Huawei Y300 & other Android's running JB 4.1.1 - security vulnerability

With reference to this & other posts singing the praises of this phone (I own one as well, and generally pleased with it) :

http://mybroadband.co.za/vb/showthr...p-basic-Android-phone?p=12496050#post12496050

alatheia said:

Some feedback on my purchase: I bought the Hauwei Y300 Ascend, ... The Android Jelly Bean also is a pleasant experience. So far, so good and, with limited experience as an owner, I still feel that I can recommend it.

Click to expand...

Something to bear in mind about this, and 50 million other Android phones still on JB 4.1.1

http://www.independent.co.uk/life-s...nes-may-be-affected-report-shows-9263155.html

Click to expand...

I've tweeted the following to try hurry them up to provide a security patch :

@HuaweiDevice
@Huawei
@HuaweiUSA
@HuaweiDeviceUSA

@MTNza
@MTNzaService

Probably won't help speed things up only getting one tweet each, but if everyone on the forum sends them all tweets, that might help ; and feel free to hassle them on Facebook. I'm sure many of us in SA have bought this phone, and deserve an OTA security update ASAP.

From what I've read in other articles on this, Google have done whatever needed to provide the manufacturers with the ability to release these patches to plug the 4.1.1 security vulnerability.

Feel free to provide any additional info on this thread.

It's evident no-one else on the forum (with a Y300) was bothered about this, from the lack of response.

After not using this phone since my post above (almost a month to the day), last night I spent about 5 hours rooting it & getting TWRP onto the phone, as well as trying to load a Custom ROM - Cyanogen. NIGHTLY build 4.3.1 (the last ROM of that version on/via the Modaco website). It was a struggle most of the way, as I spent about the first two hours troubleshooting a Bootloader Code error.

A short while ago I managed to get this 4.3.1 version onto the phone. It's a pleasure going into Storage & seeing 1.08GB free of Internal with only 43MB used. Quite snappy so far.

I'm sure there are those of you that would want screenshots as proof. There doesn't seem to be an inbuilt app (like there was on the Stock ROM), but this weekend I'm planning to download the latest NIGHTLY on 4.4.x from Modaco, and after hopefully getting GAPPS on as well, will download a screenshot app if anyone's now interested. Great going to "About phone" and seeing "Android version 4.3.1" for "Model number, Ascend Y300".

Unfortunately Modaco only seem to have the "Nightly" builds available for the Y300. I'd prefer to put on a Stable Kitkat version, so if anyone has suggestions for .zip files I can download to PC, then copy/paste to the SD Card and Install from there, it would be appreciated. (I've read mixed reviews on some of the other ROMs for 4.4.x on Modaco, so am weary of trying them out).

Also, anything about KitKat I should be warned of ; things like this :
http://securitywatch.pcmag.com/android/317698-android-kitkat-blocks-rootkits-but-at-what-cost

Feels liberating to be able to put whatever ROM you want to on the phone, finally.

Hi,

Have you upgraded to Modaco?
What feedback can you give me on the Y300 and the upgrade process?
I am considering buying a Y300.

Heartbleed Patch - Link
For Huawei Y300 on B199 Firmware

I O U, out of curiosity,you say the system is quite snappy.
Have you used Antutu benchmark on there?Im looking to change roms,and thought you could let me know more or less what score you get after running a stability test

WireFree said:

Hi,

Have you upgraded to Modaco?
What feedback can you give me on the Y300 and the upgrade process?
I am considering buying a Y300.

Click to expand...

Only checked back to this now.

There's no "Modaco upgrade" as such. It's simply a forum (like this one), on which developers make Custom ROMs available + people ask/answer questions primarily to do with loading, troubleshooting etc. of Custom ROMs.

This is the thread you want to refer to, if prepared to (possibly) lose your warranty through going the Custom ROM route:
http://www.modaco.com/topic/367444-...-bootloaderflash-twrp-and-root-with-tutorial/
I watched the 30 minute YouTube vid once, and followed it on a laptop while carrying out the process on a PC. Once I'd managed to load/run the Win7 drivers onto the PC, I experienced little hassle after that - just persevere.

You must remember to do a full backup in TWRP (below), which will save your current Stock ROM to the SD Card, and to which you can easily revert back to if you mess things up (loading first & subsequent ROMs).

Carrying on with the process as I experienced it, the only other stupid thing I did when first trying to "flash" my first ROM, was somehow save it in an additional folder, other than the .zip file, so the process got stuck (hung); on that occasion, and any other since then I've been dissatisfied with the way a process is running, all I've done is pull out the battery & start again ; not once has there been an indication that the phone was bricked, so don't be too afraid to get things wrong in the beginning, especially. Also, as long as all files you "flash" are in .zip format - ROM, GAPPS (Google apps), SuperSU things should run smoothly.

Note that the modaco link above includes using TWRP (Team Win etc.) to do the loading of the ROMs - it seems to allow for a better process compared to the other ROM managers, for this particular model (from what I've read on XDA & Modaco), so stick with even the version included which is 2.6.3.x (You can upgrade if you want, but I think some older developed ROMs might not be compatible with the latest version? .. http://teamw.in/project/twrp2

Above all, I was prepared to lose R1,000 if things went horribly wrong, so if you can afford to do the same, then try it out - should be fine - as you'll learn quite a lot in the process.

More info. to follow, in post answering below.

DeathOnSight said:

I O U, out of curiosity,you say the system is quite snappy.
Have you used Antutu benchmark on there?Im looking to change roms,and thought you could let me know more or less what score you get after running a stability test

Click to expand...

Re the Heartbleed patch, I tried saving & running it before rooting the phone, but it seemed to do nothing. Can't remember if I tried extracting the files, or not, so might not've done it correctly - that's when I decided to try my hand at rooting, which worked out.

Ironically, I may return to the Stock ROM once an official patch has been released ; don't think there's one yet. I like the look & feel of the Stock one, as much as any of 5 or so Custom ones I've tried out so far.

Official patch not yet issued :
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-332187.htm
Scroll down to Y300, and comments currently are : "In the TA ( technical accept) testing"

I'm not doing any benchmark tests - just go by my own instincts. The ROM I've decided to stay on & use for now is :
http://www.modaco.com/topic/371932-442kkaospunofficial-omnirom-4514/
The link to the site in German (get Google to translate it - just right-click anywhere on the page in Chrome) shows 3 Download buttons ; after trying them all, think I found the first one to work, but it's a real pain getting past the pop-up ads. to the .zip file.

EDIT : Got mixed-up with another ROM - this one clearly not German dev., but the pop-up's are a pain to deal with.

One very important thing I've found with a few of these ROMs, is that if you elect to save App downloads to the SD Card + make the SD Card your Primary Storage, then after running a prog like Clean Master (for the Junk File cleaning & Memory Boost), all App icons from apps d/loaded from Google Play get wiped-off the damn Homepage/s !

At other times, all references to the SD Card are lost (for no apparent reason?), and it shows that there's NIL storage available, even if it shows that Card which has 8GB in my case, so I think 100% stability hasn't been accounted for in improved development.

Therefore, to me, these ROMs are not 100% ideal, partly as some were created for the G510 & other models, but have been adapted for the Y300.

In a few weeks, I may go back to CM11 (Nightly), but when I'm sure the patch has been loaded properly, could return to Stock 4.1.1 .

Subscribed to this thread for when I feel brave enough to root my Y300...

Please keep on sharing your knowledge, it is appreciated.

Skywalker42 said:

Subscribed to this thread for when I feel brave enough to root my Y300...

Please keep on sharing your knowledge, it is appreciated.

Click to expand...

Great! Thanks, and glad that you're keen.

I know it's a rather large psychological mountain to climb, but after you've done so, it's great playing around with the different ROMs.

I've done some rough notes I'll post soon, concerning where to save ROMs, using TWRP in detail & other hints.

In the meantime, re Heartbleed fix/patch for the Stock Y300 ROM, I don't think this (below) is a good option as the file is so large & can't exactly work out why; it can't simply be a patch.

Fact is, the Custom ROMs are only about 150 - 200 MB's each, so don't know what Huawei have added to this. Must be a fix & the whole original ROM with their Emotion UI.

http://consumer.huawei.com/en/support/downloads/detail/index.htm?id=21523

Y300 firmware(Y300-0100,Android 4.1,Emotion UI,V100R001C479B197,United Kingdom Channel)

Description
This version solve following issue:Security Advisory-OpenSSL Heartbeat Extension vulnerability (Heartbleed bug)

Date:
5 June 2014
Version:
V100R001C479B197
File Size: 569.39 MB
Download Now

Click to expand...

Huawei Y300 : Using TWRP, where to save ROMs.

Concerning what amounted to a promise :

I've done some rough notes I'll post soon, concerning where to save ROMs, using TWRP in detail & other hints.

Click to expand...

.. I'd decided to post the following, because based on personal experience, if you're rooting for the first time, there don't seem to be explanations on what to do afterwards. These notes will either be extremely confusing, or I believe of help if using them at the same time you need to perform the tasks.

Importantly, when you decide to root (and I think sooner, rather than delaying it), just allow for enough time to work carefully through some of the issues you might experience along the way.

Here's (possibly again) the link for the software to download to your PC (I used a 32-bit Windows 7), and my only issues were getting the (correct) drivers & loading them - can't even remember where I got them & how I got past that stage, but after I did was able to get the bootloader code.

http://www.modaco.com/topic/367444-...-bootloaderflash-twrp-and-root-with-tutorial/

Once I got past that [bootloader code] stage in the vid., it was pretty much 'plain-sailing' ; that pink/purple screen part in the video clip is a one-off, so after you've rooted, loading a new (obscure) ROM (which isn't a CyanogenMod one) amounts to ...

I stand to be corrected on this, because maybe there are easier ways, but I don't think this phone allows for ROM managers to be used conventionally (like on the more expensive Samsungs etc), in order to search for newer versions of ROMs. Only ROM I know of is CyanogenMod, whereby you can update the Nightly list & download whichever one you want.

1. downloading the .zip file to PC or even a flash drive (which I do);
2. copying it across to the phone (preferably the SD-card, and in the main directory, not a sub-directory, so it would be in /sdcard (NOT in /sdcard/downloads or /sdcard/Android for example)
3. pulling out the battery, then re-inserting it after a few seconds to a minute;
4. holding down the volume-UP, then power button for about 20secs - "teamwin" comes onto the screen, then the menu appears - for TWRP (Team Win Recovery Project);

NOTE: an older version of this will have been loaded during the rooting process; to update to a newer version, which is sometimes recommended for some ROMs, simply save a newer version's .zip file to PC, copy it across to SD-card/phone , and load it like the Custom ROM or GAPPS (Google Apps) .zip file.

You can do all 3 at the same time, or one at a time, each time returning to the TWRP prog. by pulling out battery etc. I currently have TWRP version v2.6.3.3 , that's more than good enough for loading KITKAT version 4.4.4. , the latest available.

http://teamw.in/project/twrp2

eg.: [Recovery & Rooting] TWRP Touch Recovery 2.6.3.3 v.0.6 [M7_PORT]
http://forum.xda-developers.com/showthread.php?t=2694564

5. you should select WIPE, then Swipe to Factory Reset (this wipes the data, cache & Dalvik)

I sometimes go to Advanced Wipe, and select (block next to the following 5, which puts a cross in) :
(1.) Dalvik Cache
(2.) Cache

(3.) Cust - this, to my knowledge, clears the previous Custom ROMs (data), but the ROM itself will still
remain on the SD-card / phone, until you actively delete it (only do so after loading either a new Custom ROM, or restoring the Stock ROM - saving the Stock ROM (original one the phone came with), is something you do or should do, when rooting, in case something goes wrong, then you can revert to it (from the SD card) at any time.

It should be/land-up in this folder (file path) :
/sdcard/TWRP/BACKUPS/(serial no. - mine starts with a 3)

I also saved a copy of it to my laptop's D: (drive), just in case my SD-card goes "bossies"

(4.) System
(5.) Data

then Swipe to Wipe

JUST DON'T SELECT INTERNAL SD CARD OR MICRO SD CARD, OR ANYTHING MORE, FOR OBVIOUS REASONS.
(especially if you have valuable data on the SD card)

6. find ROM you downloaded + moved/copied across to SD-card;
7. install it (by selecting appropriate button)
8. TWRP will advise after a few sec's processing that it's successful;
9. Reboot - System

10. phone will restart, Huawei Ascend logo will come onto screen, and shortly thereafter the ROM's logo you've (cyanognmod) loaded should appear.

It should take only a few minutes for the home page to appear ; anything longer, like 10 mins + and somethings gone wrong.
If that happens, just pullout the battery, try work out what's wrong, go back to TWRP and try again.
So far, I've not bricked my phone, on the few occasions the Huawei logo's frozen, so I think either the phone or system's forgiving !

Some other notes which may be of help ..

There's a process that fails during installation, to do with MD5 (I think it is), or something similarly-named -
from what I've experienced, this can be ignored. It never affects a [successful] ROM installation, from what I've come across, even though it shows up as a failure in the TWRP program.

If you select a new ROM and GAPPS at the same time, obviously the re-boot will be a bit longer but not by much. You'll know if both are successfully loaded, when at the end of it all, the system defaults to setting up your Google account ; you can setup as much or as little of it as you want to then, but merely advising you that this is how you'll know both were successful.

Also, go into Settings-About phone, and you'll see the new ROM details.

By the way, I suggest (after trying out numerous ROMs) that you download & stick with one of the more recent NIGHTLY builds from CyanogenMod ; they don't seem to issue periodic STABLE builds for the Y300, but the NIGHTLY ones are stable from what I've used of them.

NIGHTLY builds for the Y300 - once you've side-loaded the first of their ROMs, you can update the Nightly list on your phone whenever you want to & download whichever one you want, thereafter.
"Browse Files for Huawei Ascend Y300 - u8833"
http://getcm.thebronasium.com/?device=u8833
- on your phone, go to ABOUT PHONE - CYANOGENMOD UPDATES - CHECK FOR UPDATES ....
[under Update Types, ensure All versions(incl. Nightlies) is selected.]

I'm personally not keen on it though, as the ROM lands up in a folder on the phone itself (if I remember correctly), so I prefer always updating using the .zip file from the website.

Lastly, once you've loaded a new ROM to the SD-Card, delete the old ROM either using a file manager, or by connecting the phone to the PC. No point in having an extra ROM of at least 150MB on the phone, just laying around without purpose.