[Hack] ARM architecture Kernel function hijacking & calling (in progress)

Status
Not open for further replies.
P

peetr_

Senior Member
Oct 28, 2010
2,332
2,179
0
Jul 11, 2011 at 10:09 PM
Some antivirus softwares already has root access and scans processes, modules, etc. So it would be nice to try if it finds this hack in downloaded module.
 
kabaldan

kabaldan

Inactive Recognized Developer
Dec 15, 2009
1,640
3,925
153
Prague
android.doshaska.net
Jul 11, 2011 at 10:32 PM
You're completely missing the point. This thread is not about security at all.

When you can run only the kernel that has been compiled and signed by Motorola and you need to fix something on kernel level, instead of simple compilation of your own kernel, you have to hack it.

On Milestone, there is exactly one error recovery line missing in the dsi kernel driver (display). This missing line causes display freezes and kernel panics. To add the effect of this one line of code to fix the botched work of Motorola's programmers, hacking kernel module that hooks kernel functions has to be used - tens of code lines instead of one.
Luckily for us, there are ways to hack the kernel via modules so we can do the needed kernel modifications despite all the stupid signature checking.

That is what this thread is really about (or should be :) ).
 
Last edited:
  • Like
Reactions: marhensa
Epsylon3

Epsylon3

Senior Member
Jan 25, 2008
1,177
4,310
0
Geneva
tanguy.forumdoandroid.com
Jul 11, 2011 at 11:08 PM
ga1axy :) the defy_more module source code is small :) could you share it as sample if your post is about kallsyms hook :)

thanks... and could be nice to add a module parameter for number of points... i have modified offset 0x190 in hex editor for the moment, to set it to 5 points
 
Last edited:
  • Like
Reactions: marhensa
marhensa

marhensa

Senior Member
Dec 17, 2010
2,017
1,174
0
Bogor
Jul 12, 2011 at 4:11 AM
kabaldan said:
You're completely missing the point. This thread is not about security at all.

When you can run only the kernel that has been compiled and signed by Motorola and you need to fix something on kernel level, instead of simple compilation of your own kernel, you have to hack it.

On Milestone, there is exactly one error recovery line missing in the dsi kernel driver (display). This missing line causes display freezes and kernel panics. To add the effect of this one line of code to fix the botched work of Motorola's programmers, hacking kernel module that hooks kernel functions has to be used - tens of code lines instead of one.
Luckily for us, there are ways to hack the kernel via modules so we can do the needed kernel modifications despite all the stupid signature checking.

That is what this thread is really about (or should be :) ).
Click to expand...
+1
this, is the information i really want to know about this thread.
 
iaio72

iaio72

Senior Member
Jul 16, 2009
1,650
908
143
Rome
Jul 12, 2011 at 9:40 AM
sorry guys, I do not want controversy, but I was wondering, what is
open a post for several days and keep it that says "please wait" ...
with all due respect for the author ...:D
 
m11kkaa

m11kkaa

Recognized Developer / Inactive Recognized Contrib
Jan 20, 2011
1,259
2,145
0
Jul 12, 2011 at 5:53 PM
@peetr_ Which antivirus-apps gains root-access for a full system-scan?
I don't know anyone.
 
P

peetr_

Senior Member
Oct 28, 2010
2,332
2,179
0
Jul 12, 2011 at 6:01 PM
kabaldan said:
You're completely missing the point. This thread is not about security at all.

When you can run only the kernel that has been compiled and signed by Motorola and you need to fix something on kernel level, instead of simple compilation of your own kernel, you have to hack it.

On Milestone, there is exactly one error recovery line missing in the dsi kernel driver (display). This missing line causes display freezes and kernel panics. To add the effect of this one line of code to fix the botched work of Motorola's programmers, hacking kernel module that hooks kernel functions has to be used - tens of code lines instead of one.
Luckily for us, there are ways to hack the kernel via modules so we can do the needed kernel modifications despite all the stupid signature checking.

That is what this thread is really about (or should be :) ).
Click to expand...
I know all this, but...

Security was always the 2nd thing on my mind.
I am using CM7 from some beta 1 and every update I installed, did not needed wipe of data, then my phone started to be very usable and perfectly fits to me. So I started to use the phone normally with most of its functions.
Now, this strange hack thread without anything telling to me, brings me to the security question. How to be sure, that all these good hacks are only good hacks? About half year ago I started to trust Google, few Months ago I started to trust Quarx, but I cannot trust everyone. :)

As the system becomes good enough for use it should be good enough in the name of security too or in the end it's useless.

That's my opinion. :)


Virus terminator scans whole system. But who knows for what :)

P.S. Sorry for my English.
 
kabaldan

kabaldan

Inactive Recognized Developer
Dec 15, 2009
1,640
3,925
153
Prague
android.doshaska.net
Jul 12, 2011 at 11:36 PM
peetr_ said:
I know all this, but...

Security was always the 2nd thing on my mind.
I am using CM7 from some beta 1 and every update I installed, did not needed wipe of data, then my phone started to be very usable and perfectly fits to me. So I started to use the phone normally with most of its functions.
Now, this strange hack thread without anything telling to me, brings me to the security question. How to be sure, that all these good hacks are only good hacks? About half year ago I started to trust Google, few Months ago I started to trust Quarx, but I cannot trust everyone. :)

As the system becomes good enough for use it should be good enough in the name of security too or in the end it's useless.

That's my opinion. :)


Virus terminator scans whole system. But who knows for what :)

P.S. Sorry for my English.
Click to expand...
It's simple - don't trust, rather check :).
That can be seen as the main point of open source.

The source for all the kernel module hacks used on Milestone is published here:
https://github.com/nadlabak/android.../tree/gingerbread/prebuilt/lib/modules/source

Skrilax's symsearch (essential - used almost everywhere) and Nothize's hook (used by dsifix) are of particular interest.
I hope it can be helpful for those interested in modifications of locked/signed kernels.

Btw., the symsearch technique seems to be used in the v0.2 version of the closed source(!?) GPL module distributed here: http://forum.xda-developers.com/showthread.php?t=1162327
(Sad that I haven't received any reply from ga1axy so far, but I'm glad that the symsearch source I pointed out via PM on Monday morning has been useful ;) )
 
kabaldan

kabaldan

Inactive Recognized Developer
Dec 15, 2009
1,640
3,925
153
Prague
android.doshaska.net
Jul 13, 2011 at 11:10 PM
Well, as I don't like waiting so long, I decided to try by myself. I'm sure it can be made better, but it's working on Milestone as it is, so I'm happy :).
My try at 5 point multitouch enforcing module (for qtouch ts, commonly used by motorola), including source, can be found here:
https://github.com/nadlabak/android...mmit/9bb2e84477fc984404b2d7535945252d46d8ddd8
qtouch_hw_init will happen at first screen off/screen on after boot (or already during boot, if there are touch events coming at the right time ;) ), so that's when the new configuration will be activated.
 
Last edited:
  • Like
Reactions: vick33
P

pedrodh

Retired Recognized Developer
Oct 19, 2009
194
226
0
www.pedronveloso.com
Jul 25, 2011 at 7:44 PM
The author of the thread is Gal1xy, the korean guy who originally made bootmenu for the Defy, he made a lot more possible for us including being able to install CyanogenMod. Have some faith in him.
 
  • Like
Reactions: Sylde
dangpzanco

dangpzanco

Senior Member
Dec 27, 2010
717
86
0
Jul 26, 2011 at 5:32 AM
pedrodh said:
The author of the thread is Gal1xy, the korean guy who originally made bootmenu for the Defy, he made a lot more possible for us including being able to install CyanogenMod. Have some faith in him.
Click to expand...
Okay then, but I don't want this thread dead.
I'm very curious, because some Defy mods (multitouch, bootmenu/2nd-init) work on my phone aswell, since they have similar hardware and kernel.

Sent from my Milestone 2 XDA App
 
Status
Not open for further replies.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone