Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,813,477 Members 41,560 Now Online
XDA Developers Android and Mobile Development Forum

Heartbleed hack for 4.1.1

Tip us?
 
rudolfm
Old
(Last edited by rudolfm; 11th April 2014 at 09:50 PM.)
#1  
Junior Member - OP
Thanks Meter 0
Posts: 3
Join Date: Apr 2014
Default Heartbleed hack for 4.1.1

I'm quite firm in Linux hacking, so to give quick help to those stuck with 4.1.1 and heartbleed, I tried this hack.
I simply replaced the 4.1.1 libssl.so with a 4.1.2 version.
My phone (tcl 997) is 4.1.1 and strangely not affected, but I tried it on my phone before suggesting it to someone else.
Another person did it with his affected Huawei Y300. Both still work and pass the heartbleed detector:

Download this rom, I used the 3.1 version.
http://forum.xda-developers.com/show....php?t=1945441
extract /system/lib/libssl.so from the rom's .zip
***do not boot phone between these steps ***
rename the /system/lib/libssl.so on your phone
copy "new" libssl.so to phone and set its file rights to rw- r-- r--
now boot phone
You could be fine now.

BUT your phone might not boot anymore if something goes wrong with the new libssl.so. Mine wouldn't boot without a valid libssl, yes i had to try it out. I have a TWRP recovery with a file manager, so I could rename my old libssl back and then my phone would boot again.

Of course, this is on your own risk. It worked for me, it might fail for you. Don't do it if you don't fully understand.

If you speak german, you might also want to read this:
http://www.android-hilfe.de/android-...au-ist-da.html
 
TheXorg
Old
(Last edited by TheXorg; 5th May 2014 at 05:27 AM.)
#2  
TheXorg's Avatar
Senior Member
Thanks Meter 106
Posts: 275
Join Date: Aug 2013
Location: Germany, Thüringen
Quote:
Originally Posted by rudolfm View Post
I'm quite firm in Linux hacking, so to give quick help to those stuck with 4.1.1 and heartbleed, I tried this hack.
I simply replaced the 4.1.1 libssl.so with a 4.1.2 version.
My phone (tcl 997) is 4.1.1 and strangely not affected, but I tried it on my phone before suggesting it to someone else.
Another person did it with his affected Huawei Y300. Both still work and pass the heartbleed detector:

Download this rom, I used the 3.1 version.
http://forum.xda-developers.com/show....php?t=1945441
extract /system/lib/libssl.so from the rom's .zip
***do not boot phone between these steps ***
rename the /system/lib/libssl.so on your phone
copy "new" libssl.so to phone and set its file rights to rw- r-- r--
now boot phone
You could be fine now.

BUT your phone might not boot anymore if something goes wrong with the new libssl.so. Mine wouldn't boot without a valid libssl, yes i had to try it out. I have a TWRP recovery with a file manager, so I could rename my old libssl back and then my phone would boot again.

Of course, this is on your own risk. It worked for me, it might fail for you. Don't do it if you don't fully understand.

If you speak german, you might also want to read this:
http://www.android-hilfe.de/android-...au-ist-da.html
Or if you like it the easy way, just flash this zip: https://www.dropbox.com/s/tqxfjwwja3...tall-patch.zip
It uses a libssl.so from a LG Optimus L5 II (4.1.2) and that patch was originally made for trekstor surftab ventos 10.1 (here everything works fine).

If your phone doesn't boot after you installed this patch:
1. Keep Calm
2. Boot to recovery and mount /system
3. Replace "/system/lib/libssl.so" with backup at "/system/libssl.backup.so" with ADB (adb shell cp /system/libssl.backup.so /system/lib/libssl.so)

No warranty this works
Sorry for my bad english

If you speak german, here is the original post for surftab ventos 10.1: http://tslink.tk/hb

If the ZIP is not working, try to replace the libssl.so by hand with this one: https://www.dropbox.com/s/wsg3a5ave2a8655/newssl.so

Cheers, Xorg
I'm a 14 years old "developer"
My Work:
Nexus 4 ~ Android L Preview | Moto G ~ PA 4.5 Beta 2 | Nexus 7 2012 ~ PA 4.5 Beta 2
The Following 2 Users Say Thank You to TheXorg For This Useful Post: [ Click to Expand ]
 
helpful_onlooker
Old
#3  
Junior Member
Thanks Meter 0
Posts: 9
Join Date: Sep 2013
Quote:
Originally Posted by TheXorg View Post
Or if you like it the easy way, just flash this zip: http://tslink.tk/hb-inst-en
It uses a libssl.so from a LG Optimus L5 II (4.1.2) and that patch was originally made for trekstor surftab ventos 10.1 (here everything works fine).

If your phone doesn't boot after you installed this patch:

Cheers, Xorg
Appreciate the patch. I flashed it on my phone. TWRP said the zip flashed successfully, but the Heartbleed Detector says I still have OpenSSL 1.0.1c and am still vulnerable.

My phone:

One S (T-Mobile), S-OFF
3.16.401.8 WWE
Bulletproof kernel 2.1
Viperboy's Dual Core Mod 2.1

Not sure if it worked or not, but you get a data point...
 
TheXorg
Old
#4  
TheXorg's Avatar
Senior Member
Thanks Meter 106
Posts: 275
Join Date: Aug 2013
Location: Germany, Thüringen
Quote:
Originally Posted by helpful_onlooker View Post
Appreciate the patch. I flashed it on my phone. TWRP said the zip flashed successfully, but the Heartbleed Detector says I still have OpenSSL 1.0.1c and am still vulnerable.

My phone:

One S (T-Mobile), S-OFF
3.16.401.8 WWE
Bulletproof kernel 2.1
Viperboy's Dual Core Mod 2.1

Not sure if it worked or not, but you get a data point...
It wont install a newer Version but a Version which hasn’t got this bug.

You habe to Mount /system before you install it, i will fix that Mount bug soon


Sent from my ST10216-1 using XDA Premium 4 mobile app
I'm a 14 years old "developer"
My Work:
Nexus 4 ~ Android L Preview | Moto G ~ PA 4.5 Beta 2 | Nexus 7 2012 ~ PA 4.5 Beta 2
 
helpful_onlooker
Old
#5  
Junior Member
Thanks Meter 0
Posts: 9
Join Date: Sep 2013
Quote:
Originally Posted by TheXorg View Post
It wont install a newer Version but a Version which hasn’t got this bug.

You habe to Mount /system before you install it, i will fix that Mount bug soon


Sent from my ST10216-1 using XDA Premium 4 mobile app
I tried mounting /system from TWRP and it stubbornly refuses to mount... It only mounts /sdcard...

So the files in the zip only replace a library OpenSSL depends on?
 
wendroid
Old
#6  
Junior Member
Thanks Meter 2
Posts: 11
Join Date: Jul 2010
Default Archos 80 Titanium

Do you think this might work for this tablet? Its a rockchip 3066 tab
 
TheXorg
Old
#7  
TheXorg's Avatar
Senior Member
Thanks Meter 106
Posts: 275
Join Date: Aug 2013
Location: Germany, Thüringen
Quote:
Originally Posted by wendroid View Post
Do you think this might work for this tablet? Its a rockchip 3066 tab
Yes, my Surftab is also a RK3066 tablet

Sent from my Nexus 4 using XDA Premium 4 mobile app
I'm a 14 years old "developer"
My Work:
Nexus 4 ~ Android L Preview | Moto G ~ PA 4.5 Beta 2 | Nexus 7 2012 ~ PA 4.5 Beta 2
 
Trainingwheels
Old
#8  
Junior Member
Thanks Meter 0
Posts: 6
Join Date: Feb 2013
Location: Lebanon, OR
Default Heartbleed hack for 4.1.1

May I ask you how to connect to and browse the android device while it's in Recovery mode?

Since I am new to Android and hacking the files I am only assuming that you'd have to connect (my android tablet) to my pc while the Android OS is not operating.

Thanks

Robert

Acer A210 Android Tablet
OS: Android Open Source Project (KitKat 4.4.2)

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes