Instant fix app for Exynos Mem Abuse vulnerability, no root required, reversible

Earlier today, talented developer alephzain described a security vulnerability affecting most if not all Exynos 4 devices, which represent dozen of millions gadget out there.

Unfortunately he also released a working exploit with complete source code before the various vendors affected (Samsung, Meizu and surely others) were made aware of it, leading to a severe security issue without accessible fix for now.

I wrote then an application to circumvent the issue while manufacturer patch the security hole and publish OTA updates.

However, please note its a partial fix that cannot secure completely your device which is to date impossible without modifying it − an operation that will stop the ability to install OTAs without an external tool.

That’s why I would still recommend to consider Chainfire’s solution linked below.

Characteristics of this app:

  • Works on any device, let you know if your system is vulnerable
  • Doesn’t require root to apply the fix
  • Doesn’t modify your system, copy files or flash anything
  • Fix can be enabled or disable at will
  • Free of charge

Limitations:

  • Break proper function of the Front camera on some Galaxy S III and Galaxy Note II Samsung official firmwares when activated.
    Workaround: enable HDR or Low light photography camera mode. Both blend multiple exposures.
  • Might alter MHL/HDMI output functions on some devices (not confirmed)
  • Cannot protect efficiently against some potential attacks (typically, on boot).
    The real fix by manufacturers or some carefully written custom kernels will indeed be the only true solutions to this vulnerability − and won’t introduce any feature regression like this one does with some firmwares on cameras.
  • Comes without any kind of support or warranty.

 

Fix disabled on a GT-I9300 Galaxy S III

Fix disabled on a GT-I9300 Galaxy S III

Fix enabled on a GT-I9300 Galaxy S III

Fix enabled on a GT-I9300 Galaxy S III

Download link:

version 0.9

  • Circumvent a random behavior nature in the exploit and try harder in case of initial failure to apply the fix at boot.
    Recommended update.

version 0.8

  • Notify the user in case the application was unable, for any reason, to apply the fix (you need to enable it manually then)
    Recommended update.

version 0.7

version 0.6

  • Minor: remove unused asset to reduce application size of 16kB.

version 0.5

  • Add camera HDR or Low Light capture modes workaround tip in fix description.

version 0.4

  • Add missing Internet permissions for Flurry analytics:
    I will likely share installation figures with my Samsung security contacts, so they get an idea of the interest generated by this kind of early fix.
  • Clarify apply on boot limitations.

version 0.3

  • Increase the chances to run early at boot.
  • Improve descriptions.

version 0.2

  • Fix link to this page inside the app.

First version, 0.1

Notes:

  • There’s an XDA-forums thread for feedback.
  • Chainfire made an app easily rooting your device instead (this app has no relation with rooting whatsoever)
    Credits to him too as it was fun sharing mind when reading the exploit earlier today.
  • Redistribution of this APK outside of this web page is forbidden, please link this web page directly that I’ll keep updated.
  • This application is not released on Google Play because it use the vulnerability itself as test and tool to protect against itself (yes ^^)

DEA Factory MyPlay gaming tablet audio and display observations

Release of Archos GamePad tablet based on a RockChip dual core 1.6 GHz SoC with 4-core Mali 400 MP made me curious about this kind of hardware.

Archos tablet is announced at a price point of 149€ with Jelly Bean, 8GB of total storage and an interesting physical button mapping tool.Thanks to Jean Luc Castellani, JBmm.fr author, I had a glimpses of what’s inside this one after he sent me a Voodoo Report.

Yesterday I saw something similar but priced at 99.99€ instead as I was running errands in a French Leclerc general store: the DEA Factory MyPlay

DEA My Play tablet99.99€, possibility to return it during 7 days (no re-stocking fee). Sold!

Honestly I was first surprised it was working properly as I was expecting much worse for such a cheap price. So I was quite impressed by the fact it’s a complete device.
I won’t make a full review here but just observations, de-facto incomplete.

Things I liked:

  • Working and configurable HDMI output
  • Okay headphone audio quality: not outstanding but surprisingly better than many pricier devices on market.
  • Reasonably low weight
  • Pre-rooted: that my friend is really lovely. Su binary present and insecure adb.
  • It has Google Play store, and.. well, it works!
  • Hardware is weak but the software probably makes most of it already: very close to AOSP, good quality port, no glaring problem.
  • Not very sensitive but okay multi touch capacitive digitizer.
  • Out of the box USB host capability and connection cable.

Things I disliked:

  • Display:
    • Mirror effect, reflectance is quite high
    • Viewing angles, well yes it’s a TN panel, I’m not used to that anymore
    • Highly visible sub-pixel grain, plane surfaces appearing as an uneven RGB matrix varying in its appearance with viewing angle.
    • 44 Hz refresh rate on the panel instead of standard 60 Hz.
    • Poor color calibration with a strong blue cast and clipping in blue channel.
  • General slowness and lag mostly due to poor I/O performance leading to the device becoming barely usable at times.
  • Audio / Video de-synchronization on HDMI, annoying when playing videos.
  • Not a powerful gaming platform:
    • Weak CPU: announced as 1.5 GHz Cortex A8 but runs at 1 GHz max.
    • Weak GPU: Mali 400, yes but its slowest single-core implementation, not comparable to Archos GamePad quad-core Mali 400MP.

Audio measurements:

Like I said audio is quite decent when you plug headphones. The audio codec is not named by its driver so I don’t know exactly what’s inside.

THD values are low, and IMD+Noise stay reasonable as well unless you increase the output volume which leads to no obvious distortion but still an audible loss in quality when driving high quality low distortion headphones like Sennheiser HD 650.

Jitter is present but typically not audible, there’s no resampling artifacts either and frequency response is quite flat. If I bought this device it was also to measure how an Android device made of as cheap as it gets components was doing in the audio department and once again I’m observing price is not an indicator of audio quality.

Hiss, tested with very sensitive isolating Sennheiser SE535 in-ears is audible but okay. With some ALSA hacking the amp becomes almost black with no audible noise. Once again this is something many device sold at much higher price are unable to do.

Maximum volume is also quite loud (sorry no measurements here) and I doubt you’ll be lacking here with any kind of headphones.

RMAA measurements results for a comparison between Android volumes

I would recommend choosing volume 12 or 13 as line-out level if you plug an external amplifier.

Display measurements:

One good point is contrast ratio, at 920:1. Everything else is pretty unimpressive.

 

This is why this display appears blueish, even more than its white point suggests.

This is why this display appears blueish, even more than its white point suggests.

Reasonable Gamut for a low cost tablet, but white points and saturations are all over the place.

Reasonable Gamut for a low cost tablet, but white points and saturations are all over the place.

No black clipping

No black clipping

Noticeable highlights clipping especially on blue channel

Noticeable highlights clipping especially on blue channel

Blue is is not quite at the level it should for a 6500K white point, and not linear either.

Blue is is not quite at the level it should for a 6500K white point, and not linear either.

Very blueish appearance

Very blueish appearance

And of course the gamma value increase (darker) then some colors are inverted when looking from below the ideal viewing angle and and decrease (brighter) when looking from upper.

Some more images:

DEA Factory MyPlay Quadrant score

Quadrant score

DEA Factory MyPlay HDMI Settings.1024x600 UI is scaled to the output resolution, video surfaces are treated separately: a 1080p video will be shown with 1:1 pixel mapping on 1080p HDMI settings.

HDMI Settings.
1024×600 UI is scaled to the output resolution, video surfaces are treated separately: a 1080p video will be shown with 1:1 pixel mapping on 1080p HDMI settings.

DEA Factory MyPlay Battery usage when playing a 720p video from a DNLA server on Wi-Fi, at about 70% brightness level.That's about 3x 45minutes episodes watched in a row.

Battery usage when playing a 720p video from a DNLA server on Wi-Fi, at about 70% brightness level.
That’s about 3x 45minutes episodes watched in a row.

DEA Factory MyPlay display RGB grain, see fullsize to have the best idea of how it looks in person.

DEA Factory MyPlay display RGB grain, see fullsize to have the best idea of how it looks in person.