Slatedroid info

Everything about android tablet pc [slatedroid]

FireEye discovers Kemoge, yet another Android malware

Posted by wicked October - 9 - 2015 - Friday Comments Off

Kemoge Android malware 3

Aside from StageFright which was recently followed up by StageFright 2.0, there’s another threat to Android security. If you ever come across Kemoge, that’s the one–a new malware that is currently bothering a lot of Android devices in over 20 countries worldwide.

This malware was recently discovered by mobile researchers from FireEye Labs, the same guys who said there are new ways to get fingerprints and hack Android phones. This malicious adware is dangerous because it has the ability to takeover the device according to the researchers who also gave it its name: Kemogo. The name Kemoge was just lifted from–the command and control (CnC) domain they spotted.

FireEye has shared a few information about Kemoge. Everything they know, they illustrated in a report. Here’s what we learned so far:

• more than 20 countries have been victimized already
• victims include large-scale industries and government agencies
• malware is disguised as a popular app
• some examples: Sex Cademy, Assistive Touch, Calculator, Kiss Browser, Smart Touch, ShareIt, Privacy Lock, Easy Locker, 2048kg, Talking Tom 3, WiFi Enhancer, and Light Browser

FireEye labs also presented the lifecycle of Kemoge. Usually, the process starts with the fake app being uploaded to the app store complete with download links via ads and websites. When an Android user sees the ad and is enticed, he’ll download it and then end result–malware installed. And so what? What can it do to your phone? It can register MyReceiver in AndroidManifest to launch automatically when connection is changed or when device screen is unlocked.

The Kemoge will then do a number of things within the device including generate the ZIP protecting password, extract some files, encrypt some keys, carry several root exploits to root phone, and more. It’s a long process really, but the main point of Kemoge is to upload device information and then do the following: uninstall designated apps, launch designated apps, and download and install apps from URLs given by server.

The malware is still out there. It’s actually a malicious adware family assumed to have come from China. FireEyes Labs shared suggestions on how to avoid this specific malware:

1. Never click on suspicious links from emails/SMS/websites/advertisements.
2. Don’t install apps outside the official app store.
3. Keep Android devices updated to avoid being rooted by public known bugs. (Upgrading to the latest version of OS will provide some security, but it does not guarantee that you will remain protected.)

The group also suggested to use FireEye MTP as a mobile security solution. Make sure you scan WiFi traffic especially if you are using NX appliances. This way, you may know that there are no other devices or possible attackers “lurking” in your network.

Kemoge Android malware 1
Kemoge Android malware 2
Kemoge Android malware 3
Kemoge Android malware 4
Kemoge Android malware 5
Kemoge Android malware 6

SOURCE: Fire Eye

A Look at Marshmallow Root & Verity Complications

Posted by wicked October - 7 - 2015 - Wednesday Comments Off


As the dust settles on the Android 6.0 release, Nexus users galore are diving for OTAs and Factory Images, and getting ready for the latest iteration of the Android operating system.

While, from the outside, Android 6.0 appears (visually, at least) remarkably similar to Android 5.0 and 5.1  (the Lollipop releases), there are a number of significant changes on the inside. One of them potentially has ramifications for the custom ROM and root communities. First, a little background. If you are not interested in this, just skip down to “Why is this Important”.

A Feature Called Verity

The problem (it’s a problem if you like root and modifying devices) stems from something I pointed out a long time back, when it first hit AOSP – the introduction of dm-verity to Android. Verity is a security feature, originally found in ChromeOS, designed to provide assured and trustworthy computing devices, preventing malicious software from modifying a device. Back in Android 4.4, Google announced verity for Android, and then all remained quiet. While there has been some research into using verity, for the most part, things have been quiet. Until now, that is.

warning 3

With Android 6.0, Google has begun to up their game on device security. One of the fundamental requirements for this is to prevent the software on a device from being modified without a user’s knowledge – while many here at XDA take root for granted, imagine a user’s device being rooted without their knowledge or consent, and root access being used to steal their data. For this reason, Google has started to implement verification of the system partition on some devices. They also recently updated their support pages to cover this.

What Does this Mean for Rooted Users?

With verity in place, any changes made to the system partition will be detected on boot or access. You’ll then be faced with one of the errors as seen above. Some allow you to proceed, and some want to protect you by stopping the device from booting. There are three states available. One is shown when the bootloader is unlocked, indicating you may be at risk until you re-lock the bootloader. This is the case since a modified kernel image can bypass verity, since the kernel ramdisk contains the keys used to verify a system’s state.

Things look rather un-fun for root-aspiring users on locked-down devices.

The next state is shown (presumably) when verity is disabled or off, or can’t be checked due to modifications to the ramdisk. I cannot be sure, on account of my lack of a Nexus 5X or 6P to investigate, but my suspicion (based around the messages) is that if you load another ROM, which then places its own kernel onto the device, the “different operating system” page will appear.

The final state is the red warning stating the device is corrupt. I suspect this means the image contains verity, but the verification failed due to the system image being modified. Again, we can’t be sure without hardware in-hand, but that error looks to be the one you’ll see if a stock device were modified by a piece of malicious software.

Why is This Important?

On Android M (6.0), root currently requires modifications to be made to the kernel image, in addition to the filesystem. This means that, even if we ignore verity (such as on an older Nexus device like a Nexus 7 2013), a new kernel image is needed, to bypass SELinux protections which prevent root access from working.

If you want root today, on Android Marshmallow, you’re going to need to use a modified boot image.

Until now, there have been modified kernels to set SELinux into permissive mode, but this is a non-ideal fix, as it means you don’t get the security benefits of SELinux protection. And, after the Stagefright saga, I assume you can see the benefits of SELinux and other protections against security exploits.

XDA Senior Recognized Developer, Chainfire, master of all-things root has released an updated version of SuperSU which retains SELinux in enforcing mode, but it once again requires modifications to be made to the SELinux configuration of the boot image. This means you need to install SuperSU, as well as a modified boot image.

And that’s all well and good, until US carriers enter the mix. The bastions of anti-consumer-choice, the stalwarts such as AT&T and Verizon are known to enjoy locking down devices, preventing users from installing custom firmware through their bootloader locks. Indeed, Verizon are particularly bad at not even passing firmware updates onto users, with the Sony Xperia Z3v not set to receive Marshmallow while the rest of the Z3 range (and indeed the Z2 range) will. Heck, they’ve still not even rolled out Lollipop to the device, despite it being available for quite some time (November 2014) on the regular Z3.

In lieu of an unofficial bootloader unlock (those are fairly rare these days, short of leaked engineering bootloaders for a few Samsung devices), it seems highly unlikely that you’ll be getting root on Android 6.0 without some divine intervention – the combination of dm-verity (to stop your phone from booting with any modifications to the system partition), and the requirement for SELinux changes in the ramdisk (to let root work), look set to make things rather un-fun for root-aspiring users of these locked-down devices.

Android Pay?

Finally, Android Pay. It probably sounds completely unrelated to the rest of this article, but it is in fact fairly relevant. Android Pay relies on the new SafetyNet APIs within Google’s proprietary services framework, which is designed to provide device state attestations on whether a device is rooted, or otherwise modified or running in an unapproved state.

While there is a project looking at spoofing responses to SafetyNet, it currently requires an Xposed plugin, and this doesn’t look likely to change, given how it works. Xposed requires root, and makes modifications to the system partition. That makes this difficult to carry out on a bootloader-locked device. Even then, things like this are just entering into a game of cat-and-mouse with Google. With SafetyNet, rooted devices (or indeed devices modified at all), are viewed as “non-CTS compliant”, which is a euphemism for modified devices.

There’s much more written about SafetyNet in this teardown blog post, but it certainly seems we can identify some areas Google want to clamp down on. Firstly, they don’t like root, Xposed, and anything modifying the system partition. Secondly, it seems Google is considering detecting users that have ad blocking enabled – the SSL handshake checks on certainly suggest to me that Google want to know if you’re blocking ads on your device. Considering that root is usually a pre-requisite there, but that the VPN API could potentially be used to do this without root, it looks like Google at least want to have an idea who (or how many people) are blocking ads. Ad blocking is a topical issue given the push from Apple to support it in the web browser (arguably to encourage people to use apps more, where they control the experience and can offer non-blockable ads), and these moves are interesting.


If you want root today, on Android Marshmallow (6.0), you’re going to need to use a modified boot image. While it remains to be seen if this remains true indefinitely, it looks likely to be the case for some time – SELinux changes make it much harder to get root access without modifying the boot image. And as modifying the boot image requires an unlocked bootloader, this could put an end to root (and Xposed and other root features) on devices which are shipped with bootloaders that can’t be unlocked by end users. Dm-verity is also making an appearance, and it appears to be enabled in enforcing mode on new devices. That will make it hard to modify /system, even if you were to gain root access, without again having an unlocked bootloader.

Does this change your view of bootloader locked devices? Has Android reached the stage where you would still buy a bootloader locked device if your carrier gave you a good deal, or are you only interested in unlocked devices? What root apps or features would you miss on a locked bootloader?

Feel free to share your thoughts in the comments below.

Your First Root Story: Why’d You Do It and How Did It Go?

Posted by wicked October - 6 - 2015 - Tuesday Comments Off


We all remember the first time we rooted our phones: palms were sweaty, anxiety near unbearable, and as we reached closer and closer, we could begin savoring that positive root check. Sometimes, an enthusiast’s first attempt skips the great success and leads to trouble. But there’s always a reason to root, and a surprising result that opens up all sorts of new possibilities. How did your first root story go?

How to Root the OnePlus 2 and Install TWRP Recovery

Posted by wicked October - 6 - 2015 - Tuesday Comments Off


Our very own XDA TV Host TK was lucky enough to get his hands on the OnePlus 2. However, there were some glaring issues with the device. With an update to Oxygen ROM and some custom kernels, he was able to resolve a big majority of those issues. In order to install these custom kernels TK shows you how to root and install TWRP recovery the OnePlus 2. Remember it is completely normal at XDA, to root all the things, and the OnePlus 2 is no exception!

TK presents instructions on how to gain root access on your OnePlus 2 using tools from the XDA Developers Forums. The process is painless and pretty easy. This video shows you how to install TWRP recovery as well. So if you wanted to root your OnePlus 2, take a moment and check this video out.

Resource Links:

Please subscribe to XDA TV and Subscribe to TK’s channel.

Be sure to check out other great XDA TV Videos.

Android Pay not coming to rooted devices anytime soon

Posted by wicked September - 28 - 2015 - Monday Comments Off

As Android Pay gains momentum as being the standard for wireless payments on an Android device, a lot of those power users and developers are somehow hoping that they would get a chance to benefit from this convenient payment tool as well. But these power users and tweakers have one thing almost common to them all, they are probably using a rooted Android device, and as we all know, root access is usually the issue why a device is disqualified from secure transactions.

An XDA forum member with the handle “jasondclinton_google” – who has been confirmed as working at Google in Mountain View – answered the disappointed comments about rooted devices and those using non-official ROMs not being able to use Android Pay. The member commented that the power user segment of the Android community has always been important to Google. But as of the moment he says that Android Pay is one of those apps that have to ensure security all throughout, and so root access is definitely a “no no”.

The Google employee has affirmed that Android is always and still keen to support developer builds, and that when this segment of users speaks, Google is always ready to listen. When asked if Android Pay will be available for rooted devices in the future, he responds: “I don’t know of any way to currently or in the near future make an assertion that a particular app’s data store is secure on a non-CTS compatible device. As such, for now, the answer is ‘no.’”

He confirms that the first thing that is required of a secure device if for Android Pay to query if the system image (ROM) is official and has the expected structure. Rooted devices and non-official custom ROMs have some telltale signs and will automatically disqualify those devices. Read the whole thread at the source link below.


Google Security Engineer Explains Issues With Root and Android Pay in the XDA Forums

Posted by wicked September - 25 - 2015 - Friday Comments Off

Android Pay

A forum member that has been confirmed as working as a Security Engineer for Google out of Mountain View, has joined XDA in order to discuss the issues with Android Pay on rooted devices, why it will not work and has confirmed that Google are listening to your feedback. Regarding root access and Android Pay he has said this:

” Android users who root their devices are among our most ardent fans and when this group speaks, we listen. A few of us around Google have been listening to threads like this one and we know that you’re disappointed in us. I’m a security engineer who works on Android Pay and so this thread struck me particularly hard. I wanted to reach out to you all and tell you that we hear you.

Google is absolutely committed to keeping Android open and that means encouraging developer builds. While the platform can and should continue to thrive as a developer-friendly environment, there are a handful of applications (that are not part of the platform) where we have to ensure that the security model of Android is intact.

That “ensuring” is done by Android Pay and even third-party applications through the SafetyNet API. As you all might imagine, when payment credentials and–by proxy–real money are involved, security people like me get extra nervous. I and my counterparts in the payments industry took a long, hard look at how to make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model.

We concluded that the only way to do this for Android Pay was to ensure that the Android device passes the compatibility test suite–which includes checks for the security model. The earlier Google Wallet tap-and-pay service was structured differently and gave Wallet the ability to independently evaluate the risk of every transaction before payment authorization. In contrast, in Android Pay, we work with payment networks and banks to tokenize your actual card information and only pass this token info to the merchant. The merchant then clears these transactions like traditional card purchases. I know that many of you are experts and power users but it is important to note that we don’t really have a good way to articulate the security nuances of a particular developer device to the entire payments ecosystem or to determine whether you personally might have taken particular countermeasures against attacks–indeed many would not have. “ –  jasondclinton_google


Replying to the possibility that this meant that support for rooted device may one day come, Jason stated “I don’t know of any way to currently or in the near future make an assertion that a particular app’s data store is secure on a non-CTS compatible device. As such, for now, the answer is “no”” and replying to one user’s statement that if he had to choose between root and Android Pay, they would choose root, Jason gave his sympathies and claimed that he wished it were possible to achieve root functionality without actually rooting. He has also taken feedback regarding placing a warning in the play store stating that the app will not work on rooted devices.

Unfortunately, it has been confirmed that any non-official build will fail to pass SafetyNet due to the system image not being expected. He continued by stating that. “One way of thinking about this is that the signature can be used as a proxy for previous CTS passing status. (If we were to scan every file and phone device enumerated by the kernel to infer what environment we are running on, we’d bog down your device for tens of minutes.) So, we start with the CTS status inferred by a production image signature and then go about looking for things that don’t look right. This community has identified quite a few of the things that we are looking at, already: presence, of ‘su’, for example.” –  jasondclinton_google

He will continue to monitor related threads regarding Android Pay on XDA, however, cannot promise to reply to all comments, but will certainly be listening. To keep up to date with his comments in the thread, check here. However it’s a step in the right direction, now that we know they are listening and taking constructive feedback in, we will hopefully see more discussion between Google’s staff and forum members.

So there you have it, alas Android Pay is not coming to rooted devices anytime soon, however Google is listening to your feedback and is responding.

Tons of new devices have officially been added to the Cyanogenmod family

Posted by wicked September - 23 - 2015 - Wednesday Comments Off

Cyanogen_New_Logo_February_2015Cyanogenmod has officially expanded support for several new devices from different manufacturers, expanding the list of phones that will support Cyanogenmod releases. This doesn’t necessarily mean that all of these devices have a stable build ready right this second, but they’ll be supported with future releases.

There are some heavy hitters that you’d expect, including devices from the likes of Samsung, HTC, and LG, which cover some specific international versions, but other devices from Huawei, Oppo, and Xiaomi are making the cut. Even some obscure phones, like Smartfren’s own CM-powered device and WileyFox’s European devices, will be supported going forward. It’s a pretty inclusive list that fills in what were previously niche gaps in Cyanogenmod coverage.

If you’re interested in seeing if your phone made the cut, hit the link below.

source: Cyanogenmod

Come comment on this article: Tons of new devices have officially been added to the Cyanogenmod family

Want a low-cost ARM platform? Grab a Prepaid Android Phone!

Posted by wicked September - 10 - 2015 - Thursday Comments Off

What would you pay for a 1.2Ghz dual-core ARM computer with 1GB RAM, 4GB onboard flash, 800×600 display, and 5 megapixel camera? Did we mention it also has WiFi, Bluetooth, and is a low power design, including a lithium battery which will run it for hours? Does $15 sound low enough? That’s what you can pay these days for an Android cell phone. The relentless march of economies of scale has finally given us cheap phones with great specs. These are prepaid “burner” phones, sold by carriers as a loss leader. Costs are recouped in the cellular plan, but that only happens if the buyer activates said plan. Unlike regular cell phones, you aren’t bound by a contract to activate the phone. That means you get all those features for $15-$20, depending on where you buy it.

android-logo-transparent-backgroundThe specs I’m quoting come from the LG Optimus Exceed 2, which is currently available from Amazon in the USA for $20. The same package has been available for as little as $10 from retail stores in recent weeks. The Exceed 2 is just one of several low-cost Android prepaid phones on the market now, and undoubtedly the list will change. How to keep up with the current deals? We found an unlikely place. Perk farmers. Perk is one of those “We pay you to watch advertisements” companies. We’re sure some people actually watch the ads, but most set up “farms” of drone phones which churn through the videos. The drones earn the farmer points which can be converted to cash. How does this all help us? In order to handle streaming video, Perk farmers want the most powerful phones they can get for the lowest investment. Subreddits like /r/perktv have weekly “best deals” posts covering prepaid phones. There are also tutorials on rooting and debloating current popular phones like the Whirl 2 and the Exceed 2.

Once you have your phone, the first order of business is to boot it up. Many prepaid phones try to force the user to go through an activation process. There is always a back door for installers to exit the process though. In the case of the Exceed 2, simply pressing volume up, volume down, back, and home quits out of the activation process.

Got root?

Some applications require root permissions. To achieve this, your best bet is to do a bit of Googling for your particular phone model. The XDA developers forums are a great resource for this. While prepaid phones don’t usually have communities behind them like flagship phones, you can often find at least some information on what it takes to root your particular device. The most well-known “root every device” application to date is towelroot, created by GeoHot. You might remember [George Hotz] aka GeoHot as the first person to jailbreak an iPhone. He also made the news by getting into a bit of hot water with Sony over some PlayStation 3 security holes. Towelroot uses a Linux kernel exploit (futex) to gain root permissions. Released in June of 2014, the futex exploit has been patched on most new phones. However, it hasn’t been patched on phones that receive relatively few updates – like prepaid phones. On the Exceed 2, Towelroot works perfectly, giving the user root without even requiring a reboot. Once the phone is rooted, a root privilege manager like SuperSU is needed to keep track of which applications should have root permissions. Once that is done, anything goes! We’ve found packages like BusyBox to be huge helps – especially when working at the console through Android Debug Bridge (ADB).

What do you want to hack today?

Between these low-cost phones and the used phones every family seems to have floating around now, there are a heck of a lot of devices out there waiting to be used. What can you do with a spare Android phone? Quite a lot. There has never been a better time to learn to code for the Android Platform. Android Studio is the current official development environment. If you know a bit of Java, it’s easy to jump in and start making apps. If you’re not a Java head but want to learn, there are tutorials all over the web to help get into the swing of things.

taskerNot a coder? The swiss army knife of automating android devices has long been Tasker. Tasker allows you to set off simple scripts (called tasks) with triggers which can be anything from plugging in headphones to connecting to a particular WiFi access point, to pressing a button on the screen. Want your smart phone to announce your arrival home with your own theme music? Just set up a Tasker profile to play a song when it connects to your home WiFi router. Tasker supports plenty of actions natively, and can be extended with plugins. Scripting Layer For Android SL4A) even allows it to extended with Python scripts.

ioioMoving into the hardware world, there are plenty of ways to get GPIOs from an Android phone. The Android Accessory Development Kit (ADK) is getting a bit long in the tooth, but it’s still a great way to interface an Arduino board like the Arduino Mega ADK with your device. Another option for getting into the hardware realm is the IOIO OTG board. As the name implies, this new version of the IOIO board supports the USB OTG standard. This allows it to connect a phone either as a host or as an accessory.  Need a simple wireless terminal for your project? Grab a terminal app and a Serial Port Profile (SPP) compatible Bluetooth module, and Bob’s your uncle. Interested in hacking with the ESP8266? There is an entire page of apps on the Google Play store dedicated to interfacing with everyone’s favorite low-cost WiFi module.

We’ve just covered the tip of the iceberg here. What kind of hacking would you do with a spare Android phone, or one of these low-cost prepaid devices. Let us know in the comments!

Filed under: Android Hacks, Featured

Edit build.prop DHA properties to fix RAM management on Note 5

Posted by wicked September - 8 - 2015 - Tuesday Comments Off

You may be one of the few lucky geeks who got their hands on the new Samsung Galaxy Note 5 phablet but unfortunately, there are some issues on RAM management. It’s not really a biggie but it can certainly be improved if you have root. Thanks to our friends over at XDA Developers who have solutions to almost everything.

While thoroughly reviewing the Note 5, XDA’er Mario Tomás Serrafero discovered that a build.prop edit also works on the device. It’s the same one that helped the Galaxy Note 4 and S6 before but it seems to work better on the latest Note 5 device. If you know how to edit the DHA properties of the build.prop, you’ll see that it works and can improvement system management. It’s not an official fix by Samsung so everyone who’s thinking of using must apply, as we always say, AT THEIR OWN RISK.

Serrafero noted that some apps get kicked out of memory when the Samsung Galaxy Note 5 is idle for some time. That’s good news I guess because at least phone memory won’t be used up quickly, fully, and unnecessarily. This fix is expected to allow the smartphone to hold more apps as possible with no system performance issues.

Watch the video below and see for yourself how smooth and fast the Galaxy Note 5 runs after the fix:

SOURCE: XDA Developers

TWRP now officially available for Samsung Galaxy Note 5

Posted by wicked September - 8 - 2015 - Tuesday Comments Off

The gateway to freedom in tweaking your Android device, apart from gaining root access, is a good custom recovery – and of those, it’s TWRP (Team Win Recovery Project) that’s leading the pack these days. Apart from the great touch user interface, using TWRP is easy enough for new users and those who are first-time tweakers. The good news for today is that TWRP is now available for the recently launched Samsung Galaxy Note 5.

Samsung has changed gears from the great performing Samsung Galaxy S6 and S6 Edge earlier in the year to phablet mode – showing us its flagship big screen offerings in the Samsung Galaxy Note 5 and the Galaxy S6 Edge Plus. Some of you are just getting used to the version of TouchWiz in the Galaxy Note 5, but we’re pretty sure some of you already want to get some tweaks in. That’s where an official TWRP custom recovery release helps.


But remember, before you do anything, some of the operations and processes here will void your warranty and trip your KNOX security counter. There are a few ways to install TWRP on your Galaxy Note 5, one of them is through ADB and it requires root. If you would like to install via the famous Odin installer, you can do that, but there will be other processes you need to do to make sure the install keeps.


Follow the full instructions via the source link we’ve provided below. The download links for the files are also provided there. Get to it then.