Use usb debugging to 'backup' the malware
adb pull /system/app/
Download original firmware
wget http://img.irulu.com/driver/U2_Q500H_V101En20141223.rar
unrar e U2_Q500H_V101En20141223.rar
$ file system.img
system.img: Android sparse image, version: 1.0, Total of 256000 4096-byte output blocks in 1684 input chunks.
Now to check if the original firmware is clean
git clone https://github.com/anestisb/android-simg2img.git
make
Mount the system image
$ file system.raw.img
system.raw.img: Linux rev 1.0 ext4 filesystem data, UUID=57f8f4bc-abf4-655f-bf67-946fc0f9f25b (needs journal recovery) (extents) (large files)
sudo mount -o loop system.raw.img /mnt/loop/
Compare with that found on the Ali Express phone reveals
diff sys_app_mal.ls sys_app_irulu.ls
1d0
< abc.apk
24d22
< cd89920009
29d26
< com.andr0id.lauchinmg.apk
31,43d27
< com.as.youtube.downloader.a5.apk
< com.chaidongqiang.beautyvideo.apk
< com.example.homeof01111beauty.apk
< com.example.homeof01192beauty.apk
< com.free.all.mp3.music.a6.apk
< com.free.all.mptree.music.b.apk
< com.haodu.sexyhotvideo.apk
< com.json.lutu.apk
< com.sailer.coolbrowser.apk
< com.sms.server.socialgraphop.db
< com.swiping.whale.apk
< com.system.cap.hm.hupdater.apk
< com.system.update.apk
45,46d28
< CustomICON.apk
< CustomICON.odex
75c57
< frozenkeyboard.apk
---
> Frozen_Keyboard.apk
82d63
< GloablBCServiceInfo.apk
89d69
< hll_videoplayer_pop.apk
92a73
> HTMLViewer.odex
125d105
< obs.apk
130d109
< OPBKEY_4c16012fb8540b4619b866cb3dde30aecf5f
141c120
< playApp.apk
---
> playApp_0830.apk
165d143
< system.bin.apk
178d155
< v5_function_video.mp4
180a158
> videoplayer.apk
So, the original firmware looks OK - now, to install it
I was unable to unlock the fastboot, so I used this procedure instead -
Download SP Flash Tool for Linux from -
(or elsewhere. Note that the Windows version I grabbed, included Malware)
Uninstall ModemManager
sudo yum remove ModemManager
sudo udevadm control --reload
Power off the phone
Start the tool
sudo SP_Flash_Tool_v5.1548_Linux/flash_tool.sh
On the Download tab, select the scatter file from the extracted Irulu file (MT6582_Android_scatter.txt)
Click download
Now, power on the phone
Download should progress and show OK
Disconnect and power cycle the phone, and all should be good!
9 comments:
my irulu u1 pro is infected by virus
how can I find the original image?
Try searching at the link below -
https://www.irulu.com/download/lists.html
Hello! I'm desperate. I tried to eliminate the virus, I root my phone and using an app I erased some files. Now, I turn on the phone, it goes to the logo, and it restars again. Can you HELP ME?
It should be possible to recover it by following the instructions in my post
Thank you very much!!!! It worked just fine.
Good to hear!
Would this procedure work on the new geoking 3 max? It came from iRulu with aware and beyond.
Adware not aware. Lol.
Post a Comment