[Exploit + Patch] Stagefright security flaw

[Phk]

Hello XDA Community,

Zimperium has presented us yesterday with one of the most dangerous Android vulnerabilities known to date.
Fortunately patch\diff files were also released. Kudos JDrake.
Custom ROMs should be recompiled with these fixes until proper releases from manufacturers become available.

* UPDATE 18 September *

Original Zimperium link

Patch files

PoC exploit with ASLR bypass

See if you are vulnerable using original App

List of patched devices so far

* UPDATE 22 October *

Stagefright v2.0... Includes patches for I9505 (S5) and I337M (S4)


Cheers,
pHk

 

[edzamber]

Thanks for info

How to use theses patchs to recompil stock Rom ?

 

[Phk]

Thanks for info

How to use theses patchs to recompil stock Rom ?

They cover several codec source files, but normally a patch -p1 < file.patch on the same directory will suffice!

 

[Goldie]

Thanks for info

How to use theses patchs to recompil stock Rom ?

I've seen you in Samsung forums so I'm guessing you are asking in that respect when you say stock and not stock android. As far as I know you cannot patch libs in Samsung stock roms. These patch files are for compiling from source. You could try a pre patched aosp lib but it's quite likely it won't work

Sent from my SM-G920F using Tapatalk

 

[edzamber]

Ok !

Many thanks

 

[Phk]

Updates on Stagefright: Get root and disable it in build.prop.

I've created and attached a simple .patch file for this

Cheers

 

[Camacha]

I have a ZTE V5 Max, which is currently still on 4.4.4. Someone is working on 5.1, but development is extremely slow, partly due to a completely uncooperative attitude from ZTE. Long story short, this is not going to happens soon, and might very well never happen at all (sadly). For this reason I am running CM11. The detector app says the phone is only vulnerably to CVE-2015-3829, I am not sure whether that helps.

Is there some way to patch my installation with some pre-patched or existing file? I have no experience with Android development, so bear with me: does it need to be compiled for each specific device, or is the library more multi-purpose? What about the difference between 4.4 and 5.x?

I would so very much like to be able to use my device in the future

 

[Rajada]

Updates on Stagefright: Get root and disable it in build.prop.

I've created and attached a simple .patch file for this

Cheers

after these patch we are able to receive MMS?

 

[Phk]

after these patch we are able to receive MMS?

You will receive the MMS but if its a video it will probably FC or simply don't open.

 

[Rajada]

You will receive the MMS but if its a video it will probably FC or simply don't open.

After the patch, the apk Zimperium shows the same result.
It's normal?

 

[Phk]

Sure. the bug's still there! The patch is just disabling the use of those vulnerable libs by Stagefright player

 

[cire27rn]

How can use the patch? Do I have to flash them in recovery?

 

[Phk]

How can use the patch? Do I have to flash them in recovery?

put file in /system
bash
su
cd /system
patch < stagefright.patch
reboot

 

[Camacha]

put file in /system
bash
su
cd /system
patch < stagefright.patch
reboot

Is there a change of an actual fix that can be applied this way becoming available in the near future?

 

[cire27rn]

Sir it says here "cant open build.prop..." what shall i do?

 

[Kamy]

Fix is here for Samsung devices.

Stagefright Vulnerability Fix - Lollipop

So far tested on Note 3, Note 4 and S5

 

[momojuro]

Sir it says here "cant open build.prop..." what shall i do?

For those who can't install @Phk's patch :

media.stagefright.enable-player=false
media.stagefright.enable-http=false
media.stagefright.enable-aac=false
media.stagefright.enable-qcp=false
media.stagefright.enable-fma2dp=false
media.stagefright.enable-scan=false
mmp.enable.3g2=true
mm.enable.smoothstreaming=true
media.aac_51_output_enabled=true

You can put manually those lines in your build.prop file using a file manager with root permissions.

For your case @cire27rn check that your system partition is RW (Read-Write) and retry, or try my solution above !

 

[Camacha]

For those who can't install @Phk's patch :

media.stagefright.enable-player=false
media.stagefright.enable-http=false
media.stagefright.enable-aac=false
media.stagefright.enable-qcp=false
media.stagefright.enable-fma2dp=false
media.stagefright.enable-scan=false
mmp.enable.3g2=true
mm.enable.smoothstreaming=true
media.aac_51_output_enabled=true

I changed this and rebooted the phone. I can still watch and play movies with Youtube, TED, the gallely, the browser, you name it. I double checked and made sure the buildprop file was still modified.

Is this supposed to happen?

 

[edzamber]

I changed this and rebooted the phone. I can still watch and play movies with Youtube, TED, the gallely, the browser, you name it. I double checked and made sure the buildprop file was still modified.

Is this supposed to happen?

Check with this Stagefright Viewer

If its like that, its ok :




If not, good code is that :

#system props for the cne module
#
#persist.cne.feature=1

media.stagefright.enable-player=false
media.stagefright.enable-http=false
media.stagefright.enable-aac=false
media.stagefright.enable-qcp=false
media.stagefright.enable-fma2dp=false
media.stagefright.enable-scan=false
media.stagefright.enable-record=false
media.stagefright.enable-meta=false
media.stagefright.enable-rtsp=false
mmp.enable.3g2=true
mm.enable.smoothstreaming=true
media.aac_51_output_enabled=true
ro.hdmi.enable=true
lpa.decode=false
tunnel.decode=false
tunnel.audiovideo.decode=false
lpa.use-stagefright=false
qcom.hw.aac.encoder=true

 

[Camacha]

I can still play and record video with various apps. Apparently disabling stagefright means little to no difference?

Also, be careful installing random .apk files from the internet