[08:11pm] * Now talking in #zteblade
[08:11pm] * Topic is 'Room For ZTE Blade/Orange San Francisco ROM and App Development, please feel free to give any input you think relevent'
[08:11pm] * Set by Stephen_H on Fri Oct 22 15:44:10
[08:15pm] * tocixxx (d58f78dc@gateway/web/freenode/ip.213.143.120.220) Quit (Ping timeout: 265 seconds)
[08:18pm] * tocixxx (d58f78dc@gateway/web/freenode/ip.213.143.120.220) has joined #zteblade
[08:18pm] <tocixxx> mkay.. done with the libs anything else i missed ?
[08:19pm] <DJ_Steve> shouldn bv - reboot is required
[08:19pm] <tocixxx> already done
[08:20pm] <DJ_Steve> check logcat as you wont get signel without removing all the apps and copying froyo aosp ones in due to some securitysms.apk app
[08:20pm] <tocixxx> i. c.
[08:21pm] <flibblesan> what is that securitysms.apk app anyway?
[08:21pm] <DJ_Steve> i dont know from the error i posted on modaco earlier it seems to try and send a sms but fails
[08:21pm] <flibblesan> aha
[08:21pm] <DJ_Steve> at which point ril seems to die/be killed
[08:22pm] <flibblesan> wouldn't surprise me if it's trying to contact ZTE
[08:22pm] <tocixxx> hmm.
[08:22pm] <flibblesan> I noticed that there is a telephone number listed in the Settings app too. I guess ZTE have locked down the ROM to prevent leaks
[08:23pm] <DJ_Steve> anyone fancy extracting the apk and examinign it
[08:23pm] <flibblesan> I know that the two people who offered to give us the system had engineering phones. One of them they claimed to have bought so was possibly stolen
[08:23pm] <flibblesan> I'll do it now
[08:24pm] <flibblesan> ok decompiled
[08:24pm] <DJ_Steve> asee whats in the phone apk aswell as it strts force closing as soon as sms one is removed
[08:25pm] <tocixxx> seems like a built in security feature against leaks.
[08:25pm] <flibblesan> hmm interesting. having a look at the manifest first. declares itself as com.android.securitysmsservice and I've just googled and found two threads about it.. both about other ZTE devices.
[08:26pm] <flibblesan> ah no, same thread lol
[08:26pm] <DJ_Steve> LOL
[08:26pm] <flibblesan> <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
[08:26pm] <flibblesan> <uses-permission android:name="android.permission.READ_CONTACTS" />
[08:26pm] <flibblesan> <uses-permission android:name="android.permission.SEND_SMS" />
[08:26pm] <flibblesan> <uses-permission android:name="android.permission.WRITE_SETTINGS" />
[08:26pm] <flibblesan> <uses-permission android:name="android.permission.READ_PHONE_STATE" />
[08:26pm] <DJ_Steve> yup i thought that when i spotted the exception in log toci
[08:27pm] <flibblesan> I dont like those permissions.
[08:27pm] <tocixxx> me neither..
[08:28pm] <DJ_Steve> especially the sms one
[08:28pm] <flibblesan> Ok seems to be using the number 15982822749
[08:28pm] <flibblesan> definitely a Chinese number
[08:29pm] <DJ_Steve> yup
[08:29pm] <flibblesan> 860172000010000
[08:29pm] <DJ_Steve> ?
[08:30pm] <flibblesan> 86 is the country code for China, so it's another number
[08:30pm] <flibblesan> not sure if it's valid though
[08:31pm] <flibblesan> I'm not 100% sure here but the code seems to be checking IMEI
[08:31pm] <DJ_Steve> hmm
[08:31pm] <DJ_Steve> can we force it to just return valid
[08:32pm] <flibblesan> it's definitely grabbing phone data and sending it via SMS
[08:32pm] <DJ_Steve> wonder if theirs a way to intercept and fake the req
[08:32pm] <flibblesan> must be a way to just nuke it completely
[08:33pm] <flibblesan> it's being launched after boot so whats launching it
[08:33pm] <DJ_Steve> well it seems highly suspect that i see a 3g signal and orage network for about 5secs on boot then it disappears
[08:33pm] <DJ_Steve> bootstate
[08:33pm] <flibblesan> yes. I suspect this app loads, can't send the SMS so it blocks radio
[08:33pm] <DJ_Steve> phone/launcher
[08:34pm] <flibblesan> right
[08:34pm] <DJ_Steve> bingo
[08:34pm] <flibblesan> I'll see what I can do with the phone apk
[08:35pm] <tocixxx> hmm,. i somehow don`t see a 3G signal even at boot time
[08:35pm] <tocixxx> still missing some bits and pieces here
[08:35pm] <DJ_Steve> i do briefly (as i say in guesing its until this msg app loads
[08:35pm] <vl4d> what is this app even for
[08:35pm] <vl4d> some kind of debugging left there by zte?
[08:35pm] <vl4d> if it's there to purposely discourage use by the community then zte are Doing It Wrong
[08:36pm] <vl4d> hopefully it won't be too hard to disable
[08:36pm] <flibblesan> I think it's just to trace a phone if it's stolen more than anything
[08:36pm] <vl4d> and i really hope this is the only problem
[08:36pm] <vl4d> aha.
[08:36pm] <flibblesan> as the dump we are using is from a dev phone
[08:36pm] <vl4d> i see
[08:36pm] <flibblesan> ideally we need a retail dump
[08:36pm] <vl4d> yeah. the phone isn't out there yet though right?
[08:36pm] <vl4d> hopefully this can be bypassed anyway
[08:36pm] <flibblesan> yeh it's not out yet
[08:36pm] <flibblesan> anything can be bypassed
[08:37pm] <vl4d> as long as it's not hooking into kernel methods it shouldn't be too difficult
[08:37pm] <vl4d> well, if it's in-kernel security then it's a bastard without the source :p
[08:37pm] <flibblesan> nah, this isn't that good.. it's pretty amateur to be honest
[08:37pm] <vl4d> good news
[08:38pm] <flibblesan> the securitysms is being called by another app.. just need to find this and the part of the code calling securitysms and nuke it
[08:38pm] <DJ_Steve> sounds like the work of zte to me :)
[08:38pm] <DJ_Steve> try phone as it immediatly complained here
[08:38pm] <flibblesan> it's Chinese code. Nothing else you can say
[08:38pm] <flibblesan> yeh I'm checking phone out.. lot of files
[08:39pm] <vl4d> could you just replace securitysms with a program that just does nothing?
[08:39pm] <vl4d> then again it might communicate info with the service that calls it
[08:40pm] <DJ_Steve> id say securitysms is a trojan
[08:40pm] <vl4d> though from what it sounds like the software is probably crappy, so i guess it is self contained. ie it runs
[08:40pm] <vl4d> if it doesnt find what it is looking for, switches stuff off. end.
[08:41pm] <vl4d> in which case it may be enough to just replace it with something that does nothing successfully *shrug*
[08:41pm] <DJ_Steve> and it does a bloody good job of it too vl4d
[08:41pm] <vl4d> indeedy
[08:41pm] <flibblesan> yep, trojan.
[08:41pm] <vl4d> hah, christ
[08:42pm] <flibblesan> hm ok.. not finding any reference to securitysms in phone
[08:42pm] <DJ_Steve> lol sounds like the chinese in general then, probly some form of censoring stuff to
[08:42pm] <DJ_Steve> launcher
[08:42pm] <flibblesan> ok
[08:43pm] <DJ_Steve> im not sure mind just guessing
[08:44pm] * DJ_Steve goes to decompile security sms myself i gotta see this litle piecce of junk
[08:45pm] * John_M (~john@78-105-231-25.zone3.bethere.co.uk) has joined #zteblade
[08:47pm] <flibblesan> I'm using apk manager to decompile. easy :)
[08:48pm] <DJ_Steve> baksmali
[08:49pm] <flibblesan> phone.apk strings.xml has these: <string name="p_title8">SMS security</string>
[08:49pm] <flibblesan> <string name="p_title9">SMS Registration Status</string>
[08:49pm] <vl4d> hmm
[08:49pm] <vl4d> is phone.apk device-specific?
[08:50pm] <flibblesan> usually yes
[08:50pm] * blank_YuRi (~YoKo@92.81.177.22) has joined #zteblade
[08:50pm] <blank_YuRi> salutare
[08:50pm] <DJ_Steve> maybe ttry dropping phone.apk from a aosp build in
[08:50pm] <DJ_Steve> ill try that in a mo
[08:50pm] <blank_YuRi> ceeeeeeeee
[08:50pm] <DJ_Steve> just gonna wipe device and extract tar from scratch
[08:51pm] <DJ_Steve> sup black_TuRi
[08:51pm] <DJ_Steve> yuri*
[08:51pm] <blank_YuRi> no comprendo
[08:51pm] <DJ_Steve> hello
[08:51pm] <blank_YuRi> helo
[08:51pm] <thomas01155> hey
[08:51pm] <thomas01155> anything exciting :P?
[08:51pm] <blank_YuRi> Hey
[08:51pm] <tocixxx> hi
[08:51pm] <DJ_Steve> we're examining ztes little tojan at mo
[08:52pm] <thomas01155> :O
[08:52pm] <blank_YuRi> Nu spiking
[08:52pm] <tocixxx> :)
[08:52pm] <blank_YuRi> englis
[08:52pm] <thomas01155> are they listening to my phone calls :P?
[08:52pm] <DJ_Steve> LOL
[08:52pm] <blank_YuRi> no
[08:52pm] <thomas01155> haha ^^
[08:52pm] <DJ_Steve> no, but this securitysms service seemsto do some 'interesting' things
[08:52pm] <thomas01155> maybe that is why they havent released the source
[08:53pm] <thomas01155> too scared :3
[08:53pm] <DJ_Steve> lol
[08:53pm] <thomas01155> hidding something they don't want you to see
[08:53pm] <thomas01155> collecting information on the UK
[08:53pm] <thomas01155> xD
[08:53pm] <blank_YuRi> Ökay !
[08:53pm] <blank_YuRi> ßÿë`ßÿé ßÿë`ßÿé
[08:54pm] <thomas01155> bye :)
[08:56pm] <flibblesan> I'm not doing very well trying to find whats calling this
[08:56pm] <blank_YuRi> thomas where esty
[08:56pm] <DJ_Steve> flibblesan try the qc* jar files in framework
[08:56pm] <DJ_Steve> those would make sense
[08:56pm] <flibblesan> ah yes, good idea
[08:57pm] <DJ_Steve> if cant find it can we fake a ok status
[08:58pm] <vl4d> quite likely
[08:58pm] <vl4d> but it's probably easier to just hunt what is asking for it
[08:58pm] <vl4d> though really does it even RETURN anything?
[08:59pm] <vl4d> i suppose it does since phone checks for it
[08:59pm] * blank_YuRi (~YoKo@92.81.177.22) has left #zteblade
[09:02pm] <flibblesan> silly question but have you tried using the two qualcom files from 2.1 in the 2.2 rom?
[09:02pm] <DJ_Steve> yup
[09:02pm] <flibblesan> ok
[09:02pm] <DJ_Steve> their exactly the same neway
[09:03pm] <flibblesan> one is
[09:03pm] <DJ_Steve> lol
[09:03pm] * Somebodyhere (~Somebodyh@78-56-215-205.static.zebra.lt) has joined #zteblade
[09:03pm] <flibblesan> qcrilhook is the same in both. qcnvitems is larger in the 2.2 rom
[09:04pm] <DJ_Steve> question is thats the difference
[09:04pm] <flibblesan> I don't know enough to see what I'm supposed to see
[09:05pm] <DJ_Steve> hmm, ztesmsinfo or similar
[09:05pm] * dmzda (~DMzda@host86-128-250-148.range86-128.btcentralplus.com) has joined #zteblade
[09:06pm] <flibblesan> thats what I'm thinking but so far I dont see it
[09:06pm] <DJ_Steve> hmm
[09:06pm] <flibblesan> unless it's hidden
[09:09pm] <DJ_Steve> has to be in here somewhere surely jhmm