Holy crap did I get the most annoying trojan attempt ever!

Sit down kids, it’s time for an old man rant.

So yeah, I have one of those clients who wants to use ‘one of those’ file sharing sites. UGH.  I swear I’m to the point of just paying for an Office 365 subscription for them so I don’t have to deal with this kind of shit.  So I hit the site on my phone, then it jumps to this genchatu.top site.  Fantastic.

Then I’m alerted that my phone is 28.1% DAMAGED, and somehow my phone’s SIM card will be damaged!  Yes, it’s one of these scam sites!

Wow

Oh no, my phone apparently may be already physically damaged?  I guess this is once someone is tricked by this official Google looking image you’ll want to throw your phone against the wall.  As any user of Android will tell you updates from Google are non existent, and anything that could infect your phone, well is pretty much your problem.  You can beg the vendor, but lol, good luck.

I like to live dangerously, so yeah let’s look at the app.

Ace, alright, more like acehole!

So with this scary and official looking thing it’s trying to railroad you into “Ace Cleaner”  I don’t know how on earth they haven’t either been reported, or knocked out of the app store.  I guess Google is busy teaming up with Facebook trying to figure out how to censor the new appropriately instead of trying to squash actual scam artists.

I honestly haven’t tracked any of these ‘reviews’ to see how many are just idiots, or how many are just ballot stuffers.

Yeah, it’s a scam.

 

No backing away!

And of course you can’t just back away from the page, you get this nice thing along with something in java script that gets your phone to buzz and light up.  Thanks Google!  That’ll never get abused like the blink tag!

You have to be kidding me

Oh no, I’ve been threatened to be blocked.

How bad can this crapware be?

Oh dear.  From the application page, let’s take a look:

Version 1.1.9 can access:
Device & app history
  • retrieve running apps
  • read your Web bookmarks and history

So they know what you are running, and what bookmark’d sites you like.

Identity
  • find accounts on the device

They know WHO you are.

Contacts
  • find accounts on the device

They know WHO you KNOW.

Phone
  • read phone status and identity
Photos/Media/Files
  • access USB storage filesystem
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage

Storage

  • read the contents of your USB storage
  • modify or delete the contents of your USB storage

If you have any USB attached device, (flash drive, hard disk…) they can not only READ, but can MODIFY and DELETE the contents.  NICE!

Camera
  • take pictures and videos

I suppose an album of bewildered users would be amusing from time to time.  Also having the phone send videos of them doing various things.

Wi-Fi connection information
  • view Wi-Fi connections

Naturally they want to know about the Wi-Fi AP’s you use.

Device ID & call information
  • read phone status and identity

I guess knowing your phone charge status, and IEME #’s are good to know too.  But wow check out the next laundry list!

Other
  • bind to an accessibility service
  • update component usage statistics
  • read Home settings and shortcuts
  • write Home settings and shortcuts
  • read Home settings and shortcuts
  • write Home settings and shortcuts
  • view network connections
  • read battery statistics
  • send sticky broadcast
  • change network connectivity
  • connect and disconnect from Wi-Fi
  • delete all app cache data
  • expand/collapse status bar
  • control flashlight
  • measure app storage space
  • full network access
  • close other apps
  • run at startup
  • draw over other apps
  • control vibration
  • prevent device from sleeping
  • modify system settings
  • write web bookmarks and history
  • install shortcuts
  • uninstall shortcuts

Read / Write the home page, guess who you’ll be visiting quite often?  Checking out your network, and say if you are somewhere where they want to upload a video, if they KNOW a WiFi network in the area they can have your phone join it, record you, upload it, and drop.  Yeah great!  I also like the drawing over other apps, that way you may THINK you are running another app, but they are just watching what you are doing.  And maybe they’ll pass control down, maybe not.

I suppose it may be fun too if they have a subscription service, to buzz and turn on the camera flash to warn you that you got infected once your subscription lapsed, so you better pay up!

Absolutely deplorable!

Where to go from here?

Seriously how do companies like this survive?  I guess quite well.  I guess I’m just more amazed by Google’s complacency in all of this.  But at the same time they are an ADVERTISING COMPANY, and I’m the product, Android is just the TV programme to get me to watch their annoying ads.  And considering their track record with illegal pharmacies, I guess it really is no surprise.

The truth is that no doubt that this kind of thing is just too profitable.  And people will just fall time and time again for this trap.

Building SDL2 for Android

Phew is this rather involved.  First you need to download over a gigabytes worth of files. For something that is going to be embedded you need a MASSIVE amount of space.

You need:

I went ahead and installed the JDK in a normal directory,  The same went for the Android SDK.  The NDK is a 7zip file, that I went ahead and put at the root of my C drive because I’m that kind of guy.  Next I unpacked ant into the NDK directory, and SDL.  For SDL be sure to use some command line or other unzip tool that makes sure that the text files are translated appropriately, otherwise they are impossible to read in good editing tools, like notepad.

cd C:\android-ndk-r10d\
unzip -aa \Downloads\SDL2-2.0.3.zip
unzip \Downloads\apache-ant-1.9.4-bin.zip

Now to stage the project directory.  The ‘Android project’ that we are going to build out of is *INSIDE* the SDL archive.  And SDL needs to be inside the project directory, so we xcopy out the bits we need.

md proj
cd proj
xcopy ..\SDL2-2.0.3\android-project\*.* . /e/s
md jni\sdl
xcopy ..\SDL2-2.0.3\*.* jni\sdl /e/s

Now we need to set some environment variables.  Again this is where my stuff is, yours may be different.

set NDK_ROOT=C:\android-ndk-r10d
set ANDROID_HOME=”C:\Program Files (x86)\Android\android-sdk\”
set PATH=%NDK_ROOT%\apache-ant-1.9.4\bin;”C:\Program Files\Java\jdk1.7.0_79\bin”;%ANDROID_HOME%\tools;%ANDROID_HOME%\platform-tools;%PATH%

Now we need to edit the jni\src\Android.mk and point it to your sources.  In this case I’m using dinomage.com‘s simple main.c &  image.bmp as I haven’t written anything exciting yet. Change YourSourceHere.c, to main.c

Now copy in the image.bmp file into the assets directory:

md assets
copy image.bmp assets

Now we can fire up the native compiler tools, and by default it’ll compile for ARM thumb, ARM v7a, and x86

..\ndk-build

Now for the java.  Android is a java platform, so now we have to compile the wrapper that calls our C/C++ code.  First we have to set what version of Android we are compiling for:

android update project –path . –subprojects -t 12

And now we compile with ‘ant’ by typing in:

ant debug

And if all goes well you’ll get:

BUILD SUCCESSFUL
Total time: 2 seconds

Now to run the program, we can fire up one of the emulators (you will have to configure one no doubt) using AVD.  I just clicked around, and picked something that’d launch.  The shell seems to crash a lot, but otherwise yeah.

Now to upload our application to the emulator once it is running:

ant debug install

And if all goes well, you’ll see:

install:
[echo] Installing C:\android-ndk-r10d\proj\bin\SDLActivity-debug.apk onto d
efault emulator or device…
[exec] pkg: /data/local/tmp/SDLActivity-debug.apk
[exec] Success
[exec] rm failed for -f, Read-only file system
[exec] 1985 KB/s (1028625 bytes in 0.506s)

BUILD SUCCESSFUL
Total time: 5 seconds

And on my first shot at running, it crashed.

Unfortunately SDL App has stopped
Unfortunately SDL App has stopped

Using ‘adb logcat’ on the emulator I was able to find this line:

java.lang.UnsatisfiedLinkError: dlopen failed: cannot locate symbol “signal” referenced by “libSDL2.so”…

Well it turns out signal was an inline function until platform android-21, now it’s not inline anymore. When you use the ndk r10, android-21 is used by default but it’s not fully retro-compatible with devices running former Android versions. In this case, signal can’t be found on the emulator. (It did run properly on my Lollipop phone).

Fixing this is simple just edit jni\Application.mk and add in the APP_PLATFORM line:

# Uncomment this if you’re using STL in your project
# See CPLUSPLUS-SUPPORT.html in the NDK documentation for more information
# APP_STL := stlport_static
APP_PLATFORM := android-12
APP_ABI := armeabi armeabi-v7a x86

Re-compile with ndk-build, and re-upload with ant then you are good to go.

working
working

I grabbed, and borrowed some phones around the office, including an x86 phone and yeah it works!

SDL2 test!
SDL2 test!

I haven’t even tried to cross build libraries on Windows… I suspect I should be doing this on OS X or Linux.

Updating a Toshiba T-01D Android phone to

First you’ll need to download the last version of Android, 4.03 right here.  This will step you up to build V11R42A.

I think you need the ‘version upgrade package‘, although I wound up kicking it via the bootloader.  Also you have to unzip the 600+MB download, and place it on a SD card on the phone.  Even though the image will fit into RAM on a zapped set, it’s really picky about reading it from flash.

Now because I’m not in Japan, I had to kick the installer off by shutting down the phone, then turning it back on while holding down the menu & back buttons on the phone.

T-01D upgrading itself.
T-01D upgrading itself.

Granted Android 4.0.3 isn’t exactly modern, but it’s a lot better than 2.3!  And for what it’s worth, it sure feels a lot more solid after the upgrade.

Look at all the runtime!
Look at all the runtime!

Having used the phone after the upgrade, it’s faster and the battery life is VASTLY improved.  If you are unfortunate to have owned one of these phones (or feel unfortunate at it’s 12 hour max lifespan) do yourself a favor and upgrade!