FORUMS
Remove All Ads from XDA

[Exploit + Patch] Stagefright security flaw

689 posts
Thanks Meter: 126
 
By Phk, Senior Member on 6th August 2015, 07:17 PM
Post Reply Email Thread
Hello XDA Community,

Zimperium has presented us yesterday with one of the most dangerous Android vulnerabilities known to date.
Fortunately patch\diff files were also released. Kudos JDrake.
Custom ROMs should be recompiled with these fixes until proper releases from manufacturers become available.

* UPDATE 18 September *

Original Zimperium link

Patch files

PoC exploit with ASLR bypass

See if you are vulnerable using original App

List of patched devices so far

* UPDATE 22 October *

Stagefright v2.0... Includes patches for I9505 (S5) and I337M (S4)


Cheers,
pHk
The Following 14 Users Say Thank You to Phk For This Useful Post: [ View ] Gift Phk Ad-Free
7th August 2015, 04:28 PM |#2  
edzamber's Avatar
Senior Member
Thanks Meter: 3,457
 
Donate to Me
More
Thanks for info

How to use theses patchs to recompil stock Rom ?
The Following User Says Thank You to edzamber For This Useful Post: [ View ] Gift edzamber Ad-Free
7th August 2015, 04:32 PM |#3  
Phk's Avatar
OP Senior Member
Flag Lisbon
Thanks Meter: 126
 
More
Quote:
Originally Posted by edzamber

Thanks for info

How to use theses patchs to recompil stock Rom ?

They cover several codec source files, but normally a patch -p1 < file.patch on the same directory will suffice!
The Following User Says Thank You to Phk For This Useful Post: [ View ] Gift Phk Ad-Free
7th August 2015, 04:36 PM |#4  
Goldie's Avatar
Inactive Recognized Developer
Thanks Meter: 22,979
 
Donate to Me
More
Quote:
Originally Posted by edzamber

Thanks for info

How to use theses patchs to recompil stock Rom ?

I've seen you in Samsung forums so I'm guessing you are asking in that respect when you say stock and not stock android. As far as I know you cannot patch libs in Samsung stock roms. These patch files are for compiling from source. You could try a pre patched aosp lib but it's quite likely it won't work

Sent from my SM-G920F using Tapatalk
The Following User Says Thank You to Goldie For This Useful Post: [ View ] Gift Goldie Ad-Free
7th August 2015, 04:41 PM |#5  
edzamber's Avatar
Senior Member
Thanks Meter: 3,457
 
Donate to Me
More
Ok !

Many thanks
8th August 2015, 12:55 PM |#6  
Phk's Avatar
OP Senior Member
Flag Lisbon
Thanks Meter: 126
 
More
Thumbs up
Updates on Stagefright: Get root and disable it in build.prop.

I've created and attached a simple .patch file for this

Cheers
Attached Files
File Type: patch stagefright.patch - [Click for QR Code] (647 Bytes, 4832 views)
The Following 12 Users Say Thank You to Phk For This Useful Post: [ View ] Gift Phk Ad-Free
8th August 2015, 04:10 PM |#7  
Member
Thanks Meter: 8
 
More
I have a ZTE V5 Max, which is currently still on 4.4.4. Someone is working on 5.1, but development is extremely slow, partly due to a completely uncooperative attitude from ZTE. Long story short, this is not going to happens soon, and might very well never happen at all (sadly). For this reason I am running CM11. The detector app says the phone is only vulnerably to CVE-2015-3829, I am not sure whether that helps.

Is there some way to patch my installation with some pre-patched or existing file? I have no experience with Android development, so bear with me: does it need to be compiled for each specific device, or is the library more multi-purpose? What about the difference between 4.4 and 5.x?

I would so very much like to be able to use my device in the future
8th August 2015, 04:22 PM |#8  
Senior Member
Flag Agartala
Thanks Meter: 72
 
More
Quote:
Originally Posted by Phk

Updates on Stagefright: Get root and disable it in build.prop.

I've created and attached a simple .patch file for this

Cheers


after these patch we are able to receive MMS?
The Following User Says Thank You to Rajada For This Useful Post: [ View ] Gift Rajada Ad-Free
8th August 2015, 09:11 PM |#9  
Phk's Avatar
OP Senior Member
Flag Lisbon
Thanks Meter: 126
 
More
Quote:
Originally Posted by Rajada

after these patch we are able to receive MMS?

You will receive the MMS but if its a video it will probably FC or simply don't open.
The Following 2 Users Say Thank You to Phk For This Useful Post: [ View ] Gift Phk Ad-Free
8th August 2015, 09:53 PM |#10  
Senior Member
Flag Agartala
Thanks Meter: 72
 
More
Quote:
Originally Posted by Phk

You will receive the MMS but if its a video it will probably FC or simply don't open.


After the patch, the apk Zimperium shows the same result.
It's normal?
8th August 2015, 10:20 PM |#11  
Phk's Avatar
OP Senior Member
Flag Lisbon
Thanks Meter: 126
 
More
Sure. the bug's still there! The patch is just disabling the use of those vulnerable libs by Stagefright player
The Following 2 Users Say Thank You to Phk For This Useful Post: [ View ] Gift Phk Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes