Jump to content

Coolpad F1 8297w - Review / Info / Software / Custom Roms

Guest dakok

By Guest dakok
in CoolPad F1

 Share

Recommended Posts

Guest dalyer

Guest dalyer

Posted
Posted (edited)

I don't agree with you. My coolpad 9976A is the best phone I had. I rooted it and then never changed the rom. When you screw the phone by installing this and that rom, then don't complain also. My own opinion.

 

But his point is not that the phone hardware is poor but that this Coolpad/CoolUI/CoolLife "CoolReaper" backdoor looks very dodgy and seems to be in almost all stock and stock based ROMs.

It's not clear if it's in others such as AOSP.

 

Edit:  maucat's latest AOSP 4.4.2 (18th December) mentioned earlier (and here: http://www.modaco.com/topic/374138-aosp-44-by-maucat/) does not have any of the following:

 

• /system/app/CP_DMP.apk
• /system/app/CP_DMP.odex
• /system/app/GoogleGmsFramework.apk
• /system/app/GoogleGmsFramework.odex
• /system/lib/libgmsframework.so
 
so I presume that means it's most likely NOT "infected" by CoolReaper?
 
Based on the info so far about this CoolReaper thing my inclination is to steer clear of stock and stock based ROMs.
I'll probably go with maucat's AOSP 4.4.2 for now.
Edited by dalyer
Link to comment
Share on other sites
  • Replies 6.3k
  • Created
  • Last Reply

Popular Days

Popular Days

Popular Posts

Guest PaulOBrien
Guest PaulOBrien

Great to see you here everyone, enjoy your new CoolPad forum! :) P

Guest janekmuric
Guest janekmuric

Hey, I made a Coolpad F1 Toolkit.   Features:   1. It can auto-install ADB, Fastboot and all drivers 2. Reboot System, Recovery, Bootloader 3. Root 4. Auto install APK directly from PC 5. Inst

Guest yuusuv
Guest yuusuv

Bump.

Posted Images

Guest apple2005

Guest apple2005

Posted
Posted

But his point is not that the phone hardware is poor but that this Coolpad/CoolUI/CoolLife "CoolReaper" backdoor looks very dodgy and seems to be in almost all stock and stock based ROMs.

It's not clear if it's in others such as AOSP.

Edit: maucat's latest AOSP 4.4.2 (18th December) mentioned earlier (and here: http://www.modaco.com/topic/374138-aosp-44-by-maucat/) does not have any of the following:

• /system/app/CP_DMP.apk

• /system/app/CP_DMP.odex

• /system/app/GoogleGmsFramework.apk

• /system/app/GoogleGmsFramework.odex

• /system/lib/libgmsframework.so

so I presume that means it's most likely NOT "infected" by CoolReaper?

Based on the info so far about this CoolReaper thing my inclination is to steer clear of stock and stock based ROMs.

I'll probably go with maucat's AOSP 4.4.2 for now.

Thanks for clarification. But what is this coolReaper? And what it does? In what way it is dangerous?

Link to comment
Share on other sites
Guest dalyer

Guest dalyer

Posted
Posted (edited)

No - it should  link back to an earlier post in this thread by userDJJ which includes a link to the report into this suspicious firmware.

It does for me anyway.

 

Anyway - here's the report in question:

 

https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-cool-reaper.pdf

Edited by dalyer
Link to comment
Share on other sites
Guest dakok

Guest dakok

Posted
Posted

The guys that made the report download many F1 roms and here is the interesting part from report:

 

Coolpad provides ZIP-format stock ROMs for the Halo (Dazen) series, the K series and
the S series phones, and provides customized format stock ROMs for other models. All
of these stock ROMs are available for download at Coolpad’s official support forum or
in their official service center.

 

In November 2014 we downloaded 45 stock ROMs

 

Not really, format of stock roms is not ZIP  :D

 

 

 

Link to comment
Share on other sites
Guest dalyer

Guest dalyer

Posted
Posted

Whatever about basic (?) mistakes like that isn't the main issue that this "CoolReaper" is something worth avoiding by using a non stock or stock based ROM?

Right now my view is that this eliminates all stock and stock based ROMs from consideration. 

Am I wrong or overreacting?

Link to comment
Share on other sites
Guest rista1

Guest rista1

Posted
Posted

• /system/app/CP_DMP.apk
• /system/app/CP_DMP.odex
• /system/app/GoogleGmsFramework.apk
• /system/app/GoogleGmsFramework.odex
• /system/lib/libgmsframework.so

in aosp maucat there are no this app

Link to comment
Share on other sites
Guest cumfun fighter

Guest cumfun fighter

Posted
Posted

In the installation of any ROM there still exists untouched partitions/memory areas 

containing data by manufacturer, e.g. nvram containing imei +  other data.

Either TWRP/CWM are not able to modify/backup these areas and if they could

wipe hidden data-areas would it result in bricked device.

Link to comment
Share on other sites
Guest dalyer

Guest dalyer

Posted
Posted

In the installation of any ROM there still exists untouched partitions/memory areas 

containing data by manufacturer, e.g. nvram containing imei +  other data.

Either TWRP/CWM are not able to modify/backup these areas and if they could

wipe hidden data-areas would it result in bricked device.

 

Not really sure what your point is?

Is it that these untouched areas could also contain something suspect?

But for what it's worth you can backup nvram, imei etc. using MTKDroid tools, MobileUncle etc.

Link to comment
Share on other sites
Guest dalyer

Guest dalyer

Posted
Posted

• /system/app/CP_DMP.apk

• /system/app/CP_DMP.odex

• /system/app/GoogleGmsFramework.apk

• /system/app/GoogleGmsFramework.odex

• /system/lib/libgmsframework.so

in aosp maucat there are no this app

 

Yeah - I said that earlier. :)

 

http://www.modaco.com/topic/372543-coolpad-f1-8297w-review-info-software-custom-roms/page-192#entry2244399

Link to comment
Share on other sites
Guest cumfun fighter

Guest cumfun fighter

Posted
Posted

Not really sure what your point is?

Is it that these untouched areas could also contain something suspect?

But for what it's worth you can backup nvram, imei etc. using MTKDroid tools, MobileUncle etc.

So, you don't really know where the backdoor is hidden!

It may be in ROM or somewhere else.

Link to comment
Share on other sites
Guest userDJJ

Guest userDJJ

Posted
Posted (edited)

Wrong quote, was referring to this post:

http://www.modaco.com/topic/372543-coolpad-f1-8297w-review-info-software-custom-roms/page-192#entry2244408

 

 

Perpahs they were testing this, it is stock in zip

http://4pda.ru/forum/index.php?showtopic=595613&st=0#entry33550637

 

On the basis of the native firmware

Sort by: Newest firmware in the late

Stock firmware based on Android 4.2 (Cool UI 5.5):

 

Edited by userDJJ
Link to comment
Share on other sites
Guest dakok

Guest dakok

Posted
Posted (edited)

This news resulted in 14.6% drop for Coolpad in HonKong stock exchange

 

Miui backdoor, CoolUI backdoor - strange they get revealed while this companies are going

extremely well during last year.

 

This backdoor was known for at least a year..

Edited by dakok
Link to comment
Share on other sites
Guest userDJJ

Guest userDJJ

Posted
Posted (edited)

According to PA paper #24, starting with October 2013 some users began discussing about this issue, however Coolpad did not offer an official response to the reports,

#25 "Finally on October 23, a user reported the problem in Coolpad’s support forum again and an administrator deleted the report, but it is still accessible through Google searches (Figure 21)"  //something similar was doing Sony latel with one of their new phones that were cracking displays.

 

You were aware of this feature for 1 year prior it was reported on Wooyun.org as stated on #17 ?

 

 

Forum explanation sound so innocent, but in reality it is not.

http://www.modaco.com/topic/372543-coolpad-f1-8297w-review-info-software-custom-roms/page-191#entry2244341

 

 

I am aware that in USA, when you can get new iphone for 150 USD (with 2 year contract) operators can add their app via ota (this is not a any secret)
, but what Coolpad was doing is next level of spying, competition to NSA :P.
What if some bad guys would discover this and start spying on all those users ? They could practically do anything they wanted.
 
 
those 3 lines are not normal ota operators updates

 


•Notify users of a fake update that doesn't update the device, but does install unwanted apps.
• Send or insert arbitrary SMS or MMS messages into the phone.
• Upload information about the device, its location, app usage, calling and SMS history to a Coolpad server.
 
And what is the most important, reputation gets destroyed, after Snowden leaks users become more alert on privacy issue (at least they should, sigh).
Edited by userDJJ
Link to comment
Share on other sites
Guest dalyer

Guest dalyer

Posted
Posted (edited)

I think this bit should be reiterated for the benefit of anybody who chooses to remain on a stock or stock based ROM:

 

http://www.scmagazineuk.com/hidden-backdoor-in-up-to-10m-android-phones/article/389010/

 

Palo Alto advises companies who have Coolpad phones to check for the following files, which may indicate the device contains the backdoor:

 

• /system/app/CP_DMP.apk

• /system/app/CP_DMP.odex

• /system/app/GoogleGmsFramework.apk

• /system/app/GoogleGmsFramework.apk

• /system/lib/libgmsframework.so

 

But the company says: “If the phone is rooted, you can simply delete all of these files using your root privileges. However, Coolpad may still be able to install new malware in the future using an OTA update.”

Alternatively (I think) use a non stock or stock based ROM.

Assuming that nothing more persistent across ROM installations is also compromised as a backdoor?

 

The silver lining in all this? Well lots more people will know who Coolpad are now! :D

Edited by dalyer
Link to comment
Share on other sites
Guest slime00

Guest slime00

Posted
Posted

I think I found a folder called "lenovoreaper" in my previous smartphone (Lenovo A820), which disappeared after changing the ROM, so I assume it's a common thing for smartphone producers in china, if big companies do this, go figure small ones...
By the way, the news is spreading around the web, this will do some damage I believe...they'll think it twice to use those tricks again in the next releases!

Link to comment
Share on other sites
Guest userDJJ

Guest userDJJ

Posted
Posted

By the way, the news is spreading around the web, this will do some damage I believe...they'll think it twice to use those tricks again in the next releases!

Or will hide em better ^_^  !

Link to comment
Share on other sites
Guest dalyer

Guest dalyer

Posted
Posted (edited)

I still find it hard to believe that these guys would ever do anything nasty...

 

banner2.jpg

 

Er ... on the other hand...

 

banner4.jpg

 

^_^

Edited by dalyer
Link to comment
Share on other sites
Guest dakok

Guest dakok

Posted
Posted (edited)

Coolpad F2 got CM11 :D

 

Not exactly and I didn't read it anywhere yet (EDIT, found a comment on firstpost just now :)).

Exact phone is Micromax Yureka and it looks very much like Coolpad F2.

Micromax used Coolpad F1 for its Nitro A310 and my guess is that the same goes for Yureka (being Coolpad F2.

Yureka article

Look at the images (specs are the same):

 

Yureka:

Micromax_Yureka_6.jpg

 

Coolpad F2:

HTB1n3LKGXXXXXb.XXXXq6xXFXXXQ.jpg

Edited by dakok
Link to comment
Share on other sites
Guest apple2005

Guest apple2005

Posted
Posted

Guys next door :D

Let's go flashing non-reaper stuff :)

Funtouch OS for F1 wcdma from 4PDA

download

Hi,

Where exactly is this file "Reaper" located? I want to search in my coolpad 9976A.

Secondly, how can the so called Reaper communicate to the Internet if you have a firewall installed?

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept