MediaPad might be vulnerable to USSD bug too - Huawei MediaPad, T-Mobile SpringBoard

There has been a lot of fuzz since it was announced yesterday that the galaxy s2 line is vulnerable to an exploit that wipes your device simply by opening a website.
This is due to the handling of 'TelUrls' that open up the dialer for conveniently starting a phone call from a website. Unfortunately, instead of a phone number a USSD code (e.g. *#06# for showing the IMEI) can be entered and will be executed IMMEDIATELY without user interaction.
For the S2 there exists a USSD to full wipe the device. I am not sure if something like this exists for the MP, but showing the IMEI definitely works (I'm on a mod of the 4.04 Stock rom, so it should work on stock as well) if you click this test link:
http://fotovossblog.peggy-forum.com/USSD.html
So be warned. The guy who provided the test link also has written a small workaround that can catch the USSD before it is sent to the dialer, you can find it in the play store:
https://play.google.com/store/apps/details?id=com.voss.notelurl
Cyanogenmod 10 seems to handle this better (tested on my S3). Here the USSD is only executed if you press the call button.
mblaster

Related

[Q] Money (credit) dropping. Why?

I apologize in advance for my english.
Hi guys, I think I have a big problem with my GSIII.
My phone is rooted, WanamLite 5.2 ELL5, Phenomenal 4.0 Extreme; my carrier is Vodafone and my plan provides 1 GB per month of navigation.
I started to notice a massive (relative to me) money consumption.
Yesterday, when I had 28 cents left, my credit decreased to 8 cents after receiving a SMS (18 cents is the standard cost of a SMS for my plan) but I wasn't doing anything! Further checks let me discover that using the secret sms plug-in of the "Hide it pro" app costs 18 cents for every SMS received or sent, even if my plan provides them.
I obviously disinstalled the app, but I wanted to wait a bit, to check if all it's ok.
Some time later (a couple of hours), with still 8 cents left and doing nothing, I received a SMS from Vodafone, informing me that my credit wasn't sufficient for doing what I wanted to! I wiped data (factory reset) from CWM and also a factory data restoration (from the settings).
Today, still 8 cents left, at 13 o'clock I received another SMS from Vodafone like the previous one (yesterday).
Do you think that the problem is related to the phone (dunno, a virus?), or not?
Thanks a lot.
Use the free app "Permission Explorer" and check which apps are allowed to receive or send SMS or do phone calls.
Obvisously something is not quite as it is supposed to be.
Stock and some stockish Samsung roms have the Exynos Camera bug which allows any app to gain root access and thus install itself in the system itself and by consequence prevent being removed by a full-wipe. Any app you used which uses root could also have done the same. Not saying this actually did happen but it's a very real possibility. Only completely secure solution is to flash a full firmware (including recovery!) from Odin since theoretically CWM cannot be trusted either anymore, should the phone be compromised.
Easy steps would be:
- flash back to stock (any stock)
- flash Siyah through Odin
- boot to CWM (should be included in Siyah)
- factory-reset the phone
- install a freshly downloaded copy of Wanamlite
- reinstall Siyah kernel
- restore your apps and data (obviously making sure you trust all and any that require access to the camera, sending SMS or such)
On a side-note: I know that some crazy phone providers actually cost to RECEIVE sms and not only send. Could it be you are receiving SMS' from someone?
d4fseeker said:
Use the free app "Permission Explorer" and check which apps are allowed to receive or send SMS or do phone calls.
Obvisously something is not quite as it is supposed to be.
Stock and some stockish Samsung roms have the Exynos Camera bug which allows any app to gain root access and thus install itself in the system itself and by consequence prevent being removed by a full-wipe. Any app you used which uses root could also have done the same. Not saying this actually did happen but it's a very real possibility. Only completely secure solution is to flash a full firmware (including recovery!) from Odin since theoretically CWM cannot be trusted either anymore, should the phone be compromised.
Easy steps would be:
- flash back to stock (any stock)
- flash Siyah through Odin
- boot to CWM (should be included in Siyah)
- factory-reset the phone
- install a freshly downloaded copy of Wanamlite
- reinstall Siyah kernel
- restore your apps and data (obviously making sure you trust all and any that require access to the camera, sending SMS or such)
On a side-note: I know that some crazy phone providers actually cost to RECEIVE sms and not only send. Could it be you are receiving SMS' from someone?
Click to expand...
Click to collapse
Thanks a lot (I already know, however, about Camera Bug reported from Faryaab ).
I'll proceed as you wrote, only one question: why Siyah?
However, Vodafone doesn't apply costs for received SMSs from standard numbers (even of other carriers), as the one I received the message from.
In attach files there is the list of apps with "write sms permission".
Now I'm going to flash through Odin stock Ita firmware, I already have it...
WTF is joyn?!?!
UPDATE!!!
I restored again from settings. When it completed, I received the usual sms from Vodafone about insufficient credit! WTF?
Now I'll flash stock Ita...
UPDATE #2
After flashing Stock Ita, I received THREE SMS from Vodafone about attempting to do something...
joyn app in permission explorer disappeared, but ChatON, SVoice, Keyboard, Favourite Contacts and Samsung Apps appeared.

[Q] Whatsapp stuck (again) on Initializing

Hello.
Due to some problems in my Smartphone (Android 4.0.3), I had to uninstall Whatsapp Messenger and reinstall it.
It was working perfectly before I uninstalled it.
But now, there is no way to have it working again. I should say I already have an active account till April 2014. So, I installed it both downloading from the Play Store and downloading from Whatsapp website. The result is the same:
1.- Once re-installed and being sure I have both phone line and wifi network, I start whatsapp.
2.- I accept the terms.
3.- Whatsapp ask me for my phone number. I introduce the same I always have: +34 abc de fx yz and OK
4.- Whatsapp discover the old databases and ask me if I want to recover messages from them. I answer yes, whatsapp tell me that 3.189 msgs are recovered.
5.- Whatsapp ask me for the profile details, photo and name. And the strange things start here:
5a.- It seems not having recognized my phone number, as it ask for my profile, that I feel it had to be known
5b.- In the name field, there is a number too similar to the one I introduced in 3.-, but NOT the same, no country code and the last 2 digits are zeroes: abcdefx00
5c.- By this time, no message, no phone call is received
5d.- No question about verify code is received.
6.- Anyway, I put my name in the profile name field and press NEXT
7.- Whatsapp goes to “Initializing, wait a moment ….” And nothing more…. It stay stuck there…. Non ending. Hours later, the only way to resume my phone is restarting the phone.
I already tried all the suggestions of the different forums: go without recover messages, download 2.8 and then reinstall with the most recent versión, download from market and then reinstall with the most recent from whatsapp website, erase the old databases.... Same result.
I found that last year there were similar problems that seemed to be due to whatsapp servers problems, and week ago also the verification server had also troubles... Could again be this the problem?
I am planning to do a "Factory reset" of my pone (HTC Sensation), but I would like to explore any solution before that one.
Any help, please?
Thanks and kind regards

[Q] THL W8+ - GravityMod2 - Call and SMS id problem

Hi. In October a have received my THL W8+. :laugh::laugh:
Since this moment I have problems with ID in calls and SMS.
When I receive a call all is fine, but if I receive an SMS its only display the number, no name appear, still the number is load in my contact list.
I have noticed that SMS arrives with country code prefix, in my case +54 (Argentina).
Then, in the contact list, I added the country code to the contact and the sms problem disappear, but when I receive a call, the number not match the list and only show me the number, no contact name.
I've installed ClockworkMod 6.0.3.3 for THL W8 following the instructions here http://forum.xda-developers.com/showthread.php?t=2237779
with no problem and made a backup of stock rom.
After that, I've installed GravityMod2 - custom ROM for THL W8 (4GB/8GB/16GB/W8+/Beyond) and apply the latest version of GravityBox following this tutorial http://forum.xda-developers.com/showthread.php?t=2249808.
All done (factory reset, all wipes, etc). The ROM is excellent, all features included. Also I have applied General Patches included in GravityBox, but my problem persist. In the main features the GravityMod2 says "CallerID mappings fixed in Phone calls and Messaging".
If I duplicate the number for the contact (one with country code and the other without it) all problems out. But I think is not a very good solution.
Please could help me to solve this or to try do something else.

[Q] Galaxy S3 S-Voice issues

Hi, I have some issues with S-Voice on my Galaxy S3.
When I use S-Voice to send a text message or make a call by using contact name (for example if I say "Call François Dupont"), it records my sentence, starts the voice recognition phase, and perfectly writes back my sentence on the screen, but nothing happens. It does not call Mister Dupont as I asked him.
But if I tell him the phone number instead of contact name, it's working perfectly, so if I say "Call 01 99 88 77 66", S-Voice use an audio feedback to tell me he is calling the given number, and it starts the call.
Someone else with the same issue ? is there a solution somewhere ?
I'm using ArchiDroid 1.7.9 (based on stock 4.3 UGNA7) with bloatware package installed, I face the same issue with an older stock ROM (it was the stock Samsung MK1), and it worked again with a previous AD version (1.7.6, based on ML4 if I remember well).
What is causing this ? it looks like S-Voice is unable to access the contact list...
I made some trials to understand why this phenomenon happens.
First I started with a backup of my actual ROM (ArchiDroid 1.7.9 based on Samsung NA7) and the content of my internal memory and SDcard.
Then, I tried to install the latest official 4.3 ROM for my version of the Galaxy S3 (code FTM, branded by Orange) : the firwmare is ML2.
I downloaded it and flashed it with Odin 3.09. I had the surprise after reboot to find my apps and parameters... I thought Odin would erase everything, but no, it has left everything.
So I made the test :
** Stock official Samsung ML2 : S-Voice fails. If I tell "her" to send a message, she asks who to send the message to, I say "François Dupont" (name has been changed), she writes "François Dupont" after the speech recognition, and stops.
So I made a factory reset, wiping data, internal memory and sd-card, entered my account, wait for the syncs to end, and started again :
** Stock official Samsung ML2 after full wipe : S-Voice fails. If I tell "her" to send a message, she asks who to send the message to, I say "François Dupont" (name has been changed), she writes "François Dupont" after the speech recognition, and stops.
So I decided to return to ArchiDroid 1.7.6 (based on ML4).
I flashed recovery through Odin and installed ArchiDroid 1.7.6, making a full wipe again, and test again after end of syncs :
** ArchiDroid 1.7.6 : S-Voice works perfectly. If I tell "her" to send a message, she asks who to send the message to, I say "François Dupont" (name has been changed), and after the speech recognition, she asks to select the phone number I want to send the message to, then requests the message to be sent, and proposes to send it.
I continued the test by installing ArchiDroid 1.7.7 (still based on ML4) over 1.7.6 (no wipe, using previous preset, only used the forced update mode of ArchiDroid installer).
** ArchiDroid 1.7.7 : S-Voice works perfectly. If I tell "her" to send a message, she asks who to send the message to, I say "François Dupont" (name has been changed), and after the speech recognition, she asks to select the phone number I want to send the message to, then requests the message to be sent, and proposes to send it.
So I continued the test by doing a backup and installing the ArchiDroid 1.7.9 (based on NA7) over 1.7.7. Strange thing is that it could not use my previous preset, I had to recreate it.
** ArchiDroid 1.7.9 : S-Voice fails. If I tell "her" to send a message, she asks who to send the message to, I say "François Dupont" (name has been changed), she writes "François Dupont" after the speech recognition, and stops.
I wiped everything, and restored the backup of 1.7.7, reboot and again :
** ArchiDroid 1.7.7 : S-Voice works perfectly. If I tell "her" to send a message, she asks who to send the message to, I say "François Dupont" (name has been changed), and after the speech recognition, she asks to select the phone number I want to send the message to, then requests the message to be sent, and proposes to send it.
I then tried to make a TB-backup of the ML4 apps (contacts, phone, s-voice and messages) and install the ArchiDroid 1.7.8 :
** ArchiDroid 1.7.8 : S-Voice fails. If I tell "her" to send a message, she asks who to send the message to, I say "François Dupont" (name has been changed), she writes "François Dupont" after the speech recognition, and stops.
I then tried to restore the different apps backup I had from ML4 and rebooted, but no way, S-Voice is still broken.
So I'm going to use ArchiDroid 1.7.7 for the moment.
If you've installed the whole bloatware before first boot, then there's no way that something could not work properly (I'm talking about .zip package).
Eventually you can compare my deodexed bases with stock bases, but I highly doubt that deodexing could cause such strange issues, especially because it works in some much more customized releases (ArchiDroid).
I'm going to read this all through, I've never been able to use the S voice.
JustArchi said:
If you've installed the whole bloatware before first boot, then there's no way that something could not work properly (I'm talking about .zip package).
Eventually you can compare my deodexed bases with stock bases, but I highly doubt that deodexing could cause such strange issues, especially because it works in some much more customized releases (ArchiDroid).
Click to expand...
Click to collapse
I tried both, it does not change the behavior whether I flash the bloatware package before or after first boot. The only thing that seems to have an effect is the version of the base ROM.
ScratMan38 said:
I tried both, it does not change the behavior whether I flash the bloatware package before or after first boot. The only thing that seems to have an effect is the version of the base ROM.
Click to expand...
Click to collapse
I'm out of ideas then. You'd need to compare my deodexed base with stock base, it's the only thing which comes to my mind.
JustArchi said:
I'm out of ideas then. You'd need to compare my deodexed base with stock base, it's the only thing which comes to my mind.
Click to expand...
Click to collapse
I agree with you, it seems the issue is not from your mods but from stock samsung firmwares. With the stock Samsung ML2 (official firmware) it doesn't work, but with your modded ML4 it is working.
I made this post mainly to inform you it was not your fault if S-Voice was failing, but only Samsung's fault.
The only thing I don't understand is why I'm the only one to report this issue.
Update : with the UGNB1 firmware, using the corresponding ArchiDroid ROM (v1.7.13), S-Voice is working correctly, it correctly resolves the contact's name and asks for the text of the message.:victory:
Hope Samsung will keep it the good way for future updates.

Samsung Galaxy Note 4 SM-910V Rooted - Snapchat Notifications Issue

Rooted Note 4 Verizon - Snapchat not pushing system notifications for snaps after bypassing Snapchat's root-user block (Titanium Backup)
I recently rooted my Galaxy Note 4. I had to use the bootloader unlock exploit, and it turned out to be a more complicated process than I anticipated. Luckily, I figured everything out, only to find Snapchat blocked root users - no problem. I found a forum for using Titanium Backup to copy data over and log into Snapchat on my rooted device just fine. My device is rooted successfully with JasmineRomV7.0 and I have no issues with the system's functionality, and my TWRP works properly and I even created a Backup of the entirety of my device. The issue I'm now having is that Snapchat does not give me any notifications, whatsoever. I already checked Samsung's core settings and everything to make sure Notifications are enabled, and in the Snapchat application, too. I also tried prioritizing the notifications - no use. I have read about people who successfully got into Snapchat even with rooted devices using the same process I used, but I have found NOTHING pertaining to the notification issue. I have no way to know if someone is sending me snaps without opening the app every single time I open my phone to see if any snaps load. If anyone has any insight into this issue, please share what information you can. Thank you so much in advance!
Device Info:
Model Number - SM-910V
Android Ver. - 6.0.1 Marshmallow
Baseband Ver. - N910VVRU2CPF3
Kernel Ver. - 3.10.40
Build Number - JasmineROM_v7.0-MMB29M.N910VVRU2CPF3

Categories

Resources