Database Info

Getting a wider set of development tools on the phone

So, I've been playing around with QuickSSHd and one thing I noticed is there aren't many tools available in the shell. I put an arm build of Fedora on the phone, and now I have access to strace, gdb, gcc, etc..
I figured I'd post my steps here in case anyone else is interested.
1) First thing I did was root the phone with the Unrevoked app.
2) Then I bought a 16 gb microsd card so I wouldn't have to split the 8gb card that came with the phone
3) I partitioned the new card on my linux box using fdisk. I did two partitions, the first a FAT partition and the second a linux one. It was something like:
# fdisk /dev/sdb
d 1
n
p
1
t
c
n
p
2
w
# /sbin/mkfs.vfat /dev/sdb1
# /sbin/mkfs.ext3 /dev/sdb2
4) One that was done, i mounted the ext3 partition and grabbed this prebuilt fedora chroot tarball:
ftp.linux.org.uk/pub/linux/arm/fedora/rootfs/rootfs-f12.tar.bz2
and untarred it into a directory i called "fedora" on the ext3 partition.
5) I then turned off my phone, pulled out the battery and swapped the existing sdcard with my newly formatted one, put the phone back together and booted it up. It took a long time to boot after this and in the notification panel it said it was "preparing the sdcard"
6) Then i started QuickSSHd back up and ssh'd to the machine as root
7) next i ran "busybox sh" to get a better shell than whatever was started before
8) then I created a shell script called f12.sh that looked like this:
--8<----------
#!/bin/sh
cd $HOME
mkdir -p mnt/fedora
mkdir -p dev
ln -sf /dev/block/vold/179\:2 dev/sdcard2
grep -q dev/sdcard2 /proc/mounts || mount dev/sdcard2 mnt/fedora
grep -q rootfs-f12/dev /proc/mounts || mount --bind /dev mnt/fedora/rootfs-f12/dev
grep -q rootfs-f12/sys /proc/mounts || mount --bind /sys mnt/fedora/rootfs-f12/sys
grep -q rootfs-f12/proc /proc/mounts || mount --bind /proc mnt/fedora/rootfs-f12/proc
grep -q rootfs-f12/tmp /proc/mounts || mount -ttmpfs tmpfs mnt/fedora/rootfs-f12/tmp
mkdir -p mnt/fedora/rootfs-f12/mnt/system
mkdir -p mnt/fedora/rootfs-f12/mnt/data
grep -q rootfs-f12/mnt/system /proc/mounts || mount --bind /system mnt/fedora/rootfs-f12/mnt/system
grep -q rootfs-f12/mnt/data /proc/mounts || mount --bind /system mnt/fedora/rootfs-f12/mnt/data
mkdir -p mnt/fedora/rootfs-f12/debug
grep -q rootfs-f12/debug /proc/mounts || mount -tdebugfs debugfs mnt/fedora/rootfs-f12/debug
export LD_LIBRARY_PATH=`pwd`/mnt/fedora/rootfs-f12/lib:`pwd`/mnt/fedora/rootfs-f12/usr/lib
export HOME=/root
cd mnt/fedora/rootfs-f12
lib/ld-linux.so.3 usr/sbin/chroot . bin/bash --login
------>8---------------------
I used vi for this, you could use cat > f12.sh instead.
One weird part of this is the /dev/block/vold/179\:2 symlink. The busybox version of mount apparently can't grok source devices with colons in them. The symlink is just to rename it to something that mount can understand. I imagine the 179 part varies from system to system.
9) Then i ran sh f12.sh which put me in a fedora chroot.
10) I notice the rpm database is a little screwy in the chroot so I ran
# rm -f /var/lib/rpm/__db*
# rpm --rebuilddb
11) At this point I could yum:
# yum -y install strace gdb screen gcc vim-enhanced powertop
Some useful things:
- The kernel debug filesystem is in /debug
- Parts of the phone OS are available in /mnt/data and /mnt/system

Attached is an updated f12.sh (minor tweaks made as I've noticed issues come up)

wow, this is quite interesting!
i might venture into giving this a try.
two pieces of information, only as an FYI, i make no claim to whether or not these are better than the method you provide, only an alternate method which might or might not be better. perhaps a combination of methods would be best? i'll leave it up to the end user to decide.
1) some of those binaries you mention, like strace are already provided by the userdebug PC36IMG.zip (root part 1) in system/xbin from HTC. if anybody wants these binaries, they can be extracted from the system.img inside of the .zip file using unyaffs. if requested, i can post.
2) android open source project, which contains all the source files for android, provides dropbear has a compact arm compiled ssh client.
thanks for taking the time to test all this out and posting up the detailed step by step along with your .sh file!!!

HTC Sensation, Cyanogenmod 9.1, /sd-ext Encryption with Cryptsetup

Having encrypted /data, I'd been interested in encrypting the SD card, either in full, or a full partition. As a new poster to xda, posting without citing reference links does prove a bit more challenging, but here goes:
Given an HTC Sensation, rooted, with Cyanogenmod 9.1 (ICS), and Clockwork Recovery, I partitioned (thru Clockwork) the SD card into FAT32, ext, and swap. Your milage may vary on the next step, but using Fedora, I accessed the SD card, deleted the ext partition, and recreated as an encrypted partition, type ext4. (read up on cryptsetup for alternative ways to create this) For the sake of this post, we'll use the password, "ChangeMe".
I installed LUKS Manager from Google Play, which provides lm.cryptsetup, a renamed binary of Guardian Project's cryptsetup. I didn't use LUKS Manager's implementation of creating encrypted folders, instead, the whole sd-ext partition has been encrypted.
To mount the device at startup, I have the script 99sd-extLUKinit, located at /system/etc/init.d/
#!/system/bin/sh
# Not quite sure what these do, but kept them in
sync;
setprop lk.filesystem.ready 1;
# Remount the root file system to allow changes
mount -o remount,rw rootfs /
# Create the mount point and create a symbolic link
mkdir /mnt/sd-ext
ln -s /mnt/sd-ext /sd-ext
# Decrypt the SD card via cryptsetup, device resides on /dev/block/sd-ext
# Hopefully prompt user for password, but for now, echoed in
echo ChangeMe | lm.cryptsetup luksOpen /dev/block/mmcblk1p2 sd-ext
# Clean errors
e2fsck -y /dev/mapper/sd-ext
# Mount the SD Card via cryptsetup block device
mount -t ext4 -o noatime,nodiratime,barrier=1 /dev/mapper/sd-ext /mnt/sd-ext/
# Remount the root file system to prevent changes
mount -o remount,ro rootfs /
Once verified that the system will automount the encrypted ext4 /mnt/sd-ext partition:
ls /sd-ext
should return with lost & found directory
I moved /data/app and /data/app-private to the encrypted partition:
cp -a /data/app /sd-ext/app
rm -r /data/app
ln -s /sd-ext/app /data/app
cp -a /data/app-private /sd-ext/app-private
rm -r /data/app-private
ln -s /sd-ext/app-private /sd-ext/app-private

[Q] Mount loop device on rooted android devices

I have been trying to mount an image file on my device with no success. The image was created on a linux PC with dd and formated with a DOS partition table and a single ext2 partition. All three devices I have tried this on do not find the partition (should be /dev/block/loop5p1 according to fdisk on the android device).
Code:
busybox losetup /dev/block/loop5 /sdcard/m.img
busybox mount -t ext2 /dev/block/loop5 /sdcard/mnt
This returns invalid argument, probably because it is not a partition.
Code:
busybox losetup /dev/block/loop5 /sdcard/m.img
busybox mount -t ext2 /dev/block/loop5p1
This returns device not found because android will not find the partitions.
Is there a way to make this image mount or could I create a file system on the image without a partition table (mkfs.ext2 /dev/block/loop5) and try to mount it?

I have got the image to mount on one device by making a filesystem on the image without a partition table
Code:
mkfs.ext3 /dev/loop0
and mounted it successfully on the device by using
Code:
busybox mount /dev/block/loop0 /sdcard/mnt/
however on one of the other devices the same thing results in only the cd and ls commands being able to see the mounted files (not chroot or other android apps).
Is there anything I'm doing wrong or is it just the device?

[Kali NetHunter] Chroot won't start

Hello, I have a problem using Kali with my Nexus 5 (Android 6.0.1). I have installed Kali NetHunter and Magisk using TWRP. Every time I try to start chroot in the Kali Chroot Manager, everything goes well until it gives me this error and stops:
[-] sdcard /lib/modules/3.4.0-8.14-Re4son-3.5 doesn't exist or isn't mounted. .
What should I do?

I have the same problem,,,
[+] seems you have kali chroot installed already!
[+] proc was mounted already.
[+] sys was mounted already.
[+] dev was mounted already.
[+] dev/pts was mounted already.
[+] system was mounted already.
[+] ssdcard was mounted already.
[-] sdcard /lib/modules/3.4.0-8.14-Re4son-3.5 doesn't exist or isn't mounted.
<<<< End of Script >>>>
So i think that the problem is with free space,,, you need to have at least 8gb for minimal installation,,,

xNPx3 said:
Hello, I have a problem using Kali with my Nexus 5 (Android 6.0.1). I have installed Kali NetHunter and Magisk using TWRP. Every time I try to start chroot in the Kali Chroot Manager, everything goes well until it gives me this error and stops:
[-] sdcard /lib/modules/3.4.0-8.14-Re4son-3.5 doesn't exist or isn't mounted. .
What should I do?
Click to expand...
Click to collapse
You have to update nethunter.apk through the f-droid store.
If you encounter problems while installing nethunter, download the app from the web store.The url is at the end of the site in the nethunter store under references to find.

Hi guys, I have a Nexus 5 and It wasn't imposible to chroot too, I guess the problem is to not have enough free space in /system, so I decided to reparttition disk with gparted and adb shell command. I set to 8GB /system and it didn't resolve anything because it caused other issues, I think messing with partitions is a gamble.
I attach to you the bash script that resizes Nexus 5, you can modify it like you want. Then only:
1. "adb push repartition.sh /"
2. "adb push parted /"
3. "adb shell"
4. "chmod +x repartition.sh"
5. "./repartition.sh" or "sh repartition.sh"
Reboot and flash the kali rom you like.
WARNING: IT DOESN'T WORKED FOR ME, I THINK I CHOOSE BAD PARTITION SIZES, AND LATER I HAD TO RECOVER THE PHONE WITH STOCK ROM.
# repartition.sh ###############################################
#!/bin/sh
chmod +x parted
./parted /dev/block/mmcblk0 p
umount /data
umount /sdcard
umount /cache
umount /system
./parted /dev/block/mmcblk0 rm 25
./parted /dev/block/mmcblk0 rm 26
./parted /dev/block/mmcblk0 rm 27
./parted /dev/block/mmcblk0 rm 28
./parted /dev/block/mmcblk0 mkpart primary 193MB 10193MB
./parted /dev/block/mmcblk0 mkpart extended 10193MB 10224MB
./parted /dev/block/mmcblk0 mkpart primary 10224MB 11268‬MB
./parted /dev/block/mmcblk0 mkpart primary 11268MB 15.8GB
./parted /dev/block/mmcblk0 p
./parted /dev/block/mmcblk0 name 25 system
./parted /dev/block/mmcblk0 name 26 crypto
./parted /dev/block/mmcblk0 name 27 cache
./parted /dev/block/mmcblk0 name 28 userdata
mke2fs -b 4096 -T ext4 /dev/block/mmcblk0p25
mke2fs -b 4096 -T ext4 /dev/block/mmcblk0p27
mke2fs -b 4096 -T ext4 /dev/block/mmcblk0p28
./parted /dev/block/mmcblk0 p
mount -a
exit
# EOF #####################################################
Good luck mates.

mitm on android emulator: a howto

Hello all,
I'd like to braindump how I managed to make android emulator v30 work with mitm, hope that helps someone.
Since it was not possible to neither write nor make writable the /system partition, I decided to roll my own system.img and that actually worked. I'm not going to upload a script because I might not remember 100%, but I'll going to descibe the steps in full, even though they exist elsewhere. The commands might not be exact, too, so if there's a typo you'll need to figure it out yourself.
Also, it will be a bit confusing because I shall refer to 2 files named system.img, one is the 2G file that comes with android, the other is 700M or something file that you will be creating in the process. I'll refer them as #1 and #2.
1. What is needed: android studio and emulator, linux, xattr, https://github.com/LonelyFool/lpunpack_and_lpmake , https://github.com/tytso/e2fsprogs, mitmproxy, parted. Build these github projects, you'll need their binaries in the process.
also, 'mkdir build' somewhere.
2. Find system.img (#1) in your android studio installation, then extract the system partition:
$ losetup -f system.img
$ losetup -a | grep system.img
/dev/loop5
$ partprobe /dev/loop5
$ ls /dev/loop5p*
/dev/loop5p1 /dev/loop5p2
$ lpunpack_and_lpmake/bin/lpunpack /dev/loop5p2 build
$ ls build
system.img system-ext.img product.img vendor.img
$ losetup -d /dev/loop5
3. Make system.img (#2) writable and usable. This is ext4 crunched with feature shared_blocks, which makes it not really writable even in theory, as it deduplicates identical blocks in the filesystem. You'll need to convert that to a normal ext4, but, there's not enough space to do that operation. So you'll need to expand the partition to accomodate for this. How much? Empirically, I added 30M to a 700M partition:
$ ls -l system.img
700000000 # for example
$ e2fsprogs/resize/resize2fs system.img 730M
$ ls -l system.img
730000000 # for example
$ e2fsprogs/e2fsck/e2fsck -f system.img
$ e2fsprogs/e2fsck/e2fsck -E unshared_blocks system.img
$ e2fsprogs/e2fsck/e2fsck -f system.img
4. Modify the now writable partiton to your heart's content (we're still with system.img #2 here). I needed to add just one file, mitmproxy-ca-cert.cer . According to the mitmproxy docs, the name must be the hash of the certificate:
$ losetup -f system.img
$ losetup -a | grep system.img
/dev/loop6
$ mount /dev/loop6 /mnt
$ hashed_name=`openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1
$ echo $hashed_name
c8750f0d
$ cp mitmproxy-ca-cert.cer /mnt/system/ext/security/cacerts/$hashed_name.0
$ cd /mnt/system/ext/security/cacerts/
$ chmod 644 $hashed_name.0
Now check if your android has extra attributes in these certificate files. Mine does:
$ xattr 00abcde.0 # some random certificate
security.selinux
$ xattr -p security.selinux 00abcde.0
ubject_r:system_security_cacerts_file:s0
if yes, you'll need it on this file too:
$ xattr -w security.selinux ubject_r:system_security_cacerts_file:s0 $hashed_name.0
and be done with the partition
$ umount /mnt
$ losetup -d /dev/loop6
5. Create new super-partition, the one we used as /dev/loop5p2. You'll need the file sizes of your .img partitions, and your command to create a super.img file will look like this:
$ cat repack
#!/bin/sh
P=/android/super/1
~/src/lpunpack_and_lpmake/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:2496462848 --group main:2647101440 \
--partition system:readonly:786432000:main --image system=$P/system.img \
--partition system_ext:readonly:131952640:main --image system_ext=$P/system_ext.img \
--partition product:readonly:1468575744:main --image product=$P/product.img \
--partition vendor:readonly:102739968:main --image vendor=$P/vendor.img \
--output $P/super2.img
the interesting numbers are the corresponding partition sizes (in --partition), and, if f ex you increased the system.img #2 to 30M in the step 3, the number in --device:super should be the size of /dev/loop5p2 in bytes plus at least these 30M (but also okay if a bit more).
6. Finally, create a new system.img #1 . Create a backup copy of it, and then append some 30M there, and fix the partition
$ dd if=/dev/zero of=system-new.img flags=append bs=1M size=30
$ losetup -f system-new.img
$ losetup -a | grep system-new.img
/dev/loop7
$ parted /dev/loop7
GNU Parted 3.3
Using /dev/loop7
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: Loopback device (loopback)
Disk /dev/loop7: 2444MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 2097kB 1049kB vbmeta
2 2097kB 2443MB 2441MB super
you will need to expand the partion 2 to the max (plus minus same 30M). If is fails fix the number and retry:
(parted) resizepart 2 24460MB
Error: The location 24460MB is outside of the device /dev/loop7.
and finally copy data back:
$ partprobe /dev/loop7
$ dd if=super.img of=/dev/loop7p2 bs=1M
$ losetup -d /dev/loop7
and that's it. After that, rename system-new.img to system.img, and hopefully the emulator could run this new image.
Also, to check that the certificate is there and recognized, go to the setting/certificates/trusted certificates, the mitmproxy one should be in the list.
Hopefully this will be helpful.
Cheers!
/dk