Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [08:11pm] * Now talking in #zteblade
- [08:11pm] * Topic is 'Room For ZTE Blade/Orange San Francisco ROM and App Development, please feel free to give any input you think relevent'
- [08:11pm] * Set by Stephen_H on Fri Oct 22 15:44:10
- [08:15pm] * tocixxx (d58f78dc@gateway/web/freenode/ip.213.143.120.220) Quit (Ping timeout: 265 seconds)
- [08:18pm] * tocixxx (d58f78dc@gateway/web/freenode/ip.213.143.120.220) has joined #zteblade
- [08:18pm] <tocixxx> mkay.. done with the libs anything else i missed ?
- [08:19pm] <DJ_Steve> shouldn bv - reboot is required
- [08:19pm] <tocixxx> already done
- [08:20pm] <DJ_Steve> check logcat as you wont get signel without removing all the apps and copying froyo aosp ones in due to some securitysms.apk app
- [08:20pm] <tocixxx> i. c.
- [08:21pm] <flibblesan> what is that securitysms.apk app anyway?
- [08:21pm] <DJ_Steve> i dont know from the error i posted on modaco earlier it seems to try and send a sms but fails
- [08:21pm] <flibblesan> aha
- [08:21pm] <DJ_Steve> at which point ril seems to die/be killed
- [08:22pm] <flibblesan> wouldn't surprise me if it's trying to contact ZTE
- [08:22pm] <tocixxx> hmm.
- [08:22pm] <flibblesan> I noticed that there is a telephone number listed in the Settings app too. I guess ZTE have locked down the ROM to prevent leaks
- [08:23pm] <DJ_Steve> anyone fancy extracting the apk and examinign it
- [08:23pm] <flibblesan> I know that the two people who offered to give us the system had engineering phones. One of them they claimed to have bought so was possibly stolen
- [08:23pm] <flibblesan> I'll do it now
- [08:24pm] <flibblesan> ok decompiled
- [08:24pm] <DJ_Steve> asee whats in the phone apk aswell as it strts force closing as soon as sms one is removed
- [08:25pm] <tocixxx> seems like a built in security feature against leaks.
- [08:25pm] <flibblesan> hmm interesting. having a look at the manifest first. declares itself as com.android.securitysmsservice and I've just googled and found two threads about it.. both about other ZTE devices.
- [08:26pm] <flibblesan> ah no, same thread lol
- [08:26pm] <DJ_Steve> LOL
- [08:26pm] <flibblesan> <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
- [08:26pm] <flibblesan> <uses-permission android:name="android.permission.READ_CONTACTS" />
- [08:26pm] <flibblesan> <uses-permission android:name="android.permission.SEND_SMS" />
- [08:26pm] <flibblesan> <uses-permission android:name="android.permission.WRITE_SETTINGS" />
- [08:26pm] <flibblesan> <uses-permission android:name="android.permission.READ_PHONE_STATE" />
- [08:26pm] <DJ_Steve> yup i thought that when i spotted the exception in log toci
- [08:27pm] <flibblesan> I dont like those permissions.
- [08:27pm] <tocixxx> me neither..
- [08:28pm] <DJ_Steve> especially the sms one
- [08:28pm] <flibblesan> Ok seems to be using the number 15982822749
- [08:28pm] <flibblesan> definitely a Chinese number
- [08:29pm] <DJ_Steve> yup
- [08:29pm] <flibblesan> 860172000010000
- [08:29pm] <DJ_Steve> ?
- [08:30pm] <flibblesan> 86 is the country code for China, so it's another number
- [08:30pm] <flibblesan> not sure if it's valid though
- [08:31pm] <flibblesan> I'm not 100% sure here but the code seems to be checking IMEI
- [08:31pm] <DJ_Steve> hmm
- [08:31pm] <DJ_Steve> can we force it to just return valid
- [08:32pm] <flibblesan> it's definitely grabbing phone data and sending it via SMS
- [08:32pm] <DJ_Steve> wonder if theirs a way to intercept and fake the req
- [08:32pm] <flibblesan> must be a way to just nuke it completely
- [08:33pm] <flibblesan> it's being launched after boot so whats launching it
- [08:33pm] <DJ_Steve> well it seems highly suspect that i see a 3g signal and orage network for about 5secs on boot then it disappears
- [08:33pm] <DJ_Steve> bootstate
- [08:33pm] <flibblesan> yes. I suspect this app loads, can't send the SMS so it blocks radio
- [08:33pm] <DJ_Steve> phone/launcher
- [08:34pm] <flibblesan> right
- [08:34pm] <DJ_Steve> bingo
- [08:34pm] <flibblesan> I'll see what I can do with the phone apk
- [08:35pm] <tocixxx> hmm,. i somehow don`t see a 3G signal even at boot time
- [08:35pm] <tocixxx> still missing some bits and pieces here
- [08:35pm] <DJ_Steve> i do briefly (as i say in guesing its until this msg app loads
- [08:35pm] <vl4d> what is this app even for
- [08:35pm] <vl4d> some kind of debugging left there by zte?
- [08:35pm] <vl4d> if it's there to purposely discourage use by the community then zte are Doing It Wrong
- [08:36pm] <vl4d> hopefully it won't be too hard to disable
- [08:36pm] <flibblesan> I think it's just to trace a phone if it's stolen more than anything
- [08:36pm] <vl4d> and i really hope this is the only problem
- [08:36pm] <vl4d> aha.
- [08:36pm] <flibblesan> as the dump we are using is from a dev phone
- [08:36pm] <vl4d> i see
- [08:36pm] <flibblesan> ideally we need a retail dump
- [08:36pm] <vl4d> yeah. the phone isn't out there yet though right?
- [08:36pm] <vl4d> hopefully this can be bypassed anyway
- [08:36pm] <flibblesan> yeh it's not out yet
- [08:36pm] <flibblesan> anything can be bypassed
- [08:37pm] <vl4d> as long as it's not hooking into kernel methods it shouldn't be too difficult
- [08:37pm] <vl4d> well, if it's in-kernel security then it's a bastard without the source :p
- [08:37pm] <flibblesan> nah, this isn't that good.. it's pretty amateur to be honest
- [08:37pm] <vl4d> good news
- [08:38pm] <flibblesan> the securitysms is being called by another app.. just need to find this and the part of the code calling securitysms and nuke it
- [08:38pm] <DJ_Steve> sounds like the work of zte to me :)
- [08:38pm] <DJ_Steve> try phone as it immediatly complained here
- [08:38pm] <flibblesan> it's Chinese code. Nothing else you can say
- [08:38pm] <flibblesan> yeh I'm checking phone out.. lot of files
- [08:39pm] <vl4d> could you just replace securitysms with a program that just does nothing?
- [08:39pm] <vl4d> then again it might communicate info with the service that calls it
- [08:40pm] <DJ_Steve> id say securitysms is a trojan
- [08:40pm] <vl4d> though from what it sounds like the software is probably crappy, so i guess it is self contained. ie it runs
- [08:40pm] <vl4d> if it doesnt find what it is looking for, switches stuff off. end.
- [08:41pm] <vl4d> in which case it may be enough to just replace it with something that does nothing successfully *shrug*
- [08:41pm] <DJ_Steve> and it does a bloody good job of it too vl4d
- [08:41pm] <vl4d> indeedy
- [08:41pm] <flibblesan> yep, trojan.
- [08:41pm] <vl4d> hah, christ
- [08:42pm] <flibblesan> hm ok.. not finding any reference to securitysms in phone
- [08:42pm] <DJ_Steve> lol sounds like the chinese in general then, probly some form of censoring stuff to
- [08:42pm] <DJ_Steve> launcher
- [08:42pm] <flibblesan> ok
- [08:43pm] <DJ_Steve> im not sure mind just guessing
- [08:44pm] * DJ_Steve goes to decompile security sms myself i gotta see this litle piecce of junk
- [08:45pm] * John_M (~john@78-105-231-25.zone3.bethere.co.uk) has joined #zteblade
- [08:47pm] <flibblesan> I'm using apk manager to decompile. easy :)
- [08:48pm] <DJ_Steve> baksmali
- [08:49pm] <flibblesan> phone.apk strings.xml has these: <string name="p_title8">SMS security</string>
- [08:49pm] <flibblesan> <string name="p_title9">SMS Registration Status</string>
- [08:49pm] <vl4d> hmm
- [08:49pm] <vl4d> is phone.apk device-specific?
- [08:50pm] <flibblesan> usually yes
- [08:50pm] * blank_YuRi (~YoKo@92.81.177.22) has joined #zteblade
- [08:50pm] <blank_YuRi> salutare
- [08:50pm] <DJ_Steve> maybe ttry dropping phone.apk from a aosp build in
- [08:50pm] <DJ_Steve> ill try that in a mo
- [08:50pm] <blank_YuRi> ceeeeeeeee
- [08:50pm] <DJ_Steve> just gonna wipe device and extract tar from scratch
- [08:51pm] <DJ_Steve> sup black_TuRi
- [08:51pm] <DJ_Steve> yuri*
- [08:51pm] <blank_YuRi> no comprendo
- [08:51pm] <DJ_Steve> hello
- [08:51pm] <blank_YuRi> helo
- [08:51pm] <thomas01155> hey
- [08:51pm] <thomas01155> anything exciting :P?
- [08:51pm] <blank_YuRi> Hey
- [08:51pm] <tocixxx> hi
- [08:51pm] <DJ_Steve> we're examining ztes little tojan at mo
- [08:52pm] <thomas01155> :O
- [08:52pm] <blank_YuRi> Nu spiking
- [08:52pm] <tocixxx> :)
- [08:52pm] <blank_YuRi> englis
- [08:52pm] <thomas01155> are they listening to my phone calls :P?
- [08:52pm] <DJ_Steve> LOL
- [08:52pm] <blank_YuRi> no
- [08:52pm] <thomas01155> haha ^^
- [08:52pm] <DJ_Steve> no, but this securitysms service seemsto do some 'interesting' things
- [08:52pm] <thomas01155> maybe that is why they havent released the source
- [08:53pm] <thomas01155> too scared :3
- [08:53pm] <DJ_Steve> lol
- [08:53pm] <thomas01155> hidding something they don't want you to see
- [08:53pm] <thomas01155> collecting information on the UK
- [08:53pm] <thomas01155> xD
- [08:53pm] <blank_YuRi> Ökay !
- [08:53pm] <blank_YuRi> ßÿë`ßÿé ßÿë`ßÿé
- [08:54pm] <thomas01155> bye :)
- [08:56pm] <flibblesan> I'm not doing very well trying to find whats calling this
- [08:56pm] <blank_YuRi> thomas where esty
- [08:56pm] <DJ_Steve> flibblesan try the qc* jar files in framework
- [08:56pm] <DJ_Steve> those would make sense
- [08:56pm] <flibblesan> ah yes, good idea
- [08:57pm] <DJ_Steve> if cant find it can we fake a ok status
- [08:58pm] <vl4d> quite likely
- [08:58pm] <vl4d> but it's probably easier to just hunt what is asking for it
- [08:58pm] <vl4d> though really does it even RETURN anything?
- [08:59pm] <vl4d> i suppose it does since phone checks for it
- [08:59pm] * blank_YuRi (~YoKo@92.81.177.22) has left #zteblade
- [09:02pm] <flibblesan> silly question but have you tried using the two qualcom files from 2.1 in the 2.2 rom?
- [09:02pm] <DJ_Steve> yup
- [09:02pm] <flibblesan> ok
- [09:02pm] <DJ_Steve> their exactly the same neway
- [09:03pm] <flibblesan> one is
- [09:03pm] <DJ_Steve> lol
- [09:03pm] * Somebodyhere (~Somebodyh@78-56-215-205.static.zebra.lt) has joined #zteblade
- [09:03pm] <flibblesan> qcrilhook is the same in both. qcnvitems is larger in the 2.2 rom
- [09:04pm] <DJ_Steve> question is thats the difference
- [09:04pm] <flibblesan> I don't know enough to see what I'm supposed to see
- [09:05pm] <DJ_Steve> hmm, ztesmsinfo or similar
- [09:05pm] * dmzda (~DMzda@host86-128-250-148.range86-128.btcentralplus.com) has joined #zteblade
- [09:06pm] <flibblesan> thats what I'm thinking but so far I dont see it
- [09:06pm] <DJ_Steve> hmm
- [09:06pm] <flibblesan> unless it's hidden
- [09:09pm] <DJ_Steve> has to be in here somewhere surely jhmm
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement