Heartbleed hack for 4.1.1

Search This thread
By:
Advanced…
R

rudolfm

Senior Member
Apr 11, 2014
134
38
I'm quite firm in Linux hacking, so to give quick help to those stuck with 4.1.1 and heartbleed, I tried this hack.
I simply replaced the 4.1.1 libssl.so with a 4.1.2 version.
My phone (tcl 997) is 4.1.1 and strangely not affected, but I tried it on my phone before suggesting it to someone else.
Another person did it with his affected Huawei Y300. Both still work and pass the heartbleed detector:

Download this rom, I used the 3.1 version.
http://xdaforums.com/showthread.php?t=1945441
extract /system/lib/libssl.so from the rom's .zip
***do not boot phone between these steps ***
rename the /system/lib/libssl.so on your phone
copy "new" libssl.so to phone and set its file rights to rw- r-- r--
now boot phone
You could be fine now.

BUT your phone might not boot anymore if something goes wrong with the new libssl.so. Mine wouldn't boot without a valid libssl, yes i had to try it out. I have a TWRP recovery with a file manager, so I could rename my old libssl back and then my phone would boot again.

Of course, this is on your own risk. It worked for me, it might fail for you. Don't do it if you don't fully understand.

If you speak german, you might also want to read this:
http://www.android-hilfe.de/android-jelly-bean/556608-heartbleed-luecke-ssl-der-gau-ist-da.html
 
Last edited:
TheXorg

TheXorg

Senior Member
Aug 22, 2013
664
332
Germany, Thüringen
rudolfm said:
I'm quite firm in Linux hacking, so to give quick help to those stuck with 4.1.1 and heartbleed, I tried this hack.
I simply replaced the 4.1.1 libssl.so with a 4.1.2 version.
My phone (tcl 997) is 4.1.1 and strangely not affected, but I tried it on my phone before suggesting it to someone else.
Another person did it with his affected Huawei Y300. Both still work and pass the heartbleed detector:

Download this rom, I used the 3.1 version.
http://xdaforums.com/showthread.php?t=1945441
extract /system/lib/libssl.so from the rom's .zip
***do not boot phone between these steps ***
rename the /system/lib/libssl.so on your phone
copy "new" libssl.so to phone and set its file rights to rw- r-- r--
now boot phone
You could be fine now.

BUT your phone might not boot anymore if something goes wrong with the new libssl.so. Mine wouldn't boot without a valid libssl, yes i had to try it out. I have a TWRP recovery with a file manager, so I could rename my old libssl back and then my phone would boot again.

Of course, this is on your own risk. It worked for me, it might fail for you. Don't do it if you don't fully understand.

If you speak german, you might also want to read this:
http://www.android-hilfe.de/android-jelly-bean/556608-heartbleed-luecke-ssl-der-gau-ist-da.html
Click to expand...
Click to collapse

Or if you like it the easy way, just flash this zip: https://www.dropbox.com/s/tqxfjwwja3uaqsn/install-patch.zip
It uses a libssl.so from a LG Optimus L5 II (4.1.2) and that patch was originally made for trekstor surftab ventos 10.1 (here everything works fine).

If your phone doesn't boot after you installed this patch:
1. Keep Calm
2. Boot to recovery and mount /system
3. Replace "/system/lib/libssl.so" with backup at "/system/libssl.backup.so" with ADB (adb shell cp /system/libssl.backup.so /system/lib/libssl.so)

No warranty this works ;)
Sorry for my bad english

If you speak german, here is the original post for surftab ventos 10.1: http://tslink.tk/hb

If the ZIP is not working, try to replace the libssl.so by hand with this one: https://www.dropbox.com/s/wsg3a5ave2a8655/newssl.so

Cheers, Xorg
 
Last edited:
  • Like
Reactions: NexusCyanDEV and lcmpX86
H

helpful_onlooker

Member
Sep 24, 2013
14
0
TheXorg said:
Or if you like it the easy way, just flash this zip: http://tslink.tk/hb-inst-en
It uses a libssl.so from a LG Optimus L5 II (4.1.2) and that patch was originally made for trekstor surftab ventos 10.1 (here everything works fine).

If your phone doesn't boot after you installed this patch:

Cheers, Xorg
Click to expand...
Click to collapse

Appreciate the patch. I flashed it on my phone. TWRP said the zip flashed successfully, but the Heartbleed Detector says I still have OpenSSL 1.0.1c and am still vulnerable.

My phone:

One S (T-Mobile), S-OFF
3.16.401.8 WWE
Bulletproof kernel 2.1
Viperboy's Dual Core Mod 2.1

Not sure if it worked or not, but you get a data point... :)
 
TheXorg

TheXorg

Senior Member
Aug 22, 2013
664
332
Germany, Thüringen
helpful_onlooker said:
Appreciate the patch. I flashed it on my phone. TWRP said the zip flashed successfully, but the Heartbleed Detector says I still have OpenSSL 1.0.1c and am still vulnerable.

My phone:

One S (T-Mobile), S-OFF
3.16.401.8 WWE
Bulletproof kernel 2.1
Viperboy's Dual Core Mod 2.1

Not sure if it worked or not, but you get a data point... :)
Click to expand...
Click to collapse
It wont install a newer Version but a Version which hasn’t got this bug.

You habe to Mount /system before you install it, i will fix that Mount bug soon :)


Sent from my ST10216-1 using XDA Premium 4 mobile app
 
H

helpful_onlooker

Member
Sep 24, 2013
14
0
TheXorg said:
It wont install a newer Version but a Version which hasn’t got this bug.

You habe to Mount /system before you install it, i will fix that Mount bug soon :)


Sent from my ST10216-1 using XDA Premium 4 mobile app
Click to expand...
Click to collapse

I tried mounting /system from TWRP and it stubbornly refuses to mount... It only mounts /sdcard...

So the files in the zip only replace a library OpenSSL depends on?
 
T

Trainingwheels

Member
Feb 12, 2013
17
0
Lebanon, OR
May I ask you how to connect to and browse the android device while it's in Recovery mode?

Since I am new to Android and hacking the files I am only assuming that you'd have to connect (my android tablet) to my pc while the Android OS is not operating.

Thanks

Robert

Acer A210 Android Tablet
OS: Android Open Source Project (KitKat 4.4.2)
 
You must log in or register to reply here.

Similar threads

S
[GUIDE] [HOW-TO] Install Adobe Flash Player on Android 4.1 Jelly Bean/ Android 4.4
Replies
1K
Views
3M
dasdsad1
dasdsad1
Area51©
[MOD] AppRadio Unchained - Full mirroring for Pioneer AppRadio 2 and 3
Replies
10K
Views
2M
Area51©
Area51©
Unjustified Dev
[GUIDE] New Root Method for LG Devices
Replies
1K
Views
1M
Azaze666
Azaze666
lokeshsaini94
  • Locked
[CLOSED] [GUIDE] [how to] CREATE OWN ROM [FOR ANY ANDROID DEVICE] [FOR N00B] [EASIEST METHODS]
Replies
1K
Views
1M
Oswald Boelcke
Oswald Boelcke
zbeyuz
Haipai Noble i9220 5.2 inch MTK6575 Android 4.0 Firmware, Custom ROMs!
Replies
2K
Views
924K
A
Anonymous_Gamer

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 2
    TheXorg
    TheXorg
    rudolfm said:
    I'm quite firm in Linux hacking, so to give quick help to those stuck with 4.1.1 and heartbleed, I tried this hack.
    I simply replaced the 4.1.1 libssl.so with a 4.1.2 version.
    My phone (tcl 997) is 4.1.1 and strangely not affected, but I tried it on my phone before suggesting it to someone else.
    Another person did it with his affected Huawei Y300. Both still work and pass the heartbleed detector:

    Download this rom, I used the 3.1 version.
    http://xdaforums.com/showthread.php?t=1945441
    extract /system/lib/libssl.so from the rom's .zip
    ***do not boot phone between these steps ***
    rename the /system/lib/libssl.so on your phone
    copy "new" libssl.so to phone and set its file rights to rw- r-- r--
    now boot phone
    You could be fine now.

    BUT your phone might not boot anymore if something goes wrong with the new libssl.so. Mine wouldn't boot without a valid libssl, yes i had to try it out. I have a TWRP recovery with a file manager, so I could rename my old libssl back and then my phone would boot again.

    Of course, this is on your own risk. It worked for me, it might fail for you. Don't do it if you don't fully understand.

    If you speak german, you might also want to read this:
    http://www.android-hilfe.de/android-jelly-bean/556608-heartbleed-luecke-ssl-der-gau-ist-da.html
    Click to expand...
    Click to collapse

    Or if you like it the easy way, just flash this zip: https://www.dropbox.com/s/tqxfjwwja3uaqsn/install-patch.zip
    It uses a libssl.so from a LG Optimus L5 II (4.1.2) and that patch was originally made for trekstor surftab ventos 10.1 (here everything works fine).

    If your phone doesn't boot after you installed this patch:
    1. Keep Calm
    2. Boot to recovery and mount /system
    3. Replace "/system/lib/libssl.so" with backup at "/system/libssl.backup.so" with ADB (adb shell cp /system/libssl.backup.so /system/lib/libssl.so)

    No warranty this works ;)
    Sorry for my bad english

    If you speak german, here is the original post for surftab ventos 10.1: http://tslink.tk/hb

    If the ZIP is not working, try to replace the libssl.so by hand with this one: https://www.dropbox.com/s/wsg3a5ave2a8655/newssl.so

    Cheers, Xorg
    View

New posts