Running with Android Oreo

I was curious about Android 8.1’s Neural Network API, so I upgraded my from Oxygen OS 5.02 to OmniRom.

After 2 days on it, I realized that the apps must be able to support the API and I wasn’t even sure if the stock camera app is able to do any machine learning.

Then stuff started breaking. The first thing I noticed was Llama stopped detecting the cells stations, which means no profiles and actions were activated. Whatsapp replies using Pushbullet don’t get posted. Strangely Pushbullet’s messages work. A reinstall of Pushbullet restored all functionality.

That leaves Llama. The lost of this functionality was grinding on me, so I installed E-robot to take over. Surprise surprise, it could not consistently read the cell information too. I thought maybe it is the OmniRom, not me. I flashed NitrogenOS, an Android Oreo build that is in part based on OmniRom. Everything came back. Llama is back to work, toiling silently in the background, turning on and off WiFi, changing sound profiles.

NitrogenOS is not without its faults. Some builds have a strange behaviour that I am trying to figure out.  The annoying bit is the /data partition is now encrypted.

Android Oreo is not without its quirks.  The Battery History Details screen is now highly summarized.  The cell, WiFi, Awake graphical info is no longer available.  These are all summarized as figures.

At least I am having Feb 18 security updates.

OnePlus 3T and DM_Verity

I was editing the OnePlus 3T build.prop file when I encountered the DM-verity warning.  This is part of the verified boot process.  More details can be read here.

There were several posts to use the following to turn off and turn on DM-verity as a reset.  Unfortunately, that only gives an error, “FAILED remote:unknown command”

fastboot oem disable_dm_verity

fastboot oem enable_dm_verity

After some searching, some on recommended,

adb reboot “dm-verity enforcing”

That caused the device to restart.

I have found by accident, even with the dm_verity error, if I don’t do anything the phone eventually boot.

Notable Security Vulnerabilities for 2017

2017 has been an exciting time for discovering security vulnerabilities.  There are some that hold your companies assets to ransom. Others can be career ending.  So I thought to compile a list to keep track.

Remember there is still 2 more months till the end of the year!

  1. Teamviewer (2 or 3?) 20170218 https://www.reddit.com/r/teamviewer/comments/5us6th/has_teamviewer_12_been_hacked/
  2. Apache Struts2 Jakarta Multipart Parser File Upload Code Execution 20170309  https://www.theregister.co.uk/2017/03/09/apache_under_attack_patch_for_zero_day_available/
  3. WannaCry 20170512 https://en.wikipedia.org/wiki/WannaCry_ransomware_attack .  This comes with love from NSA’s  EternalBlue exploit
  4. Petya / NonPetya 20170627 https://en.wikipedia.org/wiki/Petya_(malware)
  5. BlueBorne BlueTooth 20170912 https://www.armis.com/blueborne/
  6. Apache Struts RCE 20170912 http://hehackernews.com/2017/09/equifax-apache-struts.html  This is the one that got Equifax in the short and curlies
  7. KRACK (Key Reinstallation Attack) 20171016 https://en.wikipedia.org/wiki/KRACK