5,600,429 Members 33,091 Now Online
XDA Developers Android and Mobile Development Forum

[BrickBug][Fix][Kernel][01.08]Detection of stock kernel safety + patch guide

Tip us?
 
Tungstwenty
Old
(Last edited by Tungstwenty; 2nd August 2012 at 02:19 AM.)
#1  
Tungstwenty's Avatar
Recognized Contributor - OP
Thanks Meter 4021
Posts: 1,606
Join Date: Nov 2011

 
DONATE TO ME
Exclamation [BrickBug][Fix][Kernel][01.08]Detection of stock kernel safety + patch guide

After lots of discussion about the famous "SuperBrick" issue on GT-I9100 4.0.4 stock kernels, I wrote a script to allow everyone to check it on their own and hopefully patch it if needed.


Main goal - Detection

Detect if a STOCK kernel has MMC_CAP_ERASE enabled (unsafe) or not (safe).

I have validated it against XWLPG, XWLPM, XWLPO, XWLPT, XXLP5, XXLP5-CFRoot and all of them were detected correctly: safe on 4.0.3 kernels, unsafe on 4.0.4 ones.
I also checked it against Siyah 3.5.2 (despite knowing from the sources it's safe) and it was also correctly detected.
However, for custom kernels I don't expect the code patterns to be always the same and therefore it's possible that the detection is inconclusive - you will see that in the output.


Secondary goal - Fixing (instructions provided, not the tools)

When an unsafe kernel is detected, provide instructions on how to patch the code so it's safe.

For that, you'll need:
* an external kernel unpack/repack script (just search the forum as there are several available)
* a Linux box
* a hex editor
* any other requirements for the repack script: CROSS_COMPILE, etc.



Requirements for this script

This is pretty much self contained and can be run on either:
* Linux
* Windows with Cygwin

Running on the device itself would be theoretically possible but it ultimately depends on the installed Busybox version, in particular the parameters accepted by the "grep" command.
On my v1.20.0-cm9 version it's not possible to make it work.



Sample outputs

Here are some executions against existing kernel images:

The latest XWLPT (4.0.4):
Code:
###############################################
#                                             #
# GT-I9100 Kernel MMC_CAP_ERASE bug detection #
# By Tungstwenty - forum.xda-developers.com   #
# Tungstwenty@gmail.com                       #
#                                             #
###############################################

Detecting safety of kernel: XWLPT/zImage
Kernel: Linux version 3.0.15-I9100XWLPT-CL941023 (dpi@DELL169) (gcc version 4.4.3 (GCC) ) #3 SMP PREEMPT Fri Jul 27 18:08:15 KST 2012

1 ocurrences of the bad code signature
0 ocurrences of the good code signature


***************
!!! WARNING !!!
***************

The kernel appears to have MMC_CAP_ERASE *enabled*, which is dangerous on many devices

Unpacked kernel code stored at: XWLPT/zImage_unpacked
The unsafe instruction can be found at offset 0x00594ec0

==================== Disassembly of the instruction ====================

XWLPT/zImage_instruction:     file format binary


Disassembly of section .data:

00000000 <.data>:
   0:   e3811b01        orr     r1, r1, #1024   ; 0x400
========================================================================

*** Instructions for patching ***

- Choose one of the existing unpack/repack scripts
- Unpack the kernel code, initramfs, etc.
- Do a binary edit of the unpacked code
- At offset 0x00594ec0, replace "01 ?b 8? e3" with "00 ?b 8? e3" - change just the first byte to 00
- Repack the kernel, including the changed code and all original contents
- Re-run this script to confirm that the newly generated file no longer has MMC_CAP_ERASE enabled

XWLPG (4.0.3):
Code:
###############################################
#                                             #
# GT-I9100 Kernel MMC_CAP_ERASE bug detection #
# By Tungstwenty - forum.xda-developers.com   #
# Tungstwenty@gmail.com                       #
#                                             #
###############################################

Detecting safety of kernel: XWLPG/zImage
Kernel: Linux version 3.0.15-I9100XWLPG-CL619441 (dpi@DELL150) (gcc version 4.4.3 (GCC) ) #3 SMP PREEMPT Thu May 24 18:09:27 KST 2012

0 ocurrences of the bad code signature
1 ocurrences of the good code signature


The kernel appears to be good (MMC_CAP_ERASE disabled)
XXLQ5-CFRoot (4.0.4):
Code:
###############################################
#                                             #
# GT-I9100 Kernel MMC_CAP_ERASE bug detection #
# By Tungstwenty - forum.xda-developers.com   #
# Tungstwenty@gmail.com                       #
#                                             #
###############################################

Detecting safety of kernel: XXLQ5_CFRoot/zImage
Kernel: Linux version 3.0.15-I9100XXLQ5-CL753921 (se.infra@SEP-85) (gcc version 4.4.3 (GCC) ) #3 SMP PREEMPT Thu Jun 28 14:16:15 KST 2012

1 ocurrences of the bad code signature
0 ocurrences of the good code signature


***************
!!! WARNING !!!
***************

The kernel appears to have MMC_CAP_ERASE *enabled*, which is dangerous on many devices

Unpacked kernel code stored at: XXLQ5_CFRoot/zImage_unpacked
The unsafe instruction can be found at offset 0x00594ef4

==================== Disassembly of the instruction ====================

XXLQ5_CFRoot/zImage_instruction:     file format binary


Disassembly of section .data:

00000000 <.data>:
   0:   e3811b01        orr     r1, r1, #1024   ; 0x400
========================================================================

*** Instructions for patching ***

- Choose one of the existing unpack/repack scripts
- Unpack the kernel code, initramfs, etc.
- Do a binary edit of the unpacked code
- At offset 0x00594ef4, replace "01 ?b 8? e3" with "00 ?b 8? e3" - change just the first byte to 00
- Repack the kernel, including the changed code and all original contents
- Re-run this script to confirm that the newly generated file no longer has MMC_CAP_ERASE enabled

Finally, here's the expected output of a kernel after the patch has been applied.
I didn't actually do the entire kernel repack, but I changed the code and compressed the file in a similar way as it will appear in a "complete" zImage file.
Patched XWLPM:
Code:
###############################################
#                                             #
# GT-I9100 Kernel MMC_CAP_ERASE bug detection #
# By Tungstwenty - forum.xda-developers.com   #
# Tungstwenty@gmail.com                       #
#                                             #
###############################################

Detecting safety of kernel: XWLPM-patched/zImage
Kernel: Linux version 3.0.15-I9100XWLPM-CL837163 (dpi@DELL145) (gcc version 4.4.3 (GCC) ) #3 SMP PREEMPT Thu Jul 5 11:26:14 KST 2012

0 ocurrences of the bad code signature
1 ocurrences of the good code signature


The kernel has been patched by this method to disable MMC_CAP_ERASE and should now be entirely safe


Disclaimers

My main goal here is to provide information, not a one-click solution. I'm personally not worried about this issue since I run a kernel compiled from sources rather than a stock one.

Despite my best effort, I can't promise that:
- The detection will be flawless (although checks exist to make sure there's exactly 1 occurrence of either the "good code snippet" or the "bad code snippet" and an inconclusive result is reported if that's not the case)
- The patch will work or even be a runnable kernel (you might need to reflash another one from download mode). I have not performed the full unpack/repack process to test it out, although it's something already done elsewhere such as the CF-Root kernels and others.


That being said, enjoy
Attached Files
File Type: zip check-kernel-MMC_CAP_ERASE.zip - [Click for QR Code] (1.9 KB, 2564 views)

Device: Xperia Z (C6603)
ROM: Stock 4.3 10.4.B.0.569
Locked bootloader, rooted, XZDualRecovery
Mods (Xposed): App Settings, Advanced reboot menu
Retired device: Samsung Galaxy S2 (GT-I9100)

My threads that you might find useful:

SUPERCOMPUTER: what it sounded like before you bought it
The Following 96 Users Say Thank You to Tungstwenty For This Useful Post: [ Click to Expand ]
 
Tungstwenty
Old
#2  
Tungstwenty's Avatar
Recognized Contributor - OP
Thanks Meter 4021
Posts: 1,606
Join Date: Nov 2011

 
DONATE TO ME
(Reserved)

Device: Xperia Z (C6603)
ROM: Stock 4.3 10.4.B.0.569
Locked bootloader, rooted, XZDualRecovery
Mods (Xposed): App Settings, Advanced reboot menu
Retired device: Samsung Galaxy S2 (GT-I9100)

My threads that you might find useful:

SUPERCOMPUTER: what it sounded like before you bought it
The Following 5 Users Say Thank You to Tungstwenty For This Useful Post: [ Click to Expand ]
 
googy_anas
Old
#3  
googy_anas's Avatar
Recognized Developer
Thanks Meter 6084
Posts: 1,502
Join Date: Jul 2009
Location: Rabat

 
DONATE TO ME
WOW, << That's one small step for man, one giant leap for "s2 community" >> !!!!!
Yesterday is history , Tomorrow is mystery , Today is a GIFT, that's why it's called the PRESENT

Phones :
Samsung S3 GT-I9300 : Debloated Latest Stock Firmware / Stock CM10.2 & Googy-Kernel / Googy-Max Kernel
The Following User Says Thank You to googy_anas For This Useful Post: [ Click to Expand ]
 
jlevy73
Old
#4  
jlevy73's Avatar
Senior Member
Thanks Meter 1087
Posts: 8,827
Join Date: Nov 2009
Location: Los Angeles
Now this is what XDA is all about. Good stuff man, much appreciated!
 
xky1980
Old
#5  
xky1980's Avatar
Member
Thanks Meter 1
Posts: 79
Join Date: Dec 2010
sorry for my "stupid" question;
I've a linux notebook, I've connected my device with the usb cable. Now how can I send command to the device? with adb and android sdk?
Tkanks
 
martintspedersen
Old
(Last edited by martintspedersen; 1st August 2012 at 05:29 AM.)
#6  
martintspedersen's Avatar
Senior Member
Thanks Meter 1978
Posts: 1,702
Join Date: Mar 2011
Location: copenhagen
hahaha yes man nice one... i hope that give us some nice ''stock'' roms

ps i was number 500 that hit your thanks button LOL
 
Tungstwenty
Old
#7  
Tungstwenty's Avatar
Recognized Contributor - OP
Thanks Meter 4021
Posts: 1,606
Join Date: Nov 2011

 
DONATE TO ME
Quote:
Originally Posted by xky1980 View Post
sorry for my "stupid" question;
I've a linux notebook, I've connected my device with the usb cable. Now how can I send command to the device? with adb and android sdk?
Tkanks
If you read the requirements section, you'll see it's not likely that it runs successfully on the device itself, due to BusyBox limitations.
Just place the zImage file somewhere on your notebook, along with the script, and run it from a terminal.

Device: Xperia Z (C6603)
ROM: Stock 4.3 10.4.B.0.569
Locked bootloader, rooted, XZDualRecovery
Mods (Xposed): App Settings, Advanced reboot menu
Retired device: Samsung Galaxy S2 (GT-I9100)

My threads that you might find useful:

SUPERCOMPUTER: what it sounded like before you bought it
The Following 4 Users Say Thank You to Tungstwenty For This Useful Post: [ Click to Expand ]
 
xky1980
Old
#8  
xky1980's Avatar
Member
Thanks Meter 1
Posts: 79
Join Date: Dec 2010
Quote:
Originally Posted by Tungstwenty View Post
If you read the requirements section, you'll see it's not likely that it runs successfully on the device itself, due to BusyBox limitations.
Just place the zImage file somewhere on your notebook, along with the script, and run it from a terminal.

Oooohh! So the kernel must be read from the same path of the script, not from the device! OK thanks

Inviato dal mio GT-I9100 con Tapatalk 2

---------- Post added at 09:18 AM ---------- Previous post was at 09:02 AM ----------

I've executed the script with siyah 3.5.2
the result is: The kernel appears to be good (MMC_CAP_ERASE disabled)
So it means that is possible to safely make wipes and nandroid restores from recovery on my XWLPT?
Thanks
 
jgcaap
Old
#9  
jgcaap's Avatar
Senior Member
Thanks Meter 523
Posts: 2,265
Join Date: Sep 2009
Location: Porto
Genius!

Sent from my GT-I9100 using Tapatalk 2
Galaxy S2 - Jelly Bean Leak
Kernel: Samsung

 
gokhanmoral
Old
#10  
gokhanmoral's Avatar
Senior Recognized Developer
Thanks Meter 25729
Posts: 3,744
Join Date: Mar 2006
Location: Ankara

 
DONATE TO ME
great work
Current Device: Sony Xperia T

The Following User Says Thank You to gokhanmoral For This Useful Post: [ Click to Expand ]
Tags
brickbug, fix, kernel
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes