Hello fellow XDA members,
Last week I flashed my favorite ROM to it's newest version again and once again I had to put some settings right and all. Now, this is nothing new and you can let the process be done for you with tools already availabe. However, I'm not pleased with the options given by the different apps to be set!
Synchronizing different data is one of the most important features on any smartphone at the moment in my opinion. Some you like to do manually, but lots of them you just let go on schedule. This is where my problem popped up. Quick searching didn't give any results, so I decided to start this tread. Example of a problem: you have to set every app to roaming or not and give them a refresh rate.
My idea/project I would like to start is making an app that has the following features:
setting up syncing schedules with the following options:
selecting days on which it syncs
timespan for synchronisation
refresh rate
roaming/no roaming
toggle list for assigning installed syncable programs fast and easy
assigning apps to different schedules
menu item for a list of schedules (with a subtext which programs follow and list of programs (with a subtext which schedule they follow)
Manila styled menus for known user interface
detection of different already syncing apps or syncable apps on the phone (adding them to the program list but not importing schedules since those would spam the list)
menu option to stop all syncing so everything is manual (useful when roaming but wanting to sync on demand)
import/export settings and automatic importing settings from the XDA_UC folder on install
making internet connection on sync and if it was off before turning it off after sync (don't know if some apps do this already, but then the turning off has to wait until the end of all synchronization)
option to show pop-up on sync fail with an option to retry in a given time or automatic retry time
I had some more features in mind but they fail to pop up right now.
What this solves:
schedules all crossing eachother which makes your phone connecting to and disconnecting from the internet all day (some have 3h option, some 4h)
unnessecary syncs, for example during your sleep
hopefully more options for selecting sync times (like with the FB-tab which can't go higher than 99)
one menu serving all the main apps on your phone
if importing settings on install works: no need to set everything up again, never!
There's only one big problem:
I'm not a developer and have no idea of any coding for WM devices at all. I do have some basic insight in structures and can help searching for entries and locations of different settings/manual sync triggers, but not much more than that. I'd like to see how this works during the project if there are others out there who like this app and a developer to take the big job!
Coding challenges I expect:
I think it has to set the apps assigned to a schedule to "manual" in the offical app/tab and has to trigger the manual synchronisation when schedule starts. If we really get into the core of other apps too: we could add the option "XDA_Sync schedule" to the drop down menus which pops up a schedule selector for the app. This way you could enable the automatic sync in the tab and the "roaming" item should be grayed out because that's fixed in the XDA_Sync schedule.
Locating all syncing.
Different devices (I have a Touch Pro2)
So: Good idea?
And: Any developer willing to take the challenge?
P.S. Not sure if I'm allowed to use the "XDA" part in the name, thread name could then be changed to "Cell_Sync" or something similar.
Follow these steps to dump all of your phone's memory. What use is this? It can be used to locate your MSL code if other methods fail. This method should work even if your phone is "bricked". This could potentially be used to retrieve lost information. At the very least it contains all your texts.
I am also currently exploring a possible security fail on the part of android/google. My phone dump contains my google account password in plain text....not just once. It has my password in plain text over 120 times. I am investigating how this could be. My google password is unique to that one account, and it is paired with my google login in the phone dump. I have not input the password in any other place outside of when I first setup my phone. I have not input that password in any app or browser. You may want to check if your login credentials are also being mishandled and possibly logged.
Phone Dump: (portions of this were taken from the PRL guide)
Connect your phone to your computer using a USB cable.
Open Device Manager.
Ports > LGE Android Platform USB Serial Port > Properties > Port Settings > Advanced > COM port number
Make a note of your COM port number.
Download and install QPST v2.7.
Open "QPST Configuration".
In the "Ports" tab, if your com port isn't listed, select "Add New Port" and write in your com port as "COM#" (# being the number you noted in step 4). Verify that your com port is listed.
Make sure your phone appears in the the "Active Phones" tab.
Run the "Memory Debug" program from QPST.
With your phone connected via USB and selected via the "Browse" button, press "Get Regions".
This will reboot your phone into "Download mode". You will most likely lose the connection to your phone because download mode uses different drivers and possible a different port. Go into device manager -> Ports (COM & LPT) and find your phone's new COM port.
Go into the QPST configuration and setup the new port.
Go back to the "Memory Debug" program, browse for your phone again, and select "Get Regions" again.
This time it will show you a bunch of options. Leave them all checked and select "SaveTo" and pick an empty folder to dump your phone memory to. This will take up a little over 500 megs.
It will take a good amount of time to finish (possibly 30 min to an hour).
When you are done, you will have the following files:
Code:
adsp_rama.bin, adsp_ramb.bin, adsp_ramc.bin, adsp_rami.bin, mdsp_rama.bin, mdsp_ramb.bin, mdsp_ramc.bin, mdsp_regs.bin, load.cmm, ebi_cs0.bin, and ebi_cs1.bin
If you want your MSL code, open ebi_cs0.bin with a hex editor. Look at the following HEX addresses:
Code:
0162ABCE
01BA6BDC
Both should contain your 6 digit MSL code in plain text.
If you want to find your ESN:
Code:
0104B5C2
What is more interesting is when you search in both ASCII and Unicode for your google account password in ebi_cs0.bin and ebi_cs1.bin. This is a raw dump of your phone memory. It will contain your contact list and other person information, but I see no reason for your account password to be logged in plain text. Another user has already reported finding his password using this technique. Please search for yourself and report back what you find. My guess is that this is not unique to the Optimus V.
Update:
I changed my account password. My phone then prompted for my new password. I entered it in. I then synced my contacts, rebooted, and then dumped the contents of my phone. My new password was in there in plain text twice. The old password was still there too. Something is logging my internet traffic or my keyboard inputs.
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
JerryScript said:
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
Click to expand...
Click to collapse
Thanks! With you that makes 3 of us to experience this. The address for the password(s) are different for me which is expected. Where as the MSL code would be located in a certain unchanged portion of the phone, this mysterious log would constantly be changing and could even be fragmented over the flash drive. I don't have (UID FLAGS) anywhere in either file.
What I also have is many Groove IP references with my Groove IP related google login and password. This looks like it is capturing it as internet traffic. I don't see why Google or Groove IP would log a password they both have encrypted access to.
mmarz said:
Something is logging my internet traffic or my keyboard inputs.
Click to expand...
Click to collapse
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
obijohn said:
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
Click to expand...
Click to collapse
There are a few reasons I don't buy this as being the cause.
Where would this unencrypted keyboard log be? I have data2ext going. My password was found on my internal phone partition. Whatever is doing this has permission to modify files outside of the data folder.
My password was present repeatedly. Even when I changed my password, it appeared twice even though I had only entered it once.
You have to manually select when you want to add words to the dictionary, otherwise all your misspelled tweets would be added. In password fields, this is not possible because only a single letter is inputted at any given time. No word is ever developed.
My other passwords are not in this log file. For example, my titanium backup password that I have to constantly use when I restore backups is not in here. Also my internet search phrases and other relevant items that I have typed in.
Update:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
mmarz said:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
Click to expand...
Click to collapse
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
csrow said:
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
Click to expand...
Click to collapse
Wouldn't this mean that you have to enter a verification code when entering your normal password, but if malware were to steal your application specific password that you created just for your phone, they could access your account using it and bypass the verification process?
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
csrow said:
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
Click to expand...
Click to collapse
No, they work on any device. There is no way for google to know what device is using it. You personally assign them for that phone, but if the password were to be stolen, then it can be used on any device. Also, if your account were to be compromised, you wouldn't know which password was stolen. With each application password you create, you are allowing another passcode that can be used to access your account. This seems very unsafe.
Update: I just tested this and I am right. I can use the same application specific password on all my apps and phones. So if this password were to be stolen, anyone could use it to login to my account. This is a major fail on the part of google....again.
Update2: Application specific passwords can be used to create login tokens. That means you can use a program like trillian to log into your gtalk using it, and then use the login token it produces to get access to your main google account through a web interface.
Well, that completely defeats the purpose of 2-part authentication. Oh well.
I hope you've reported this security hole... because obviously the intent is to be more secure than it actually is.
Which hole are you referring to? How google's two step verification is worthless because of one step passwords they force you handout to automated login apps? How Android's own password storage system keeps passwords in plain text and protects it by setting the file permissions to "please don't read this"? Or are you taking about how putting all these issues aside, I can still see my password in plain text in some sort of data capturing log that I found in a data dump of my phone's internal memory?
If you are talking about the last one, I'm still trying to find out exactly where the password is being stored in the dump and by what process. I've been searching through my phone's internal memory while it is on, but I can't seem to find it. I also want to rule out malware or something stupid that I might be doing before I start yelling about the sky falling. If more of you guys try this out, maybe we can rule out malware since all of us can't have the same bug. It really can't hurt your phone to dump it. It only takes 40 mins of your time.
(The more I learn about this stuff, the angrier I get.)
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
ummkiper said:
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
Click to expand...
Click to collapse
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
srmuc69 said:
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
Click to expand...
Click to collapse
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
ummkiper said:
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
Click to expand...
Click to collapse
Any luck? I did the same thing but as I have read in many other blogs the LG Optimus V times out in qpst, so did mine too.
I still have information in the file and I found the NV_ITEM_ARRARY in the file. What I do not know is how that array is built, e.g. is there a developer guide for CDMA phone where they detail the information. I was looking for the 1192 nv item and it should start wit the length like 0A for 10 digits of the AA Password. No luck so far without knowing what the bytes are and from just locking for 0A you get tons of hits.
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
srmuc69 said:
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
Click to expand...
Click to collapse
yeah the dump should have all nv items.the hard part is figuring which ones are which.
mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
well the mnha and mn aa are paswords needed to get your data working when you want to use a different phone ie the Samsung Epic on virgin mobile.you can clone all info from the optimus v to the epic but with out those password data will not work.i may not be inclined to do this anymore since the motorola triumph is coming out.meaning i wont need to find a better phone and clone this one.
Just flash my Defy with CM7 RC 1.5. It is very good, i am now happy.
Only one problem for now, can't send and receive any MMS message.
It is always: Currently unable to sent your message. It will be sent when service became available.
Checked APN, baseband, everything is OK. Also flash new nigthly, but without any result.
Any solution?
Tnx
Nordic works fine
After flashing nordic (step one, flashing CM 7 RC 1.5), i was able to send and receive MMS, but again, on CM 7 same error.
Please, anybody?
Tnx
I'm on same build and I have just tested sendind myself a MMS: works fine.
Just make sure that data is enabled and if you use DroidWall that you did not check the 3G/Data box of 'Messaging' or 'Any applications' [in the blacklist mode].
I also have problems receiving mms.
I received them because of froyo without 3g connection?
matej_d said:
Just flash my Defy with CM7 RC 1.5. It is very good, i am now happy.
Only one problem for now, can't send and receive any MMS message.
It is always: Currently unable to sent your message. It will be sent when service became available.
Checked APN, baseband, everything is OK. Also flash new nigthly, but without any result.
Any solution?
Tnx
Click to expand...
Click to collapse
i have the same problem, and i do not know how to fix it.
PS, maybe it related to the setting "Data enable(enable data access over Mobile network)", i disabled it, if enable, huge data will transport and cost a lot.
---------- Post added at 01:49 AM ---------- Previous post was at 01:48 AM ----------
[] AL [] said:
I'm on same build and I have just tested sendind myself a MMS: works fine.
Just make sure that data is enabled and if you use DroidWall that you did not check the 3G/Data box of 'Messaging' or 'Any applications' [in the blacklist mode].
Click to expand...
Click to collapse
well, tell us your settings
dereckzh said:
i have the same problem, and i do not know how to fix it.
PS, maybe it related to the setting "Data enable(enable data access over Mobile network)", i disabled it, if enable, huge data will transport and cost a lot.
...
well, tell us your settings
Click to expand...
Click to collapse
Well, without [Wireless & networks/Mobile networks/Data enabled] checked you will will not be able to send MMS: plain and simple. You want to send a picture over your 2G phone carrier: yes there will be fees for that.
You don't want any other things to use 2G data while you send your MMS: fair enough! So now you have to learn how to do that.
So you could spend some time going through each and every application and service on your phone that might do so and disable any automatic updating: for emails, facebook, Market ads and what not... but it could be tedious.
The easiest way for you to achieve this would be to use Droidwall [like I originally referrred to above ]. In there you will find 2 modes: 1- black list that blocks selected apks to access either wifi or 3G/data and 2- white list that does the opposite.
So install Droidwall [free from Market], make sure you select black list mode on top. And oh! you need root to use this so make sure that you also click "Allow" and check the 'remember' box when you see the Superuser permission request screen the first time.
Once that is done, seleck/check everything on the second column EXCEPT "Messaging" AND the first box called "(Any application)- Same as selecting all applications"
Additionally, select any application from the first column that you KNOW should not access internet at all (on wifi this time) --> as a bonus, doing so will block any ads from those free applications
Press the menu button and press "Apply rules" [or "save rules" the first time??] and make sure that you see "Firewall enabled" with a green line through it.
On the picture attached, you can see that I've selected the (Any application) for 3G/data instead of all except the 2 I told you. I leave it that way to block all data and when I need to send MMS, I unchecked it (and press "apply rules") for just the short time of sending the message then I re-enable it afterwards.
Any other questions? Lol - just joking I'm no Android help line hehe!
But I hope that this helped you guys; if so, you can log-in and hit that "Thanks" button here bellow: -->
Cheers
[] AL [] said:
Well, without [Wireless & networks/Mobile networks/Data enabled] checked you will will not be able to send MMS: plain and simple. You want to send a picture over your 2G phone carrier: yes there will be fees for that.
You don't want any other things to use 2G data while you send your MMS: fair enough! So now you have to learn how to do that.
So you could spend some time going through each and every application and service on your phone that might do so and disable any automatic updating: for emails, facebook, Market ads and what not... but it could be tedious.
The easiest way for you to achieve this would be to use Droidwall [like I originally referrred to above ]. In there you will find 2 modes: 1- black list that blocks selected apks to access either wifi or 3G/data and 2- white list that does the opposite.
So install Droidwall [free from Market], make sure you select black list mode on top. And oh! you need root to use this so make sure that you also click "Allow" and check the 'remember' box when you see the Superuser permission request screen the first time.
Once that is done, seleck/check everything on the second column EXCEPT "Messaging" AND the first box called "(Any application)- Same as selecting all applications"
Additionally, select any application from the first column that you KNOW should not access internet at all (on wifi this time) --> as a bonus, doing so will block any ads from those free applications
Press the menu button and press "Apply rules" [or "save rules" the first time??] and make sure that you see "Firewall enabled" with a green line through it.
On the picture attached, you can see that I've selected the (Any application) for 3G/data instead of all except the 2 I told you. I leave it that way to block all data and when I need to send MMS, I unchecked it (and press "apply rules") for just the short time of sending the message then I re-enable it afterwards.
Any other questions? Lol - just joking I'm no Android help line hehe!
But I hope that this helped you guys; if so, you can log-in and hit that "Thanks" button here bellow: -->
Cheers
Click to expand...
Click to collapse
well well,thank bro, i will try~