Wednesday, September 15, 2010

Buffalo QA fail results in NTT Hikari Portable malware infestation

A massive quality assurance fail by Buffalo Inc resulted in a number of NTT's Hikari Portable 3G routers being shipped preinstalled with an unwanted feature, malware. Potentially infected products include the NTT-branded PWR-100D and PWR-100F, as well as the Buffalo-branded DWR-PG. If you own one of these products, you can check to see if your router is infected at either NTT's or Buffalo's sites by submitting your serial number.

Only unprotected versions of MS Windows, from 98 to 7, are at risk. Thus far, all detected malware are known to security product vendors, so a computer running security software with an up to date definitions file should not have been infected. Also, malware installation would only have occurred if the PC was directly connected to the router by USB.

How did this happen? I don't know whether to laugh or cry.

During the QA checks, a sample of finished products were pulled and checked for defects. Unfortunately, one of the machines used for these quality checks was infested with all sorts of bad stuff. This table from IT Media lists what has been found so far as reported by various security packages. NTT also has a list (PDF) of detected malware.

Names of malware reported by major security software
Software nameMalware nameDetected File
Norton Antivirus
Trojan Horseimages.exe
Gen Pack:BAckdoor.Generic.202141images.exe
Generic PWS.gExplorer.exe

Monday, September 13, 2010

Universal Androot works on Docomo ht-03a running 1.6

EDIT: the cyanogen mod wiki has been updated to include instructions for universal androot.

Universal Androot is an application that can root a number of devices, including 32B versions of the HTC Magic (which includes the ht-03a) that have been already upgraded to Android 1.6 Donut. Previously, one-click rooting required downgrading to 1.5 Cupcake. For the Docomo ht-03a with a "perfect" SPL (secondary program loader), there was even more work involved, namely the creation of a goldcard.

The developer's site (Chinese, mostly) does not list HTC Magic with 1.6 as compatible, but posters to the XDA thread indicate that it is, as well as reader Drew, who wrote up the directions he followed (see below).

The best part about this method is that it does not replace the SPL. So, if your goal is to simply use apps that require root privilege, like wireless tether of root user, then you can stop right there and have, as far as I can tell, no worries about voiding your warranty (as long as you unroot before taking the phone in for service - a nandroid backup followed by a factory wipe would probably be prudent).

If you want to run the latest version of CM, then you'll need to flash a custom recovery, as detailed by Drew. Right now, I am running CM 6.0 (2.2 Froyo) with a 32 MB swap partition on a 16 GB class 6 card, and it feels just as fast as when running stock 1.6, but with all the excellent extra features. Depending on how closely the phone is inspected, they may or may not notice a custom recovery if you  flash the original (and backed up) stock ROM and unroot.

As always, read as much as you can regarding rooting of your phone before starting. For starters, here is general information, and here is info specific to the HTC Magic, which is also referred to as the Sapphire.

The following is from Drew:
  1. Set your phone to allow non-market packages.
    Settings, Applications, Check "Unknown Sources"
  2. On the phone download UniversalAndRoot from, (I used the latest 1.6.2 beta 5).
  3. When the download completes, you will be asked if you want to install, select yes. Then open the application, I left install Superuser for 1.5/1.5 selected, I also checked create logfile. You will then be prompted for your phone type, select MyTouch 3G/ION. You will see the application start, then "Woot! Your device is rooted!"
  4. Open Market, search for ROM Manager, from ClockworkMod, download and install it. Free version works fine, select Premium for additional features and to support the developers.
  5. Open ROM Manager, Select Flash ClockworkMod Recovery. You will see a popup showing the download starting, and then a message indicating recovery is installed.
  6. You now have a choice, Backup your current ROM, or Download ROM, I selected Backup Current ROM, the first time and Download ROM the second time, both work the same but Download ROM is one less step
  7. I selected Download ROM, CyanogenMod, CyanogenMod 6.0.0 (Stable Release), you will be prompted to select Google Apps your choice.
  8. You will see a notification popup, slide your notification down and watch the download progress of both packages.
  9. You will then be prompted to install, and asked if you want to backup your current ROM and wipe Data and Cache, I selected both.
The phone will then boot into recovery, backup your current ROM, and data and then flash Cyanogen, and reboot, the first boot will be a little slow, 2 to 4 minutes and then you are up and running!