Clean Patch for Doogee X5 Max Pro 20170116 ROM
(no TWRP or root required, just SP Flash Tool)
This is a patch to clean the pre-installed malware from the stock 20170116 ROM, which can then be installed with SP Flash.
It was made primarily for people (like me) who can't run TWRP (yet?) and don't have root – you need neither. If you know how to flash a stock ROM with SP, you're good to go. It works by creating a modified 'system.img' with the offending apps disabled.
How to use::
1. Download and extract 20170116 stock ROM from here (thanks SoCr@Te):
http://www.needrom.com/download/doogee-x5-max-pro/
2. Download Jojo's JDIFF / JPTCH Windows / Linux binaries here (thanks Joris Heirbaut):
http://jojodiff.sourceforge.net/
3. Find the directory containing the stock 'system.img' for the 20170116 ROM you extracted in <1>. Extract Jojo's 'jptch.exe' (win32) or jptch (linux) into this same directory.
4. Download and extract 'systemMrP.jdf' from this page to the same directory as <3>.
5. Open a Command Prompt window (or whatever the linux equivalent is) and cd to the ROM directory from <3>.
6. Type: jptch system.img systemMrP.jdf systemMrP.img
7. Wait a while… your PC is writing a new 1.57GB file.
8a. If you already have 20170116 stock ROM installed, you can dirty flash the modified system as follows:
Open SP Flash Tool and load the 20170116 scatter file in Download, as usual. Untick all the boxes, then next to 'system', select the new systemMrP.img in the ROM directory rather than the original 'system.img'.
8b. If you're coming from a different ROM, it's probably best to clean flash the whole 20170116 ROM with modified system as follows:
Open SP Flash Tool and load the 20170116 scatter file in Download, as usual. Leave all boxes ticked, then next to 'system', select the new systemMrP.img in the ROM directory rather than the original 'system.img'.
9. Make sure 'Download Only' is selected then start the Download, connect USB without battery, wait for OK… you know this stuff already.
10. Reboot phone and enjoy it without the heaps of malware. If you dirty flashed just system, it's probably best to enter recovery first (yeah, the crappy Alps one) and clear cache otherwise you might have some old pre-compiled code hanging around.
What's disabled:
Browser [MtkBrowser.apk]
Parallel Space [com.lbe.parallel.intl.apk]
Xender [cn.xender.apk]
Wireless Update [AdupsFota.apk]
FotaProvider [AdupsFotaReboot.apk]
com.android.snap [com.gangyun.beautysnap.apk]
Opera Mobile Store (com.opera.branding) [webcore.apk]
com.android.partnerbrowsercustomizations.example [ChromeCustomizations.apk]
Camera [Camera.apk]
Unhides and disables:
com.android.Pet.mediaproxy [MediaService.apk]
Why 'disable', not 'remove'?
This is a cheap and dirty hack I made with a hex editor… that's why the .jdf is so small. I simply searched through the original 'system.img' and renamed all the offending apps so they will never run. The data for these apps is still there, they just don't do anything any more. I know this isn't the 'proper' way to fix this but it's fast and easy… and I'm lazy. Besides, I'm fed up with the malware and frustrated at not being able to get rid of it without root and TWRP on this phone. At some point I might actually do it the proper way: extract the whole system.img, properly remove the malware, maybe install root, and create a decent system.img. I'm hoping now that I've suggested it, someone else (with a linux box) will beat me to it though. Did I mention I'm lazy?
Why 20170116?
I prefer it because it's fairly recent and it's before they jammed the hacked(?) Chrome and loads more crappy Google apps in. I may mod other ROM's if there's enough demand but I'm hoping I won't need to soon… because someone's going to solve this TWRP problem any day now!
Will it work?
It works for me – it's up to you if you want to try this (that's my lazy disclaimer). I dirty flashed system multiple times without losing any user apps I had installed (not that that really matters to me), or my IMEI, and my house is still standing. The bootloader on my phone is currently unlocked from trying to get TWRP installed… if you're clean flashing from a different ROM with a locked bootloader, I'm not sure what will happen. Maybe it'll work fine. Or maybe you'll need to flash 20170116 fully stock, fastboot oem unlock, then dirty flash system. I dunno. Try it, and let me know.
I should say I am still running NoRoot Firewall, and you should too. Android System is still trying to connect to HK (Alibaba / amazonaws), but it's the only access I've seen since making this mod. If you're worried about data leaking over 4G (IPv6) because NoRoot Firewall can't block it, set Preferred network type to 3G under mobile network settings… it might help.
Enjoy!
Let me know what you think.