Guest dalyer Posted December 18, 2014 Report Share Posted December 18, 2014 (edited) I don't agree with you. My coolpad 9976A is the best phone I had. I rooted it and then never changed the rom. When you screw the phone by installing this and that rom, then don't complain also. My own opinion. But his point is not that the phone hardware is poor but that this Coolpad/CoolUI/CoolLife "CoolReaper" backdoor looks very dodgy and seems to be in almost all stock and stock based ROMs. It's not clear if it's in others such as AOSP. Edit: maucat's latest AOSP 4.4.2 (18th December) mentioned earlier (and here: http://www.modaco.com/topic/374138-aosp-44-by-maucat/) does not have any of the following: • /system/app/CP_DMP.apk • /system/app/CP_DMP.odex • /system/app/GoogleGmsFramework.apk • /system/app/GoogleGmsFramework.odex • /system/lib/libgmsframework.so so I presume that means it's most likely NOT "infected" by CoolReaper? Based on the info so far about this CoolReaper thing my inclination is to steer clear of stock and stock based ROMs. I'll probably go with maucat's AOSP 4.4.2 for now. Edited December 18, 2014 by dalyer Link to comment Share on other sites More sharing options...
Guest apple2005 Posted December 18, 2014 Report Share Posted December 18, 2014 But his point is not that the phone hardware is poor but that this Coolpad/CoolUI/CoolLife "CoolReaper" backdoor looks very dodgy and seems to be in almost all stock and stock based ROMs. It's not clear if it's in others such as AOSP. Edit: maucat's latest AOSP 4.4.2 (18th December) mentioned earlier (and here: http://www.modaco.com/topic/374138-aosp-44-by-maucat/) does not have any of the following: • /system/app/CP_DMP.apk • /system/app/CP_DMP.odex • /system/app/GoogleGmsFramework.apk • /system/app/GoogleGmsFramework.odex • /system/lib/libgmsframework.so so I presume that means it's most likely NOT "infected" by CoolReaper? Based on the info so far about this CoolReaper thing my inclination is to steer clear of stock and stock based ROMs. I'll probably go with maucat's AOSP 4.4.2 for now. Thanks for clarification. But what is this coolReaper? And what it does? In what way it is dangerous? Link to comment Share on other sites More sharing options...
Guest dalyer Posted December 18, 2014 Report Share Posted December 18, 2014 See here: http://www.modaco.com/topic/372543-coolpad-f1-8297w-review-info-software-custom-roms/page-191#entry2244336 Link to comment Share on other sites More sharing options...
Guest apple2005 Posted December 18, 2014 Report Share Posted December 18, 2014 See here:http://www.modaco.com/topic/372543-coolpad-f1-8297w-review-info-software-custom-roms/page-191#entry2244336 Thanks but the url bring me back to the last post... Link to comment Share on other sites More sharing options...
Guest dalyer Posted December 18, 2014 Report Share Posted December 18, 2014 (edited) No - it should link back to an earlier post in this thread by userDJJ which includes a link to the report into this suspicious firmware. It does for me anyway. Anyway - here's the report in question: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-cool-reaper.pdf Edited December 18, 2014 by dalyer Link to comment Share on other sites More sharing options...
Guest dakok Posted December 18, 2014 Report Share Posted December 18, 2014 The guys that made the report download many F1 roms and here is the interesting part from report: Coolpad provides ZIP-format stock ROMs for the Halo (Dazen) series, the K series and the S series phones, and provides customized format stock ROMs for other models. All of these stock ROMs are available for download at Coolpad’s official support forum or in their official service center. In November 2014 we downloaded 45 stock ROMs Not really, format of stock roms is not ZIP :D Link to comment Share on other sites More sharing options...
Guest dalyer Posted December 18, 2014 Report Share Posted December 18, 2014 Whatever about basic (?) mistakes like that isn't the main issue that this "CoolReaper" is something worth avoiding by using a non stock or stock based ROM? Right now my view is that this eliminates all stock and stock based ROMs from consideration. Am I wrong or overreacting? Link to comment Share on other sites More sharing options...
Guest rista1 Posted December 18, 2014 Report Share Posted December 18, 2014 • /system/app/CP_DMP.apk• /system/app/CP_DMP.odex• /system/app/GoogleGmsFramework.apk• /system/app/GoogleGmsFramework.odex• /system/lib/libgmsframework.so in aosp maucat there are no this app Link to comment Share on other sites More sharing options...
Guest cumfun fighter Posted December 18, 2014 Report Share Posted December 18, 2014 In the installation of any ROM there still exists untouched partitions/memory areas containing data by manufacturer, e.g. nvram containing imei + other data. Either TWRP/CWM are not able to modify/backup these areas and if they could wipe hidden data-areas would it result in bricked device. Link to comment Share on other sites More sharing options...
Guest dalyer Posted December 18, 2014 Report Share Posted December 18, 2014 In the installation of any ROM there still exists untouched partitions/memory areas containing data by manufacturer, e.g. nvram containing imei + other data. Either TWRP/CWM are not able to modify/backup these areas and if they could wipe hidden data-areas would it result in bricked device. Not really sure what your point is? Is it that these untouched areas could also contain something suspect? But for what it's worth you can backup nvram, imei etc. using MTKDroid tools, MobileUncle etc. Link to comment Share on other sites More sharing options...
Guest dalyer Posted December 18, 2014 Report Share Posted December 18, 2014 • /system/app/CP_DMP.apk• /system/app/CP_DMP.odex• /system/app/GoogleGmsFramework.apk• /system/app/GoogleGmsFramework.odex• /system/lib/libgmsframework.so in aosp maucat there are no this app Yeah - I said that earlier. :) http://www.modaco.com/topic/372543-coolpad-f1-8297w-review-info-software-custom-roms/page-192#entry2244399 Link to comment Share on other sites More sharing options...
Guest rista1 Posted December 18, 2014 Report Share Posted December 18, 2014 [emoji106] Link to comment Share on other sites More sharing options...
Guest cumfun fighter Posted December 18, 2014 Report Share Posted December 18, 2014 Not really sure what your point is? Is it that these untouched areas could also contain something suspect? But for what it's worth you can backup nvram, imei etc. using MTKDroid tools, MobileUncle etc. So, you don't really know where the backdoor is hidden! It may be in ROM or somewhere else. Link to comment Share on other sites More sharing options...
Guest rista1 Posted December 18, 2014 Report Share Posted December 18, 2014 Then in each rom of anybody can be. That called conspiracy theories Link to comment Share on other sites More sharing options...
Guest cumfun fighter Posted December 18, 2014 Report Share Posted December 18, 2014 Then in each rom of anybody can be. That called conspiracy theories No. That's CoolReapery and it's only in coolpad. Link to comment Share on other sites More sharing options...
Guest userDJJ Posted December 18, 2014 Report Share Posted December 18, 2014 (edited) Wrong quote, was referring to this post: http://www.modaco.com/topic/372543-coolpad-f1-8297w-review-info-software-custom-roms/page-192#entry2244408 Perpahs they were testing this, it is stock in zip http://4pda.ru/forum/index.php?showtopic=595613&st=0#entry33550637 On the basis of the native firmware Sort by: Newest firmware in the lateStock firmware based on Android 4.2 (Cool UI 5.5):Firmware version 039 (thanks stas30 ) Firmware version 041 (thanks misha124 ) Edited December 18, 2014 by userDJJ Link to comment Share on other sites More sharing options...
Guest dakok Posted December 18, 2014 Report Share Posted December 18, 2014 (edited) This news resulted in 14.6% drop for Coolpad in HonKong stock exchange Miui backdoor, CoolUI backdoor - strange they get revealed while this companies are going extremely well during last year. This backdoor was known for at least a year.. Edited December 18, 2014 by dakok Link to comment Share on other sites More sharing options...
Guest userDJJ Posted December 18, 2014 Report Share Posted December 18, 2014 (edited) According to PA paper #24, starting with October 2013 some users began discussing about this issue, however Coolpad did not offer an official response to the reports, #25 "Finally on October 23, a user reported the problem in Coolpad’s support forum again and an administrator deleted the report, but it is still accessible through Google searches (Figure 21)" //something similar was doing Sony latel with one of their new phones that were cracking displays. You were aware of this feature for 1 year prior it was reported on Wooyun.org as stated on #17 ? Forum explanation sound so innocent, but in reality it is not. http://www.modaco.com/topic/372543-coolpad-f1-8297w-review-info-software-custom-roms/page-191#entry2244341 I am aware that in USA, when you can get new iphone for 150 USD (with 2 year contract) operators can add their app via ota (this is not a any secret) , but what Coolpad was doing is next level of spying, competition to NSA :P. What if some bad guys would discover this and start spying on all those users ? They could practically do anything they wanted. http://www.scmagazineuk.com/hidden-backdoor-in-up-to-10m-android-phones/article/389010/ those 3 lines are not normal ota operators updates •Notify users of a fake update that doesn't update the device, but does install unwanted apps. • Send or insert arbitrary SMS or MMS messages into the phone. • Upload information about the device, its location, app usage, calling and SMS history to a Coolpad server. And what is the most important, reputation gets destroyed, after Snowden leaks users become more alert on privacy issue (at least they should, sigh). Edited December 18, 2014 by userDJJ Link to comment Share on other sites More sharing options...
Guest dalyer Posted December 18, 2014 Report Share Posted December 18, 2014 (edited) I think this bit should be reiterated for the benefit of anybody who chooses to remain on a stock or stock based ROM: http://www.scmagazineuk.com/hidden-backdoor-in-up-to-10m-android-phones/article/389010/ Palo Alto advises companies who have Coolpad phones to check for the following files, which may indicate the device contains the backdoor: • /system/app/CP_DMP.apk • /system/app/CP_DMP.odex • /system/app/GoogleGmsFramework.apk • /system/app/GoogleGmsFramework.apk • /system/lib/libgmsframework.so But the company says: “If the phone is rooted, you can simply delete all of these files using your root privileges. However, Coolpad may still be able to install new malware in the future using an OTA update.” Alternatively (I think) use a non stock or stock based ROM. Assuming that nothing more persistent across ROM installations is also compromised as a backdoor? The silver lining in all this? Well lots more people will know who Coolpad are now! :D Edited December 18, 2014 by dalyer Link to comment Share on other sites More sharing options...
Guest slime00 Posted December 19, 2014 Report Share Posted December 19, 2014 I think I found a folder called "lenovoreaper" in my previous smartphone (Lenovo A820), which disappeared after changing the ROM, so I assume it's a common thing for smartphone producers in china, if big companies do this, go figure small ones... By the way, the news is spreading around the web, this will do some damage I believe...they'll think it twice to use those tricks again in the next releases! Link to comment Share on other sites More sharing options...
Guest userDJJ Posted December 19, 2014 Report Share Posted December 19, 2014 By the way, the news is spreading around the web, this will do some damage I believe...they'll think it twice to use those tricks again in the next releases! Or will hide em better ^_^ ! Link to comment Share on other sites More sharing options...
Guest dalyer Posted December 19, 2014 Report Share Posted December 19, 2014 (edited) I still find it hard to believe that these guys would ever do anything nasty... Er ... on the other hand... ^_^ Edited December 19, 2014 by dalyer Link to comment Share on other sites More sharing options...
Guest dakok Posted December 19, 2014 Report Share Posted December 19, 2014 Guys next door :D Let's go flashing non-reaper stuff :) Funtouch OS for F1 wcdma from 4PDA download Link to comment Share on other sites More sharing options...
Guest dakok Posted December 19, 2014 Report Share Posted December 19, 2014 (edited) Coolpad F2 got CM11 :D Not exactly and I didn't read it anywhere yet (EDIT, found a comment on firstpost just now :)). Exact phone is Micromax Yureka and it looks very much like Coolpad F2. Micromax used Coolpad F1 for its Nitro A310 and my guess is that the same goes for Yureka (being Coolpad F2. Yureka article Look at the images (specs are the same): Yureka: Coolpad F2: Edited December 19, 2014 by dakok Link to comment Share on other sites More sharing options...
Guest apple2005 Posted December 19, 2014 Report Share Posted December 19, 2014 Guys next door :D Let's go flashing non-reaper stuff :) Funtouch OS for F1 wcdma from 4PDAdownload Hi, Where exactly is this file "Reaper" located? I want to search in my coolpad 9976A. Secondly, how can the so called Reaper communicate to the Internet if you have a firewall installed? Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now