rom, then please can you guide me to the appropriate instructions to make Flashfire come to life.
I have Flashfire installed...but it just warns there are no permissions etc.
Thanks
Click to expand...
Click to collapse
A custom ROM (ie: Nexus) can not be installed on this device without root. I do not foresee that happening anytime soon with the so you're stuck with FireOS for a bit. It's not a bad skin once you get used to it.
@DragonFire1024 provided a nice summary of the available tweaks and associated caveats. I suggest going slow; start with the Google Play Store and some light visual customizations. Save the all-or-nothing 'debloat script' until have have a better idea of what to keep.
Most importantly, enjoy your new device and don't fret over what could have been.
This list MIGHT allow you to use Gmail (which doesn't work on any tablet model) and a few other apps.
Click to expand...
Click to collapse
Ummm... Gmail works fine on my Fire.
Davey126 said:
For awareness/clarity: root and SuperSU (no other root manager) are the only prerequisites for installing a custom ROM on this device via FlashFire. The bootloader does not need to be unlocked.
Click to expand...
Click to collapse
I did not know that. If that's the case, as soon as root is obtainable I'm installing the Fire Nexus ROM.
Jake1702_ said:
Ummm... Gmail works fine on my Fire.
Click to expand...
Click to collapse
You're lucky then. Many users have had issues with Gmail either force closing or not working at all. Hope the rest was somewhat helpful.
---------- Post added at 05:48 PM ---------- Previous post was at 05:47 PM ----------
Jake1702_ said:
Ummm... Gmail works fine on my Fire.
I did not know that. If that's the case, as soon as root is obtainable I'm installing the Fire Nexus ROM.
Click to expand...
Click to collapse
*IF* it becomes available. I've had my tablets almost a year, maybe a months or so under one. That's how long I've been waiting. Some have been waiting longer.
Jake1702_ said:
Ummm... Gmail works fine on my Fire.
Click to expand...
Click to collapse
Initially and for many months after the Gmail app worked fine on 5th-7th gen devices with Google Play Services/Store installed. The app started crashing on launch following a silent update (lasted about 2 months) then started working again a few weeks ago.
Davey126 said:
Jake1702_ said:
Ummm... Gmail works fine on my Fire.
Initially (and for many months after) the Gmail app worked fine on 5th-7th gen devices with Google Play Services/Store installed. The app started crashing on launch following a silent update (lasted about 2 months) then started working again a few weeks ago.
Click to expand...
Click to collapse
I read somewhere where quite a few people had put a bug report in or something to that effect. A few days later there was an update to Gmail. That's about the time I installed it and it worked perfectly for me. I'm willing to bet Google did something that that made it possible to use again. Did Amazon do something to block is from using it? In my opinion, not likely. But what caused it? Not a clue. There is some speculation it had to do to with a permission, but that's only speculation. This is something we'll likely never get the answer to.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Jake1702_ said:
... as soon as root is obtainable I'm installing the Fire Nexus ROM.
Click to expand...
Click to collapse
Don't get your hopes up. There's a reason securing root on Amazon and other manufacturer devices has become more difficult over the past 12-18 months. While I appreciate the euphemistic optimism shown by some the tightened security and legacy code cleanup initiated by Google is actually a good thing for the general Android user community. Of course, XDAers hate it (spare me the sermon on someone controlling *your* device) but they don't represent the much larger community that Amazon and other market driven companies are targeting. Business/capatolism 101.
Davey126 said:
Initially and for many months after the Gmail app worked fine on 5th-7th gen devices with Google Play Services/Store installed. The app started crashing on launch following a silent update (lasted about 2 months) then started working again a few weeks ago.
Click to expand...
Click to collapse
Might just have been the perfect period of time during when I had mine sitting and not being used. Guess I'm just lucky.
Davey126 said:
Don't get your hopes up. There's a reason securing root on Amazon and other manufacturer devices has become more difficult over the past 12-18 months. While I appreciate the euphemistic optimism shown by some the tightened security and legacy code cleanup initiated by Google is actually a good thing for the general Android user community. Of course, XDAers hate it (spare me the sermon on someone controlling *your* device) but they don't represent the much larger community that Amazon and other market driven companies are targeting. Business/capatolism 101.
Click to expand...
Click to collapse
It is definitely possible, just not enough people spending time on this device, they are all focused on more popular brands/devices.
Jake1702_ said:
Might just have been the perfect period of time during when I had mine sitting and not being used. Guess I'm just lucky.
It is definitely possible, just not enough people spending time on this device, they are all focused on more popular brands/devices.
Click to expand...
Click to collapse
This I will actually agree with. But to be honest, I really thought we'd have a good chance after Prime Day. I really thought we'd have gotten it then, but I still have hopes.
That being said, the tricks and hacks we've discovered over the last few months are pretty amazing. The method of 'uninstalling' I mentioned a few posts ago, was never intended nor expected to work on these tablets. It had sat on XDA for a couple days before I literally said out loud: "oh what the hell. I can't break anything." So gave it a shot and was incredibly surprised to see it really did disable Amazon Video.
With the tricks and hacks I also mentioned a few posts back, really does go a long way in terms of a custom ROM. Aside from the technical aspects and apps, in my opinion it's pretty much a custom systemless ROM. Though some may disagree with me very much.
Feel free to ask any question you like. We'll do our best to help.
DragonFire1024 said:
This I will actually agree with. But to be honest, I really thought we'd have a good chance after Prime Day. I really thought we'd have gotten it then, but I still have hopes.
That being said, the tricks and hacks we've discovered over the last few months are pretty amazing. The method of 'uninstalling' I mentioned a few posts ago, was never intended nor expected to work on these tablets. It had sat on XDA for a couple days before I literally said out loud: "oh what the hell. I can't break anything." So gave it a shot and was incredibly surprised to see it really did disable Amazon Video.
With the tricks and hacks I also mentioned a few posts back, really does go a long way in terms of a custom ROM. Aside from the technical aspects and apps, in my opinion it's pretty much a custom systemless ROM. Though some may disagree with me very much.
Feel free to ask any question you like. We'll do our best to help.
Click to expand...
Click to collapse
Funny how for months now this device still hasn't been rooted, yet a few days after the release of the Samsung Galaxy S8, it was already rooted. Simply, those devices have much more people willing to take time to find exploits for, whereas the Fire does not. It's a shame really.
Sent from my KFFOWI using Tapatalk
Jake1702_ said:
Funny how for months now this device still hasn't been rooted, yet a few days after the release of the Samsung Galaxy S8, it was already rooted. Simply, those devices have much more people willing to take time to find exploits for, whereas the Fire does not. It's a shame really.
Click to expand...
Click to collapse
There just may not be any at the moment. Amazon has done a lot to this OS, so much so, I've seen posts where users don't even consider it an Android base anymore. Depending on what you read, I've seen other sites where some say its too butchered.
Also keep in mind when an exploit is found, some have been around for a very long time. So one may exist, but no one has either found it yet so no method exists or as you say, may not care enough to take the time to make a method. Every Android device is different. The OS is customized and programed to a manufacturers liking who also add their own customization, then is passed off to a service provider who further customizes it. In that period exploits are patched or simply don't work because what's exploited in certain devices, may not exist in other devices. The list and possibilities really could go on.
DragonFire1024 said:
There just may not be any at the moment. Amazon has done a lot to this OS, so much so, I've seen posts where users don't even consider it an Android base anymore. Depending on what you read, I've seen other sites where some say its too butchered.
Also keep in mind when an exploit is found, some have been around for a very long time. So one may exist, but no one has either found it yet so no method exists or as you say, may not care enough to take the time to make a method. Every Android device is different. The OS is customized and programed to a manufacturers liking who also add their own customization, then is passed off to a service provider who further customizes it. In that period exploits are patched or simply don't work because what's exploited in certain devices, may not exist in other devices. The list and possibilities really could go on.
Click to expand...
Click to collapse
I wonder if it would be possible "break" the bootloader, so-to-speak, to a point where it "works" but is flawed, allowing the installation of a custom ROM.
Jake1702_ said:
I wonder if it would be possible "break" the bootloader, so-to-speak, to a point where it "works" but is flawed, allowing the installation of a custom ROM.
Click to expand...
Click to collapse
Not likely. I have a list of things to try on my head. Some simple, some outrageous. Truth is this HD 8 has been through hell. I've reset it more times than I can count. I've nearly disected it and to be honest I'm absolutely amazed I haven't broken it yet. So I'm giving her a break from that right now.
With that said, I have an HD 7 that's rooted. I have an idea to try some things using it, that could work on non rooted 7 and up tablets, that would be totally systemless that could open up the possibilities to some things. I've been disecting the HD 7 for some ideas and plan to do some testing very soon. I'm the type that will immediately look at all settings and functions and then look through every file, folder and directory I'm able to, so we can do what many of us have already achieved. Keep an eye on me
DragonFire1024 said:
Not likely. I have a list of things to try on my head. Some simple, some outrageous. Truth is this HD 8 has been through hell. I've reset it more times than I can count. I've nearly disected it and to be honest I'm absolutely amazed I haven't broken it yet. So I'm giving her a break from that right now.
With that said, I have an HD 7 that's rooted. I have an idea to try some things using it, that could work on non rooted 7 and up tablets, that would be totally systemless that could open up the possibilities to some things. I've been disecting the HD 7 for some ideas and plan to do some testing very soon. I'm the type that will immediately look at all settings and functions and then look through every file, folder and directory I'm able to, so we can do what many of us have already achieved. Keep an eye on me
Click to expand...
Click to collapse
If someone were to go so deep to a point where they took it apart, maybe it would be possible to modify the bootloader by setting up a custom one.
Sent from my KFFOWI using Tapatalk
Hi All,
You may or may not all ready know about this.... Spotted it via another via another thread for something completely different.
Further expanding to the link, exposed there was a heck of a lot of other roms that we apparently not aware of....
Feel free to visit: https://sourceforge.net/projects/spes-roms/files/
To see all the great work of: imtiaz-modder (imtiaz-modder, if you view these boards.... we thank you for your work !!!)
Thanks, Lister
Immmmmmmm totally amazeeeeeddd fr.
I mean how? How's that even possible?
Indeed there are too many of em and now I'mma try them one by ine
Unfortunately the list isn't actively updated, but it's a nice work regardless. I recommend searching for the specific ROM before you install because you might miss out on some updates
Thank you for sharing! Never know what to choose actually. But we have choice!
Lister Of Smeg said:
Hi All,
You may or may not all ready know about this.... Spotted it via another via another thread for something completely different.
Further expanding to the link, exposed there was a heck of a lot of other roms that we apparently not aware of....
Feel free to visit: https://sourceforge.net/projects/spes-roms/files/
To see all the great work of: imtiaz-modder (imtiaz-modder, if you view these boards.... we thank you for your work !!!)
Thanks, Lister
Click to expand...
Click to collapse
are these all safe to download and test out?
ictsz.roy said:
are these all safe to download and test out?
Click to expand...
Click to collapse
Hi Ictsz.roy,
I can't imagine these are any less safe, or more safe than other custom roms. I imagine they are just compiled by a hobbiest who is building roms for themselves, with no ill intentions and just sharing them.
I personally haven't tested any myself yet, as I am still fully stock for the time being. But at a later date, when I decided to rom and they are still available I have no issues trying/testing them then....
Cheers, Lister
Lister Of Smeg said:
Hi Ictsz.roy,
I can't imagine these are any less safe, or more safe than other custom roms. I imagine they are just compiled by a hobbiest who is building roms for themselves, with no ill intentions and just sharing them.
I personally haven't tested any myself yet, as I am still fully stock for the time being. But at a later date, when I decided to rom and they are still available I have no issues trying/testing them then....
Cheers, Lister
Click to expand...
Click to collapse
Hey Lister,
Thanks for the response. I get what you're saying. However, and this is just out of curiosity, (hypothetically speaking), if a rom zip file does contain some sort of malware, will your average antivirus software pick it up? Any thoughts?
Cheers.
ictsz.roy said:
Hey Lister,
Thanks for the response. I get what you're saying. However, and this is just out of curiosity, (hypothetically speaking), if a rom zip file does contain some sort of malware, will your average antivirus software pick it up? Any thoughts?
Cheers.
Click to expand...
Click to collapse
Hi Ictsz.roy,
No worries, you're welcome....
Here's how I see it, so depends what you mean by AV detecthing any malware within the rom....?
If you mean, will it be picked up by your computers AV... Depends if it's setup to scan within inside files, such as Zip files. And depends if the code within the zip file is known/triggered by desktop OS AV. It could be written so only readable/executable within Android OS. Most good AVs can detect this kinda of behavour. As I've seen APK files sitting on my drive being detected as risky.
However if you mean, what would happen if I flashed the rom, and it was packed with iffy code/apps/apks. I'd like to think that Googles own built in scanners would pick these up. I must admit I am very impressed with it up until now, even under older version of Android and without any official AV installed within Android OS, Google PlayServices have detected rogue apps. I've seen Android (Gingerbread) v2.3.6 detect iffy apps without any updates from the phones OEM itself. Google PlayServices gets updated regulary. Not to mention the Google PlayStore also has its own scan protection, and has flagged up many a apps in the past. And then if you go with your own trusted Android AV, such as Comodo, Avast and so on, they also have high detection rates.
So the likely hood of any iffy code/apps getting past Google's ecosystem will be remote these days I believe, just speaking of own personally experiences. Think the detection rate is very high now...
Cheers, Lister
Lister Of Smeg said:
Hi Ictsz.roy,
No worries, you're welcome....
Here's how I see it, so depends what you mean by AV detecthing any malware within the rom....?
If you mean, will it be picked up by your computers AV... Depends if it's setup to scan within inside files, such as Zip files. And depends if the code within the zip file is known/triggered by desktop OS AV. It could be written so only readable/executable within Android OS. Most good AVs can detect this kinda of behavour. As I've seen APK files sitting on my drive being detected as risky.
However if you mean, what would happen if I flashed the rom, and it was packed with iffy code/apps/apks. I'd like to think that Googles own built in scanners would pick these up. I must admit I am very impressed with it up until now, even under older version of Android and without any official AV installed within Android OS, Google PlayServices have detected rogue apps. I've seen Android (Gingerbread) v2.3.6 detect iffy apps without any updates from the phones OEM itself. Google PlayServices gets updated regulary. Not to mention the Google PlayStore also has its own scan protection, and has flagged up many a apps in the past. And then if you go with your own trusted Android AV, such as Comodo, Avast and so on, they also have high detection rates.
So the likely hood of any iffy code/apps getting past Google's ecosystem will be remote these days I believe, just speaking of own personally experiences. Think the detection rate is very high now...
Cheers, Lister
Click to expand...
Click to collapse
Thanks again Lister. You're a trooper. Cheers.