Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Heartbleed hack for 4.1.1

OP rudolfm

11th April 2014, 10:41 PM   |  #1  
OP Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Apr 2014
I'm quite firm in Linux hacking, so to give quick help to those stuck with 4.1.1 and heartbleed, I tried this hack.
I simply replaced the 4.1.1 libssl.so with a 4.1.2 version.
My phone (tcl 997) is 4.1.1 and strangely not affected, but I tried it on my phone before suggesting it to someone else.
Another person did it with his affected Huawei Y300. Both still work and pass the heartbleed detector:

Download this rom, I used the 3.1 version.
http://forum.xda-developers.com/show....php?t=1945441
extract /system/lib/libssl.so from the rom's .zip
***do not boot phone between these steps ***
rename the /system/lib/libssl.so on your phone
copy "new" libssl.so to phone and set its file rights to rw- r-- r--
now boot phone
You could be fine now.

BUT your phone might not boot anymore if something goes wrong with the new libssl.so. Mine wouldn't boot without a valid libssl, yes i had to try it out. I have a TWRP recovery with a file manager, so I could rename my old libssl back and then my phone would boot again.

Of course, this is on your own risk. It worked for me, it might fail for you. Don't do it if you don't fully understand.

If you speak german, you might also want to read this:
http://www.android-hilfe.de/android-...au-ist-da.html
Last edited by rudolfm; 11th April 2014 at 10:50 PM.
13th April 2014, 03:04 PM   |  #2  
TheXorg's Avatar
Senior Member
Flag Germany, Thüringen
Thanks Meter: 140
 
298 posts
Join Date:Joined: Aug 2013
More
Quote:
Originally Posted by rudolfm

I'm quite firm in Linux hacking, so to give quick help to those stuck with 4.1.1 and heartbleed, I tried this hack.
I simply replaced the 4.1.1 libssl.so with a 4.1.2 version.
My phone (tcl 997) is 4.1.1 and strangely not affected, but I tried it on my phone before suggesting it to someone else.
Another person did it with his affected Huawei Y300. Both still work and pass the heartbleed detector:

Download this rom, I used the 3.1 version.
http://forum.xda-developers.com/show....php?t=1945441
extract /system/lib/libssl.so from the rom's .zip
***do not boot phone between these steps ***
rename the /system/lib/libssl.so on your phone
copy "new" libssl.so to phone and set its file rights to rw- r-- r--
now boot phone
You could be fine now.

BUT your phone might not boot anymore if something goes wrong with the new libssl.so. Mine wouldn't boot without a valid libssl, yes i had to try it out. I have a TWRP recovery with a file manager, so I could rename my old libssl back and then my phone would boot again.

Of course, this is on your own risk. It worked for me, it might fail for you. Don't do it if you don't fully understand.

If you speak german, you might also want to read this:
http://www.android-hilfe.de/android-...au-ist-da.html

Or if you like it the easy way, just flash this zip: https://www.dropbox.com/s/tqxfjwwja3...tall-patch.zip
It uses a libssl.so from a LG Optimus L5 II (4.1.2) and that patch was originally made for trekstor surftab ventos 10.1 (here everything works fine).

If your phone doesn't boot after you installed this patch:
1. Keep Calm
2. Boot to recovery and mount /system
3. Replace "/system/lib/libssl.so" with backup at "/system/libssl.backup.so" with ADB (adb shell cp /system/libssl.backup.so /system/lib/libssl.so)

No warranty this works
Sorry for my bad english

If you speak german, here is the original post for surftab ventos 10.1: http://tslink.tk/hb

If the ZIP is not working, try to replace the libssl.so by hand with this one: https://www.dropbox.com/s/wsg3a5ave2a8655/newssl.so

Cheers, Xorg
Last edited by TheXorg; 5th May 2014 at 06:27 AM.
The Following 2 Users Say Thank You to TheXorg For This Useful Post: [ View ]
16th April 2014, 06:03 PM   |  #3  
Junior Member
Thanks Meter: 0
 
9 posts
Join Date:Joined: Sep 2013
Quote:
Originally Posted by TheXorg

Or if you like it the easy way, just flash this zip: http://tslink.tk/hb-inst-en
It uses a libssl.so from a LG Optimus L5 II (4.1.2) and that patch was originally made for trekstor surftab ventos 10.1 (here everything works fine).

If your phone doesn't boot after you installed this patch:

Cheers, Xorg

Appreciate the patch. I flashed it on my phone. TWRP said the zip flashed successfully, but the Heartbleed Detector says I still have OpenSSL 1.0.1c and am still vulnerable.

My phone:

One S (T-Mobile), S-OFF
3.16.401.8 WWE
Bulletproof kernel 2.1
Viperboy's Dual Core Mod 2.1

Not sure if it worked or not, but you get a data point...
16th April 2014, 10:20 PM   |  #4  
TheXorg's Avatar
Senior Member
Flag Germany, Thüringen
Thanks Meter: 140
 
298 posts
Join Date:Joined: Aug 2013
More
Quote:
Originally Posted by helpful_onlooker

Appreciate the patch. I flashed it on my phone. TWRP said the zip flashed successfully, but the Heartbleed Detector says I still have OpenSSL 1.0.1c and am still vulnerable.

My phone:

One S (T-Mobile), S-OFF
3.16.401.8 WWE
Bulletproof kernel 2.1
Viperboy's Dual Core Mod 2.1

Not sure if it worked or not, but you get a data point...

It wont install a newer Version but a Version which hasn’t got this bug.

You habe to Mount /system before you install it, i will fix that Mount bug soon


Sent from my ST10216-1 using XDA Premium 4 mobile app
16th April 2014, 11:44 PM   |  #5  
Junior Member
Thanks Meter: 0
 
9 posts
Join Date:Joined: Sep 2013
Quote:
Originally Posted by TheXorg

It wont install a newer Version but a Version which hasn’t got this bug.

You habe to Mount /system before you install it, i will fix that Mount bug soon


Sent from my ST10216-1 using XDA Premium 4 mobile app

I tried mounting /system from TWRP and it stubbornly refuses to mount... It only mounts /sdcard...

So the files in the zip only replace a library OpenSSL depends on?
3rd May 2014, 03:15 AM   |  #6  
Junior Member
Thanks Meter: 2
 
11 posts
Join Date:Joined: Jul 2010
Archos 80 Titanium
Do you think this might work for this tablet? Its a rockchip 3066 tab
5th May 2014, 06:25 AM   |  #7  
TheXorg's Avatar
Senior Member
Flag Germany, Thüringen
Thanks Meter: 140
 
298 posts
Join Date:Joined: Aug 2013
More
Quote:
Originally Posted by wendroid

Do you think this might work for this tablet? Its a rockchip 3066 tab

Yes, my Surftab is also a RK3066 tablet

Sent from my Nexus 4 using XDA Premium 4 mobile app
22nd August 2014, 10:33 PM   |  #8  
Junior Member
Flag Lebanon, OR
Thanks Meter: 0
 
6 posts
Join Date:Joined: Feb 2013
Heartbleed hack for 4.1.1
May I ask you how to connect to and browse the android device while it's in Recovery mode?

Since I am new to Android and hacking the files I am only assuming that you'd have to connect (my android tablet) to my pc while the Android OS is not operating.

Thanks

Robert

Acer A210 Android Tablet
OS: Android Open Source Project (KitKat 4.4.2)

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes