Hello,
today i decided to root my phone, i followed the instructions here:
https://forum.xda-developers.com/g5...to-g5-plus-t3579659/post74673573#post74673573
I did not download the firmware, just went straight to rooting, downloaded motorola drivers + magisk + twrp from those links.
After succesfully rooting my phone, i installed diskdigger, an android application to recover deleted files, upon running an scan, the app has brought back screenshots that are taken after i rooted my phone, (and before i installed diskdigger), i have ran the scan over and over and i see that it is taking screenshots every X amount of seconds, when i open different apps, browse through my conversations, i'm sure it just has a timer set on the screenshot taking... What could be doing this? Where did i get this malware? I suppose it is taking the screenshots, then sending it to a server and then deleting the screenshot instantly so i don't find out... (Which is how i came to find them through disk digger)...
As i've mentioned, screenshots are taken even before i installed any applications after root and bootloader... When i unlocked the bootloader i lost all my files, i can't even recover images i had then, so i have no way of knowing if there were screenshots even before root.
I live alone, don't have anything interesting going on my life for anyone to put something on my phone and spy on me, i bought this phone directly from amazon, new, about 2 years ago i believe.
Help? Do i lock my bootloader and unroot my phone? What can i do to wipe whatever is spying on me? As i don't think it is normal that these screenshots are appearing there... Also, some of the screenshots have errors in them, weird pixels/colors...
I ran the deep scan searching for images+videos on the diskdigger app in case anyone is wondering...
It started taking screenshots when i had not even installed my first app after rooting, so it is not an app i installed that did it.
It may not be anything malicious, as Android takes screenshots of your apps to show them in the recents menu. It could be just that.
Related
Hey guys. I hate making my first post a really noobie question but here it goes.
I just updated my rooted Xperia Play to 2.3.3 and it erased and/or re-wrote all of my system apps. I stupidly converted some of my downloaded apps into system apps using Titanium (because system apps turn red on the list. It helped me quickly figure out what was external and what was internal. Stupid, yes, and more trouble then it was actually worth.) so those apps were lost. Didn't matter, I had backups but I lost my root so I couldn't access them.
Forgetting what I used to root my phone originally I decided to use z4root after reading about it somewhere. The site I got it from is usually trust worthy but when I downloaded the file my OfficeScan (its a school bought computer) warned me of a potential virus threat. I wrote it off as just the pop-up ad and un-zipped and transferred the file to my phone. I still am not sure if it was a virus or not... Running z4root it got up to "acquiring shell root..." or something like that before kicking me back to the home screen with no change. I, again, stupidly, re-ran it several times without rebooting between each attempt. Giving up I then realized to reboot. Strangely rebooting was A LOT faster then it was usually is and I don't know if that was z4 or 2.3.3.
Anyway I remembered that I used Gingerbreak last time and re-installed that. I made several attempts with that with no change either. Too many to count, but at least more than 8. Several attempts I got a call or a text and, checking them, ended the process. 2 attempts I left running for about half an hour (I know that the instructions say it will never take more then 10 minutes) and some I ended with a battery pull after more then 10mins(as per instruction).
So I guess I have several questions:
1. How bad did I f* up, If I did so?
2. Any suggestions on how to re-root/fix it?
3. Will switching to an empty SD card, successfully rooting it, and switching back to the full card still keep the root?
4. Does an in phone factory reset work the same as flashing the same rom or will I need to actually flash that new rom?
5. If I do need to flash, where can I find a regular Play rom? Or do you have suggestions about a better rom?
6. Is the fast reboot the work of the half done, possibly a virus, z4root process or just the 2.3.3 update?
7.Lastly Was this tl and you ;dr?
Normally, I wouldn't care if there was no fix; My phone boots much faster, I didn't lose all my apps and only some apps launch a little slower then before. But I made tons of progress on Zenonia 2 and I want my back ups for that... lol.
Any help appreciated. Also thanks for putting up with a noob that's writing way to formally
1. Messing with the system apps, and not backing them up probably caused you to not have an OTA update. I'm guessing you flashed it? Not restoring anything and not doing an OTA was mistake number one. Trying to use z4root was mistake number 2.
2. Get the generic UK firmware from here http://forum.xda-developers.com/showthread.php?t=1097591
-Flash that with Bin4ry and Androxhyde's flashtool
-Put in your carrier's APN settings, configure your google account, wifi etc. etc.
-Get Gingerbreak 1.2, run it(I used Astro to open the apk, and you need uunknown sources enabled).
Gingerbreak only worked for me when I formatted an SD card right before running it. I used a spare that was lying around, not the usual one with all my data, and I suggest you do the same if you kept your titanium backups. Hopefully you'll get rooted after about 3-5 minutes. Do not mess with any apps/bloatware after you have the root.
-After you have root, go into the settings menu and start an OTA update.
You should now have 2.3.3 WITH root.
-Once the phone is updated, install Titanium Backup and start backing up your old apps from before you messed up the phone and lost root.
-At this point feel free to remove the bloatware, but make sure you back it up in titanium for later.
3. Switching SD cards won't affect root at all.
4. A factory reset will reset whatever ROM was installed last. In other words, you can't revert back to 2.3.2 with a reset, it'll just reset 2.3.3 - It's really just for wiping data and settings.
5.The regular play ROM is the UK generic I posted above. The only "better" roms are customs that you need an unlocked bootloader to install. Currently they're still buggy and in development and not worth getting unless you like incomplete ROMs with bugs, and wanna lose the ability to update normally. Both OTA updates and the Sony Ericsson Update Service will brick your phone once the bootloader's unlocked.
6. My phone was booting a bit faster after updating to 2.3.3, and became even faster after removing some bloatware.
-Root doesn't speed up the boot process.
-I highly doubt an Android phone would have a virus that makes it boot faster, it's probably just from the update.
7. No, it wasn't. No, I didn't.
Thanks for the (semi-)quick response. Been browsing around the web with this tab open, constantly refreshing like a creep. I'll try your advice soon but its like 3am, just wanted to say thanks and love your Stocking pic.
Btw is there a difference between A US, UK or CAN rom or do those even exist?
The only real differences are carrier specific apps, and some versions have different games installed.
Sent from my R800
Seems like I was to late to flash and the link to the rom you gave me may have been updated to 2.3.3 as well. I was looking for a Canada/Rodgers rom anyway but the forum search isn't turning up anything and google seems to hate me...
Help anyone?
The link was for 2.3.2 in the generic.
The only rogers rom available is for 2.3.3 so you won't be getting root without an unlocked bootloader with that one.
Just follow the directions and it should be fine.
The rogers apps are available in the android market separately.
Sent from my R800
So i have a Nook Simple Touch I was using about 9 months ago, which fell to disuse for a bit for a variety of reasons. It's running 1.1.0, and is rooted.
I dusted it off to recently give it some more use again, and wanted to update some of the apps, but discovered that the Market doesn't seem to work anymore - I know it used to, but now, whenever I try to download anything, I get a dialog: "Download Errror: Download was unsuccessful, please try again." I've waited an extra day, as I remember that was originally necessary to complete the registration process, but still nothing. Searching (with Market Search) works, even for things I haven't looked up before, and it still recognizes my account, as I see my email, though I noticed that the Nook Touch doesn't get listed in the Google Play Store under devices.
Any ideas what might be going wrong here, or things to try? I'm also willing to upgrade to a newer firmware (1.2.1), but am not sure of the best method to update a rooted device. I can pull it into a separate post, but I'll include it here for now:
I'm sure I'l have to root again, but Is it possible to upgrade the rooted device and then simply re-root, or will I lose everything I've installed? Is it just better to wipe, update and re-root? If so, is there any convenient way to keep all of my settings?
Thanks!
mrgygar said:
So i have a Nook Simple Touch I was using about 9 months ago, which fell to disuse for a bit for a variety of reasons. It's running 1.1.0, and is rooted.
I dusted it off to recently give it some more use again, and wanted to update some of the apps, but discovered that the Market doesn't seem to work anymore - I know it used to, but now, whenever I try to download anything, I get a dialog: "Download Errror: Download was unsuccessful, please try again." I've waited an extra day, as I remember that was originally necessary to complete the registration process, but still nothing. Searching (with Market Search) works, even for things I haven't looked up before, and it still recognizes my account, as I see my email, though I noticed that the Nook Touch doesn't get listed in the Google Play Store under devices.
Any ideas what might be going wrong here, or things to try? I'm also willing to upgrade to a newer firmware (1.2.1), but am not sure of the best method to update a rooted device. I can pull it into a separate post, but I'll include it here for now:
I'm sure I'l have to root again, but Is it possible to upgrade the rooted device and then simply re-root, or will I lose everything I've installed? Is it just better to wipe, update and re-root? If so, is there any convenient way to keep all of my settings?
Thanks!
Click to expand...
Click to collapse
Sad, no one wants to reply. Or perhaps no one knows.
Did a backup, and experimented. I couldn't update directly, so I wiped back to a stock ROM, and upgraded to 1.2.1. Rooted with ManualNooter, and the market worked. So I have no idea what was going on, but it works now. Sadly, a computer accident made me lose my backups (including unrooted images). But at least I've got something functional.
I am currently in the same boat with my NST (BNRV300) running rooted 1.1.2. I last installed and/or updated some Market apps successfully perhaps about a year ago, and have not made any other change to the Nook, so I am at a lost as to what might be the cause. Any pointers would be greatly appreciated.
For now, my workaround this problem is to download the desired app's apk file from an alternate source (e.g., APKPure) then side-load it onto the NST.
My guess would be that somehow your authtication with Google has been lost on the device.
If you go to the PlayStore on a computer do you see your NST listed as a device, and if so, when you select an app that way does it eventually appear on your NST?
Sent from my NST
nmyshkin said:
My guess would be that somehow your authtication with Google has been lost on the device.
If you go to the PlayStore on a computer do you see your NST listed as a device, and if so, when you select an app that way does it eventually appear on your NST?
Click to expand...
Click to collapse
I think you are right -- my NST credential with the Playstore must have expired or more likely become invalid when I changed my password on my Gmail account.
If so I can't figure out how to re-validate the credential: I recall entering my Google login/password via the YouTube app during the course of rooting my NST using the MinimalTouch tool's 2-phase process, but now I can't even get the YouTube app to start (error message: ... problem starting up, please check your network connection and system time).
Look here
I responded to a related issue awhile back. Not sure if the info at the link might kick-start the signing in process.
Thanks for the pointer.
I decided to go the route of "factory reset, upgrade to 1.2.1 and re-root using Nook Manager", as simply re-rooting 1.1.2 using the old tool (Minimal Touch) is tedious & somewhat error-prone -- plus I'd like to try out 1.2.1.
That was what I would usually suggest but the farther I have gotten from that "day 1", the less likely I am to take/offer the same advice. I've made so many modifications at this point I don't think I'd ever get it back to its present state! Back up early and often...and, apparently, access the Market every so often, even if you don't want anything.
Good luck!
Here's a little background to my dilemma.
I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.
So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?
I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.
So, does anyone have any thoughts on the safety of the phone?
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/showthread.php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
ronjwright said:
I would say that as long as you have factory reset the phone and the app didn't somehow install itself in the /system partition, your phone should be okay, since a factory reset effectively wipes away everything in /data and /cache. But I wouldn't trust Kingo, because many users in the past have reported that it presumably installs spy software on your phone (which collects IMEIs and other sensitive data and sends them unencrypted to China), and it is very likely that the app that you have described here is spy software. (So far, no one has reported anything suspicious in the /system partition, at least according to the thread at http://forum.xda-developers.com/showthread.php?t=2518829.) I noticed you have taken precautions by not connecting the phone to the Internet, so you are safe.
Click to expand...
Click to collapse
Yeah. I see a ton of debates about the integrity of Kingo...I know that I'll never use it again.
You should be concerned about any mysterious PP....
Sent from my SM-N900V using Tapatalk
I also agree that you should ensure that you wipe all partitions, and SD card to be safe from Safestrap. Go in there and do an Advanced Wipe, checkmarking:
/data
/cache
/system
dalvik-cache
internal sd card
I'd even go a step further and Odin it just to make sure its squeaky clean.
Sent from my SM-N900V using XDA Premium HD app
ouch1976 said:
Here's a little background to my dilemma.
I bought a used Note 3 running 4.3 / MJE. It has never been rooted as far as I can tell. It has a clean ESN according to Swappa. I never activated it, never connected it to a Wifi network, and never put my sim in it. It was factory reset and the first thing I wanted to do was root it.
So, I downloaded Kingo 1.1.6 from the first link that Google provided (I don't know if I can reference the site) and I ran the program. Root was successful! I then installed SafeStrap, and finally flashed SuperSU from recovery. Everything looked great, but...next to SuperSU in my app drawer was an app that I never saw before. It was a green icon with what looked like two white letter P's in it. Stupidly, I clicked on the app and it opened some sort of Chinese thing. I immediately backed out of the app and uninstalled it. I then factory reset the device. Root and recovery are maintained. And now there is no sign of the mysterious app. But I'm still freaked out about it. Was it some Chinese spyware? Keylogger? Or something more innocent? Do you think it's completely gone or is it possible that it has hidden files somewhere on the device?
I've uninstalled Kingo from my PC and ran several scans of the computer which have turned up nothing unusual. But I still haven't connected the phone to any Wifi or cell networks nor have I entered any personal information on the device. I'm itching to use the device, but I'm nervous about any malware on it.
So, does anyone have any thoughts on the safety of the phone?
Click to expand...
Click to collapse
It is a app that is normally removed in the final moments of the kingo root session. its happened a few times when I used kingo. Disable data on your note and make sure your pc firewall is strict with kingo so u can keep your data private.
I trust kingo, from what i understand the PP app is a exploit through the camera that uses the chinese code to gain root access
I've had my Note 4 for a while and after a few Lollipop update incidents I finally after a lot of hesitation decided to root my phone (with the TWRP bootloader) and disable the update notifier. Since then, I've always stuck to the latest stock version of KitKat 4.4.4.
Since I've rooted my phone, I made the following modifications that require root priviliges: I installed XPrivacy mod, YouTube AdAway mod, NoSafeVolumeWarning mod, PlayPermissionsExposed mod, and CrappaLinks mod for the Xposed framework. I also installed Titanium backup to freeze/uninstall the updater and AdAway. After XPosed was installed I had to change a line in /system/build.prop to 'ro.securestorage.support=false' to make 'S Health' work again. I did that with the 'FX' app.
That's it, I had made no more modifications and the phone seemed to work quite well for a month or so.
Two days ago I decided to try out Instagram, I've been quite wary with social apps but figured Instagram shouldn't hurt and everything was fine. Then I installed a bunch of dating apps, I started with Match.com and Tinder. Tinder didn't work because it required FB and Match didn't work because it refused to, probably because of denied permissions with XPrivacy so I gave up on them and uninstalled them.
But I also installed OkCupid and Motesplatsen and enjoyed playing around with these apps. They didn't seem to interfere with XPrivacy and worked rather fine. Motesplatsen was rather intense with sending me notifications of girls who watched my profile and sent me (rather strange) messages whereas OkCupid was rather calm.
Then something strange happened.
Yesterday I started noticing that the battery was draining considerably faster than normal during normal day. It was almost empty whereas it usually is half full after a full day, I also noticed that the phone was unusually warm. I forgot to put it on the charger and woke up today with a dead phone. I put it on charge and after about an hour the battery was full again.
When I tried to turn on the phone it was stuck on boot loop. I first tried disabling XPosed by "touch /data/data/de.robv.android.xposed.installer/conf/disabled" using the 'terminal' tool in the TWRP bootloader. It didn't help. I tried flushing the cache/dalvik cache but it didn't work either. Then I did a total factory reset, but that didn't work. I noticed that during boot, the phone froze so hard that it doesn't even respond to button pushes. I had to take out the battery to reboot (that's one reason why I never will buy S6).
So then I decided to flash the phone with stock KitKat once again using Odin and that finally restored the phone.
Now, here's one of my questions, how can things go so bad with a phone that not even a factory reset will fix it? We're talking stock firmware here, albeit it is rooted.
What boot logs could be worth looking into when such a thing occurs and what is the easiest way to extract them? The terminal tool in the bootloader seems promising, plus I saw a 'copy log to SD' option which I neglected this time.
I'm puzzled, does anyone know what happened? I made no root modifications in the process of installing these apps and they don't advertise themselves as needing root privileges. How can a seemingly inconspicuous app directly from Google play **** a phone up like that?
Hi all,
After several annoying months of OTA boot loops, manual installations, and having to re-root my Marshmallow player, last month I finally installed Flashfire so I can do the monthly OTAs and stay rooted. I also switched back to stock recovery, if that helps to know. The bot on its side this morning was my first clue the patch had come out, so I rebooted the player and fired up Flashfire, which immediately sensed the update and asked if I would like to generate the actions to install it. I'm thrilled this is proceeding perfectly according to plan until I select OK and Flashfire crashes. Every time.
Chainfire would like to see the crash log if a post is needed in the Flashfire thread. Where might I find that? Every "logs" folder I've come across is empty. I have full-data logging enabled in SuperSU, but I'm also unsure where that file would be stored. Clearly I'm log-challenged.
I wouldn't mind staying that way if someone reading this might know what the trouble is to begin with. Thanks a bunch!
According to the Flashfire thread:
The log file can be found at /sdcard/FlashFire/lastlog on your device.
Click to expand...
Click to collapse
This location simply does not exist in my Nexus Player. Maybe I should have specified that in my original post, but I will now for anyone else who has the same problem and thinks they're going blind. Since no one in this particular forum seems to know where any other system activity logs are stored, I went on to the next suggestion, which is to use the Syslog app. Of course this has to be sideloaded, since the PlayStore thinks it isn't compatible with the Player. If the lack of easy navigation with a remote control is the reason for that verdict, they'd be right; yet I've managed to collect some data that I'm going to post over there in the hope it can be figured out why Flashfire becomes Crashfire upon attempting to do the OTA.
If anyone wants to know how it goes, you can find my post here. Wish me luck! :fingers-crossed: