Krack was WiFi vulnerability - Honor 9 Questions & Answers

Google have released security patch but when will Honor owners get it?
I've had my phone 6 weeks and haven't received a single update. It's still on b100 & May security patch. The lack of any update is very worrying especially when a vulnerability such as Krack is identified.
Honor need to act NOW.

Honor released the B130 update in August, and it is releasing a new B150 update.

But not to all owners.
That's the issue with Honor updates.
I understand and accept the need to release updates to a small number of users initially to make sure there are no major problems. However, I've not received an update, so either Honor haven't fully released b100 or there is a problem with their update process.
It doesn't bode well when a vulnerability such as Krack is identified.
I'm on May security patch & its October!

dhj49er said:
But not to all owners.
That's the issue with Honor updates.
I understand and accept the need to release updates to a small number of users initially to make sure there are no major problems. However, I've not received an update, so either Honor haven't fully released b100 or there is a problem with their update process.
It doesn't bode well when a vulnerability such as Krack is identified.
I'm on May security patch & its October!
Click to expand...
Click to collapse
Use the Firmware Finder app to get the update. Not the latest security patch but it's August, good enough I think.

dhj49er said:
But not to all owners.
That's the issue with Honor updates.
I understand and accept the need to release updates to a small number of users initially to make sure there are no major problems. However, I've not received an update, so either Honor haven't fully released b100 or there is a problem with their update process.
It doesn't bode well when a vulnerability such as Krack is identified.
I'm on May security patch & its October!
Click to expand...
Click to collapse
Try Firmware Finder. It worked for me many times.

I have tried using FF with no success.
I have skelter the update files and placed the app file in the dload folder on so card and in each case updates failed.
I then tried using proxy & system update successfully downloaded the b150 538MB update. However, the update failed, this time with a warning that the phone might be corrupted. Fortunately it wasn't, but has left me concerned if I try updating using FF.
Am I doing something wrong?
I'm sure I've followed all the steps correctly.
Any help would be appreciated.
TIA

With the B150 I had the same problem. It's probably caused by the update.
Gesendet von meinem STF-L09 mit Tapatalk

dhj49er said:
I have tried using FF with no success.
I have skelter the update files and placed the app file in the dload folder on so card and in each case updates failed.
I then tried using proxy & system update successfully downloaded the b150 538MB update. However, the update failed, this time with a warning that the phone might be corrupted. Fortunately it wasn't, but has left me concerned if I try updating using FF.
Am I doing something wrong?
I'm sure I've followed all the steps correctly.
Any help would be appreciated.
TIA
Click to expand...
Click to collapse
Is it still giving the warning?

dhj49er said:
I have tried using FF with no success.
I have skelter the update files and placed the app file in the dload folder on so card and in each case updates failed.
I then tried using proxy & system update successfully downloaded the b150 538MB update. However, the update failed, this time with a warning that the phone might be corrupted. Fortunately it wasn't, but has left me concerned if I try updating using FF.
Am I doing something wrong?
I'm sure I've followed all the steps correctly.
Any help would be appreciated.
TIA
Click to expand...
Click to collapse
I don't think that issue was related to FF - I received 538MB b150 OTA, and same issue occurred - update failure (it updated to b130 from b100 though). Then 3gb full b150 update was downloaded and successfully installed.

Related

OTA update, and still vulnerable?

I received the OTA update to software version 4.28.502.2 yesterday and it installed with zero problems. (The hardest part was dealing with the slow transfer of files as I backed up my phone before installing said update.) My phone is completely stock (running Android 5.0.2), and no root. That being said, I checked tonight to see if I was still vulnerable... and apparently I still am. The impression I got yesterday (I received the notification that an update had been downloaded, but I looked it up before I applied it to see what it was about) was that the update was to fix the vulnerabilities of my phone. I have looked, and verified, on AT&T's webpage about the update that everything matches. Two separate apps, one by Zimperium, say that I'm still vulnerable. The Zimperium app says its due to CVE-2015-3864.
Trying to find information about CVE-2015-3864 has been a pain. All I've been able to locate is this:
It is important to note all Common Vulnerabilities and Exposures (CVEs) were patched, and Google has assigned the Exodus discovery with CVE-2015-3864, so it is well aware of the problem.
Click to expand...
Click to collapse
(source)
and:
"The issue is still exploitable, despite the patches currently being shipped to Android devices," Exodus Intelligence wrote in a blog post on Aug. 13. "As of this morning, Google has notified us they have allocated the CVE [Common Vulnerabilities and Exposures] identifier CVE-2015-3864 to our report."
Click to expand...
Click to collapse
(source)
Has anyone else downloaded the OTA update, and then checked to see if they are still vulnerable and found out they were?
Attached are screenshots of the results, and my phone's software (as well as other) information that matches up to what AT&T says it should be after the update.
I have not been able to update yet due to me not being able to find the stock recovery for 4.28.502.1 (the 5.0.2 update). However I do remember reading an article recently that reported the same vulnerability that you are seeing.
ZehelSitchel said:
I have not been able to update yet due to me not being able to find the stock recovery for 4.28.502.1 (the 5.0.2 update). However I do remember reading an article recently that reported the same vulnerability that you are seeing.
Click to expand...
Click to collapse
+1
indiana99 said:
+1
Click to expand...
Click to collapse
+2
I went back to stock and got the update. Running a few of those programs it say's I'm still vulnerable as well.
.
jpeepers said:
I went back to stock and got the update. Running a few of those programs it say's I'm still vulnerable as well.
.
Click to expand...
Click to collapse
Do you have a link to the stock recovery?
GrandAdmiral said:
Do you have a link to the stock recovery?
Click to expand...
Click to collapse
No, never could find it. I RUU'd back to stock (complete start over)
.
jpeepers said:
No, never could find it. I RUU'd back to stock (complete start over)
.
Click to expand...
Click to collapse
The ruu has the Stagefright patch in it. Dated 08/26/2015
http://www.htc.com/us/support/htc-one-m8-att/news/
I installed the OTA and the Lookout Stagefright Detector says I am no longer vulnerable.

Kiwi L24 OTA update 351

Just checked and received a ota update on mine for the January security update and few fixes. Anyone else get it?
Just got it, it was fast update, rebooted and everything is okay
Quick question; I have the KIW-L24 model with TWRP and root by SuperSU, on a stock ROM though. I received the notification for the quick OTA update, but I'm worried it might brick my phone. Is it safe for me to download and uninstall it like the system suggests me to?
It sure took them long enough for this but I also got it updated only yesterday after reverting back to Stock via the UPDATE.APP in Dload folder method and pressing all 3 side buttons and letting it do it's thing.
It actually seems the Honor 5X runs better now but am not exactly sure what changed that yet.
Update.app got installed!
RE: I know this is old but...
GrimReaper24 said:
Just checked and received a ota update on mine for the January security update and few fixes. Anyone else get it?
Click to expand...
Click to collapse
Can you share the file, I am on l24 EMUI 4.0 MM 6.0.1 but no ota received.

Update with new firmware shows "wrong security level"

Because I didn't get OAT update I downloaded the complete firmware
"XT1941-4_DEEN_RETEU_9.0_PPK29.68-16-8-1_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml" (date 2019-01-08) and flashed it using this script. https://forum.xda-developers.com/showpost.php?p=78287372&postcount=18
All went well. And root with Magisk wasn't a problem.
But why does security level show security update of November???
Sylvia said:
Because I didn't get OAT update I downloaded the complete firmware
"XT1941-4_DEEN_RETEU_9.0_PPK29.68-16-8-1_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml" (date 2019-01-08) and flashed it using this script. https://forum.xda-developers.com/showpost.php?p=78287372&postcount=18
All went well. And root with Magisk wasn't a problem.
But why does security level show security update of November???
Click to expand...
Click to collapse
I don't know what that firmware is all about. Build date is from end of November if I remember it right. I never flashed it.
December patch is 29.68-16-21. Unfortunately it doesn't seem that the RETEU December update is available for download anywhere.
Sent from my H9436 using Tapatalk
Because the file is dated "2019", I thought that is is the actual firmware. Some of the files inside the zip are from November, some from December...
Ok, so I have to wait if I'll get the update the next days. There is no way to "force" that, is it???
You should have got it already, but it needs full stock without root to install without error.
Go to settings / system / advanced and check for update.
Sent from my Motorola One.
Don't know if anybody had the same problem with OAT Updates: Meanwhile the full firmware with security level 1st January can be downloaded here
https://mirrors.lolinet.com/firmware/moto/deen/official/RETEU/XT1941-4_DEEN_RETEU_9.0_PPKS29.68-16-21-2_cid50_subsidy-DEFAULT_regulatory-DEFAULT_CFC.xml.zip

Have a messed up my Mate 10 Pro with Firmware Finder?

Hello!
I have updated to pie .161 using the erecovery method via FF. Now if i use the erecovery normally on my phone it just say "Getting package info failed".
This isnt normalt right? There should always be a possibility to restore my phone via this erecovery right? Whats going on?
Have I messed up my phone now?
Cloudstrife said:
Have I messed up my phone now?
Click to expand...
Click to collapse
Erecovery can not mess up your phone.
Erecovery can only recover to the latest available firmware. I guess one reason why you used erecovery is because you have not received the official ota yet. Obviously it cannot recover to Emui 8 easily and emui9 is not officially pushed to your device yet. Result: erecovery cannot find a firmware to recover yet. Though it should be able to discover the 161 build later. It should be the point of time when you would have received the official ota if you had not upgraded yet manually.
The irony :laugh:
Cloudstrife said:
Hello!
I have updated to pie .161 using the erecovery method via FF. Now if i use the erecovery normally on my phone it just say "Getting package info failed".
This isnt normalt right? There should always be a possibility to restore my phone via this erecovery right? Whats going on?
Have I messed up my phone now?
Click to expand...
Click to collapse
The very same thing happened with me when i update my phone through FunkyHuawei. Erecovery stopped working. Then i roll back to Oreo and then install OTA update. Everhthing is working perfectly fine again. Always use the offcial method.
Same thing happened to me but I used the hicare method so it should be official ota but still broke kt
eyeb said:
Same thing happened to me but I used the hicare method so it should be official ota but still broke kt
Click to expand...
Click to collapse
You cannot break the phone by using either FF or erecovery (if your phone is (re)locked and you install approved firmware). That is a fact.
Erecovery is like official OTA. If the firmware is faulty not approved or otherwise not meant to be installed it will only download but fail to verify and install.
It has been reported by fh though that a factory reset on emui 9 beta builds stopped erecovery from working. That is why they came up with the hisuite method for downgrading/updating on emui9.
0alfred0 said:
You cannot break the phone by using either FF or erecovery (if your phone is (re)locked and you install approved firmware). That is a fact.
Erecovery is like official OTA. If the firmware is faulty not approved or otherwise not meant to be installed it will only download but fail to verify and install.
It has been reported by fh though that a factory reset on emui 9 beta builds stopped erecovery from working. That is why they came up with the hisuite method for downgrading/updating on emui9.
Click to expand...
Click to collapse
I downgraded using hisuite, :/ guess I'm back on android 8, but I don't mind so much since I didn't like android 9 that much. I didn't see any improvements overall so going back to 8 was something I thought about before. Now I have a reason to fix this erecovery thing
Found this interesting, after downgrade to 8, I kept the wireless projection function from Android 9 after I restored the backup.
Edit NVM it was the mirrorcasting

My S9+ running Oreo claims it's up to date. Best method to manually update?

I just purchased a used AT&T SM-G965U. My carrier is Google Fi. It's running Android 8.0 and Samsung Experience 9.0. Build number is G965USQU3BRK1. Last security patch was November 1, 2018. When I try to update OTA or with Smart Switch both claim my phone is up to date.
I started looking into how I might manually update the phone and found some instructional pages for updating via ODIN, but was not able to find the correct firmware to update to Pie using that method. I did however find a thread on the XDA forums with a download link for an SM-G965U Pie build. Someone posted in that thread that it is possible to update the phone with a micro SD in recovery mode. Even with that being the case the firmware.science page linked in the thread specifically says that the firmware will update my phone from version G965USQS3BRK2 to version G965USQU3CSAB. This seems like a problem since my phone is running G965USQU3BRK1 which I assume is an older build based on the BRK1 designation. Will this update method even work with my phone? Do I need to update to BRK2 before I use the firmware linked in the thread? If so is the BRK2 firmware available for download anywhere? Or failing that is there an ODIN firmware update available?
Update: I tried updating via micro SD in recovery mode using a firmware update downloaded from firmware.science that is supposed to update my SM-G965U from version G965USQU3BRK1
to version G965USQU3CSA5. The update was aborted due to "unexpected contents". I transcribed the error at the bottom of this post. Not sure what else I can do if I can't find an ODIN firmware. If I used the modifed ODIN to flash my phone with U1 firmware would that enable updates through normal (OTA/Smart Switch) channels?
E3005: "EMMC://dev/block/bootdevice/by-name/modem:83300864:2d921fc2a30290a4f894ef4e5528ab83263913ec:84005376: 12c0577b202561c4a0732793bdbaf3a04eca67f0" has unexpected contents.
E:Error in /sideload/package.zip (Status 7)
Installation Aborted.#1
Update 2: I managed to find the ODIN firmware update files and successfully flashed my phone with a Pie build. Disregard this post.
I'm having the identical problem, only with Verizon SM-G965U. Android 8.0.0, last security update Nov 2018. Can someone guide me to the solution?
Thanks
DIncLover said:
I'm having the identical problem, only with Verizon SM-G965U. Android 8.0.0, last security update Nov 2018. Can someone guide me to the solution?
Thanks
Click to expand...
Click to collapse
What firmware are you currently on?
I've done a bit of research since I first posted this and think I know what's going on. This phone was supposedly new, unlocked. Then I found out SM-G965U is actually locked. It booted up with Verizon logo and worked on Verizon network, so I was ok with that. When I checked the firmware version, it was ....BRK1 (I don't have the phone in front of me), which I looked up to be Sprint firmware! This would explain why it doesn't get updates on Verizon's network, wouldn't it? How this came to be, I don't know, but I think I can proceed by getting a later Oreo or maybe Pie version for VZW and flashing it with Odin.
Comments, if any, are welcome.
If memory serves correctly if your firmware is a certain amount of revisions behind what is currently released then the OTA update and samsung switch will say your firmware is up to date. Even though it obviously is not up to date, it has something to do with how far behind in updates the phone is.
In which case you should be able to update your phone using the patched ODIN and the firmware files found on sammobile or via samfirm app. Thee files from sammobile or samfirm are not ones you can flash via SD card in the recovery menu, the OTA files and what are offered on sammobile or samfirm app (and from here unless otherwise specified) are two different things.
I would note that you might have to factory data reset your phone after flashing the new firmware. It's one possible result of flashing a newer firmware to a phone that has an older firmware like that installed.

Categories

Resources