Username:    Password:    Remember me     
Forums
Padfone Club :: Forums :: Padfone Forums :: Padfone General
 
<< Previous thread | Next thread >>
Stagefright - are we screwed?
Moderators: Marc Schattorie, ctys2ard, oroo708, JHS_NL, RaithK, allram, Frits
Author Post
MisterFloppy
Sat Aug 08 2015, 01:40AM
{ASUS_EMPLOYEE}
Registered Member #3025
Joined: Tue Sep 30 2014, 12:34AM
Location: NRW
Posts: 3
Thanked 0 time in 0 post
What do you think about the current threat of "Stagefright" assuming that this security hole will never be patched by ASUS on the Padfone 1 - are we screwed?

I personally have a rooted Padfone and modified the values from "true" to "false" in the following entries of "build.prop" by using an editor:

lpa.use-stagefright

media.stagefright.enable-player
media.stagefright.enable-http
media.stagefright.enable-aac
media.stagefright.enable-qcp
media.stagefright.enable-fma2dp
media.stagefright.enable-scan

Of course this is only a workaround, because Zimperiums stagefright detector still reports the Padone as vulnerable

Maybe someone with a bit more technical understanding than me could look into this and try to build a patch on its own? SparkyRih, where are you?

BTW: The people on XDA developers are discussing many points of view regarding this threat at http://forum.xda-developers.com/android/help/android-mms-stagefright-exploit-t3166457


Back to top
SparkyRih
Tue Aug 11 2015, 01:04PM
{ASUS_EMPLOYEE}
Registered Member #2
Joined: Sun Jun 17 2012, 02:09PM
Location: Roermond
Posts: 1498
Thanked 191 time in 161 post
This is just another media hyped security issues, they are all over the place, there are many more security issues with Android, especially when you root your phone.

If you want to be safe you shouldn't root it in the first place, because you're vulnerable to many more attacks, stagefright is "just one of them"...

[ Edited Tue Aug 11 2015, 01:05PM ]
Back to top
1 User said Thanks to SparkyRih for this post :
 MisterFloppy (25 Sep : 04:36)
MisterFloppy
Fri Sep 25 2015, 05:27AM
{ASUS_EMPLOYEE}
Registered Member #3025
Joined: Tue Sep 30 2014, 12:34AM
Location: NRW
Posts: 3
Thanked 0 time in 0 post
Hi SparkyRih,

in the meantime, a new horror scenario has been published as an exploit is now available Look here: http://forum.xda-developers.com/showpost.php?p=62889399&postcount=110

But I'm still not giving up

Playing around with this issue a little, I've found out that renaming the file "libstagefright.so" located in the folder "/system/libs/" to something that cannot be accessed (for example "libstagefright.so.bak") seems to be safe, as when doing so, Zimperiums Stagefright Detector says "Congratulations! Your device is not affected by vulnerabilities in Stagefright"!

The only problem is that when restarting the "Padfone", you cannot leave the file renamed this way, as the "libstagefright.so" obviously is used in the booting process to play the boot animation, so if it is not found, the device will be hanging in a boot loop and you will need to rename it back manually with a custom recovery (I'm using TWRP v2.6.3.0 for this purpose). Users with other devices have experienced the same, see here: http://forum.xda-developers.com/showpost.php?p=62367845&postcount=63

SparkyRih, I'm using your firmware "PadFone_SR007-10.5.1.4_WW", and so my question is:

Is there a way for me to "modify" something in the system to "disable" the boot animation, so that "libstagefright.so" is not needed and thus prevent the boot loop?

If there is no way for me: May I ask you to "cook" a new ROM without a boot animation, please?

I'm thankful for any further hint, too!

Regards,
MisterFloppy















Back to top
SparkyRih
Mon Sep 28 2015, 07:41PM
{ASUS_EMPLOYEE}
Registered Member #2
Joined: Sun Jun 17 2012, 02:09PM
Location: Roermond
Posts: 1498
Thanked 191 time in 161 post
There are many more leaks in Android, this is just one that got public attention... If you really want to be safe you shouldn't run my rooted ROM or root your phone manually in the first place, it opens even more doors...
Back to top
tintamar
Wed Oct 07 2015, 03:30PM
{ASUS_EMPLOYEE}
Registered Member #2154
Joined: Tue Oct 08 2013, 09:17PM
Location: unable to say it
Posts: 6
Thanked 1 time in 1 post
Have you tried to replace the file libstagefright.so by one which is "patched" instead of completly renaming it ?

You have a little chance that it will work if it don't depend on other lib version
Back to top
MisterFloppy
Thu Oct 08 2015, 02:17PM
{ASUS_EMPLOYEE}
Registered Member #3025
Joined: Tue Sep 30 2014, 12:34AM
Location: NRW
Posts: 3
Thanked 0 time in 0 post
tintamar wrote ...

Have you tried to replace the file libstagefright.so by one which is "patched" instead of completly renaming it ?

You have a little chance that it will work if it don't depend on other lib version


For a "patched" version of libstagefright.so it would require a reliable source - do you have any suggestion (download link)?

Currently I'm using another solution: I've written a script which I placed in the "init.d" folder that is executed at boot time - it

1) renames the file "libstagefright.so.bak" back to "libstagefright.so" thus preventing a boot loop
2) waits for the first "android service" starting (which is the case right after the boot process is completed) and then
3) immediately renames "libstagefright.so" back to the (hopefully) not executable "libstagefright.so.bak" to prevent any exploits

I've tested this method for a while and could not find any issue with doing that. Android is working fine, and this way each time the Zimperium Stagefright Detector says "Congratulations! Your device is not affected by vulnerabilities in Stagefright"!

I could post the init.d script here if anyone is interested.

Back to top
 

Jump:     Back to top

Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System
Padfone Club Newsletter


Poll


Should the Padfone series continue?



Yes, Asus should continue it

Yes, but a different company is ok as well

No, I don't care for it

Recent Articles
General
How To
How to Reset/Wipe your Padfone (1, 2 or Infinity)

Review of RAVPower RP-PB07 Battery Pack

New Padfone Infinity
How To
How to root the New Padfone Infinity
New Padfone Infinity Firmwares (Files and How to install)

Padfone Infinity
How To
How to root the Padfone Infinity
Padfone Infinity Firmwares (Files and How to install)

Applications
Asus Echo
Asus Menu & Shortcuts
Asus Camera

Reviews
Detailed Padfone Infinity Review

Padfone 2
How To
How to root the Padfone 2
Padfone 2 Firmwares (Files and How to install)

Reviews
Norêve case for the Padfone 2 (Review by allram)
Norêve case for the Padfone 2 (Review by JHS_NL)

Padfone
How To
How to root the Padfone
Automate actions on docking and undocking
Padfone Firmwares (Files and How to install)

Applications
Garmin for Padfone - Loading Maps
Padfone App Guide
Dynamic Display Switching

Reviews
Detailed Padfone owner review
Connecting Padfone to a TV
Screen protectors for Padfone

2012-2013 Copyright © Padfone Club, All rights reserved.
Privacy Policy - Terms of Use - Disclaimer - Contact Us - Advertise - Our Team - Sitemap - Asus

Padfone Club is part of Schattorie Solutions