Database Users

[SCRIPT] Adblock Script and Updater

I put together a small shell script to make it easy for anyone rooted to block ads and check to see if they have the latest version I keep of adhosts. If after checking you do not have the latest, it will download it for you automatically.
What does this script do (in a nutshell):
1) Checks to see if you have the latest version of ad hosts for adblocking from me
2) If you do not have the latest, it will download it for you
3) If you have the latest, it just exits out, no changes
4) Installs the script to your /system/xbin directory so the next time you just have to type:
Code:
su
blockads
and it will run the script for you
How to run this?
Get this if you are using an AOSP ROM:
1) Download it from http://dl.dropbox.com/u/24904191/blockads
Try this if you are using a SENSE ROM (thanks chrootz for the fixes):
1) http://dl.dropbox.com/u/24904191/sense/blockads
*** If you have troubles getting the script to work, try updating your system to the latest version of busybox (stick it in /system/xbin and overwrite the current version of busybox, then change the permissions to 755 and owner and group to root) ***
2) Move it to /data/local/tmp (if you dont have it, create it) from a file explorer with root permissions (must set the system in r/w mode) or from the terminal shell
3) make sure the script has the right permissions by typing:
Code:
su
chmod 755 /data/local/tmp/blockads
in the terminal shell (in the emulator or whatever you use to get to it)
4) run the script by typing
Code:
/data/local/tmp/blockads
5) let it do its thing
After its done you can run it again anytime from the terminal by typing
Code:
su
blockads
as already mentioned.
I'm working on making it a GUI app next (with more features), but this should tie anyone who wants it over until then
Anyone who finds any adservers and wants me to add them to the list, feel free to list them here and I will add them.
Latest updates:
2011-12-01: Updated to block carrieriq

Tried this out and got this:
sh-3.2# su
sh-3.2# /data/local/tmp/blockads
Fetching host file via hostname
wget: bad address 'dl.dropbox.com'
update could not be completed, sorry
sh-3.2#

newter55 said:
Tried this out and got this:
sh-3.2# su
sh-3.2# /data/local/tmp/blockads
Fetching host file via hostname
wget: bad address 'dl.dropbox.com'
update could not be completed, sorry
sh-3.2#
Click to expand...
Click to collapse
I forgot some ROMs and such have a busybox version that doesn't work right with hostnames in wget. I'll see if I can work around that and update the script
EDIT: updated to work around by using the IP for those that their busybox wget does not work correctly with hostnames. Only issue with that is the IP may change.

Ok. I am stuck. I actually don't have a hosts file under "etc", only a hosts.bak. With root explorer mounted as r/w I am still not able to rename the "host.bak" file to "hosts" - error message "read-only file/directory". I created a blank "hosts" text file, put in on the sdcard and with terminal emulator still can't cp to "etc" because of "read-only directory" error message. Any other suggestions?

GermanGuy said:
Ok. I am stuck. I actually don't have a hosts file under "etc", only a hosts.bak. With root explorer mounted as r/w I am still not able to rename the "host.bak" file to "hosts" - error message "read-only file/directory". I created a blank "hosts" text file, put in on the sdcard and with terminal emulator still can't cp to "etc" because of "read-only directory" error message. Any other suggestions?
Click to expand...
Click to collapse
Top right corner of Root Explorer .... Mount RW.
Sent from my A05PTH3ORY using XDA App

Does this do anything differently then AdFree, from the market?

yareally said:
I forgot some ROMs and such have a busybox version that doesn't work right with hostnames in wget. I'll see if I can work around that and update the script
EDIT: updated to work around by using the IP for those that their busybox wget does not work correctly with hostnames. Only issue with that is the IP may change.
Click to expand...
Click to collapse
Updated blockads script to test this am and:
sh-3.2$ export PATH=/data/local/bin:$PATH
sh-3.2$ su
sh-3.2# blockads
Fetching host file via hostname
wget: bad address 'dl.dropbox.com'
The busybox version of wget on your system does not work correctly with
hostnames. Trying workaround with latest known IP to the hostname...
Connecting to 184.73.229.87 (184.73.229.87:80)
hosts 100% |***********| 641k 00:00:00 ETA
backing up old host file and updating
failed on 'hosts' - Cross-device link
md5sum: can't open '/system/etc/hosts': No such file or directory
/system/xbin/blockads: line 38: [: 8172d35d1b72871f7e1ef4e709920f0e: unary operator expected
Unable to chmod /system/etc/hosts: No such file or directory
Unable to chmod /system/etc/hosts: No such file or directory
remounting filesystem in r/o mode...
Cleaning up files...
rm failed for -f, No such file or directory
update complete!
sh-3.2#
The end result is the existing hosts file being renamed hosts.bak and obviously no new hosts filebeing being created.
EDIT.... The above is testing on my inspire running busybox 1.19. Tried using the script on my sensation running bb 1.18.4 and it works fine.
Edit edit... Installed bb 1.18.4 on inspire and result is the same as posted above.

DroidTh3ory said:
Top right corner of Root Explorer .... Mount RW.
Sent from my A05PTH3ORY using XDA App
Click to expand...
Click to collapse
That's what I did, but it does not work - still does not let me modify read-only files.

After reading over the code and seeing the comments, I can only guess you had the modified version of wget on your device during testing, which does support host names. Before I continue, I am not trying to rain on your parade, but... By downloading the file, checking the md5, comparing it to the existing file, replacing if needed, and then cleaning up... you went about 5 steps beyond what just doing an "if server file is newer" check would do by including a custom wget. Even though you have to put in the code to install and verify the wget, the trade is that you no longer have to download the file every time, check it every time, and worry about making sure the md5 matches.
If you decide you want to switch over to that method, you can check out the option already included in http://forum.xda-developers.com/showthread.php?t=1092128 by downloading the live install version to view the actual script. Just a recommendation to optimize the process. Nice work, though, you definitely found a way to get the job done.
As for the difference between this and Adfree. There is no real difference. Adfree checks the server, does a callback, and prompts the user with updates. Adfree just requires an entire shell to turn it into an app, but will automatically run on boot.

twistedumbrella said:
As for the difference between this and Adfree. There is no real difference. Adfree checks the server, does a callback, and prompts the user with updates. Adfree just requires an entire shell to turn it into an app, but will automatically run on boot.
Click to expand...
Click to collapse
So, for those of you not comfortable running ADB, or Terminal Emulator, just install AdFree, and let it do everything for you.

spotmark said:
So, for those of you not comfortable running ADB, or Terminal Emulator, just install AdFree, and let it do everything for you.
Click to expand...
Click to collapse
Well, you also have the option of most included ROM toolkits, ScriptFusion, and a lot of preinstalled adblock scripts, but the big difference is the hosts file itself. Sounds like this one is custom, whereas mine takes bamf and adfree and merges them. This one may end up blocking more ads, but the only way to know would be to sit down and compare them all.
Sent from my ADR6400L using Tapatalk

twistedumbrella said:
Well, you also have the option of most included ROM toolkits, ScriptFusion, and a lot of preinstalled adblock scripts, but the big difference is the hosts file itself. Sounds like this one is custom, whereas mine takes bamf and adfree and merges them. This one may end up blocking more ads, but the only way to know would be to sit down and compare them all.
Sent from my ADR6400L using Tapatalk
Click to expand...
Click to collapse
Ah, I see.

Thank you for your comments everyone . I'll refine the script a bit more and also deal with a permanent workaround for not having a wget that checks hostsnames by testing with a ping and getting the IP first, using that and then doing wget. This started as a way for me to deal with having to move my ad host file each time I update it on my phone to just giving it out to everyone.
The only other difference than what was mentioned between my script and adfree as far as I know is I include a wider range of adhosts according to those that have used both. I have never used adfree, but people that have said I blocked more ads than they do and I also use an invalid IP address to block (0.0.0.0) instead of the loopback address (127.0.0.1) so it kills them a bit faster.
If anyone is still having problems that weren't resolved with it from above, let me know as well. I tested it against busybox 1.16.2 on my own phone, but it seems no 2 busybox version are alike
I havent tried this, but this one does include busybox 1.19 for those that don't want to manually install it. https://market.android.com/details?id=com.jrummy.busybox.installer&feature=related_apps

yareally said:
Thank you for your comments everyone . I'll refine the script a bit more and also deal with a permanent workaround for not having a wget that checks hostsnames by testing with a ping and getting the IP first, using that and then doing wget. This started as a way for me to deal with having to move my ad host file each time I update it on my phone to just giving it out to everyone.
The only other difference than what was mentioned between my script and adfree as far as I know is I include a wider range of adhosts according to those that have used both. I have never used adfree, but people that have said I blocked more ads than they do and I also use an invalid IP address to block (0.0.0.0) instead of the loopback address (127.0.0.1) so it kills them a bit faster.
If anyone is still having problems that weren't resolved with it from above, let me know as well. I tested it against busybox 1.16.2 on my own phone, but it seems no 2 busybox version are alike
I havent tried this, but this one does include busybox 1.19 for those that don't want to manually install it. https://market.android.com/details?id=com.jrummy.busybox.installer&feature=related_apps
Click to expand...
Click to collapse
Hit me up if I can be any help. It's good to have a better list available. Adfree has never been very thorough.
Sent from my ADR6400L using Tapatalk

+1 I exam yareally's hosts, This is much faster killing them and I glad you finally developing the script update for the hosts. I am going test your script update on 2 of the roms A05PTH3ORY and Gengeritis 3D VII. Thanks - Keep it up
yareally said:
The only other difference than what was mentioned between my script and adfree as far as I know is I include a wider range of adhosts according to those that have used both. I have never used adfree, but people that have said I blocked more ads than they do and I also use an invalid IP address to block (0.0.0.0) instead of the loopback address (127.0.0.1) so it kills them a bit faster.
Click to expand...
Click to collapse

Added about 10-15 more hosts today.

Thanks for the script. I'm going to give it a shot in a little bit. AdFree hasn't worked right in months. I've been using Absolute System to block ads, but I think I'll give this a try. Thanks again.

I'm about 50% done working on a basic gui app to do what the script does + some other features, just to give an update. GUI app will be free to any xda members of course
Things I am putting into it:
Choice between no blocking, partial blocking (basically in browser only stuff in case you want to show developers some love by not blocking their application ads), and full blocking.
Updating like the script does with just a touch of a button.
Optional ability to download a host block list for your desktop pc.
*features that may come later*
-ability to send me hosts from the app to add to the block list
-ability to add your own hosts on the fly to the list (either for personal routing or for adblocking, since adblocking is only the secondary use of the hosts file). Unfortunately, you will have to figure out the hosts yourself, since there's no easy way to tell really automatically.
Any other suggestions are welcomed

yareally said:
I'm about 50% done working on a basic gui app to do what the script does + some other features, just to give an update. GUI app will be free to any xda members of course
Things I am putting into it:
Choice between no blocking, partial blocking (basically in browser only stuff in case you want to show developers some love by not blocking their application ads), and full blocking.
Updating like the script does with just a touch of a button.
Optional ability to download a host block list for your desktop pc.
*features that may come later*
-ability to send me hosts from the app to add to the block list
-ability to add your own hosts on the fly to the list (either for personal routing or for adblocking, since adblocking is only the secondary use of the hosts file). Unfortunately, you will have to figure out the hosts yourself, since there's no easy way to tell really automatically.
Any other suggestions are welcomed
Click to expand...
Click to collapse
Sounds like AdFree but much better and will work better as well. Can't wait!!

Just tried this today on gingeritis 3d beta8 and it doesnt seem to work as i get the same error someone else posted a few posts back. Something about no such file or directory system/etc/hosts. I reverted adfree and uninstalled it and renamed the hosts file to hosts from hosts.bak but when I Su adblock it gets renamed to hosts.bak and terminal shows that same error

here's a .zip full of essential .apks to use when setting up a new/rootable AFTV

I picked up a few rootable AFTVs recently and decided to share a folder I put together full of essential APKs to sideload when dealing with a new/rootable AFTV. If there's anything you feel should be added, let me know. Scan the files if you'd like. They're clean. I don't have the know-how or the need to infect apps with malicious files. They were all downloaded from the official website, or through the Google Play Store/Evozi. I included an older version of SuperSU for older versions of the AFTV software. Lastly, I use these for the AFTV Box. I'm not sure if these are the same exact files you should use with the AFTV Stick.
link: https://www.dropbox.com/s/i1ywqa0plernezh/essential_apks.zip?dl=0
list of APKs:
Android_Settings_v4.0.4.apk
de.robv.android.xposed.installer_v32_de4f0d.apk
eu.chainfire.supersu.v1.97.apk
eu.chainfire.supersu.v2.46.apk
GoogleAccountManager_4.0.3-239410.apk
GooglePlayservices_4.4.52(1174655-036).apk
googleplaystore.apk
googleservicesframework.apk
HDXPosed-1.3.apk
llama.apk
MarketHelper-1.1.apk
stericson.busybox.apk
towelroot.apk
edit: made a mistake in the description.

I like it, but why 2 versions of supersu?

ldeveraux said:
I like it, but why 2 versions of supersu?
Click to expand...
Click to collapse
I was having problems with the newer version of SuperSU opening on 51.1.0.1_user_510055620. The older version was working fine, so I included it.

How to block ads without root

Since this is a vanilla android phone, the only real modification I wanted was to change the hosts file to block ads. Turns out you can do that without rooting your phone, but you DO need an unlocked bootloader.
After you're unlocked, you'll need the TWRP recovery image:
http://forum.xda-developers.com/nex...recovery-twrp-2-8-7-0-touch-recovery-t3230471
and the flashable hosts file:
http://forum.xda-developers.com/showthread.php?t=1916098
Reboot into the factory bootloader, then into TWRP:
Code:
fastboot boot twrp-2.8.7.0-bullhead.img
Start ADB Sideload in TWRP and push the flashable hosts file:
Code:
adb sideload MoaAB_ADBlocking_12October2015_R4.zip
Reboot, DON'T install superuser when prompted, and you're done! You'll still have the factory recovery, but you will get the device is corrupt message since this changes the system.
There may be an easier way to do this, but just wanted to put it out there if there's anyone else looking to do the same thing.

I seem to lose adb access when I am in TWRP, do I type "adb sideload MoaAB_ADBlocking_12October2015_R4.zip" in the command prompt on my computer or is there a way to type this within TWRP?

The command prompt. I've had driver issues with adb in recovery on some computers, check in device manager and see if it shows up. You may have to update the driver (right click on the phone in device manager) and manually select adb. Not at my computer, so I can't give specific steps, sorry.
Sent from my Nexus 5X using Tapatalk

Yup you were right, driver issues, fixing right now, thanks!

If you use the Amazon app, it will be broken with MoaAB, unless it was fixed.

Seems to work fine, so they must have updated the list.
Sent from my Nexus 5X using Tapatalk

thanks for posting this , will try it soon!

Can I load this if I am on unlocked bl, unencrypted, and rooted?

Yup, then you can just flash it in TWRP. Or use an app like AdAway.
Sent from my Nexus 5X using Tapatalk

Can anyone tell me if flashing this host file will prevent future OTA's from installing successfully?
If so, would saving the original host file as a backup and pushing that back via ADB allow the OTAs?
Thanks!

I can't tell you for sure, but it's certainly a possibility. Having a backup is always a good idea, but there is a flashable stock hosts file in the same thread as the ad blocking file.
Personally, I'll probably just flash the factory system.img when it's time for an update.
Sent from my Nexus 5X using Tapatalk

Rbrowser is a good alternative, if you'd prefer to keep everything stock for updates. Does an excellent job at blocking ads, and very Chrome like.

As an avid flasher and owner of all the Nexus this is the first time I'm trying to go non-root and I was able to find any alternative for ad blocking. I'd recommend you install AdGuard, it blocks websites and apps but it redirects the traffic through its vpn server so Google battery stats will determine it's eating all the juice. This however is simply not true, after extensive use I can still do 3-4hrs SOT, so give it a shot if you want ad blocking non-root.

Since AdAway always did a great job for me, I made a script that grabs all the same sources and builds a single hosts file to push to the phone. You'll need Linux or another UNIX to run it though.
http://www.jimsrandomcrap.com/2015/12/12/ad-blocking-without-root-on-the-nexus-5x/

wow you are the best

beavis9k said:
Since AdAway always did a great job for me, I made a script that grabs all the same sources and builds a single hosts file to push to the phone. You'll need Linux or another UNIX to run it though.
Click to expand...
Click to collapse
:good:

No problem; I'm glad other people find it useful. Maybe I should make a post for it in the development section.

@beavis9k: I followed your tutorial and I was able to push the hosts file to my phone but ads still do not get blocked.
Should there be some kind of a response after applying the "adb shell chmod 644 /system/etc/hosts" command?
If I open the hosts file the only entry is "127.0.0.1 localhost::1 localhost". I guess that isn't correct and the script is not able to grab the sources when I run it.
UPDATE: Solved it. There was a problem with cygwin running the script.

Norlam said:
@beavis9k: I followed your tutorial and I was able to push the hosts file to my phone but ads still do not get blocked.
Should there be some kind of a response after applying the "adb shell chmod 644 /system/etc/hosts" command?
If I open the hosts file the only entry is "127.0.0.1 localhost::1 localhost". I guess that isn't correct and the script is not able to grab the sources when I run it.
UPDATE: Solved it. There was a problem with cygwin running the script.
Click to expand...
Click to collapse
Ahhh... thanks for letting me know. I never did try it under cygwin. I figured it would just work. If the generated hosts file only has localhost in it, I would guess that wget isn't installed with cygwin.

Yeah that was the problem. I forgot the check the "wget" package during the installation of cygwin
After installing the package the hosts file was working as it should :good:

[SCRIPT] Debloat HTC 10

Although HTC 10 comes with less bloat than most other phones, it still has apps preinstalled that some of us probably will never use.
Some of those apps may even run at boot and consume RAM and CPU. For this purpose I made a small script that will remove those apps instead of doing it manually via ADB Shell.
This script is for Mac/OS X/macOS. I think it can also run on Linux but I'm not sure because I don't use Linux much.
For Windows, it can easily be ported to command line. If someone is willing to do it, PM me the script and I will add it to the repo.
Apps that the script removes:
Boost+
Google+ Sense Add-on
Instagram (placeholder app)
LinkedIn Sense Add-on
HTC Mail
Facebook (placeholder app)
Messenger (placeholder app)
News Republic
TouchPal Keyboard (SEE NOTE!)
Twitter Sense Add-on
Voice Recorder
Zoe
HTC Help
IceView Case support
HTC Speak
Transfer my stuff
Google Hangouts
Google Play Music
Basically what the script does:
Mount /system as RW
Delete above apps .apk and containing folder
Reboot after done.
DISCLAIMER: Although I don't see what could possibly go wrong by flashing this script, be sure to back up your ROM before flashing as I don't take any responsibility caused by this script. I have tested it on my HTC 10 and I didn't have any issues.
IMPORTANT NOTE: If you plan to remove TouchPal keyboard, make sure that you have an alternative already installed before or you won't be able to type any text. In case you're reading this after you already screwed up, download your prefered keyboards .apk file and install it via ADB. The script will stop before removing the keyboard and ask if you are sure you want to remove it.
How to:
Enable USB debugging
Connect your phone
Execute "adb shell" and then "su" and grant superuser access to adb shell
(OS X) make script executable (chmod a+x)
Run script
I am open for suggestions and merge requests, happy debloating
The script can be found HERE.

Hoping someone works on the windows version cause i suppose totally run this.
Thanks for sharing
Sent from my HTC 10 using XDA-Developers mobile app

All this can be manually removed simply by hitting uninstall with root access right? Not knocking the script, just asking honestly.
Sent from my SM-G900V using Tapatalk

Just double checking, but I take it that root is required?

Milano_II said:
All this can be manually removed simply by hitting uninstall with root access right? Not knocking the script, just asking honestly.
Sent from my SM-G900V using Tapatalk
Click to expand...
Click to collapse
Ive tried some apps for removal of system apps but it didn't work. And since I play around with ROMs reinstalling and uninstalling app by app takes just to much time.
Milamber said:
Just double checking, but I take it that root is required?
Click to expand...
Click to collapse
Yes, you need root because you need to remove apps from the read-only /system partition.

Got it. Thanks for the reply. I haven't had an htc phone since gingerbread and I mostly had Samsungs on Verizon so I never bothered rooting. I didn't get my 10 yet but I hope to root right away and get rid of things I think are bloat. Probably gonna need this script I guess we'll see. Thanks again!
Sent from my SM-G900V using Tapatalk

very nice, quick and easy one step to uninstall the stuff that is safe to, thank you!

razrlover said:
Hoping someone works on the windows version cause i suppose totally run this.
Thanks for sharing
Click to expand...
Click to collapse
if you like i can take a crack at it, simple batch script should work almost out of the box as long as you have adb set up

ibrokemypie said:
if you like i can take a crack at it, simple batch script should work almost out of the box as long as you have adb set up
Click to expand...
Click to collapse
will you make it for windows please?

@gillim74 @razrlover @dj_chapz
I have made a working copy for windows and added it to a fork of the gitlab repo here: https://github.com/ibrokemypie/htc_10_pme_debloat/blob/master/htc10_bloat_remover.cmd
I will maintain this as long as @dj_chapz does and will pull in any changes he makes.

I usually make changes after a firmware update if I notice any new bloat, but there shouldnt be much changes.
Also, this list is by personal preference, because some apps that I choose to leave others may want to remove or vice versa, so everyone should take the script as a base and edit to their likeing.

ibrokemypie said:
@gillim74 @razrlover @dj_chapz
I have made a working copy for windows and added it to a fork of the gitlab repo here: https://github.com/ibrokemypie/htc_10_pme_debloat/blob/master/htc10_bloat_remover.cmd
I will maintain this as long as @dj_chapz does and will pull in any changes he makes.
Click to expand...
Click to collapse
After running this (windows), and going into Settings > Apps, I get a Loading screen that never ends. Same thing in Titanium backup when it tries to build a db of the installed apps.

typhoonikan said:
After running this (windows), and going into Settings > Apps, I get a Loading screen that never ends. Same thing in Titanium backup when it tries to build a db of the installed apps.
Click to expand...
Click to collapse
which update are you running? still marshmallow or have you gone to nougat? custom rom? and have you tried restarting and perhaps clearing cache/dalvik?

Device or resource busy
Read-only file system
Read-only file system
tried it but all the apps had the above thing ^
nougat,
oh it did work o.o saw the apps for a second, thank you! could i just add the sense apks into the script and remove it the same way?

Dare I ask... why not make a shell script you run from the phone? I'll give it a shot. I wrote one that creates directories so I can use FolderSync to restore settings from the cloud.
Sent from my HTC6545LVW using XDA Labs

SovPanda said:
Device or resource busy
Read-only file system
Read-only file system
tried it but all the apps had the above thing ^
nougat,
oh it did work o.o saw the apps for a second, thank you! could i just add the sense apks into the script and remove it the same way?
Click to expand...
Click to collapse
Hi, did you use the Windows version? Thanks

spacecowboy618 said:
Hi, did you use the Windows version? Thanks
Click to expand...
Click to collapse
windows 10 <--
used the one he has listed to download in the original OP and works

Janus Vulnerability Allows Attackers to Modify Apps without Affecting their Signature

In various thread scattered around the Fire and Kindle forums here on XDA, I talked about the possibility of decompiling an Amazon system APK, modifying the contents such as settings for the framework or changing permissions in an attempt to escalate privileges to some degree, maybe even root. I ran into several issues when attempting such a thing:
1) Using a PC, I found it almost impossible to successfully recompile a modified APK. Many of the tools like APKtool are just too complicated and missing even the slightest step will cause it to fail.
2) Surprisingly, I've had the opposite outcome using two apps. Using APK Export, I was able to export an APK from the system and use APK Editor Pro to modify permissions. I have been able to, on a consistent basis, use APK Editor Pro to decompile the Android Live Wallpaper system APKs to add or remove any permission from the APKs manifest. Installing the APKs did not result in getting them into /system/priv-app on my HD 8, but all modifications held over and over. But every time the signature is ruined, and installing as a system app fails again.
Janus can help escalating permissions even further when using the above method and maybe others, to modify system APKs. The question is: Can we use Janus to modify an APK in some form, to install an update to an Amazon system app, which would on install, execute code that would install SU binaries? What about any other known exploit patched or not? Could we fake the system into thinking a one-click-root app is a system app and install it? Link to XDA article.
Janus takes advantage of the fact that extra bytes go unnoticed in APK files and DEX files. The GuardSquare report explains that an APK file is a ZIP archive which can contain arbitrary bytes at the start, before and between its ZIP entries. The JAR signature scheme only takes into account the ZIP entries, ignoring any extra bytes when computing or verifying the application’s signature.
It goes on to explain that a DEX file, on the other hand, can contain arbitrary bytes at the end – after the regular sections of strings, classes, method definitions, etc. Therefore, a file can be a valid APK file and a valid DEX file at the same time.
GuardSquare also mentions that a key element of the vulnerability is a “harmless” feature of the Dalvik/ART virtual machine. The report states that in theory, the Android runtime loads the APK file, extracts its DEX file and then runs its code. However, in practice, the virtual machine (VM) can load and execute both APK files and DEX files. The issue is that when the VM gets an APK file, it still looks at the magic bytes in the header to decide which type of file it is: DEX or APK. On finding a DEX header, it loads the file as a DEX file. If it doesn’t find a header, it loads the file as an APK file containing a zip entry with a DEX file. Thus, it can misinterpret dual DEX/APK files.
GuardSquare says that an attacker can leverage this duality feature of the VM to add a malicious DEX file to a normal APK file without affecting its signature. The Android runtime will accept the APK file as a valid update to a legitimate earlier app version, but the Dalvik VM will load the code from the DEX file, which has been injected with malicious code.
Click to expand...
Click to collapse

This is a good point. I brought up something similar a few months ago in another thread.
With all the exploits discovered this year where's someone trying these exploits on this hw sw combo we have with FireOS.
Where's the fuzzer for all the system calls while trying the known exploits?
Where is the systematic approach to testing these from the pedants on the forum?
Sure you can reply with the usual comebacks, but try a different approach instead of more of the same.
With
Sent from my iPhone using Tapatalk

Robius said:
Where is the systematic approach to testing these from the pedants on the forum?
Click to expand...
Click to collapse
Totally agree! Those selfish tech elitists who put real life above the desires of strangers. They should dedicate themselves (without compensation) and their community resources to methodically crack this very important nut. Ya know, because exploiting a $50 entertainment gizmo should rise to the top of THEIR priority list. Sorry sweetie, daddy won't becoming to any of your soccer games this year; he has important work to do.

My point exactly.
You spent enough energy to respond to this in a sarcastic manner. Thank you
Sent from my iPhone using Tapatalk

Robius said:
My point exactly.
You spent enough energy to respond to this in a sarcastic manner. Thank you
Click to expand...
Click to collapse
Time well spent; appreciate the opportunity to respond in kind.

I have seen a bunch of hashes running through the terminal last time. Amazon may compare the hashes of the apks against a whitelist.

All right, I am ready to take this exploit on my 5th Gen. What I have to do??

Adyatan said:
All right, I am ready to take this exploit on my 5th Gen. What I have to do??
Click to expand...
Click to collapse
I haven't sat down and looked into this too much so I'm not sure how to execute the exploit yet.
The idea I had been working on months ago was to somehow insert SU binaries into an Amazon system APK, and get it to install the modified APK as an update to an existing system app. The issue back then was the signature getting destroyed. If we can modify an Amazon system APK to contain a script to execute installation of SU binaries, the exploit might allow the APK to install as an update to an existing Amazon app and in theory install the SU binaries. Based on what little I've read, we would have to either 1) modify the existing DEX file of an Amazon system APK to contain code/script to install SU binaries or 2) create a new DEX file with the code and replace it with the original. My opinion is a better chance at the first method.
Now how to do all that using the Janus exploit? I do not yet know.

"An attacker exploiting the flaw could replace a trusted application that already has high privileges, such as a system app, with one of their updates to abuse the permissions that have already been granted. This could enable the attack to access sensitive information stored in the devices or enable the attacker to seize control over the device completely."
https://www.scmagazine.com/janus-vu...-android-50-devices-and-newer/article/713449/
So how would one go about updating a DEX file to contain 1) SU binaries that install upon 'updating' the app on installation? Or 2) clone a system app and edit or change the DEX file? 3) add an exploit script to a DEX file that would gain root (then you would install SU binaries and app)?
It seems the editing of the DEX file itself doesn't damage the signature and that's the nature of the exploit?

Hey is it possible to modify the permissions ota updater and remove the internet permissions so it can't update
I just found this https://github.com/odensc/janus don't have a computer anymore or would try it

Asadullah said:
Hey is it possible to modify the permissions ota updater and remove the internet permissions so it can't update
Click to expand...
Click to collapse
I cannot recall if I've ever tried with that APK. I have tried with others, unsuccessfully. Either the APK will fail to recompile into a proper installation file, or it would 'install', but with none of the modifications holding.

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
While installing an Android app or its update, your device checks APK header information to determine if the archive contains code in the compressed DEX files. If header says APK archive contains DEX files, the process virtual machine decompiles the code accordingly and executes it; otherwise, it runs the code as a regular APK file.
It turns out that an APK archive can contain DEX files as well as regular application code simultaneously, without affecting its validity and signatures.
Researchers find that this ability to add extra bytes of code due to lack of file integrity checking could allow attackers to prepend malicious code compiled in DEX format into an APK archive containing legitimate code with valid signatures, eventually tricking app installation process to execute both code on the targeted device without being detected.
In other words, the hack doesn't require attackers to modify the code of legitimate applications (that makes signatures invalid)—instead, the vulnerability allows malware authors to merely add some extra malicious lines of code to the original app.
Click to expand...
Click to collapse
So we would need to write a script or other code that would be placed into a Amazon System APK. Now would we be able to add SU binaries to an APK? What about a root script like DirtyCow. Although DC is patched, would that be different if the exploit was installed into the /system-priv-app and then executed? I really don't want to sound dumb here so please help me pout guys. Any feedback, negative or not is appreciated.

Maybe this tool can help https://forum.xda-developers.com/android/software/tool-dex-manager-v1-0-designed-to-play-t2988532

Robius said:
Maybe this tool can help https://forum.xda-developers.com/android/software/tool-dex-manager-v1-0-designed-to-play-t2988532
Click to expand...
Click to collapse
I can't find a working download link. Apparently it has been discontinued and i was directed to this: Uret Android Reverser Toolkit v1.6. I downloaded it.
I did find the other one but it says it's for a Galaxy Note. Not sure if that's really the case though.

DragonFire1024 said:
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
So we would need to write a script or other code that would be placed into a Amazon System APK. Now would we be able to add SU binaries to an APK? What about a root script like DirtyCow. Although DC is patched, would that be different if the exploit was installed into the /system-priv-app and then executed? I really don't want to sound dumb here so please help me pout guys. Any feedback, negative or not is appreciated.
Click to expand...
Click to collapse
It's beyond my knowledge but if you were to maybe add a script to the dex giving it the permisions I gotta look more into this
---------- Post added at 04:13 PM ---------- Previous post was at 03:54 PM ----------
DragonFire1024 said:
I can't find a working download link.
Click to expand...
Click to collapse
here's smali baksmali for editing dex files https://github.com/JesusFreke/smali I havent used it in a while but used to work good

Asadullah said:
It's beyond my knowledge but if you were to maybe add a script to the dex giving it the permisions I gotta look more into this
---------- Post added at 04:13 PM ---------- Previous post was at 03:54 PM ----------
here's smali baksmali for editing dex files https://github.com/JesusFreke/smali I havent used it in a while but used to work good
Click to expand...
Click to collapse
Editing DEX is pretty much out of my league too. I wouldn't know where to start. I don't even know how to install or use the tool you posted.

DragonFire1024 said:
Editing DEX is pretty much out of my league too. I wouldn't know where to start. I don't even know how to install or use the tool you posted.
Click to expand...
Click to collapse
https://github.com/JesusFreke/smali/wiki/DeodexInstructions
It's really pretty simple used to use it take out the ads from angry birds and what not when it first came out. But it's easier said than done. If you do try first thing I would suggest is that you decompile then recompile to see if it works right the dependencies sometimes will get you or we can try and beg another developer to make us a modified apk..... Please pretty please with sugar on topwe'll like all your posts???

Check this thread for root possibility:
https://forum.xda-developers.com/hd8-hd10/general/complete-guide-root-hd7-8-106th-gen-t3545411

Robius said:
Check this thread for root possibility:
https://forum.xda-developers.com/hd8-hd10/general/complete-guide-root-hd7-8-106th-gen-t3545411
Click to expand...
Click to collapse
FYI - nothing new in that thread. Same familiar tools/techniques targeting a different gen/suite of Amazon devices. Similar outcomes too. Vulnerability patched in FireOS 5.3.2.x as so far proven impenetrable by generic rooting tools of common origin (KingRoot, KingORoot, etc).

Davey126 said:
FYI - nothing new in that thread. Same familiar tools/techniques targeting a different gen/suite of Amazon devices. Similar outcomes too. Vulnerability patched in FireOS 5.3.2.x as so far proven impenetrable by generic rooting tools of common origin (KingRoot, KingORoot, etc).
Click to expand...
Click to collapse
Not sure if the following report is true: (HD10 7th Gen on 5.6.0.0)
https://forum.xda-developers.com/hd8-hd10/general/rooted-fire-hd-10-7th-generation-t3718629