Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,805,688 Members 41,373 Now Online
XDA Developers Android and Mobile Development Forum

[INFO] Everything about Android "Master Key" Vulnerability

Tip us?
 
Adam77Root
Old
#1  
Adam77Root's Avatar
Recognized Developer - OP
Thanks Meter 11,016
Posts: 2,422
Join Date: Jul 2012
Location: My coordinates

 
DONATE TO ME
Default [INFO] Everything about Android "Master Key" Vulnerability

Hello everybody!

You might have heard of the notorious "Master Key" Vulnerabilty that affects 99% of Android devices. It basically allows a knowledged attacker to access all private and application data. For more information visit: http://bluebox.com/corporate-blog/bl...id-master-key/.

CM team has recently (on 7th July) committed the fix for the patch. Here it is: https://github.com/CyanogenMod/andro...3d16fdbc19f1f8. Gerrit link: http://review.cyanogenmod.org/#/c/45251/

I've created a patch from the differences of an older and a newer, patched core.jar from CM 10.1. I attach it in the attachment. It may happen that you have to modify it a bit to fit your rom's needs.

List of invulnerable (patched) roms:
  • Stock roms that received the patch in a software update
  • CM 10.1.1 stable
  • CM nightlies starting from 8th July (maybe 7th is patched as well, depends on build time)
  • Any other CM/AOSP-based roms which include the patch. Most of them directly inherit CM's libcore and if the build was created after 7th July, it's patched.
  • Custom roms that are patched

Any other roms that are not in the list are vulnerable! If you bump into this thread, test the rom you are using to be sure and ask your rom cook to include it. Perform the test with this app: https://play.google.com/store/apps/d...onerootscanner.
Attached Files
File Type: patch fix_ZipFile.patch - [Click for QR Code] (14.4 KB, 767 views)
The Following 21 Users Say Thank You to Adam77Root For This Useful Post: [ Click to Expand ]
 
Skunk Ape1
Old
#2  
Skunk Ape1's Avatar
Recognized Contributor / Recognized Themer
Thanks Meter 4,987
Posts: 3,437
Join Date: Nov 2011
Location: Killeen

 
DONATE TO ME
I'm guessing this won't work on a touchwiz rom??????

 
Adam77Root
Old
#3  
Adam77Root's Avatar
Recognized Developer - OP
Thanks Meter 11,016
Posts: 2,422
Join Date: Jul 2012
Location: My coordinates

 
DONATE TO ME
Quote:
Originally Posted by Skunk Ape1 View Post
I'm guessing this won't work on a touchwiz rom??????
It works on any rom. AFAIK oy Sense has changes in core.jar, but those are also just additions and not deep changes.

Sent from my LG-P880
Quote:
I'd be glad if you could spare me a few bucks. You can use PayPal.

Thanks very much to all donors, it is much appreciated!
 
biopsin
Old
(Last edited by biopsin; 19th July 2013 at 12:02 PM.)
#4  
biopsin's Avatar
Senior Member
Thanks Meter 89
Posts: 403
Join Date: Nov 2010
Location: oslo
Default regarding cm10

Hi, Im trying to port this patch to cm10 and I have adapted all except where there was difference in patch vs cm10

Patch
- if-ge v10, v13, :cond_6
+ if-ge v11, v14, :cond_7

I have
- if-ge v10, v13, :cond_118
+ if-ge v11, v14, :cond_119 ??
How do I interpret the :cond_value, do I up it to the next nr.? thats what I did but this bootloops on me with..
Code:
W/dalvikvm( 4219): VFY: copy1 v0<-v24 type=22 cat=3
W/dalvikvm( 4219): VFY:  rejecting opcode 0x08 at 0x0021
W/dalvikvm( 4219): VFY:  rejected Ljava/util/zip/ZipFile;.readCentralDir ()V
W/dalvikvm( 4219): Verifier rejected class Ljava/util/zip/ZipFile;
D/AndroidRuntime( 4219): Shutting down VM
W/dalvikvm( 4219): threadid=1: thread exiting with uncaught exception (group=0x4119d300)
I will go over my editing incase of human error..

Quote:
EDIT: seems I figured it out..booting now - OK there was another tiny difference between cm10 and cm10.1.1 where cm10 has
.method private readCentralDir()V
.registers 25 -> instead of .locals 24
Tested with Bluebox Secury Scanner and it reports Patched! Exellent Thanks for the diff..
2010 - P1000 : CM10
2012 - P6800 : CM10
The Following User Says Thank You to biopsin For This Useful Post: [ Click to Expand ]
 
edwin270
Old
(Last edited by edwin270; 21st July 2013 at 01:40 AM.)
#5  
Senior Member
Thanks Meter 84
Posts: 123
Join Date: May 2010
Location: tema
Quote:
Originally Posted by Adam77Root View Post
It works on any rom. AFAIK oy Sense has changes in core.jar, but those are also just additions and not deep changes.

Sent from my LG-P880
And MIUI based Rom? Going through it's app permission it seems to have a very strict rules when it comes to apps even installed from the market.

Guess will have to try. Right?

Sent from my SGH-T959 using xda premium
Life gets better when you start thinking positive!!!


 
kimerika
Old
#6  
kimerika's Avatar
Senior Member
Thanks Meter 52
Posts: 440
Join Date: Apr 2012
Location: PEARL OF THE ORIENT

 
DONATE TO ME
is this harmful?
what are the effects?
how can it be effect?
waht might be happen if my phone (our phone) is affected?
UNIT: ALCATEL OT POP D5 (5038E)
KITKAT 4.4.2 MT6582
ROM: STOCK "hoping to be rooted", making to be rooted
"AND NOW ITS ROOTED FINALLY"
 
ax562
Old
#7  
Member
Thanks Meter 8
Posts: 50
Join Date: Aug 2012
How can I patch my custom gingerbread rom? 2.3.4?
 
takota6
Old
#8  
takota6's Avatar
Senior Member
Thanks Meter 113
Posts: 548
Join Date: Oct 2010
Ignorance here,. but how do I install this (I'm infected)? HTC Sense

aa..\~/
 
Adam77Root
Old
#9  
Adam77Root's Avatar
Recognized Developer - OP
Thanks Meter 11,016
Posts: 2,422
Join Date: Jul 2012
Location: My coordinates

 
DONATE TO ME
You have to ask the developer to include it in his/her rom.

Sent from my LG-P880
Quote:
I'd be glad if you could spare me a few bucks. You can use PayPal.

Thanks very much to all donors, it is much appreciated!
The Following User Says Thank You to Adam77Root For This Useful Post: [ Click to Expand ]
 
takota6
Old
#10  
takota6's Avatar
Senior Member
Thanks Meter 113
Posts: 548
Join Date: Oct 2010
Here is the "Apparent" fix, from the fella who found the exploit
http://www.saurik.com/id/17
And sure as sh*t mine came from a cake decorating game,. I discovered this thread because I had 12 international texts last month at .25a pop.thanks for bringing it up
aa..\~/

The Following User Says Thank You to takota6 For This Useful Post: [ Click to Expand ]
Tags
bluebox, exploit, fix, patch, vulnerability
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes