The latest update to CM10.2 on Xperia U today, brought the whisperpush. I googled it. basically there is no clear instruction or no elaboration on how to set this feature up or what this feature actually does. Someone knows anything about it?
mukul1233 said:
The latest update to CM10.2 on Xperia U today, brought the whisperpush. I googled it. basically there is no clear instruction or no elaboration on how to set this feature up or what this feature actually does. Someone knows anything about it?
Click to expand...
Click to collapse
I got this from CM11 and Gapps are needed to get it work, so I didn't got it working.
Got this from the CM site, too clear for me.
In July, Koush announced that CyanogenMod would be seeing integrated, system-wide secure messaging integration with compatibility with TextSecure. For those unfamiliar, TextSecure is an open-source cross-platform (iOS and Android) client that encrypts your SMS messages both locally, and over the air when sending to other TextSecure users. The application is maintained by Open WhisperSystems, and lead engineer Moxie Marlinspike.
Click to expand...
Click to collapse
When I use a vanilla Android 4.3 together with Textsecure and send a text message to a registered Whisperpush system (Cgm Kitkat) with gapps. Nothing seems to happen. It should be compatible right?
Via Android & Tapatalk 2.
rigelq said:
When I use a vanilla Android 4.3 together with Textsecure and send a text message to a registered Whisperpush system (Cgm Kitkat) with gapps. Nothing seems to happen. It should be compatible right?
Via Android & Tapatalk 2.
Click to expand...
Click to collapse
Did you get it working? According to what I found in my searches it should be compatible. But up to now, all my tries sending encrypted messages between CM10.2 with Whisperpush and a non-rooted mobile with TextSecure fail. Any hints?
There doesn't appear to be any documentation other than the API description and one blog post about it. I had no luck making it work. The TextSecure app itself works fine for me - it works, as far as I can tell, by becoming the default SMS app and thus getting all incoming SMSes and sending all outgoing SMSes, so that it's able to negotiate keying with the partner.
The integration of WhisperPush in CM11 appears to be designed to make it so you don't need to use a specific SMS app, instead intercepting SMS messages at a lower layer and doing keying negotiation there, so that the user-facing app doesn't need to deal with the specifics. I also read somewhere that CM runs their own WhisperPush server distinct from the one used by the TextSecure app, but that the servers are federated so that clients of one should be able to interact with clients of the other.
However, when trying to exchange messages between a TextSecure phone and a CM11 phone, they clearly don't negotiate anything. When sending a message from the CM11 phone, the TextSecure phone receives the plaintext SMS message immediately; it never receives a negotiation message nor is there a way to ask the CM11 phone to initiate a secure session. In theory the middleware layer could discover that the destination phone number has registered itself with the server(s) and automatically try to initiate a secure session without being asked to, but it never did this while I was experimenting with it.
When sending a message from the TextSecure phone to the CM11 phone using the TextSecure app, there is a "Initiate" button by which you can explicitly ask it to initiate a secure session. When you do this, it sends a negotiation message to the CM11 phone in order to set up the session. However, on the CM11 phone, this message is received as a plain text SMS and just displayed - it isn't intercepted by the middleware and thus the session does not get set up and CM11 never adds the other contact's key to its contact key list.
So I'm guessing part of it just hasn't been written yet. I struck out completely on trying to even find a place to discuss or ask questions about this, so I'm posting it on this thread in the hopes someone will find it while searching for the same problem and have some ideas. I don't get the impression the authors, either on the CM or WhisperSystems sides, want to hear from end users who just can't figure out how to make it work. Unfortunately I have only a very rudimentary grasp of java and android app development, and quickly got lost trying to understand the source code, though I do think it's great that it's there.
I think it would be awesome if there were some software similar to this but that "just worked" to the extent that naive end users could be using it by default without having to do much of anything to get it working - maybe some day.
epv.
I made the same observation. I could not successfully establish an encrypted connection between a whisperpush-enabled CM-device and a non CM-device with text secure. Nor did I find any information on the web regarding this.
A shame, I think this would be a really interesting feature of CM. At least, I'm not the only one who doesn't get it working...
The worst part is apparently there is no way to unregister from cm's Whisperpush servers which entails that you cannot register onto textsecures whispersystem servers. Therefore if you are running cm and want the push services from the textsecure app well then you are **** ouf of luck apparently for the moment. The whole process is supposed to be seamlessly and transparent but it seems to be becoming more of a burden which is sad because i love the concept they are trying to pitch. I guess cm kinda ruined it when when their servers were distinct from and textsecures whispersystems and failed a devlivering a notifaction when you are actually in a encrypted enviremoent. All my searches for a solution to my dilemma led me here hence why i am posting my thoughts where i guess more willing users should be able to act upon this problem.
I used the last days TextSecure on top of CM, which worked for me via SMS. Before the latest update, I did not get any registration from TextSecure. My hope was now, that after the update it might work, but I did not yet have time to try. I'll test it this evening, but you're not putting my hopes high.
I am facing the same problem. Does anybody have a solution yet? :crying:
How to contact Cyanogenmod, so my number can be deleted?
kyuubie said:
The worst part is apparently there is no way to unregister from cm's Whisperpush servers which entails that you cannot register onto textsecures whispersystem servers. Therefore if you are running cm and want the push services from the textsecure app well then you are **** ouf of luck apparently for the moment. The whole process is supposed to be seamlessly and transparent but it seems to be becoming more of a burden which is sad because i love the concept they are trying to pitch. I guess cm kinda ruined it when when their servers were distinct from and textsecures whispersystems and failed a devlivering a notifaction when you are actually in a encrypted enviremoent. All my searches for a solution to my dilemma led me here hence why i am posting my thoughts where i guess more willing users should be able to act upon this problem.
Click to expand...
Click to collapse
Same problem here... any solutions now?
IceTi said:
Same problem here... any solutions now?
Click to expand...
Click to collapse
I haven't tried it yet but this workaround seems to be successful for a few users. http://forum.cyanogenmod.com/topic/87482-critical-flaw-in-whisperpush/ .This discussion seems to be relevant to a bug report that's been going on with cm and someone seems to have come up with a smal hack that requires adb and cURL.
"I just unregistered using adb. For completeness, this is the complete sequence of what I did:
Phone:
- Developer options
- Root access -> Apps and ADB
- ADB over network -> check
PC:
$./adb connect <device ip>
$./adb shell
Phone:
$ su
# cat /data/user/0/org.whispersystems.whisperpush/shared_prefs/org.whispersystems.whisperpush_preferences.xml
# exit
$ exit
At some point the phone will ask if you want to give permission. Remember to reset the Developer options settings when done.
The printed contents from fields "pref_registered_number" and "pref_push_password" must be copied in the curl line below:
PC:
$ ./adb disconnect
$ curl -v -k -X DELETE --basic --user $pref_registered_number:$pref_push_password https://whisperpush....1/accounts/gcm/
Relevant response from curl:
[...]
* Server auth using Basic with user '<phone number>'
> DELETE /v1/accounts/gcm/ HTTP/1.1
> Authorization: Basic <some key>
> User-Agent: curl/7.33.0
> Host: whisperpush.cyanogenmod.org
> Accept: */*
>
< HTTP/1.1 204 No Content
Now wait for, say, 30 minutes and try registering TextSecure. For me this worked." by storm49152
EDIT: I can confirm that this method worked for me, currently unregistered from cm's whisperpush systems and registered now with texsecure's Open whipser systems.
Confirmed working.
ADB isnt needed, only this file. Can be opened in Root Explorer too.
I had to use curl on my linux machine, as curl on Win 7 was not supporting https.
Yeah, worked for me too!
Just tried with cm's WhipserPush and non-cm TextSecure. I had to reregister on my cm device and now it works :laugh:
But I don't get delivery reports, I don't have group chat and picture was not received...
I'm still on CM10.2.1 Does anybody know if this is solved in CM11?
Now I also use TextSecur App, as I want to have group chat and possibility to send pictures. First had to disable privacy guard. It stopped TextSecure from catching the verification SMS. Deregistered like described above.
For those who need a fix for this and aren't on the phone they registered with, I've written a Ruby script to fake a registration and use that registration to unregister all devices associated with the number. You'll need to be able to receive a text message to the number you want to unregister, but for legitimate use that shouldn't be a problem.
https://github.com/daveio/whisperpush-unregister
Hello I own a Nexus 4 and I can't unregister from CyanogenMod Whisperpush. I tried everything : the Ruby script, the official way from Cyanogen's privacy settings, the adb way;I also tried to flash the last nightly but every time I try to register within the TextSecure app it shows the same error message. Can you please help me in this?
Thank you
Inviato dal mio Nexus 4 utilizzando Tapatalk
Related
I have tried the search button have anything relatively close nor the right type of people already commenting them...further to that those that are key with understanding in this area have "not contactable by PM or email" in their profiles
Anyway, it seems that searching via Google shows that I am not the only one that is suffering from a related issue??
http://techie-buzz.com/how-to/how-to-open-db-files.html
Here too http://forum.xda-developers.com/showthread.php?t=521248
Read comments here....and we all know .db files are not unique to android alone, however the being able (or should I say not able) to assess the .db file in anything but android IS!
I have been running CM9/Oncecosmic and several other iterations of AOSP ICS early January. I keep a nearly all of my SMS/ Mms, its habit and I like to be able to access the information should it be needed. I have gone from Samsung -> to AOSP -> and now "trying" to go back again.
I have since migrated to SGSII (from SGS1) and have realised that the Mms .db will only open in an AOSP apk? If I attempt to open the .db file in Samsung it force closes. I am have been forced to run a hacked ROM now as I want to be back on Samsung based ROM, so I have gone about hacking the services.jar to bypass signature checking of apks just in order to run an AOSP app so that I can access and continue to use my Mms.
I don't want to wipe and refuse to believe that this is the only answer and that these isn't some kind of fix for it?
If someone is able to shed any light on this subject and as to why the Mms is corrupt when only viewed in anything but AOSP apps and/or a fix to be able to make this .db work again inside of Samsung I will happily send a donation. I donate to a lot of people on this forum, and am very appreciate of developers time as well as of this community as a whole.
Thanks,
James
Edit: Yes I have tried to clear caches and so forth, I am no n00b....save the condescending replies
26 views and no replies
Surely someone out there understands the complexities of the Mms .db? I can't even view any content inside of it outside of Android its self. I am used to a PC and a keyboard and SQL DB and its just f*%#ed on a phone, not to mention totally different syntax to what I am used to. Does anyone know of any application that can view this data? Anything SQLite DB viewer on Source forge doesn’t work.
Jesus Freak where are you? I'm jokin, you probably get hit up about a million posts a day hense your set to not contactable. Anyone with as much knowledge that is willing to help feel free to respond.
Hello! Very recently one of my servers restarted unexpectedly, since one of my services does not start on boot that service was down all day until I got home.
Someone in my IRC-channel said to me that some kind of script would be good to check if a server was up, he said that the script would check if the server is up, if it is not up it would send me a text message. I took that script a bit further by making an app for it. So here I am today. Having multiple ideas of how I am going to continue development of this app, it has becomed more a IDS than a check-if-up-app.
Features that I am about to implement:
Checks response time
Checks if service is up (by checking if it can connect to specified port)..
It will be able to see how much processor and memory the server is using (through SSH)
Will be able to check for file changes in a directory (through SSH)
Will have similar features as fail2ban, notify if any bruteforce attempt is happening, notify if any unrecognized IP has logged in to the server (through SSH).
As you might see most of the features will use SSH, mostly because of not having to install software on the server.
How many out there do you think would be interested in this kind of app? Is it worth continue developing?
Hi Folks,
My company is importing some Android-based TV boxes from China, and we're experiencing a strange bug with some apps we are developing to run on them. I'm trying to find a specific solution that I can tell them to implement in a firmware upgrade, but I am not sure where to look, so I hope someone here can help!
Anyway here is the problem. In some apps (especially Adobe AIR-based ones), there seems to be a limit to concurrent HTTP requests to a web server. On an earlier ICS 4.0.4 firmware for these devices, this did not cause any problems. But they recently released a JB 4.1.1 firmware, and this problem occurs.
Let's say an app requests 20 items by HTTP from a web server (XML files, PNG or JPG images). What will happen is about 2/3 of these will be sent back, and the rest just remains blank, as if in a perpetual waiting status.
Looking at the web server's logs, there is no requests at all for these missing items.
And, it's totally random. If you re-launch the app, the missing items will be different ones.
So, I am guessing the app can only request so many things at the same time.
No, does anyone know of a system property that could be adjusted to solve this?
BTW I am unable to replicate this bug on any other device. The TV boxes in question are based on Rockchip 3066 SoC's
Using modern HTTP (i.e. HTTP/1.1), you should never open an excessive amount of sessions. Never more than four simultaneous. Using HTTP/1.1 keep-alive, all requests are sent using those four sessions interleaved. If opening one session per object, and doing this in parallel, you'd most certainly lose things due to resource starvation, e.g. the server gets out of worker forks.
That's the weird thing, on the web server, keepalive is on (I also tested with it off, it was worse)
So maybe it's the opposite, AIR or the firmware or something is trying to send more requests than it should, so some are blocked indefinitely?
eTiMaGo said:
That's the weird thing, on the web server, keepalive is on (I also tested with it off, it was worse)
So maybe it's the opposite, AIR or the firmware or something is trying to send more requests than it should, so some are blocked indefinitely?
Click to expand...
Click to collapse
Not blocked, but replied with a TCP reset. Run tcpdump to see what's going on.
Thanks for the tip, I managed to root the box and run tcpdump on it, but I'm a bit lost now... I tried to filter RST packets on port 80 but can't seem to find any.
Any hints on what I should look for/command syntax to use?
eTiMaGo said:
Thanks for the tip, I managed to root the box and run tcpdump on it, but I'm a bit lost now... I tried to filter RST packets on port 80 but can't seem to find any.
Any hints on what I should look for/command syntax to use?
Click to expand...
Click to collapse
Dump all packets between the hosts: tcpdump -i ethx -s1500 -w packets.pcap host host.nr.one and host host.nr.two
Run the app, then analyze the packets.pcap file for any anomalies (tcpdump -r packets.pcap).
Hey everyone,
This one really has me stumped. My work is finally moving it's email from Exchange to Google Apps for Business, and for many reasons at first I couldn't be happier. I signed on as an early adopter and have now realized I've hit a huge snag. I can no longer get email notifications on my device without basically giving my employer nearly full control of my personal device. They are requiring the Google Apps Device Policy and forcing a 6 character password to unlock my device, encryption, and permission to remote wipe, among other things. I just really don't feel comfortable giving them that kind of control over my personal device but I do need immediate access to my email to stay on top of things since I'm out in the field way more often than I get a chance to sit in an office. The mobile Gmail site works well enough, but not as well as IMAP support with push notifications would. When we were on Outlook, their policy was essentially similar in that you couldn't bring your own device, but I was able to find a nice app called Outlook Web Mail for Outlook OWA Web Mail which essentially logs into the webmail site and was able to present it in a mobile format and even offer notifications.
I guess what I'm looking for at this point is something similar. I'm hoping someone can suggest an app that, as far as the server is concerned, is just checking the mail from the mobile website but is presenting it to me in an app that is able to give me notifications, even if it's on an interval and not push. Does anyone know if such an app exists for Google Apps for Business accounts or is even possible?
If not, then I guess the next thing I would be looking for is a hackier workaround that can convince the server that I'm abiding by all the rules and still allow me to do whatever I want with my device. I realize this is riskier as far as getting me into trouble but I am rooted and familiar with flashing, Xposed Modules and whatnot (I was surprised my device was even approved with my root status and custom rom).
So sorry for the dissertation but I wanted to lay the whole situation out. I found other threads about GADP but they were more talking about device compatibility rather than a workaround/bypass for it. Anyone gone through something similar at their job? Any help would be greatly appreciated. Worse come to worse, the mobile site isn't the worst thing in the world considering that Outlook mess we came from. Thanks in advance.
My device:
Retail Verizon Note 3 rooted with SafeStrap running the latest Eclipse ROM
anyone?
Well is there any way to receive notifications from the mobile site? I think I recall a few years back when Google pulled sync support for iOS that some iPhone users had to do some shenanigans like this without push support and people used apps that were essentially browsers to check mail and provide notifications. Is there anything similar on Android? Or does it not exist since it's a niche concept? I just have a hard time believing I'm the only person with this problem.
If you want to just access emails, calendar, etc., try Touchdown. https://play.google.com/store/apps/details?id=com.nitrodesk.droid20.nitroid&hl=en
You will not use the gmail or google contacts/calendar app though.
Blis said:
If you want to just access emails, calendar, etc., try Touchdown. https://play.google.com/store/apps/details?id=com.nitrodesk.droid20.nitroid&hl=en
You will not use the gmail or google contacts/calendar app though.
Click to expand...
Click to collapse
That's for the reply. I'll give that a go. I've actually rigged it up so I still get notifications at this point through filters and auto forwards to my personal account. But something more native would be a lot better. Thanks again.
No further information on this thread?
I'm in the same situation with my company making the switch to google apps. They are enforcing encryption and non root'd phone. I have found that I can use IMAP to get my email, but my calendar is not found.
I have looked into just circumventing the checks....the only encryption solution i've found is some twrp/titanium back up so that you can at least easily recover systems after u've already been encrypted (not exactly a great solution).
As for the root access, ,the only solution i've found is with rootcloak (im not even sure if either of these solutions would actually work. I'm very much interested in a real solution.
Rootcloack didn't work for me, but that was 8 months ago. Try Touchdown, it's free for 30 days.
Try bluemail.
nomaanym said:
Try bluemail.
Click to expand...
Click to collapse
No luck for me. I appreciate the recommendation. I thought it was going to work when it went through my job's secure portal for setup but not such luck.
I'm looking for a way to do this as well.
I'm in a very similar situation and looking for the same workaround. Currently I'm able to use Edison Software's "Email" app to log in my corporate email account, but without the ability to receive notifications... which is a step better to endure the horrible mobile UI on gmail's website, but still would be better to have push notifications
Have you found any good alternative for gmail/hangouts/sheets without having to install "device policy"??
B1gC72 said:
Hey everyone,
This one really has me stumped. My work is finally moving it's email from Exchange to Google Apps for Business, and for many reasons at first I couldn't be happier. I signed on as an early adopter and have now realized I've hit a huge snag. I can no longer get email notifications on my device without basically giving my employer nearly full control of my personal device. They are requiring the Google Apps Device Policy and forcing a 6 character password to unlock my device, encryption, and permission to remote wipe, among other things. I just really don't feel comfortable giving them that kind of control over my personal device but I do need immediate access to my email to stay on top of things since I'm out in the field way more often than I get a chance to sit in an office. The mobile Gmail site works well enough, but not as well as IMAP support with push notifications would. When we were on Outlook, their policy was essentially similar in that you couldn't bring your own device, but I was able to find a nice app called Outlook Web Mail for Outlook OWA Web Mail which essentially logs into the webmail site and was able to present it in a mobile format and even offer notifications.
I guess what I'm looking for at this point is something similar. I'm hoping someone can suggest an app that, as far as the server is concerned, is just checking the mail from the mobile website but is presenting it to me in an app that is able to give me notifications, even if it's on an interval and not push. Does anyone know if such an app exists for Google Apps for Business accounts or is even possible?
If not, then I guess the next thing I would be looking for is a hackier workaround that can convince the server that I'm abiding by all the rules and still allow me to do whatever I want with my device. I realize this is riskier as far as getting me into trouble but I am rooted and familiar with flashing, Xposed Modules and whatnot (I was surprised my device was even approved with my root status and custom rom).
So sorry for the dissertation but I wanted to lay the whole situation out. I found other threads about GADP but they were more talking about device compatibility rather than a workaround/bypass for it. Anyone gone through something similar at their job? Any help would be greatly appreciated. Worse come to worse, the mobile site isn't the worst thing in the world considering that Outlook mess we came from. Thanks in advance.
My device:
Retail Verizon Note 3 rooted with SafeStrap running the latest Eclipse ROM
Click to expand...
Click to collapse
scorpienez said:
Have you found any good alternative for gmail/hangouts/sheets without having to install "device policy"??
Click to expand...
Click to collapse
Nope. It just doesn't work on Android. They gave me an iPhone (I asked for a Pixel ) when I got a promotion last year, so now I just carry 2 phones. That said, I haven't rooted in a while so I don't know what's happening in that front anymore.
I don't think there's a way to do what I was trying to do before. Sorry folks.
Me too...
B1gC72 said:
Nope. It just doesn't work on Android. They gave me an iPhone (I asked for a Pixel ) when I got a promotion last year, so now I just carry 2 phones. That said, I haven't rooted in a while so I don't know what's happening in that front anymore.
I don't think there's a way to do what I was trying to do before. Sorry folks.
Click to expand...
Click to collapse
I'm sorry to hear that. My educational institution's unlimited-storage Google account seems like the perfect match for this phone, but draconian MDM is a non-starter. Hopefully someone in the community does find a workaround at some point!
I have the exact same problem. I got a new personal phone which I was hoping I would be able to use Gmail and Google Classroom on for school but the device policy manager deactivates a bunch of my settings when i try it. The accounts just don't work without the policy manager, from the internet or the app. Do you think that if I were to speak to the school about it that they would be able to remove it? or is it impossible from their end due to the privileges they need over the account for security etc?
Thanks for your help,
Boxboy5
Blis said:
If you want to just access emails, calendar, etc., try Touchdown. https://play.google.com/store/apps/details?id=com.nitrodesk.droid20.nitroid&hl=en
You will not use the gmail or google contacts/calendar app though.
Click to expand...
Click to collapse
We're sorry, the requested URL was not found on this server.
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Sent from my GT-I9301I using XDA Forums Pro.
mihai.apostu98 said:
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Sent from my GT-I9301I using XDA Forums Pro.
Click to expand...
Click to collapse
Heres some useful info:
http://www.cnet.com/news/researcher-finds-mother-of-all-android-vulnerabilities/
That's some info, but not really anything useful. Does this mean Google has a patch, will they be pushing that our or will there be ways to patch custom ROMs sooner even? These are all unanswered, though would be nice to know...
"As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control." - cnet
I see it like this:
1. MMS with video arrives
2. Messaging app loads the video in Stagefright where it will processed for better playback.
3. Video is ready for playing.
As I figure out from Google's Android site about Stagefright, it is a service that take care of video/audio/other media related stuff offline and local.
How can hackers connect with Stagefright if Stagefright is an offline service? And anyway how can an media service recive code to execute as an remote command execution for whole system?
Sorry but I just don't get it at all.
mihai.apostu98 said:
How can Android system be hacked just by one MMS? I heard from news sites that there was found an exploit for 95% of Android phones (Android 2.3+) that can take control of the whole device just for one MMS and without letting you know. How can it be possible and how I can prevent it?
P.S.: I don't want to hack nobody's phone as I have no friends. Just curious.
Click to expand...
Click to collapse
Here's further info. Google has apparently already sent the patches, 7 in all, to the various phone manufacturers.
Because of fragmentation, though, some of them may never send out these fixes. Since these have assumedly been committed to the source code online, they should theoretically be available for download at some point as well. However, you'd (likely) need to be rooted to apply them.
In the meantime, go into your SMS application (usually Hangouts these days) and turn off automatic MMS retrieval. Then, do not accept any photos or videos from anyone you don't know. I am not sure, but I worry it's also possible you might get it from someone do know who is already infected, so just operate with an abundance of caution overall, I guess. And keep an eye out for news here, because it will probably be one of the first places they become available.
mihai.apostu98 said:
"As soon as the malicious text is received, features built into Stagefright to reduce lag time for viewing videos process the video to prepare it for viewing. That processing apparently is enough for bad guys to get their hooks into the platform and take control." - cnet
I see it like this:
1. MMS with video arrives
2. Messaging app loads the video in Stagefright where it will processed for better playback.
3. Video is ready for playing.
As I figure out from Google's Android site about Stagefright, it is a service that take care of video/audio/other media related stuff offline and local.
How can hackers connect with Stagefright if Stagefright is an offline service? And anyway how can an media service recive code to execute as an remote command execution for whole system?
Sorry but I just don't get it at all.
Click to expand...
Click to collapse
People connect with Stagefright by sending you the malicious code contained within the MMS. Once that code gets (usually automatically) processed by the Stagefright service already locally present, it exploits security vulnerabilities to hand control of your device over to whomever is waiting on the other end. As for a media service being able to control the whole system, think of how Flash (a media service) and Microsoft had those zero-day UaE bugs that would allow someone to take over your PC. The logistics may be different, but the concept is the same.
If I remember correctly, there are ways to turn stagefright on/off by editing your build.prop file (easily found on XDA). I don't know if there is another subservice or what that could be running, and I haven't devved since Android 4 dropped, so don't get your hopes up.
Hope that helps.
I gather that Google has a patch. Has it been pushed out to Nexus devices?
pomeroythomas said:
If I remember correctly, there are ways to turn stagefright on/off by editing your build.prop file (easily found on XDA). I don't know if there is another subservice or what that could be running, and I haven't devved since Android 4 dropped, so don't get your hopes up.
Click to expand...
Click to collapse
Excellent idea, +thanks. Et voilà, what appears to b-e in my KitKat:
media.stagefright.enable-player=false
media.stagefright.enable-meta=false
media.stagefright.enable-scan=false
media.stagefright.enable-http=false
media.stagefright.enable-rtsp=false
media.stagefright.enable-record=false
Now, this can break all kinds of things if you don't know what you're doing. Use a build.prop editor from the Play Store.
I don't know that they all need to be false to plug this hole. But those are the relevant lines.*
UPDATE [10 Aug 2015]: This doesn't affect what the Zimperium scanner says is vulnerable, which may indicate the edit won't protect you. It's unclear at this point.... read the latest posts in this thread for possible info. You can turn off auto-retrieve in MMS, but SF exists at other levels of the operating system. I suppose it couldn't hurt to do the build.prop, but don't rely on it.
voxluna said:
Excellent idea, +thanks. Et voilà:
media.stagefright.enable-player=false
media.stagefright.enable-meta=false
media.stagefright.enable-scan=false
media.stagefright.enable-http=false
media.stagefright.enable-rtsp=false
media.stagefright.enable-record=false
Now, this will probably break all kinds of things, and I don't know that they all need to be false to plug this hole. But those are the relevant lines.
Click to expand...
Click to collapse
Thanks for the thanks!
You probably won't break much of anything; 90% of today's phones are powerful enough that you don't REALLY need Stagefright handling the media unless you're playing very intensive games on your device. The most you'll likely experience is not-quite-as-good benchmarking numbers.
pomeroythomas said:
Thanks for the thanks!
You probably won't break much of anything; 90% of today's phones are powerful enough that you don't REALLY need Stagefright handling the media unless you're playing very intensive games on your device. The most you'll likely experience is not-quite-as-good benchmarking numbers.
Click to expand...
Click to collapse
I had honestly never heard of StageFright, and I've been using Android since the very first device came out. But if it's possible to run all the usual media, just with a performance penalty, I'm going to change it right now (I did, and this happened).
Also, I just read an article claiming that fragmentation is not so much of an issue these days, because Google Play Services is mandatory. I wonder if it can proactively change something like this, on its own?
voxluna said:
I had honestly never heard of StageFright, and I've been using Android since the very first device came out. But if it's possible to run all the usual media, just with a performance penalty, I'm going to change it right now.
Click to expand...
Click to collapse
The only reason I even know about Stagefright is because my very first, 550MHz, resistive touchscreen Kyocera Zio shipped with Stagefright disabled by default. Haha.
Also, I just read an article claiming that fragmentation is not so much of an issue these days, because Google Play Services is mandatory. I wonder if it can proactively change something like this, on its own?
Click to expand...
Click to collapse
I would assume it's possible (this is just an arbitrary code execution issue, I think), but having had that vulnerability built into pretty much every ROM for the last 5 years could be a problem in that I'm not 100% sure that Google Play Services has the access to shut down the Stagefright service (no root access, etc), so I'm pretty sure Google Play Services would be less of a fix than a piece of software that actively tries to mitigate the breach.
I could be wrong, though; I'm basically guessing as I haven't looked into the malicious code.
Xposed Android will no doubt have either a module for this or existing bugfix modules will be updated to include this vulnerability in the coming days, and due to the nature of Xposed modules taking over services the ROM is trying to run without actually messing with your ROM, I'm sure it'll be a universal fix.
Personally, I just shut off the Stagefright service using my build.prop and am patiently awaiting someone more skilled than I to create a fix.
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Morlok8k said:
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Click to expand...
Click to collapse
Here's hoping!
Morlok8k said:
i could see this as a useful root method for lollipop, and other versions that don't have root methods yet.
Click to expand...
Click to collapse
pomeroythomas said:
I'm not 100% sure that Google Play Services has the access to shut down the Stagefright service (no root access, etc), so I'm pretty sure Google Play Services would be less of a fix than a piece of software that actively tries to mitigate the breach.
Click to expand...
Click to collapse
Come to think of it, if this exploit allows any kind of root, I suppose it'd be possible for Services itself to use that hole, and therefore be able to patch StageFright. A weird workaround, but entirely possible. Something tells me they won't use it, though, as technically feasable as it may be. I'm really hoping for that Xposed fix, just like GravityBox can patch FakeID. Which, indeed, Services eventually mitigated (for the most part).
commits on android.googlesource.com
Has anyone tracked any commits in android.googlesource.com related to stagefright?
Is this really a viable fix for this? I copied it from another website
If you turn off the following settings in your messaging app/apps on your device:
Auto-retrieve MMS. Check to automatically retrieve multimedia messages that you receive. If auto-retrieve is unchecked in your Messenger MMS settings, you must touch Download to view the message.
Roaming auto-retrieve. Check to automatically retrieve multimedia messages while roaming.
Then when you receive the text with this exploit it will not download to your phone unless you hit the download button. So looks like this can be turned off without a patch but patches are needed cause not everyone is smart enough to turn these off.
iverson3-1 said:
Is this really a viable fix for this? I copied it from another website
Auto-retrieve MMS. Check to automatically retrieve multimedia messages that you receive. If auto-retrieve is unchecked in your Messenger MMS settings, you must touch Download to view the message.
Roaming auto-retrieve. Check to automatically retrieve multimedia messages while roaming.
Then when you receive the text with this exploit it will not download to your phone unless you hit the download button. So looks like this can be turned off without a patch but patches are needed cause not everyone is smart enough to turn these off.
Click to expand...
Click to collapse
That should be one way to disable the hack. It's unclear from what I've read if it only affects Hangouts, or all SMS clients. What I've done is disable any auto MMS retrieve in my own messaging app, which in my case is mySMS. I suppose it couldn't hurt to do it in Hangouts as well.
This should cover it, but I think you still run the risk of someone you know sending (probably without their knowledge) an infected video -- much like trojans that take over a PC, and use the internal contact list to send mail as though they were your friend, they could exploit your trust.
Patching the build.prop theoretically protects from this, which I've personally done, but it's not for the faint of heart. If you screw it up, you could render your phone a mess. I wish I knew more about app development, because I would write something that did all this stuff automagically.
voxluna said:
Patching the build.prop theoretically protects from this, which I've personally done, but it's not for the faint of heart. If you screw it up, you could render your phone a mess.
Click to expand...
Click to collapse
Aaaaaand that's what I just did. I'm in a boot loop after changing the build.prop file. This is going to be really fun with an encrypted data partition that holds the backup I just made.
Be warned.
UPDATE: I had to reflash the ROM, and the entire experience took about 2.5 hours because I couldn't get a KDZ to work. I decided that since it was going to be a full wipe, at least I would upgrade to Lollipop, but I'll have to set up the entire phone all over again. I suspect the problem was that I didn't pay attention to the permissions of that file when I edited and transferred it from another machine. Ugh. I just went back and put warnings on all my posts about the build.prop lines.... and it would be better to just wait for patches, IMO. This thread is progressing quickly now.
i tried tracking the fix on android source repo. but the only recent commit against libstagefright is on July 7th.
Fix global-buffer-overflow in voAWB_Copy.
Copy() in frameworks/av/media/libstagefright/codecs/amrwbenc/src/util.c always
overreads the buffer by 4 bytes to the right, which, if we are very unlucky,
can even hit an unmapped memory page (in this case it is just a global
variable).
Click to expand...
Click to collapse
Hi all,
in my case, as I plainly don't use the MMS feature, I simpl deleted the MMS apn. Is this a possible workaround for this problem (at least, until it gets fixed somehow)?