Profile cover photo
Profile photo
Dagmar d'Surreal
292 followers -
Complete lunatic.
Complete lunatic.

292 followers
About
Dagmar's posts

Post is pinned.Post has attachment
Now, without further ado...

HOW A LEGITIMATE PLAYER CAN DEFEAT THE STUPID "rooted device" CHECK

Let's get something straight first off... "Rooting a phone" is and always has been a misnomer. Stop talking about it as if it's some technological v-card. It makes you sound silly. Android started using SEAndroid (Android flavoring of SELinux) contexts with 4.0 and by Android 6.0.1 they control rather a lot more than simple uids ever could. "Root", as most of you know it, is far less important than you think and is neither required nor even applicable to most things happening in your phone.

Now, that being out of the way, the new check is much easier to get around than many of you seem to think. It does not require magicsk. (which is good because I actually know what I'm doing and I was eyeing that documentation with suspicion.) This method takes about five minutes to perform, requires no special tools or extra software, and it is reversible. It only requires a "custom" recovery on your phone, like TWRP (Team Win Recovery Project), CyanogenMod Recovery (this is probably what you have if you used a Windows program to magically install CyanogenMod on your phone), or Philz Touch recovery... which you almost certainly already have installed. From a look 'round the internet, there's a whole lot of people whose phones are failing this check simply because there is an su utility installed, whether or not they've ever used it or even knew it was there. This is the big reason why Niantic's new measure was a mistake in judgment--it harms a far greater number of innocent players than it does dirty cheaters. People who've installed CyanogenMod, for example, may not even know about root let alone have ever bothered with enabling it. It just comes with the su utililty sitting in the filesystem, and that's all it takes to make Niantic's new measure declare you to be an undesireable.

The first step is very simple.

1. READ AND FOLLOW THESE INSTRUCTIONS CAREFULLY. What you're going to do is actually very easy, but you will be bypassing some things that are normally there to keep you from accidentally turning your phone into an expensive paperweight. If you don't understand what these things are and start typing in some stuff the evil leprechaun who lives in your closet told you about there will be tears.

2. Boot into the recovery environment. How you do this is between you and Google. For some phones it's a matter of booting up with certain buttons pressed, for others you'll need to use adb and issue `adb reboot recovery`, for some you'll just tell it to reboot into recovery from the reboot menu. Note to pedants: This first part is not strictly necessary, but it does establish that the user knows how to get into the recovery environment and can get into the recovery environment which is important because without it reversing these changes is not so easy.

3. Once in the recovery environment, spawn a terminal. within TWRP it's under the "Advanced" menu labeled "Terminal" which makes it hard to miss, and it's probably somewhere similar for the others (it's been awhile since I used them). You might notice that the prompt for this terminal is a "#". That's the Unix-way of indicating you are using uid 0, i.e., you are root so you need to proceed carefully. If you've any doubts, running the `id` command (don't type the backticks! ``) should clear them right up.

4. Mount the /system directory. On the vast majority of phones this is easy. Type `mount /system` and hit enter. (Again, don't type the backticks.) If everything went like it's supposed to, nothing will appear to happen.

5. Verify that su is present in the /system directory. There are two commands you can use to do this, the first one is `ls -al system/xbin/su system/bin/su` which will show you two entries on pretty much any CyanogenMod firmware, as well as a whole host of others. The second one is more complex... `find / -name su 2>/dev/null` but if you only see one entry appear from ls, try the find command because the location of the su binary is not written in stone. `echo $PATH` will show you a colon-separated list of all the places it is likely to be in, but at this point if you don't see it, stop, skip straight to step 7, and reboot your phone normally until you can contact someone more familiar with your specific firmware.

6. After verifying that su is present, rename both it and its symlink in /system/bin using the mv command like so...

mv system/bin/su system/bin/nianticfail
mv system/xbin/su system/xbin/nianticfail

7. Unmount the /system directory and reboot. The command for that is (you guessed it) `umount /system`... By the way that's not a typo, there is no 'n' in 'umount'. If you get an error message at this point, it's 99.999% certain that you didn't really pay attention to step 1 and used a cd command to change directories into /system. This is what's preventing umount from working. cd out of /system back to / and try again.

The attached image shows pretty much exactly what you should be seeing on your screen while you're in the recovery terminal. The parts you type are white, the parts the phone responds with are in 70% grey. Again, the find command is optional if ls doesn't show you what you need to see.

Note that after renaming the su binary and symlink, you will no longer be able to gain root access on your phone without going back into recovery, mounting /system again, and issuing the two mv commands with their two arguments swapped around (system/bin/nianticfail system/bin/su... oldfilename followed by newfilename, dig?). Note also that if you can't do this through recovery, but can get a terminal open on your phone and su to a root prompt you can rename the files (and reboot) that way, but you will not be able to run su again and change uids once it's been renamed to something else! (This is not dependent on suid bits!) This makes it essentially a one way operation unless you've an easy way to flash SuperSU back in.

(Edit: These instructions are primarily directed at CyanogenMod users because CyanogenMod firmwares ship with an su binary and whether or not you've ever enabled does not matter... but the focus is and always has been on "legitimate players" and the state their phones are likely to be in. This minor fix applies to more than just CyanogenMod if and only if you've not been installing a bunch of extra methods for root access. It should go without saying you'll have to uninstall those as well. Calling find will locate the su binary on other firmwares--just don't mess with one you might see under a supersu/ directory, because it doesn't impact anything)
Photo

Post has attachment
Just a couple of quick screenshots relating to this morning's update. The menu sprites should put an end to the question I kept hearing when people were looking something up in the list... "What does it look like?"

Unexpectedly it also makes things a little easier to find while I continue beating the sorting/filtering into submission.
Photo
Photo
3/21/17
2 Photos - View album

Post has attachment
Just a teaser. Those filters don't do anything yet, but about half the supporting code is in. Once they work I'll do another push and the Pokereference should become wildly faster to use.

Next up: Finding 250 little pictures to use (which will replace the Pokeball on the reference pages). ...and then putting ads back in (for non-beta users).
Photo

Post has attachment
Version 0.92.69ß has been pushed to the Play Store.

This turned out to be less trouble than I expected but it was needed. Now when you look at the Pokéreference entries for a Pokémon, you'll also see the legacy moves listed along with the rest of the moves.

This means no more puzzling over where your older
Pokémon's movesets rank in comparison to the newer ones. If you've got an older Exeggutor with Confusion, you'll be very happy to see it's still the top DPS quick attack.

Next changes... 0.93.0 will feature a heavily refactored Reference applet which should take all the time-consuming scrolling out of the way because it's really quite annoying (but still faster than accessing any website).

Photo

Post has attachment
WHAT MANNER OF WITCHCRAFT IS THIS???

Version 0.92.67ß has been pushed to the Play Store.

After several minutes of puzzled head scratching, I figured out how to get Android Studio to sign the dratted APK using the new methods. If you're having the same bizarre issue, know that you are not alone.

This is mainly a bugfix release, because a few things got left out when I last updated the data structures, but there is one new feature.

Under Settings there is now a new button for Trainer Level. Set this to your trainer's level, and various statistics on the Pokereference Entry cards will begin displaying more personalized information. At the moment, that's limited to a new "CP Range @ Level X" box showing the lowest and highest CP that particular Pokemon will have if you've maxed it out with candy. Capture rates will probably be next to change, if it turns out that the customized information is any more useful than just knowing the base capture rate (right now it doesn't appear to be).

The few things that really needed fixing were that somehow all the regional Pokemon got unflagged as actually being Regional so that's been put back (and Heracross and Corsola were added). If you're in Florida and have been wondering why it doesn't count as North America, don't blame me. On the flip side, it should now be a little clearer why you can now catch Heracross and Corsola if you're in the right parts of Florida. Also, I seem to have dropped Crobat from its evolutionary chain so that's been remedied.

The last of the weird "crumpled layout" issues being caused by a GC run have probably been killed off now.

Future changes:

Yes, I'm still working on the Rostering. Since I've been asked, it will never make anything like a direct prediction of success (because that's actually quite impossible), but what it will do is sort your rostered pokemon by which ones will do the most and take the least damage against the target (which is nearly the same thing). Also since Niantic are making claims about refactoring gym battles to suck less, this approach is less likely to immediately become obsolete if they actually do that.

Now that there's 200+ Pokemon it's also become clear that the Pokereference interface needs to be refactored. Scrolling through the list looking for a Pokemon is really annoying now and much slower than I personally find useful so... that's getting redone. A Movedex applet might get added, but since it's utility is pretty questionable, it's likely to take a backseat to in-app generation of Trainer Cards. Note that if I put in Trainer Cards I'm definitely putting the AdMob code back into play, but I'm going to be sure they don't appear on the Trainer Card screens so people will be able to share screenshots that aren't tackied up. If anyone knows of any potentially useful (and royalty free) trainer sprites that can be used for this, contact me.

Not dead. Just banging on a few minor features that it's become obvious I need to add (or can add without a big hassle).

1. Maximum CP @ Level X: Under the Settings pane is now a selector (which was more work than I care to admit) to set your trainer's level. Once this is set, looking at an entry in the Pokereference will show a new dialog, which has the maximum CP this particular Pokemon can possibly be at your level. Why at your level instead of the maximum possible level (40)? Because you can't command a Pokemon of that level or even catch one--that's why. Yes the figure will assume maximum IVs simply to be mathematically correct, not because a 4% difference in CP is going to mean anything.

2. Legacy move inclusion. This is making a bigger mess of things than I expected, and if you enjoy creating and editing a 251 element multi-dimensional array, then you are not me. I've got quite a number of Pokemon with the legacy moves, and looking at the cards to check them isn't answering the question of "Does this 'mon have the best possible moveset or should I keep fishing?" and that's a problem for me since it's one of the reasons the tool exists. Over time, this is going to kind of be a PITA to maintain unless I change the way I collect move data. Once this is in, if you've got a Pokemon with legacy moves that don't show in the movelist, just post a screenshot here (showing the moves and the pokemon name, obviously) and I'll get it squared away. Note that these will appear in the movelists just like any other move, but they will have an ominous apostrophe next to them. Long-pressing them will also mention that for this particular Pokemon, the move is a legacy move and no longer obtainable. (This is actually the thing that makes this a PITA to construct efficiently).

Thusly, a new APK will probably be pushed out tonight for feature #1 and probably again by the weekend's end for #2 depending on how large my honeydew list grows.

Post has attachment

Before you can get mired in all the bullshit in the media surrounding Wikileaks and Vault 7, let me highlight for you the one thing that actually matters because it's simply getting washed away in said bullshit.

The CIA hid vulnerabilities that could be used by hackers from other countries or governments.

This is the thing we as security researchers strongly object to. Everything else is easily dismissable because it involved the CIA and if you didn't already know they might as well be called the Department Of Dirty Tricks you should go back to watching reality TV while the grown-ups are talking. It's likely the other talking points are only being trotted out so readily because they're easily dismissable and provide a convenient smokescreen for burying the actual problem.

...which I will repeat again it so it's clear:

The CIA hid vulnerabilities that could be used by hackers from other countries or governments.

It does not matter who you are or what you're doing. It is the very definition of hubris to assume that you are the only person who might have found a vulnerability, and the height of self-delusion to think you're the only people in whose hands it can be trusted to be kept "safe". Stockpiling and weaponizing exploits will always run counter to the goal of keeping people secure.

Who can say some hostile-to-everyone-else nation hadn't already discovered these things on their own and weren't actively exploiting them for the purposes of blackmail, espionage, and/or wire fraud? Since precisely zero vendors were notified, we literally have no way to know. We thought after the last round of weaponized exploit leaks that all the "responsible security professionals" were all on the same page about this. Having gotten sign-off on the idea at the highest levels of government you'd think would have been enough. Apparently some people still require a public pantsing before clues can sink in.

Post has attachment
Who the hell thought this was a good idea?
Photo
Wait while more posts are being loaded