# "Master Key" vulnerability fix



## joeblow789

Edit- Three separate Master Key fixes have been added to the 1st three posts of this thread. Pick your poison:

I stumbled across this ReKey app recently that apparently is a workaround for the "Master Key" vulnerability. May be nice for those still running an unpatched rooted Gingerbread ROM on older devices.

https://play.google.com/store/apps/details?id=io.rekey.rekey

Some discussion here:

http://android.stackexchange.com/questions/49777/does-it-really-work-rekey-app-claims-to-protect-agains-master-key-vulnerabiliti

Anybody else using it or have any thoughts?


----------



## joeblow789

I couldn't get ReKey to work on my D2, but Xposed for GB did work:

http://rootzwiki.com/topic/108442-xposed-framework-for-gingerbread/


----------



## joeblow789

OK,* NEW & IMPROVED*, here's probably the best & most efficient way to patch all currently known Master Key vulnerabilities on a Gingerbread Droid 2. It's a customized & CWM flashable core.jar that covers Bugs 8219321, 9695860, and the newest 9950697, courtesy of Mr.Its at XDA (you should go there & hit thanks on his posts). Technically, it's only intended for Taichi's 20121215 "Euroskank" D2 build, but I also successfully applied it to Nis/Spitemare's 20120611 & 20120719 Droid 2 builds. As always, what YOU do with YOUR device is ENTIRELY YOUR RESPONSIBILITY, so *NO WHINING*! Honestly, though, just have a good nandroid backup & be prepared to SBF if necessary, but it should be stupid simple.

*Details for the technically inclined:*
Vulnerability details are summarized in the OP here. The first Master Key vulnerability is patched in CM7 source, but you have to build your own ROM to get that. According to *liudongmiao* on XDA, the second vulnerability doesn't apply to GB. The newest vulnerability has not & presumably will not be patched in CM7, but Mr.Its worked with Tungstwenty to get it figured out for his ROM & graciously offered to patch Taichi's as well.
http://forum.xda-developers.com/showpost.php?p=47279012&postcount=152

*FAQ:*


Where are the files? Patience, grasshopper.
Do I have to be rooted? Yes, and you should either read & learn much more about your device, or just trade it in for an iPhone.
How do I know if it's working? A good vulnerability scanner will tell you. Also, these proof-of-concept apks will fail to install. Scan & test before & after so you can see the difference.
Why should I use Taichi's Euroskank D2 build instead of the one I'm currently using? Because it's the tits & I don't think anybody's made/shared a newer better one with the same tweaks/mods.
But Cyanogenmod has one from March 2013? I said newer AND better.
Will it work for other CM7 D2 Gingerbread builds? Based on my experience, maybe, but remember- NO WHINING!
Will it work for similar Gingerbread devices like the D2G, DX, or Milestone? Don't know, don't count on it, but feel free to give it a shot if you understand the NO WHINING rule.
What if I'm running some sort of Gummy/Apex/ICS/whatever kang? See above.
Why do you keep typing Gingerbread like it's something important- my Froyo kerneled D2 works fine! Facepalm.
Why is the new core.jar smaller than my old one? Mr.Its says he also cleaned up some unnecessary debugging info while he was in there.
Why not just use Xposed? You can, but Xposed was a little laggy on my phone & I couldn't get the newest Xposed Master Key patch to work (it said it was working, but failed testing). Using the prior GB ported Xposed patch still leaves Bug 9950697 unpatched (*liudongmiao* has updated his GB port of Xposed to fix this). However, patching core.jar directly is way more elegant, efficient, & robust.

*What if I run PDroid?* Good question, grasshopper, glad to see you're paying attention. Well, PDroid also changes core.jar, so to be thorough you should:

Backup your PDroid settings
Uninstall the PDroid app
Flash the RESTORE zip you created when you made your PDroid patch
Download the Master Key flashable patch zip to your PC
Extract the new core.jar to your PC
Copy the new core.jar to the /system/framework folder of your ROM zip on your PC. Don't unzip the ROM, just open it with a program like 7-zip and drag & drop core.jar.
Make a new PDroid patch from your modified ROM
Now your PDroid patch also contains the Master Key patches, so flash, restore apk & settings, enjoy.
Alternately, I guess you can just make & extract a new PDroid+MasterKey core.jar, copy it into the Master Key flashable zip, and flash just that. But it's your phone & either way, you need to make a new PDroid patch using the new core.jar. (I have used step 9 by itself, and it does seem to work.)

*I've uploaded all the relevant files here, including:*


The stand alone flashable zip containing the Master Key patched core.jar
The 3 unpatched ROMs I mentioned above for anyone wanting to start fresh. Folks going this route can just copy the new core.jar to the zipped ROM's framework folder, but then it WILL fail the MD5 check on install, so just toggle that verification off in CWM recovery.
If you fail the kernel check while flashing one of the complete ROMs, either you're a noob on Froyo, or you're running the latest 2.3.4 / 4.5.621 Gingerbread D2 update. If you're on .621, see the KernelCheckMods zip.
If you just skipped down here without reading, you should take one last loving glance at all your "participant" trophies and appreciate how life may be about to teach you a valuable lesson.

Although there's NO WHINING for problems YOU cause, do feel free to post success/failure/questions/manifestos/etc.

Edit: clarified details of the 3 MK vulnerabilities.


----------



## jhb04jhb04

As a current Droid 2 user, I just want to say thank you for your update! I know many developers have moved on to bigger and better phones, but my Droid 2 is tough and refuses to die! Though I appreciate the developers who did an awesome job bringing ICS to the Droid 2, I am back to Spitemare's CM7 build, which gives me Netflix, a stable camera/videocamera, and a long battery life. I would love to see KitKat find it's way to the Droid 2 but if not, I am happy with the roms that were created for the Droid 2. Thank you again for the update! I really appreciate it!


----------



## joeblow789

Yup, love my D2, it's features, and the stability of GB on it. Don't hold your breath for KitKat though, that'd be harder than ICS and like you said, ICS never quite got all the kinks out & most devs have moved on. Anyway, let us know if any of these patches give you trouble.


----------



## jhb04jhb04

This is bizarre. In CWM, when I attempt to 'install rom from sdcard', the roms get stuck on "installing update". My D2 is on the .621 kernel so I first started with the 'KernelCheckedMods' zip, when it froze, I made sure my sdcard is mounted within CWM, I am on the latest recovery version, I even removed and reinstalled ROM Manager but I'm still getting the same result. Next, I attempted to flash the other roms on your download page by removing the kernel check, again same result. I figured it must be my D2, so I figured I would flash a completely different D2 rom (LiquidICSv1.62) from rootzwiki just to make sure it's not my phone, it flashed with no problem. I haven't tried the stand-alone patch, because I wanted a fresh start with the 201207019 or Euroskank build. I will attempt the stand alone patch tomorrow. Am I missing something? Perhaps, my noob-ness is getting in the way. Anyways, I thought I'd let you know.


----------



## joeblow789

Just to be sure, you're not trying to flash the "KernelCheckMods" zip, are you? I should probably rename that to make it more clear, but it's just instructions on how to remove the kernel check. Also, I've never flashed any ICS ROM, so not sure on if there's any special steps necessary to go back to pure GB, but I wouldn't think so since the D2's kernel is locked. At a minimum, I would verify the MD5 of the ROM matches what's listed on the MD5.txt file, wipe cache & Dalvik, and then flash the ROM. Worst case, themib (AKA sd_shadow) has some .621 ROMs with the kernel check already removed. He's got Taichi's Euroskank listed there, but I'm pretty sure it does have the kernel check, I'll have to check later when I get a chance. He's got tons of other good info in there, too, certainly worth a read when you've got time to kill.


----------



## themib

my link to Taichi's rom

just goes to your post http://rootzwiki.com/topic/2895-dev-threaddroid-2-cm7-with-gingerbread-kernel/page-474#entry1057255

I haven't tried yet, added it a few days ago, but didn't think about a kernel check,, the rest should be good though.



> certainly worth a read when you've got time to kill.


and a beer

edit: removed kernel check from Taichi's rom, and uploaded, link in my list.


----------



## jhb04jhb04

joeblow789 - Lol, I did mistake the "KernalCheckMods" zip as a flashable rom! Yeah..I'm a dork! But I still attempted to flash the other zips on the download page and was CWM was still freezing during the installation process. I could've reverted back to my nandroid backup based on my CM7 Spitemare build, but it was bugging me that CWM was freezing so I wanted to pick another rom to see if I would have the same issue. I chose that particular ICS rom because I flashed it in the past with no problems.

I am definitely familiar with sdshadow's resources. His work and collection of vital information has proven to be a valuable resource. In fact, he taught me how to remove a kernal check on a rom!

Needless to say, I was pleasantly surprised to see that he also responded and added the Taichi's rom with the removed kernel to his list. I was able to successfully flash it to my phone. Looking back, I believe I probably didn't remove the kernel check correctly because I had no problems flashing the zip from sdshadow's list.

joeblow789 & sdshadow, I want to tell you both how much I appreciate what you have done. I admire the camaraderie within this community and appreciate how quick you are to impart your wisdom and skills with noobs like me!


----------



## joeblow789

Glad to hear you got it sorted. Did you get the Master Key patch flashed & tested successfully?


----------

