Hi,
after much fruitless time wasted pouring over the various methods on this forum only to find out that most of it relies on old, out of date exploits which are no longer valid, I finally gave up and tried Kingroot on my 7" Kindle Fire HD , running 7.5.1 firmware.
It worked very well. Initial attempt did not establish root but rerunning from the KingRoot menu succeeded. Cool.
However, I have no idea who I have let into my device, what they did and what level of control they still have.
The KingRoot web site is very coy about who they are and what they do. This is not really the way I want to go. It's only trash device for me which I'm messing with to find my way around. But my ultimate aim is regain control of my hardware not to forfeit control.
Does anyone know more about who this outfit is and how this all works?
Thanks.
whois:
Registrant Name:Shi Ji Kun Peng
Registrant Organization: Dalian Shiji Kunpeng Technology Compay Limited
Well I guess that is why they are rather coy about who they are, if they put it on the front page no one would download their trojan/spybot software. No uninstall option and if I remove the apk, it breaks su command !
Is my kindle now part of a chinese net bot ?!
The counter argument is that as guys on XDA are open and explain the exploits they also get known to the h/w manufacturers who slam the door closed in a future update and all the hard work is lost . Witness the tons of threads here which are now pretty irrelevant and waste everyone's time.
I have found that I can root using KR, use that state to install something Bin4ary's su build and then factory reset to remove the app.
Doing a factory reset clears the KingRoot application but leaves their su which is a link to ku.sud. So presumably if they install some kind of trojan that does not get removed either.
It does reboot with /system mounted ro, whereas with KR installed it seemed to be mounted rw, which is a pretty crazy state to have a device in.
Found this which seems to be KR's own PR. No mention of security or even a promise that they are not doing anything underhand. Lot's of "questions people ask" , except the ones about turning my device into part of a chinese netbot.
https://meribilli.com/
That silence is about a clear a statement as your are likely to get, I suppose.
Related
I've never really got this, maybe someone can shed some light on it.
Why doesn't "stock" android come with the option of using the root "account"? I understand it could be a security risk for those not knowing what they're doing but a simple "UAC" style thing which asks the user if they have requested the operation and then asks them for their google password before running a task as root would be fine.
What does google/manufacturers/networks gain from not giving access to the root account?
They gain the time it takes to troubleshoot all the phones that people jacked up. Root isn't for everyone and it can be used to brick the phone.
If you integrated it, the same thing will happen as does with UAC
dumba**s will keep clicking allow without knowing the damage root can cause. I cannot tell you how many computers at my workplace have voluntarily been damaged by people allowing malicious programs to run at elevated privileges.
B-man007 said:
If you integrated it, the same thing will happen as does with UAC
dumba**s will keep clicking allow without knowing the damage root can cause. I cannot tell you how many computers at my workplace have voluntarily been damaged by people allowing malicious programs to run at elevated privileges.
Click to expand...
Click to collapse
Exactly. People are idiots. I have a few computers in my work's network that require admin privileges(some software programmers need to be shot) and even with firewalls and filters they still manage to find the one site that hasn't been blocked yet and downloads av2009 or some ****.
Look what happened to the jailbroken iphones.
I think that the main thing about this "users are idiots" argument is that in this regard, blocking root doesn't help. In fact, arguably, it makes it WORSE since users have to go to hacker extremes to get root to do simple needs-root things.
Better idea would be to have a password secured root account per each device, and GIVE the root password to the user if they agree to forfeit any and all software warranties and technical support on the device.
Quite frankly, the reason why the providers keep root to themselves is simply to prevent the user from doing things that they don't want done, like tethering.
I had some issues with the ADB commands for preparing my rooted Nook Color for on-device app install (primarily due to microcrap's 64-bit Vista) so I found a very easy method.
In the Market, there's an app called "Sqlite Editor" from the folks who make "Root Explorer" - it's about $3.07 US$ but I bought it anyway.
With this [AFTER A BACKUP!] I was able to directly edit the settings.db (sub category SECURE) and change the following:
'install_non_market_apps' from the default value of 0 to 1 and following a SAVE and REBOOT I can now install directly from my SD Card.
While I was doing this, I find a large number of additional entries including (are you ready for this???) bluetooth_on!
Dare I do this???
I also posted this in Mobileread's excellent Nook Color Forum and I was thinking that may we should also acknowledge them as a great forum for our beloved Nooks!
docfreed said:
While I was doing this, I find a large number of additional entries including (are you ready for this???) bluetooth_on!
Dare I do this???
Click to expand...
Click to collapse
LOL...If only it were this easy.
I had no issue with installing apps from the sd card after rooting/installing mkt and gapps.
Depends on How You Rooted..
I'm not certain but some rooting methods have market/gapps built-in, some don't. I used Autonooter (after upgrading to 1.01) and market & Gmail just appeared - I never had to install anything else.
If you used Autonooter then you wouldn't have to do anything to be able to install non market apps. Maybe just toggle the setting in Nook Tools if anything.
docfreed said:
While I was doing this, I find a large number of additional entries including (are you ready for this???) bluetooth_on!
Click to expand...
Click to collapse
Its NOT that simple, its been turned on in the kernel & custom ones built for it with nothing.
If you see the "salting nook" posts so much as been done trying to get it to work, most expect something ground breaking to come from actually looking at the pins on the chip it self an connection through the MoBo.
Amd sold faulty quad cores as triples so it could be that the chip/Mobo cant do it. Could be a easy hardware mod but TBH so much deep thought an attempts have been seen in IRC i dont see a "virtual fix" anytime soon.
But that said im an idiot so could be 475% wrong
Yeah, I tried toggling Nook Color Tools per the instructions - never seemed to work for me. Anyway, it appears to be just a one-shot adjustment any way it's done (at least till we get FroYo) so I'm happy.
Merry XMAS everyone
docfreed
sqlite not working for me
Purchased Sqlite, when trying to install, exits without loading apps. Any suggestions? Rooted with older booker and then re-rooted with pre 1.01 autonooker. Thanks. -
I have a kernel and u-boot that enables the bluetooth portion of the module and sets up an rfkill device. hciattach will detect it as a TI Bluetooth module and will load one of the TI bluetooth firmware scripts, but then complains about a missing socket or something. It sounds like a software error more than anything that might be wrong with the hardware.
What this means is that the Bluetooth part of the WiFi module isn't just left disconnected and the link to the CPU is working. But we don't know if the antenna is set up to share between wifi and Bluetooth or if the hardware is otherwise missing something that would keep it from working.
If you have experience with getting TI WiLink Bluetooth working in Android or Linux, or know someone who does, PM me or join us on Freenode channel #nookie. We're really close!
I am aware that Android being Linux based doesn't suffer from all the malware of other devices but with so much personal information being kept in our smart devices it is only a matter of time before less than savory individuals attempt ways to separate us from ourselves so..
I am interested in your experiences with FREE antivirus products. Personal opinions.. ones you have tried.. how secure you think they are. I am only interested in the anti-virus portion of these apps. Not really interested in the backup portions. Perhaps if they offer free secure remote data wipe that would be of interest in the future.
I currently use Lookout Mobile Security but not totally secure with it due to such a limited amount of threats. It is why I am asking for personal opinions and personal preferences so more of us can make better choices to protect our favorite toy.
Of interest would be NetQin due to their experience and experience with other phones.. mostly Symbian.
AVG's version due to their experiences with anti-virus but I have heard of issues where their desktop version failed to identify virus or malware.
And also BluePoint Antivirus and their entry into protecting Android OS. BluePoint seems to be a solid antivirus provider but the reviews for the android device have been less than favorable.
There is also Dr.Web and MyMobile Protection of which I have no clue
Antivirus Free by creative apps appears to have built and designed by an individual an not a company so I am not sure of the trustworthiness of this app although alot have downloaded it.
I would expect them all to scan as apps are downloaded and installed. Most seem to be cloud based scanners.
Your opinion is appreciated..
Thanks
Amazing - 254 views
254 views and no opinions or preferences.. surely someone is using antivirus software on their gtablets?
There are no know viruses for Linux in the wild. So what would it be scanning for? You really should be more worried about the permissions that are given when you install an app. If you rooted your device (and who hasn't), this would provide access for any malware.
wasserkapf said:
There are no know viruses for Linux in the wild. So what would it be scanning for? You really should be more worried about the permissions that are given when you install an app. If you rooted your device (and who hasn't), this would provide access for any malware.
Click to expand...
Click to collapse
One of the things I like most about it the android platform is the permissions it presents when installing apps. There has been malware reported that exploits sms sending your bill threw the roof and lining the pockets of some foreign company. There is also reports of a Trojan that is designed for Android. It collects personal info on the phone and sends to remote servers. I completely understand that the threat is very limited but with the opportunity to collect personal data I believe it is only a matter of time before the threats increase. I am only trying to stay ahead of the curve. While most threats at the moment require a user to allow they will get more sophisticated with time. Thanks for your reply!
i second your worry but i think mainly we must watch on apps. maybe a sandboxing app would be nice?
I use DroidWall on my G Tablet. That way I can whitelist what apps have internet access and what one's don't. Best way I've found for protecting my information and malware. I've used it with pershoots kernal on vegan and on BitTrix's CM7.
For virus scan's I've used both AVG's pro version and Lookout for my tablet and my phone. AVG's did detect some settings, like it warned when it detected root, warned on some programs that use root access, and on my phone would flag some SMS's. But the tracking on AVG is pretty worthless. On my phone setting it at lost would start it tracking, but every time I tried it it would be somewhere around 5-6 miles from where I actually was. The phone lock and wipe don't work either, at least with moto droid.
Lookout's scanning only seems to report based on the permissions. The tracking on lookout is much better. The couple times I've tried reporting lost on my phone it would have a very accurate reading in a matter of 3-4 minutes.
But can't say how well they work in virus's or malware as I've never ran into any yet.
Thanks for the input.. what I was curious about.. which ones are actually looking for malware and which ones are just scanning permissions. Off to search for droidwall.. thanks!
lordgodgeneral said:
I use DroidWall on my G Tablet. That way I can whitelist what apps have internet access and what one's don't. Best way I've found for protecting my information and malware. I've used it with pershoots kernal on vegan and on BitTrix's CM7.
For virus scan's I've used both AVG's pro version and Lookout for my tablet and my phone. AVG's did detect some settings, like it warned when it detected root, warned on some programs that use root access, and on my phone would flag some SMS's. But the tracking on AVG is pretty worthless. On my phone setting it at lost would start it tracking, but every time I tried it it would be somewhere around 5-6 miles from where I actually was. The phone lock and wipe don't work either, at least with moto droid.
Lookout's scanning only seems to report based on the permissions. The tracking on lookout is much better. The couple times I've tried reporting lost on my phone it would have a very accurate reading in a matter of 3-4 minutes.
But can't say how well they work in virus's or malware as I've never ran into any yet.
Click to expand...
Click to collapse
Unable to use Droidwall with TnT ver4.2 due to an error I receive "can't initialize iptables table 'filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
This error message unfortunately means that your kernel does not support iptables/netfilter, so DroidWall will not work.
There is nothing I can do on DroidWall to make it work, and the only possible solution is to flash a customized ROM with netfilter support."
Kind of a disappointment - was looking forward to it
A few days ago I rooted my G900T S5 with Towelroot and all went well.
About five minutes ago I was changing my font and the phone had to reboot. When it came back on line the first thing that came up in notifications was a security warning from Google. The warning said that i should immediately uninstall the Towelroot app because it is known for breaching Google's Security policy.
I thought that was kinda weird. I know they warn you about third party apps, etc..., but all my previous Android phones have been rooted and i never got a warning from Google.
That's it. Just thought I'd share that thought on the notification.
@ fffft
I'm aware of Google's corporate greed and wanting to have control of all aspects of our personal electronics, even though they let Android be open source. I was surprised to get that notice from them because for the last 5 years starting with my Captivate, every phone I've had has been Samsung Galaxy of some model or another, 5 different phones all have been rooted and custom roms and until the other night never had Google send a notification saying to remove an apk file because it is a root file. I have to assume because towelroot is an actual third party apk and sits in the files. All other root styles that I've used, Odin, Heimdall, aren't an apk file that sits in the phones files.
So that must be the reason for the warning. It wasn't a warning because it rooted the phone, it did it because it was a third party app. It doesn't matter what the app is, although it does matter what it does. So I guess I shouldn't be surprised.
You do realise Google only wants to protect you because Towelroot works off of a security exploit right? You do realise that a malicious app can do the same thing that Towelroot did to you phone and gain root access without your permission right?
The difference between CF autoroot and other root methods is that it can only be done with consent, whereas any application can utilise a security exploit without your knowledge or permission.
OH WAIT OFC ITS GOOGLE BEING AN EVIL GREEDY COMPANY UGH GOOGLE PLZ
@Hellscythe
I'm not gonna start an argument over whether or not Google or any other company is greedy and wants our money or not. Because we all know the answer to that argument. Businesses are in business to make a profit and as much profit ad they can every fiscal year. Bottom line end of that discussion.
The post I wrote wasn't whether or not Google was being greedy. If you read it correctly, it is me wondering why I got the notification and then after I realized that it wasn't about the phone being rooted it was about the security breach possibilities. Which you so aptly brought up again captain obvious.
So thanks for your input. Your two cents was well spent. MOD EDIT: Inappropriate comment removed! Please read forum rules on conduct!
Hello - I am doing a pen test for a customer. They are not giving me the xap files like they did last time. Is there a way to pull the xap file off the phone and on to your PC? I have a dev unlocked phone which I can sideload apps using power tools. I have done some research and it doesn't sound like this option is available, but I wanted to ask.
Thanks in advance.
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
GoodDayToDie said:
First of all, the phone doesn't store the XAP files (PLEASE search before posting! This question gets asked a lot). I assume all you really care about is the app binaries and manifest file, though. (You can rebuild an installable XAP from these if needed.)
There's a complicated series of hacks for doing it on 8.1 via the ability to install apps to the SD card. If you don't have 8.1, don't have an SD card, can't install the relevant versions of specific apps, or if the app is marked to not allow installation to SD, then that method won't work for you.
The other approach, which in my experience is standard in the pentesting world (which is my field as well), is to use a hacked/jailbroken/unlocked phone. Samsung (unless it has the very newest firmware versions) and Huawei phones can be unlocked by flashing modified ROMs. The unlock lets you sideload apps with vastly more privileges, such as the ability to read and write the install directory of any app. Using that, it's pretty easy to get the files you want. Such unlocks are also possible with some Nokia phones via JTAG, and possibly some other models too, but the Samsung unlock (which I and -W_O_L_F- found) and the ability to flash customized ROMs for Huawei are the easiest approaches.
On the offhand chance you're part of NCC group, PM me and I'll send you my work email address. If you're with one of our competitors... well, I actually don't mind helping a competitor that much either; some Deja Vu folks gave me a good tip lately though, and I've got friends at SI as well.
Click to expand...
Click to collapse
Thanks again for all your help. So my situation is this: I am doing pen testing for a client (and I'm sure we are competitors some what). The have provided me a Nokia Lumia phone running 8.0 and another Lumia running 8.1. The app is installed by their dev team (app is not avail from the store). They are reluctant to provide my the XAP file as they consider it proprietary info. I have done a dev unlock on the phone, but my primary goal is to view the isolated storage/dlls for the app to make sure they are not storing sensitive data. I am using the standard tools for viewing the isolated storage, but for these to work (best of my knowledge) they require you to sideload the application which I cannot due (not XAP file). I am proxying the traffic, but without looking at the file system there is not much I can do. As an aside, they are using MDM with jailbreak detection.
Whoa, somebody actually got around to writing jailbreak detection for WP8? Crazy. I wish I could see that; I'm sure it's trivial to bypass (at least for interop-unlock, the difference between locked and unlocked is changing a registry value and it would be easily possible to re-lock it, launch the app while keeping the editor app open in the background, switch back to the editor, and unlock/jailbreak again) but I'm amused that anybody even bothered trying. Also, the APIs you would need to do the detection aren't even available on 8.0, officially; you're in violation of the store rules if you use them. Then again, maybe this is an internal, "Enterprise" app; those have permissions to do stuff that typical third-party apps do not. Are you sure they don't just mean they have jailbreak detection for iOS? I see something about Office365 MDM offering JB detection, but while I suppose they could have written something for WP8.x as well I feel like I probably would have heard of it?
If the app was sideloaded by the dev team, then you can see its isostore using the official tools or using Windows Phone Power Tools. If it's an enterprise app and the app was installed that way, then things get more difficult (especially if the phone they gave you doesn't have an SD slot). Not giving a pentester access to the binary they're testing is silly on a number of levels; if you succeed in breaking in then you'll get it anyhow, and an attacker will have a lot more than a week or two to poke at it so they're wasting your presumably-paid-by-the-hour time if they want you to see how good their security is without actually examining the app. I bet they used obfuscation, too... Some people just don't get it. "Security" by obscurity... isn't. Sorry, end of mini-rant. Anyhow, there's a guy on the forum who claims to have a non-JTAG unlock for Lumias, but no idea when or if it'll see the light of day.