User Tools

Site Tools


doc:appunti:hardware:gretel_a7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
doc:appunti:hardware:gretel_a7 [2019/10/15 09:42] – [Factory Installed Malware: com.ibingo.launcher3 and Wireless Update] niccolodoc:appunti:hardware:gretel_a7 [2019/10/15 12:56] niccolo
Line 13: Line 13:
 ^ Telephony  | 3G/2G  | ^ Telephony  | 3G/2G  |
  
-===== Latest Software  =====+===== Latest System Software  =====
  
 Actually I'm running my Gretel A7 with the following configuration: Actually I'm running my Gretel A7 with the following configuration:
  
-  * **TWRP Recovery 3.0.2** - We had problems with newer version 3.2.1, [[#installing_the_xenonhd_custom_rom|see below]]. +  * **TWRP Recovery 3.0.2** - We use version 3.0.2 because we had problems with newer 3.2.1, [[#installing_the_xenonhd_custom_rom|see below]]. NOTICE: When you flash the recovery image, do not reboot normally, otherwise the partition will be overwritten. From poweroff, reboot instead into //Select Boot Mode Menu// and choose Recovery
-  * **Stock ROM 20170908** - We found on the net the archive Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar. Beware that this stock ROM contains a trojanized launcher! [[#infected_stock_rom_20170908|See below]]. +  * **Stock ROM 20170908** - We found on the net the archive Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar. Beware that this stock ROM contains a trojanized launcher! [[#infected_stock_rom_20170908|See below]]. It features Android 6.0, with security patch level August 5, 2015
-  * **SuperSU v2.82** Build number 20170528234214 - Needed to gain root privileges and replace the launcher. +  * **SuperSU v2.82** build number 20170528234214 - Needed to gain root privileges and replace the launcher. 
-  * **Rootless Pixel Launcher** - Downloaded from F-Droid repository, replaces the trojanized launcher.+  * **Rootless Pixel Launcher 3.9.1** - Downloaded from F-Droid repository, replaces the trojanized default launcher.
  
 +^ Numero modello       | A7  |
 +^ Versione di Android  | 6.0  |
 +^ Livello patch di sicurezza Android  | 5 agosto 2016  |
 +^ Versione banda base  | MOLY.WR8.W1449.MD.WG.MP.V59.P4, 2016/09/05 16:45  |
 +^ Versione kernel      | 3.18.19\\ xsh@joyatel07 #2\\ Fri Sep 8 12:20:34 CST 2017  |
 +^ Numero build         | Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908  |
  
 ===== Factory Installed Malware: com.ibingo.launcher3 and Wireless Update  ===== ===== Factory Installed Malware: com.ibingo.launcher3 and Wireless Update  =====
Line 112: Line 118:
     - **Riavviare** il telefono     - **Riavviare** il telefono
     - Verificare il file **/data/system/packages.xml**: i riferimenti alle app rimosse dovrebbero scomparire automaticamente dopo il reboot.     - Verificare il file **/data/system/packages.xml**: i riferimenti alle app rimosse dovrebbero scomparire automaticamente dopo il reboot.
 +
 ===== Modalità Sviluppatore e Debug USB ===== ===== Modalità Sviluppatore e Debug USB =====
  
Line 117: Line 124:
  
 Nel menu //Impostazioni// compare anche //Opzioni sviluppatore//, tra le quali è possibile attivare **//Debug USB//**. Nel menu //Impostazioni// compare anche //Opzioni sviluppatore//, tra le quali è possibile attivare **//Debug USB//**.
- 
-^ Numero modello       | A7  | 
-^ Versione di Android  | 6.0  | 
-^ Livello patch di sicurezza Android  | 5 agosto 2016  | 
-^ Versione banda base  | MOLY.WR8.W1449.MD.WG.MP.V59.P4, 2016/09/05  | 
-^ Versione kernel      | 3.8.19\\ xsh@ubuntu-S2600JF #2\\ Fri May 26 15:39:25 CST 2017  | 
-^ Numero build         | Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170526  | 
  
 ===== OEM unlocking ===== ===== OEM unlocking =====
Line 364: Line 364:
     * **Swipe to confirm Flash**.     * **Swipe to confirm Flash**.
  
-===== Infected Stock ROM 20170908 =====+===== Installing Stock ROM 20170908 (with trojan launcher) =====
  
 On the internet we found the file **Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar** (md5sum decb53fef12c13c30a8759fc55f5dfa4). It seems an offical Gretel ROM, but it has some **malware inside the launcher**. We flashed that ROM using **SP Flash Tool 5.1916** downloading all the partitions to the phone; after some hours **unwanted icons popped-up on the home screen** (icon labels were //Tarot// and //Funny//). On the internet we found the file **Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar** (md5sum decb53fef12c13c30a8759fc55f5dfa4). It seems an offical Gretel ROM, but it has some **malware inside the launcher**. We flashed that ROM using **SP Flash Tool 5.1916** downloading all the partitions to the phone; after some hours **unwanted icons popped-up on the home screen** (icon labels were //Tarot// and //Funny//).
 +
 +
 +  - Power-off the phone. Using SP Flash Tool from a PC, **flash the partitions**: //preloader//, //lk//, //boot//, //recovery//, //logo//, //secro//, //system//, //cache// and //userdata// from stock ROM archive. This will erase all user data and settings on the phone.
 +  - Reboot into normal system and enable **USB debugging**:
 +    * //Settings// => //About phone//, tap 7 times on //Build number//.
 +    * //Settings// => //Developer options//, enable //OEM unlocking// and //USB debugging//.
 +  - Upload **SuperSU** and **Rootless Pixel Launcher** from the PC to /sdcard/ directory, using **adb push**.
 +  - Power-off the phone and **flash TWRP** recovery image with SP Flash Tool. Boot in //Select Boot Mode Menu// with **Volume UP+Power**, then choose Recovery.
 +  - From TWRP Recovery, install **SuperSU**.
 +  - Reboot into system, install **Rootless Pixel Launcher** from the file manager; from //Settings// => //Home//, make it the default.
 +  - From the PC, run **adb shell** and remove the trojanized launcher using root privileges. See below.
  
 We checked the **apk** file found into the **/system/priv-app/Launcher3_G_Develop_yisheng_A47_201709071813/** directory against some on-line checking services (notably [[https://www.drweb.com/|Dr. Web]]), and it was marked as **infected with Android.Ibingo.1.origin**. We checked the **apk** file found into the **/system/priv-app/Launcher3_G_Develop_yisheng_A47_201709071813/** directory against some on-line checking services (notably [[https://www.drweb.com/|Dr. Web]]), and it was marked as **infected with Android.Ibingo.1.origin**.
doc/appunti/hardware/gretel_a7.txt · Last modified: 2021/08/27 23:23 by niccolo