Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,786,281 Members 49,658 Now Online
XDA Developers Android and Mobile Development Forum

[KERNEL] Bali 20120602_nxd - Keystroke logger removed

Tip us?
 
nxd
Old
(Last edited by nxd; 3rd June 2012 at 06:06 AM.)
#1  
Senior Member - OP
Thanks Meter 79
Posts: 122
Join Date: Oct 2011
Location: Tucson, AZ
Default [KERNEL] Bali 20120602_nxd - Keystroke logger removed

Bali_SK4g KJ2 kernel 20120602_nxd

Goals are security and stability. To that end, I have disabled the keystroke logger Samsung shipped in their sources. This keystroke logger is present and active on many Sidekick custom ROMs and kernels, including older Bali kernels.

You should not attempt to flash this kernel unless you are comfortable flashing kernels, and if need be, restoring using ODIN or Heimdall.

As with any custom flashing operation, there is a chance that the installation of this kernel could go all wrong and brick your device. If something breaks, you get to keep both pieces. By using this kernel, you agree that neither I nor any of the other contributors bear any responsibility.

I highly recommend you look at the other Bali/Voodoo kernel threads in the Sidekick 4G development forum. This kernel has all the same installation requirements/caveats/risks, at minimum.

It is a foregone conclusion that this kernel will only work with KJ2 ROMs. Please do not try it with KD2 or KG2 ROMs, it will almost certainly soft brick at best.

I tested this kernel on top of GenericGinger 2.0, by john_2k2.

It was found to function properly with RubiX Xcel 0.0.4. It is now included in 0.0.5. If you are using RubiX Xcel 0.0.5 or later, there is no need to flash this kernel.
http://forum.xda-developers.com/show....php?t=1654684

There has been at least one report of this kernel causing a soft brick state with GingerClone v2. Please do not attempt to use this kernel with that ROM.


It may or may not work well with other ROMs; it would be wise to check with the developer of your preferred ROM before flashing this kernel. It should work anywhere other Bali 2.2-like KJ2 kernels work, but you never know for sure until you try.

Download: https://carbon.flatlan.net/nxd/Bali_...120602_nxd.zip

MD5 6de219a41fa6739f43d6003476392728
SHA1 1ec796f8292e29e91682dce6f23e1776aa91ab1c

Dr. Honk:
Kernel sources, GPL
https://github.com/drhonk/Bali_SK4G

sduvick:
Initramfs, unknown license
https://github.com/sduvick/SK4g_KJ2_Ramdisk

supercurio (Francois Simond):
Kernel update.zip skel, WTFPL
Voodoo (red) CWM, GPL

mkasick:
s3c keypad delay patch, GPL
http://forum.xda-developers.com/show...2&postcount=79

Modified slightly by nxd
* Disabled keystroke logger and other debug
* Enabled tun and cifs as modules

See https://carbon.flatlan.net/nxd/ for patches. Anyone who wishes is free to incorporate the patches into their kernel compiles and/or ROMs, under the terms of the GPL. As far as I am concerned, you are free to incorporate the contents of the .zip into ROMs, provided you give credit to the above contributors.

Thanks to Dr. Honk, AdamOutler, sduvick, Jax184, ayoteddy, John_2K2, Rebellos, supercurio & Project Voodoo, windxixi, Glass Echidna, mkasick, cyanogen
and the Cyanogenmod team.



[Q] What do you mean "keystroke logger removed?

[A] Open up a terminal app and get a shell on your Sidekick. Open the keyboard, type "dmesg", then press Return.

If you're running a custom ROM/kernel may see lines like this:

Code:
key Pressed : key 24 map 28
key Released : 24 map 28
Those are your keystrokes. The numbers correspond to specific keys. Any app capable of reading dmesg can get your keystrokes from the hardware keypad.



[Q] Why did Samsung include a keystroke logger?

[A] It's obvious that the key pressed/released messages are for debugging. There is no malicious intent. Samsung forgot to (or chose not to) disable this logging when they shipped the kernel sources.

However, just because Samsung meant no harm, doesn't mean no harm can be done. Do you really want any app on your phone to be able to read all your keystrokes since boot?



[Q] So Samsung is recording my keystrokes and sending them somewhere?

[A] The keystrokes are only being collected, but not sent anywhere. Unless, of course, you install an app that grabs them out of dmesg.



[Q] Is this kernel OC/UV

[A] Not at this time. If someone points me to patches to accomplish this, I'll take a look and see if I can integrate them in an optional version of this kernel.



[Q] You used my [something] and didn't give me credit!

[A] Ooops, sorry about that! Let me know what it is and I'll do my best to correct the situation.


EDIT: updated zip, patch, and checksums to fix a version number glitch.
EDIT: disclaimer, note about other Bali kernels.
EDIT: reformat, updated main credits and thanks
EDIT: correct typo on first line timestamp
EDIT: try to clarify license logic; note presence of Voodoo CWM; adjust some wording; additional warnings; remove ineffective humor
EDIT: note about inclusion RubiX Xcel 0.0.5
EDIT: note about soft brick with GingerClone v2
EDIT: 20120602 - added s3c keypad delay patch
The Following 10 Users Say Thank You to nxd For This Useful Post: [ Click to Expand ]
 
nxd
Old
#2  
Senior Member - OP
Thanks Meter 79
Posts: 122
Join Date: Oct 2011
Location: Tucson, AZ
Reserved. kthxbye.
 
Jax184
Old
(Last edited by Jax184; 20th May 2012 at 01:52 PM.)
#3  
Jax184's Avatar
Senior Member
Thanks Meter 156
Posts: 284
Join Date: Nov 2007
Location: Vancouver
Well, that's a tiny bit unsettling. Good to see it's been patched out.



P.S.
Quote:
Originally Posted by nxd View Post
Thanks to Dr. Honk, AdamOutler, sduvick, Jax184, ayoteddy, John_2K2, Rebellos, Project Voodoo, windxixi, and Glass Echidna, makers of Heimdall.
What on earth did I contribute?
 
mjsell2
Old
#4  
Member
Thanks Meter 6
Posts: 38
Join Date: Jul 2009
Location: Louisville
Default key logger

You'll have to forgive my choppy memory on which developer I was speaking with, but I remember talking to one of the google developers back in my G1 days about the key logger. Apparently this was put into the kernel as an option for development and crash reporting. When you "send report" on a crashed program it will grab the info from the key logger as well as syslog to send to google/manufacturer to supposedly improve future releases.

Just another example of things that could be good, but will end up being used in a bad way.
 
Reviewers
Old
#5  
Reviewers's Avatar
Senior Member
Thanks Meter 1,670
Posts: 3,047
Join Date: Mar 2011
Location: New York
Thanks for the contribution.

Newest & Current Beastly Device:
T-Mobile Galaxy S 5 → CyanogenMod 11 - Android 4.4 - KitKat by elelinux
 
yogi2010
Old
(Last edited by yogi2010; 20th May 2012 at 04:29 PM.)
#6  
Account currently disabled
Thanks Meter 320
Posts: 2,128
Join Date: Dec 2010
Location: Los Angeles, CA
Thanks for this. And nevermind, found my answer
 
ReActiveDisorder
Old
#7  
Account currently disabled
Thanks Meter 1,379
Posts: 1,438
Join Date: Apr 2012
Quote:
Originally Posted by nxd View Post
Bali_SK4g kernel 20110520.nxd

Goals are security and stability. To that end, I have disabled the keystroke logger Samsung shipped in their sources. This keystroke logger is present and active on many Sidekick custom ROMs and kernels, including older Bali kernels.

Download: https://carbon.flatlan.net/nxd/Bali_...120520_nxd.zip

MD5 541fd0a8569aafeb488de4867011e884
SHA1 2dd274cb97519c39fba5483930d325425b7310bc

Kernel sources: Dr. Honk, GPL
https://github.com/drhonk/Bali_SK4G

Initramfs: sduvick, unknown license
https://github.com/sduvick/SK4g_KJ2_Ramdisk

Kernel update.zip skel: Francois Simond, WTFPL

Modified slightly by nxd
* Disabled keystroke logger and other debug
* Enabled tun and cifs as modules

See https://carbon.flatlan.net/nxd/ for patches. They are licensed under the GPL.

Thanks to Dr. Honk, AdamOutler, sduvick, Jax184, ayoteddy, John_2K2, Rebellos, Project Voodoo, windxixi, and Glass Echidna, makers of Heimdall.



[Q] What do you mean "keystroke logger removed?

[A] Open up a terminal app and get a shell on your Sidekick. Open the keyboard, type "dmesg", then press Return.

If you're running a custom ROM/kernel may see lines like this:

Code:
key Pressed : key 24 map 28
key Released : 24 map 28
Those are your keystrokes. The numbers correspond to specific keys. Any app capable of reading dmesg can get your keystrokes from the hardware keypad.



[Q] Why did Samsung include a keystroke logger?

[A] It's obvious that the key pressed/released messages are for debugging. There is no malicious intent. Samsung forgot to (or chose not to) disable this logging when they shipped the kernel sources.

However, just because Samsung meant no harm, doesn't mean no harm can be done. Do you really want any app on your phone to be able to read all your keystrokes since boot?



[Q] So Samsung is recording my keystrokes and sending them somewhere?

[A] The keystrokes are only being collected, but not sent anywhere. Unless, of course, you install an app that grabs them out of dmesg.



[Q] I don't care about that.

[A] So noted.



[Q] Is this kernel OC/UV

[A] Not at this time. If someone points me to patches to accomplish this, I'll take a look and see if I can integrate them in an optional version of this kernel.



[Q] You used my [whatever] and didn't give me credit!

[A] Ooops, sorry about that! Let me know what it is and I'll do my best to correct the situation.


EDIT: updated zip, patch, and checksums to fix a version number glitch.
Does this have voodoo recovery built in???

Sent from my SPH-D710 using xda premium
 
nxd
Old
#8  
Senior Member - OP
Thanks Meter 79
Posts: 122
Join Date: Oct 2011
Location: Tucson, AZ
Quote:
Originally Posted by Jax184 View Post
What on earth did I contribute?
The Sidekick 4G Reference Guide (Large images!): http://forum.xda-developers.com/show....php?t=1466906

Also, sanity and levelness.
 
nxd
Old
(Last edited by nxd; 21st May 2012 at 03:09 AM.)
#9  
Senior Member - OP
Thanks Meter 79
Posts: 122
Join Date: Oct 2011
Location: Tucson, AZ
Quote:
Originally Posted by ReActiveDisorder View Post
Does this have voodoo recovery built in???
It has the usual voodoo initramfs binaries and scripts under /voodoo. So it should be able to support the voodoo recovery, and it might try to convert your partitions to ext4.

However, I believe the recovery "image" lives under /system on android, and that is not part of this zip.

EDIT
Correction: it has the full red (Voodoo) CWM initramfs package, as in other Bali kernels.
 
ReActiveDisorder
Old
(Last edited by ReActiveDisorder; 21st May 2012 at 02:27 AM.)
#10  
Account currently disabled
Thanks Meter 1,379
Posts: 1,438
Join Date: Apr 2012
Post Deleted

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes