User Tools

Site Tools


doc:appunti:hardware:gretel_a7

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:appunti:hardware:gretel_a7 [2019/09/30 00:42]
niccolo [Immersive Mode]
doc:appunti:hardware:gretel_a7 [2019/10/15 12:58] (current)
niccolo [Latest System Software]
Line 12: Line 12:
 ^ Android ​   | 6.0 Marshmallow ​ | ^ Android ​   | 6.0 Marshmallow ​ |
 ^ Telephony ​ | 3G/2G  | ^ Telephony ​ | 3G/2G  |
 +
 +===== Latest System Software ​ =====
 +
 +Actually I'm running my Gretel A7 with the following configuration:​
 +
 +  * **TWRP Recovery 3.0.2** - We use version 3.0.2 because we had problems with newer 3.2.1, [[#​installing_the_xenonhd_custom_rom|see below]]. NOTICE: When you flash the recovery image, do not reboot normally, otherwise the partition will be overwritten. From poweroff, reboot instead into //Select Boot Mode Menu// and choose Recovery.
 +  * **Stock ROM 20170908** - We found on the net the archive Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar. Beware that this stock ROM contains a trojanized launcher! [[#​infected_stock_rom_20170908|See below]]. It features Android 6.0, with security patch level August 5, 2015.
 +  * **SuperSU v2.82** build number 20170528234214 - Needed to gain root privileges and replace the launcher.
 +  * **Rootless Pixel Launcher 3.9.1** - Downloaded from F-Droid repository, replaces the trojanized default launcher.
 +
 +^ Model number ​                 | A7  |
 +^ Android version ​              | 6.0  |
 +^ Android security patch level  | August 5, 2016  |
 +^ Baseband version ​             | MOLY.WR8.W1449.MD.WG.MP.V59.P4,​ 2016/09/05 16:45  |
 +^ Kernel version ​               | 3.18.19\\ xsh@joyatel07 #2\\ Fri Sep 8 12:20:34 CST 2017  |
 +^ Build number ​                 | Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908 ​ |
  
 ===== Factory Installed Malware: com.ibingo.launcher3 and Wireless Update ​ ===== ===== Factory Installed Malware: com.ibingo.launcher3 and Wireless Update ​ =====
Line 102: Line 118:
     - **Riavviare** il telefono     - **Riavviare** il telefono
     - Verificare il file **/​data/​system/​packages.xml**:​ i riferimenti alle app rimosse dovrebbero scomparire automaticamente dopo il reboot.     - Verificare il file **/​data/​system/​packages.xml**:​ i riferimenti alle app rimosse dovrebbero scomparire automaticamente dopo il reboot.
 +
 ===== Modalità Sviluppatore e Debug USB ===== ===== Modalità Sviluppatore e Debug USB =====
  
Line 107: Line 124:
  
 Nel menu //​Impostazioni//​ compare anche //Opzioni sviluppatore//,​ tra le quali è possibile attivare **//Debug USB//**. Nel menu //​Impostazioni//​ compare anche //Opzioni sviluppatore//,​ tra le quali è possibile attivare **//Debug USB//**.
- 
-^ Numero modello ​      | A7  | 
-^ Versione di Android ​ | 6.0  | 
-^ Livello patch di sicurezza Android ​ | 5 agosto 2016  | 
-^ Versione banda base  | MOLY.WR8.W1449.MD.WG.MP.V59.P4,​ 2016/​09/​05 ​ | 
-^ Versione kernel ​     | 3.8.19\\ xsh@ubuntu-S2600JF #2\\ Fri May 26 15:39:25 CST 2017  | 
-^ Numero build         | Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170526 ​ | 
  
 ===== OEM unlocking ===== ===== OEM unlocking =====
Line 354: Line 364:
     * **Swipe to confirm Flash**.     * **Swipe to confirm Flash**.
  
-===== Infected ​Stock ROM 20170908 =====+===== Installing ​Stock ROM 20170908 ​(with trojan launcher) ​=====
  
 On the internet we found the file **Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar** (md5sum decb53fef12c13c30a8759fc55f5dfa4). It seems an offical Gretel ROM, but it has some **malware inside the launcher**. We flashed that ROM using **SP Flash Tool 5.1916** downloading all the partitions to the phone; after some hours **unwanted icons popped-up on the home screen** (icon labels were //Tarot// and //Funny//). On the internet we found the file **Y8303.YX.A7.Gretel.B1B8.6.0.V01.07.20170908.rar** (md5sum decb53fef12c13c30a8759fc55f5dfa4). It seems an offical Gretel ROM, but it has some **malware inside the launcher**. We flashed that ROM using **SP Flash Tool 5.1916** downloading all the partitions to the phone; after some hours **unwanted icons popped-up on the home screen** (icon labels were //Tarot// and //Funny//).
 +
 +
 +  - Power-off the phone. Using SP Flash Tool from a PC, **flash the partitions**:​ //​preloader//,​ //lk//, //boot//, //​recovery//,​ //logo//, //secro//, //system//, //cache// and //​userdata//​ from stock ROM archive. This will erase all user data and settings on the phone.
 +  - Reboot into normal system and enable **USB debugging**:​
 +    * //​Settings//​ => //About phone//, tap 7 times on //Build number//.
 +    * //​Settings//​ => //Developer options//, enable //OEM unlocking// and //USB debugging//​.
 +  - Upload **SuperSU** and **Rootless Pixel Launcher** from the PC to /sdcard/ directory, using **adb push**.
 +  - Power-off the phone and **flash TWRP** recovery image with SP Flash Tool. Boot in //Select Boot Mode Menu// with **Volume UP+Power**, then choose Recovery.
 +  - From TWRP Recovery, install **SuperSU**.
 +  - Reboot into system, install **Rootless Pixel Launcher** from the file manager; from //​Settings//​ => //Home//, make it the default.
 +  - From the PC, run **adb shell** and remove the trojanized launcher using root privileges. See below.
  
 We checked the **apk** file found into the **/​system/​priv-app/​Launcher3_G_Develop_yisheng_A47_201709071813/​** directory against some on-line checking services (notably [[https://​www.drweb.com/​|Dr. Web]]), and it was marked as **infected with Android.Ibingo.1.origin**. We checked the **apk** file found into the **/​system/​priv-app/​Launcher3_G_Develop_yisheng_A47_201709071813/​** directory against some on-line checking services (notably [[https://​www.drweb.com/​|Dr. Web]]), and it was marked as **infected with Android.Ibingo.1.origin**.
Line 364: Line 385:
 <​code>​ <​code>​
 mount -o remount,rw /system mount -o remount,rw /system
-/​system/​priv-app/​Launcher3_G_Develop_yisheng_A47_201709071813 +rm -r /​system/​priv-app/​Launcher3_G_Develop_yisheng_A47_201709071813 
-rm -r mount -o remount,ro /system+mount -o remount,ro /system 
 +rm -r /​sdcard/​.com.yinshengA47.launcher3/​
 </​code>​ </​code>​
  
-The we removed ​alsto the unwanted **WhatsApp** and **Facebook** apps:+ 
 +We did not trust either the app **WirelessUpdate**,​ it was not reported as infected (it was indeed in ROM release 2017-05-19),​ but we don't trust updates from people which distribute infected apps! The app to be removed is: 
 + 
 +  * **Name**: WirelessUpdate 
 +  * **Package**:​ com.fota.wirelessupdate 
 +  * **Folder**: /​system/​priv-app/​SystemFota/​ 
 +  * **Menu Entry**: Settings => About phone => WirelessUpdate 
 + 
 +Using root privileges we executed: 
 + 
 +<​code>​ 
 +mount -o remount,rw /system 
 +rm -r /​system/​priv-app/​SystemFota/​ 
 +mount -o remount,ro /system 
 +reboot 
 +</​code>​ 
 + 
 +After the reboot ​we confirmed that the Settings menu entry was gone. 
 + 
 +We removed ​alto the unwanted **WhatsApp** and **Facebook** apps:
  
 <​code>​ <​code>​
doc/appunti/hardware/gretel_a7.1569796964.txt.gz · Last modified: 2019/09/30 00:42 by niccolo