a guest Oct 22nd, 2010 502 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [08:11pm] * Now talking in #zteblade
  2. [08:11pm] * Topic is 'Room For ZTE Blade/Orange San Francisco ROM and App Development, please feel free to give any input you think relevent'
  3. [08:11pm] * Set by Stephen_H on Fri Oct 22 15:44:10
  4. [08:15pm] * tocixxx (d58f78dc@gateway/web/freenode/ip. Quit (Ping timeout: 265 seconds)
  5. [08:18pm] * tocixxx (d58f78dc@gateway/web/freenode/ip. has joined #zteblade
  6. [08:18pm] <tocixxx> mkay.. done with the libs anything else i missed ?
  7. [08:19pm] <DJ_Steve> shouldn bv - reboot is required
  8. [08:19pm] <tocixxx> already done
  9. [08:20pm] <DJ_Steve> check logcat as you wont get signel without removing all the apps and copying froyo aosp ones in due to some securitysms.apk app
  10. [08:20pm] <tocixxx> i. c.
  11. [08:21pm] <flibblesan> what is that securitysms.apk app anyway?
  12. [08:21pm] <DJ_Steve> i dont know from the error i posted on modaco earlier it seems to try and send a sms but fails
  13. [08:21pm] <flibblesan> aha
  14. [08:21pm] <DJ_Steve> at which point ril seems to die/be killed
  15. [08:22pm] <flibblesan> wouldn't surprise me if it's trying to contact ZTE
  16. [08:22pm] <tocixxx> hmm.
  17. [08:22pm] <flibblesan> I noticed that there is a telephone number listed in the Settings app too. I guess ZTE have locked down the ROM to prevent leaks
  18. [08:23pm] <DJ_Steve> anyone fancy extracting the apk and examinign it
  19. [08:23pm] <flibblesan> I know that the two people who offered to give us the system had engineering phones. One of them they claimed to have bought so was possibly stolen
  20. [08:23pm] <flibblesan> I'll do it now
  21. [08:24pm] <flibblesan> ok decompiled
  22. [08:24pm] <DJ_Steve> asee whats in the phone apk aswell as it strts force closing as soon as sms one is removed
  23. [08:25pm] <tocixxx> seems like a built in security feature against leaks.
  24. [08:25pm] <flibblesan> hmm interesting. having a look at the manifest first. declares itself as and I've just googled and found two threads about it.. both about other ZTE devices.
  25. [08:26pm] <flibblesan> ah no, same thread lol
  26. [08:26pm] <DJ_Steve> LOL
  27. [08:26pm] <flibblesan>     <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
  28. [08:26pm] <flibblesan>     <uses-permission android:name="android.permission.READ_CONTACTS" />
  29. [08:26pm] <flibblesan>     <uses-permission android:name="android.permission.SEND_SMS" />
  30. [08:26pm] <flibblesan>     <uses-permission android:name="android.permission.WRITE_SETTINGS" />
  31. [08:26pm] <flibblesan>     <uses-permission android:name="android.permission.READ_PHONE_STATE" />
  32. [08:26pm] <DJ_Steve> yup i thought that when i spotted the exception in log toci
  33. [08:27pm] <flibblesan> I dont like those permissions.
  34. [08:27pm] <tocixxx> me neither..
  35. [08:28pm] <DJ_Steve> especially the sms one
  36. [08:28pm] <flibblesan> Ok seems to be using the number 15982822749
  37. [08:28pm] <flibblesan> definitely a Chinese number
  38. [08:29pm] <DJ_Steve> yup
  39. [08:29pm] <flibblesan> 860172000010000
  40. [08:29pm] <DJ_Steve> ?
  41. [08:30pm] <flibblesan> 86 is the country code for China, so it's another number
  42. [08:30pm] <flibblesan> not sure if it's valid though
  43. [08:31pm] <flibblesan> I'm not 100% sure here but the code seems to be checking IMEI
  44. [08:31pm] <DJ_Steve> hmm
  45. [08:31pm] <DJ_Steve> can we force it to just return valid
  46. [08:32pm] <flibblesan> it's definitely grabbing phone data and sending it via SMS
  47. [08:32pm] <DJ_Steve> wonder if theirs a way to intercept and fake the req
  48. [08:32pm] <flibblesan> must be a way to just nuke it completely
  49. [08:33pm] <flibblesan> it's being launched after boot so whats launching it
  50. [08:33pm] <DJ_Steve> well it seems highly suspect that i see a 3g signal and orage network for about 5secs on boot then it disappears
  51. [08:33pm] <DJ_Steve> bootstate
  52. [08:33pm] <flibblesan> yes. I suspect this app loads, can't send the SMS so it blocks radio
  53. [08:33pm] <DJ_Steve> phone/launcher
  54. [08:34pm] <flibblesan> right
  55. [08:34pm] <DJ_Steve> bingo
  56. [08:34pm] <flibblesan> I'll see what I can do with the phone apk
  57. [08:35pm] <tocixxx> hmm,. i somehow don`t see a 3G signal even at boot time
  58. [08:35pm] <tocixxx> still missing some bits and pieces here
  59. [08:35pm] <DJ_Steve> i do briefly (as i say in guesing its until this msg app loads
  60. [08:35pm] <vl4d> what is this app even for
  61. [08:35pm] <vl4d> some kind of debugging left there by zte?
  62. [08:35pm] <vl4d> if it's there to purposely discourage use by the community then zte are Doing It Wrong
  63. [08:36pm] <vl4d> hopefully it won't be too hard to disable
  64. [08:36pm] <flibblesan> I think it's just to trace a phone if it's stolen more than anything
  65. [08:36pm] <vl4d> and i really hope this is the only problem
  66. [08:36pm] <vl4d> aha.
  67. [08:36pm] <flibblesan> as the dump we are using is from a dev phone
  68. [08:36pm] <vl4d> i see
  69. [08:36pm] <flibblesan> ideally we need a retail dump
  70. [08:36pm] <vl4d> yeah. the phone isn't out there yet though right?
  71. [08:36pm] <vl4d> hopefully this can be bypassed anyway
  72. [08:36pm] <flibblesan> yeh it's not out yet
  73. [08:36pm] <flibblesan> anything can be bypassed
  74. [08:37pm] <vl4d> as long as it's not hooking into kernel methods it shouldn't be too difficult
  75. [08:37pm] <vl4d> well, if it's in-kernel security then it's a bastard without the source :p
  76. [08:37pm] <flibblesan> nah, this isn't that good.. it's pretty amateur to be honest
  77. [08:37pm] <vl4d> good news
  78. [08:38pm] <flibblesan> the securitysms is being called by another app.. just need to find this and the part of the code calling securitysms and nuke it
  79. [08:38pm] <DJ_Steve> sounds like the work of zte to me :)
  80. [08:38pm] <DJ_Steve> try phone as it immediatly complained here
  81. [08:38pm] <flibblesan> it's Chinese code. Nothing else you can say
  82. [08:38pm] <flibblesan> yeh I'm checking phone out.. lot of files
  83. [08:39pm] <vl4d> could you just replace securitysms with a program that just does nothing?
  84. [08:39pm] <vl4d> then again it might communicate info with the service that calls it
  85. [08:40pm] <DJ_Steve> id say securitysms is a trojan
  86. [08:40pm] <vl4d> though from what it sounds like the software is probably crappy, so i guess it is self contained. ie it runs
  87. [08:40pm] <vl4d> if it doesnt find what it is looking for, switches stuff off. end.
  88. [08:41pm] <vl4d> in which case it may be enough to just replace it with something that does nothing successfully *shrug*
  89. [08:41pm] <DJ_Steve> and it does a bloody good job of it too vl4d
  90. [08:41pm] <vl4d> indeedy
  91. [08:41pm] <flibblesan> yep, trojan.
  92. [08:41pm] <vl4d> hah, christ
  93. [08:42pm] <flibblesan> hm ok.. not finding any reference to securitysms in phone
  94. [08:42pm] <DJ_Steve> lol sounds like the chinese in general then, probly some form of censoring stuff to
  95. [08:42pm] <DJ_Steve> launcher
  96. [08:42pm] <flibblesan> ok
  97. [08:43pm] <DJ_Steve> im not sure mind just guessing
  98. [08:44pm] * DJ_Steve goes to decompile security sms myself i gotta see this litle piecce of junk
  99. [08:45pm] * John_M ( has joined #zteblade
  100. [08:47pm] <flibblesan> I'm using apk manager to decompile. easy :)
  101. [08:48pm] <DJ_Steve> baksmali
  102. [08:49pm] <flibblesan> phone.apk strings.xml has these:     <string name="p_title8">SMS security</string>
  103. [08:49pm] <flibblesan>     <string name="p_title9">SMS Registration Status</string>
  104. [08:49pm] <vl4d> hmm
  105. [08:49pm] <vl4d> is phone.apk device-specific?
  106. [08:50pm] <flibblesan> usually yes
  107. [08:50pm] * blank_YuRi (~YoKo@ has joined #zteblade
  108. [08:50pm] <blank_YuRi> salutare
  109. [08:50pm] <DJ_Steve> maybe ttry dropping phone.apk from a aosp build in
  110. [08:50pm] <DJ_Steve> ill try that in a mo
  111. [08:50pm] <blank_YuRi> ceeeeeeeee
  112. [08:50pm] <DJ_Steve> just gonna wipe device and extract tar from scratch
  113. [08:51pm] <DJ_Steve> sup black_TuRi
  114. [08:51pm] <DJ_Steve> yuri*
  115. [08:51pm] <blank_YuRi> no comprendo
  116. [08:51pm] <DJ_Steve> hello
  117. [08:51pm] <blank_YuRi> helo
  118. [08:51pm] <thomas01155> hey
  119. [08:51pm] <thomas01155> anything exciting :P?
  120. [08:51pm] <blank_YuRi> Hey
  121. [08:51pm] <tocixxx> hi
  122. [08:51pm] <DJ_Steve> we're examining ztes little tojan at mo
  123. [08:52pm] <thomas01155> :O
  124. [08:52pm] <blank_YuRi> Nu spiking
  125. [08:52pm] <tocixxx> :)
  126. [08:52pm] <blank_YuRi> englis
  127. [08:52pm] <thomas01155> are they listening to my phone calls :P?
  128. [08:52pm] <DJ_Steve> LOL
  129. [08:52pm] <blank_YuRi> no
  130. [08:52pm] <thomas01155> haha ^^
  131. [08:52pm] <DJ_Steve> no, but this securitysms service seemsto do some 'interesting' things
  132. [08:52pm] <thomas01155> maybe that is why they havent released the source
  133. [08:53pm] <thomas01155> too scared :3
  134. [08:53pm] <DJ_Steve> lol
  135. [08:53pm] <thomas01155> hidding something they don't want you to see
  136. [08:53pm] <thomas01155> collecting information on the UK
  137. [08:53pm] <thomas01155> xD
  138. [08:53pm] <blank_YuRi> Ökay !
  139. [08:53pm] <blank_YuRi> ßÿë`ßÿé ßÿë`ßÿé
  140. [08:54pm] <thomas01155> bye :)
  141. [08:56pm] <flibblesan> I'm not doing very well trying to find whats calling this
  142. [08:56pm] <blank_YuRi> thomas where esty
  143. [08:56pm] <DJ_Steve> flibblesan try the qc* jar files in framework
  144. [08:56pm] <DJ_Steve> those would make sense
  145. [08:56pm] <flibblesan> ah yes, good idea
  146. [08:57pm] <DJ_Steve> if cant find it can we fake a ok status
  147. [08:58pm] <vl4d> quite likely
  148. [08:58pm] <vl4d> but it's probably easier to just hunt what is asking for it
  149. [08:58pm] <vl4d> though really does it even RETURN anything?
  150. [08:59pm] <vl4d> i suppose it does since phone checks for it
  151. [08:59pm] * blank_YuRi (~YoKo@ has left #zteblade
  152. [09:02pm] <flibblesan> silly question but have you tried using the two qualcom files from 2.1 in the 2.2 rom?
  153. [09:02pm] <DJ_Steve> yup
  154. [09:02pm] <flibblesan> ok
  155. [09:02pm] <DJ_Steve> their exactly the same neway
  156. [09:03pm] <flibblesan> one is
  157. [09:03pm] <DJ_Steve> lol
  158. [09:03pm] * Somebodyhere ( has joined #zteblade
  159. [09:03pm] <flibblesan> qcrilhook is the same in both. qcnvitems is larger in the 2.2 rom
  160. [09:04pm] <DJ_Steve> question is thats the difference
  161. [09:04pm] <flibblesan> I don't know enough to see what I'm supposed to see
  162. [09:05pm] <DJ_Steve> hmm, ztesmsinfo or similar
  163. [09:05pm] * dmzda ( has joined #zteblade
  164. [09:06pm] <flibblesan> thats what I'm thinking but so far I dont see it
  165. [09:06pm] <DJ_Steve> hmm
  166. [09:06pm] <flibblesan> unless it's hidden
  167. [09:09pm] <DJ_Steve> has to be in here somewhere surely jhmm
RAW Paste Data