• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

[BETA 2] Stagefright Fix for MT6753/Elephone P8000

Search This thread

BlueFlame4

Retired Recognized Developer
Mar 10, 2011
1,864
4,399
29
Dresden, Germany
Hey guys,

as you know I sold the device but this still wouldn't stop me fiddling around with source codes ;)
Here I present you my latest approach to fix the stagefright vulnerability for the P8000 (and possibly any other MT6753 powered device!).

Unfortunately I can't test it so it would be great if someone could install and test the attached zip. Obviously this is kind of beta work until I get some confirmations that it's working.
To test please do the following:

0. Do a backup!
1. Install the .zip via recovery of your choice.
2. Reboot.
3. If it boots, try the stagefright detector app by zimperium labs.
4. Profit!

Changelog:
  • Beta 2: Fixed CVE 2015-6602 vuln.
  • Beta 1: Compiled from ZOPO Speed 7 sources.

It should look like this afterwards:
L3jlWhW.jpg

The libs should be compatible to all MT6753/6735 powered devices running Android 5.1!

Thanks to:
- ZOPO for releasing their MT6753/Z7 Speed sources
- @superdragonpt
- @DerTeufel1980
- @fire855
- @dr_root for bringing me back to this device!
- @valascus for the image and testing
- @ardrift for testing


Cheers!

Please hit the 'thanks' button if these libraries helped you. Thank you! :)
 

Attachments

  • Elephone_P8000_Stagefright_Fix_MT6753_beta1.zip
    7 MB · Views: 419
  • Elephone_P8000_Stagefright_Fix_MT6753_beta2.zip
    7.1 MB · Views: 1,323
Last edited:

vicks1008

Member
Feb 4, 2011
22
3
This is awesome! Do you have any idea if any CVE's from January or February can be done? Also how would those be verified since no apk scans anything for January/February security vulnerabilities.
 

BlueFlame4

Retired Recognized Developer
Mar 10, 2011
1,864
4,399
29
Dresden, Germany
This is awesome! Do you have any idea if any CVE's from January or February can be done? Also how would those be verified since no apk scans anything for January/February security vulnerabilities.

Should be possible. Theorically it should be enough to merge the patches into ZOPO's AOSP, compile it afterwards and swap the libraries. It's hard to verify though... Would be quite of a challenge to write an app to test this :D
 
  • Like
Reactions: jknarf

vicks1008

Member
Feb 4, 2011
22
3
Should be possible. Theorically it should be enough to merge the patches into ZOPO's AOSP, compile it afterwards and swap the libraries. It's hard to verify though... Would be quite of a challenge to write an app to test this :D

DUDE! I am dying to find a way to verify these. The app VTS for Android checks alot more vulnerabilities on Android devices than just Stagefright exploits. However for now the app only verifies vulnerabilities up to December 2015.

The link to the github is here if you want to take a closer look at the app.
 
  • Like
Reactions: BlueFlame4

portezbie

Senior Member
Mar 31, 2012
216
34
As I stated in the OP it should work, since MT6753 and MT6735 share a lot of commalities and are technically nearly the same. Feel free to try it out but do a backup first! :)

Installed it and wiped cache and dalvik. Reboot seemed to be fine, started optimizing apps, but then when it finished optimizing apps it rebooted and got stuck at the boot screen.

So doesn't seem to work for my device. Oh well, what can ya do.

Luckily I did a backup first.

Could it be because my device is only running a 5.0 rom?
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 34
    Hey guys,

    as you know I sold the device but this still wouldn't stop me fiddling around with source codes ;)
    Here I present you my latest approach to fix the stagefright vulnerability for the P8000 (and possibly any other MT6753 powered device!).

    Unfortunately I can't test it so it would be great if someone could install and test the attached zip. Obviously this is kind of beta work until I get some confirmations that it's working.
    To test please do the following:

    0. Do a backup!
    1. Install the .zip via recovery of your choice.
    2. Reboot.
    3. If it boots, try the stagefright detector app by zimperium labs.
    4. Profit!

    Changelog:
    • Beta 2: Fixed CVE 2015-6602 vuln.
    • Beta 1: Compiled from ZOPO Speed 7 sources.

    It should look like this afterwards:
    L3jlWhW.jpg

    The libs should be compatible to all MT6753/6735 powered devices running Android 5.1!

    Thanks to:
    - ZOPO for releasing their MT6753/Z7 Speed sources
    - @superdragonpt
    - @DerTeufel1980
    - @fire855
    - @dr_root for bringing me back to this device!
    - @valascus for the image and testing
    - @ardrift for testing


    Cheers!

    Please hit the 'thanks' button if these libraries helped you. Thank you! :)
    5
    @ardrift: Thanks, gonna have to patch that last 6602 vuln. Will report back soon with beta v2!


    Edit: Uploaded v2! This fixes 2015-6602. Please test and report back :)
    4
    Great to see that it works! Thanks guys! Please spread the word so everyone has a more secure phone! :)
    3
    Screenshot_2016-02-08-16-18-05.png

    Screenshot_2016-02-08-16-28-37.png

    Btw, I'm using guestekrnl and I'm on stock rom 1203.
    3
    Offtopic but relevant in my point of view: 3,2% of the people who downloaded my security fix decided to hit the thanks button. I updated the OP accordingly so maybe future leechers will get the point ;)