User Tools

Site Tools


doc:appunti:hardware:gretel_a7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
doc:appunti:hardware:gretel_a7 [2019/10/07 15:54] – [Infected Stock ROM 20170908] niccolodoc:appunti:hardware:gretel_a7 [2019/10/15 12:58] – [Latest System Software] niccolo
Line 12: Line 12:
 ^ Android    | 6.0 Marshmallow  | ^ Android    | 6.0 Marshmallow  |
 ^ Telephony  | 3G/2G  | ^ Telephony  | 3G/2G  |
 +
 +===== Latest System Software  =====
 +
 +Actually I'm running my Gretel A7 with the following configuration:
 +
 +  * **TWRP Recovery 3.0.2** - We use version 3.0.2 because we had problems with newer 3.2.1, [[#installing_the_xenonhd_custom_rom|see below]]. NOTICE: When you flash the recovery image, do not reboot normally, otherwise the partition will be overwritten. From poweroff, reboot instead into //Select Boot Mode Menu// and choose Recovery.
 +  * **Stock ROM 20170908** - We found on the net the archive Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar. Beware that this stock ROM contains a trojanized launcher! [[#infected_stock_rom_20170908|See below]]. It features Android 6.0, with security patch level August 5, 2015.
 +  * **SuperSU v2.82** build number 20170528234214 - Needed to gain root privileges and replace the launcher.
 +  * **Rootless Pixel Launcher 3.9.1** - Downloaded from F-Droid repository, replaces the trojanized default launcher.
 +
 +^ Model number                  | A7  |
 +^ Android version               | 6.0  |
 +^ Android security patch level  | August 5, 2016  |
 +^ Baseband version              | MOLY.WR8.W1449.MD.WG.MP.V59.P4, 2016/09/05 16:45  |
 +^ Kernel version                | 3.18.19\\ xsh@joyatel07 #2\\ Fri Sep 8 12:20:34 CST 2017  |
 +^ Build number                  | Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908  |
  
 ===== Factory Installed Malware: com.ibingo.launcher3 and Wireless Update  ===== ===== Factory Installed Malware: com.ibingo.launcher3 and Wireless Update  =====
Line 102: Line 118:
     - **Riavviare** il telefono     - **Riavviare** il telefono
     - Verificare il file **/data/system/packages.xml**: i riferimenti alle app rimosse dovrebbero scomparire automaticamente dopo il reboot.     - Verificare il file **/data/system/packages.xml**: i riferimenti alle app rimosse dovrebbero scomparire automaticamente dopo il reboot.
 +
 ===== Modalità Sviluppatore e Debug USB ===== ===== Modalità Sviluppatore e Debug USB =====
  
Line 107: Line 124:
  
 Nel menu //Impostazioni// compare anche //Opzioni sviluppatore//, tra le quali è possibile attivare **//Debug USB//**. Nel menu //Impostazioni// compare anche //Opzioni sviluppatore//, tra le quali è possibile attivare **//Debug USB//**.
- 
-^ Numero modello       | A7  | 
-^ Versione di Android  | 6.0  | 
-^ Livello patch di sicurezza Android  | 5 agosto 2016  | 
-^ Versione banda base  | MOLY.WR8.W1449.MD.WG.MP.V59.P4, 2016/09/05  | 
-^ Versione kernel      | 3.8.19\\ xsh@ubuntu-S2600JF #2\\ Fri May 26 15:39:25 CST 2017  | 
-^ Numero build         | Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170526  | 
  
 ===== OEM unlocking ===== ===== OEM unlocking =====
Line 354: Line 364:
     * **Swipe to confirm Flash**.     * **Swipe to confirm Flash**.
  
-===== Infected Stock ROM 20170908 =====+===== Installing Stock ROM 20170908 (with trojan launcher) =====
  
 On the internet we found the file **Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar** (md5sum decb53fef12c13c30a8759fc55f5dfa4). It seems an offical Gretel ROM, but it has some **malware inside the launcher**. We flashed that ROM using **SP Flash Tool 5.1916** downloading all the partitions to the phone; after some hours **unwanted icons popped-up on the home screen** (icon labels were //Tarot// and //Funny//). On the internet we found the file **Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar** (md5sum decb53fef12c13c30a8759fc55f5dfa4). It seems an offical Gretel ROM, but it has some **malware inside the launcher**. We flashed that ROM using **SP Flash Tool 5.1916** downloading all the partitions to the phone; after some hours **unwanted icons popped-up on the home screen** (icon labels were //Tarot// and //Funny//).
 +
 +
 +  - Power-off the phone. Using SP Flash Tool from a PC, **flash the partitions**: //preloader//, //lk//, //boot//, //recovery//, //logo//, //secro//, //system//, //cache// and //userdata// from stock ROM archive. This will erase all user data and settings on the phone.
 +  - Reboot into normal system and enable **USB debugging**:
 +    * //Settings// => //About phone//, tap 7 times on //Build number//.
 +    * //Settings// => //Developer options//, enable //OEM unlocking// and //USB debugging//.
 +  - Upload **SuperSU** and **Rootless Pixel Launcher** from the PC to /sdcard/ directory, using **adb push**.
 +  - Power-off the phone and **flash TWRP** recovery image with SP Flash Tool. Boot in //Select Boot Mode Menu// with **Volume UP+Power**, then choose Recovery.
 +  - From TWRP Recovery, install **SuperSU**.
 +  - Reboot into system, install **Rootless Pixel Launcher** from the file manager; from //Settings// => //Home//, make it the default.
 +  - From the PC, run **adb shell** and remove the trojanized launcher using root privileges. See below.
  
 We checked the **apk** file found into the **/system/priv-app/Launcher3_G_Develop_yisheng_A47_201709071813/** directory against some on-line checking services (notably [[https://www.drweb.com/|Dr. Web]]), and it was marked as **infected with Android.Ibingo.1.origin**. We checked the **apk** file found into the **/system/priv-app/Launcher3_G_Develop_yisheng_A47_201709071813/** directory against some on-line checking services (notably [[https://www.drweb.com/|Dr. Web]]), and it was marked as **infected with Android.Ibingo.1.origin**.
Line 370: Line 391:
  
  
-We did not trust either the app **/system/priv-app/SystemFota/**, it was not reported as infected (it was indeed in ROM release dated 2017-05-19), but we don't trust updates from people which distribute infected apps! The app to be removed is:+We did not trust either the app **WirelessUpdate**, it was not reported as infected (it was indeed in ROM release 2017-05-19), but we don't trust updates from people which distribute infected apps! The app to be removed is:
  
   * **Name**: WirelessUpdate   * **Name**: WirelessUpdate
Line 387: Line 408:
  
 After the reboot we confirmed that the Settings menu entry was gone. After the reboot we confirmed that the Settings menu entry was gone.
- 
  
 We removed alto the unwanted **WhatsApp** and **Facebook** apps: We removed alto the unwanted **WhatsApp** and **Facebook** apps:
doc/appunti/hardware/gretel_a7.txt · Last modified: 2021/08/27 23:23 by niccolo