Forget flashing the RC29, lets replace it! - G1 Android Development

The original thread has become a support thread for "it worked" and "it didnt work!" comments on the update, but the real work to be done is figuring out how to make our own update.
So far what we know about it is that every file in the archive is signed by the following files located inside the archive in "/META-INF/":
Code:
CERT.RSA CERT.SF MANIFEST.MF
The signatures are as follows (from CERT.SF):
Code:
Name: system/framework/input.jar
SHA1-Digest: oTqRlwaIYFz8+J6HPaqPmPF05do=
and from MANIFEST.MF:
Code:
Name: system/framework/input.jar
SHA1-Digest: GMJobzU6jVv2U756Kjbt292GdEA=
Making changes to either of these files causes the update to fail, so these files must also be signed. From what was guessed in the other thread, this might be done through the CERT.RSA file (binary, I cant make anything of it).
Inside the archive is a boot.img and a radio.img which were tested by someone and said not to be standard .img files.
In "/META-INF/com/google/android/" is a file called update-script (also signed, cannot be edited) which has the step by step procedure to update the system with all the included components. Permissions are set, images are flashed and at the very beginning device name (and other info?) are compared to the current device causing it to either fail or install. (contents below):
Code:
assert getprop("ro.build.fingerprint") == "tmobile/kila/dream/trout:1.0/TC4-RC29
/115247:user/ota-rel-keys,release-keys" || getprop("ro.build.fingerprint") == "t
mobile/kila/dream/trout:1.0/TC4-RC28/114235:user/ota-rel-keys,release-keys" || g
etprop("ro.build.fingerprint") == "tmobile/kila/dream/trout:1.0/TC4-RC19/109652:
user/ota-rel-keys,release-keys" || getprop("ro.build.fingerprint") == "tmobile/k
ila/dream/trout:1.0/TC4-RC29/115247:user/ota-rel-keys,test-keys" || getprop("ro.
build.fingerprint") == "tmobile/kila/dream/trout:1.0/TC4-RC28/114235:user/ota-re
l-keys,test-keys" || getprop("ro.build.fingerprint") == "tmobile/kila/dream/trou
t:1.0/TC4-RC19/109652:user/ota-rel-keys,test-keys"
assert compatible_with("0.2") == "true"
assert getprop("ro.product.device") == "dream" || getprop("ro.build.product") ==
"dream"
assert getprop("ro.bootloader") == "0.95.0000"
format BOOT:
show_progress 0.1 0
write_radio_image PACKAGE:radio.img
show_progress 0.5 0
format SYSTEM:
copy_dir PACKAGE:system SYSTEM:
set_perm_recursive 0 0 0755 0644 SYSTEM:
set_perm_recursive 0 2000 0755 0755 SYSTEM:bin
symlink dumpstate SYSTEM:bin/dumpcrash
set_perm 0 3004 02755 SYSTEM:bin/ping
symlink toolbox SYSTEM:bin/dmesg
symlink toolbox SYSTEM:bin/df
symlink toolbox SYSTEM:bin/getevent
symlink toolbox SYSTEM:bin/getprop
symlink toolbox SYSTEM:bin/hd
symlink toolbox SYSTEM:bin/id
symlink toolbox SYSTEM:bin/ifconfig
symlink toolbox SYSTEM:bin/iftop
symlink toolbox SYSTEM:bin/insmod
symlink toolbox SYSTEM:bin/ioctl
symlink toolbox SYSTEM:bin/kill
symlink toolbox SYSTEM:bin/ln
symlink toolbox SYSTEM:bin/log
symlink toolbox SYSTEM:bin/ls
symlink toolbox SYSTEM:bin/lsmod
symlink toolbox SYSTEM:bin/mkdir
symlink toolbox SYSTEM:bin/mkdosfs
symlink toolbox SYSTEM:bin/mount
symlink toolbox SYSTEM:bin/mv
set_perm 0 3003 02755 SYSTEM:bin/netcfg
symlink toolbox SYSTEM:bin/netstat
symlink toolbox SYSTEM:bin/notify
symlink toolbox SYSTEM:bin/ps
symlink toolbox SYSTEM:bin/printenv
symlink toolbox SYSTEM:bin/reboot
symlink toolbox SYSTEM:bin/rm
symlink toolbox SYSTEM:bin/renice
symlink toolbox SYSTEM:bin/rmdir
symlink toolbox SYSTEM:bin/rmmod
symlink toolbox SYSTEM:bin/route
symlink toolbox SYSTEM:bin/schedtop
symlink toolbox SYSTEM:bin/sendevent
symlink toolbox SYSTEM:bin/setconsole
symlink toolbox SYSTEM:bin/setprop
symlink toolbox SYSTEM:bin/sleep
symlink toolbox SYSTEM:bin/smd
symlink toolbox SYSTEM:bin/start
symlink toolbox SYSTEM:bin/stop
symlink toolbox SYSTEM:bin/sync
symlink toolbox SYSTEM:bin/top
symlink toolbox SYSTEM:bin/umount
symlink toolbox SYSTEM:bin/vmstat
symlink toolbox SYSTEM:bin/watchprops
symlink toolbox SYSTEM:bin/wipe
symlink toolbox SYSTEM:bin/cat
symlink toolbox SYSTEM:bin/chmod
symlink toolbox SYSTEM:bin/cmp
symlink toolbox SYSTEM:bin/date
symlink toolbox SYSTEM:bin/dd
set_perm 1002 1002 0440 SYSTEM:etc/dbus.conf
set_perm 0 2000 0550 SYSTEM:etc/init.goldfish.sh
set_perm 1002 1002 0440 SYSTEM:etc/hcid.conf
set_perm 1014 2000 0550 SYSTEM:etc/dhcpcd/dhcpcd-run-hooks
show_progress 0.2 0
write_raw_image PACKAGE:boot.img BOOT:
show_progress 0.2 10
And last but certainly not least, Download links!!! W00tah:
Download: https://android.clients.google.com/updates/signed-kila-ota-115247-prereq.TC4-RC19+RC28.zip
**This download might need to be refreshed once or twice before it works. If you get 503 server error, try again, if it doesn't work after a while use the links below.
Rapidshare Download 1: http://rapidshare.com/files/159243313/signed-kila-ota-115247-prereq.TC4-RC19_RC28.zip
Rapidshare Download 2: http://rapidshare.com/files/159244738/signed-kila-ota-115247-prereq.TC4-RC19_RC28.zip.html
Rapidshare Download 3: http://rapidshare.com/files/159798803/signed-kila-ota-115247-prereq.TC4-RC19_RC28.zip.html
If anyone knows anything about the signing process or thinks they have an idea on how to bypass it, please share it. XDA-devs is known for exactly this, but it seems we are limited to a smaller number of devs than most WM devices usually get so every little bit helps here.

I think your onto something.(cant't let this thread fade)

Just throwing stuff out there.....
in either /etc or /system there is a "security" directory...i assumed it had to do with the ssl certificates, but maybe it deals with the verification of the signatures in the updates. I mean the verification has to be checked somewhere on the device, when i get reliable internet i will take a closer look at this and see what comes of it.
excellent post by the way dark, glad your around
edit: took a closer look at your post and then the security directory, they are definently related....now it's time to study up on SHA-Digest

It seems the signature file checks the sha1-digest signature againts the manifest file. The third file seems to be the signature in which the hash get compared to. A java jdk developer might know how to do this. There seems to be a way to do this with the sun jdk (this seesms to be the method used). We might be able to change signatures but a more permanent solution seems to be able to disable the check all together in the restoration utility.

afbcamaro said:
It seems the signature file checks the sha1-digest signature againts the manifest file. The third file seems to be the signature in which the hash get compared to. A java jdk developer might know how to do this. There seems to be a way to do this with the sun jdk (this seesms to be the method used). We might be able to change signatures but a more permanent solution seems to be able to disable the check all together in the restoration utility.
Click to expand...
Click to collapse
if we could just figure out how to bypass it once we could have the modified update disable the check......

First of all let me state I didnt figure any of this out on my own. I basically gathered it all from 4 different threads (most on page 3-12 already) that have gone off track.
Second, without having root and being able to make changes to the update utility, all of our hacking will have to be done in the file itself (the certificate, or the manifest etc) for now. Once we can make changes to it and flash it, then we can give ourselves root (or just replace the recovery flash stuff to not read the certificates.

Looking for the security key on the device will prove useless... the way SHA1 was designed was that you have 2 keys. A private key you must sign with... and a public key that you use to verify. You can't sign with the public key because it will be different. Now if you know of someone who can crack SHA1 that will be the only person who can help us. But as it looks Google signs all their stuff with the SHA1 algorythm which is one of the hardest to crack.

So now we need to take a google dev as a hostage. Somone round up the guns, someone else get the tape, ill distance myself from it so I have an alibi.

Darkrift said:
So now we need to take a google dev as a hostage. Somone round up the guns, someone else get the tape, ill distance myself from it so I have an alibi.
Click to expand...
Click to collapse
LOL... who will hire the PI to find out where he lives?

neoobs said:
Looking for the security key on the device will prove useless... the way SHA1 was designed was that you have 2 keys. A private key you must sign with... and a public key that you use to verify. You can't sign with the public key because it will be different. Now if you know of someone who can crack SHA1 that will be the only person who can help us. But as it looks Google signs all their stuff with the SHA1 algorythm which is one of the hardest to crack.
Click to expand...
Click to collapse
I think what we need to do is research the iPhone root file system hack. Since the G1's stack is linux-based (same as iPhone), there are probably some similarities. Not sure if this hack would require taking a physical dump of the ROM or not, but that's for the more technical people to decide.

You are right about SHA1. Google seems to have had some interest in keeping the T-Mobile G1 closed. LOL
Thats why I suggested that we should disable the security check before sha1 digest becomes an issue.
The Iphone hack is simplicity compared to this. Apple left the root access password in plain open sight. Looking back on it, it seems google is a heck of a lot more security minded than apple...Go figure.
If this phone is truly open then we should be able to ASK google what the root credentials are. Making this public on androidcommunity should twist googles arm enough.

your check this file?
\system\etc\ permission.xml
HTML:
<?xml version="1.0" encoding="utf-8"?>
<!--
/*
* Copyright (C) 2008 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-->
<!-- This file is used to define the mappings between lower-level system
user and group IDs and the higher-level permission names managed
by the platform.
Be VERY careful when editing this file! Mistakes made here can open
big security holes.
-->
<permissions>
<!-- ================================================================== -->
<!-- ================================================================== -->
<!-- ================================================================== -->
<!-- The following tags are associating low-level group IDs with
permission names. By specifying such a mapping, you are saying
that any application process granted the given permission will
also be running with the given group ID attached to its process,
so it can perform any filesystem (read, write, execute) operations
allowed for that group. -->
<permission name="android.permission.BLUETOOTH_ADMIN" >
<group gid="net_bt_admin" />
</permission>
<permission name="android.permission.BLUETOOTH" >
<group gid="net_bt" />
</permission>
<permission name="android.permission.INTERNET" >
<group gid="inet" />
</permission>
<permission name="android.permission.CAMERA" >
<group gid="camera" />
</permission>
<permission name="android.permission.READ_LOGS" >
<group gid="log" />
</permission>
<!-- The group that /cache belongs to, linked to the permission
set on the applications that can access /cache -->
<permission name="android.permission.ACCESS_CACHE_FILESYSTEM" >
<group gid="cache" />
</permission>
<!-- RW permissions to any system resources owned by group 'diag'.
This is for carrier and manufacture diagnostics tools that must be
installable from the framework. Be careful. -->
<permission name="android.permission.DIAGNOSTIC" >
<group gid="input" />
<group gid="diag" />
</permission>
<!-- ================================================================== -->
<!-- ================================================================== -->
<!-- ================================================================== -->
<!-- The following tags are assigning high-level permissions to specific
user IDs. These are used to allow specific core system users to
perform the given operations with the higher-level framework. For
example, we give a wide variety of permissions to the shell user
since that is the user the adb shell runs under and developers and
others should have a fairly open environment in which to
interact with the system. -->
<!-- System tool permissions granted to the shell. -->
<assign-permission name="android.permission.GET_TASKS" uid="shell" />
<assign-permission name="android.permission.CHANGE_CONFIGURATION" uid="shell" />
<assign-permission name="android.permission.REORDER_TASKS" uid="shell" />
<assign-permission name="android.permission.SET_ANIMATION_SCALE" uid="shell" />
<assign-permission name="android.permission.SET_PREFERRED_APPLICATIONS" uid="shell" />
<assign-permission name="android.permission.WRITE_SETTINGS" uid="shell" />
<assign-permission name="android.permission.BROADCAST_STICKY" uid="shell" />
<!-- Development tool permissions granted to the shell. -->
<assign-permission name="android.permission.SET_DEBUG_APP" uid="shell" />
<assign-permission name="android.permission.SET_PROCESS_LIMIT" uid="shell" />
<assign-permission name="android.permission.SET_ALWAYS_FINISH" uid="shell" />
<assign-permission name="android.permission.DUMP" uid="shell" />
<assign-permission name="android.permission.SIGNAL_PERSISTENT_PROCESSES" uid="shell" />
<!-- Internal permissions granted to the shell. -->
<assign-permission name="android.permission.FORCE_BACK" uid="shell" />
<assign-permission name="android.permission.BATTERY_STATS" uid="shell" />
<assign-permission name="android.permission.INTERNAL_SYSTEM_WINDOW" uid="shell" />
<assign-permission name="android.permission.INJECT_EVENTS" uid="shell" />
<assign-permission name="android.permission.SET_ACTIVITY_WATCHER" uid="shell" />
<assign-permission name="android.permission.READ_INPUT_STATE" uid="shell" />
<assign-permission name="android.permission.SET_ORIENTATION" uid="shell" />
<assign-permission name="android.permission.INSTALL_PACKAGES" uid="shell" />
<assign-permission name="android.permission.CLEAR_APP_USER_DATA" uid="shell" />
<assign-permission name="android.permission.DELETE_CACHE_FILES" uid="shell" />
<assign-permission name="android.permission.DELETE_PACKAGES" uid="shell" />
<assign-permission name="android.permission.ACCESS_SURFACE_FLINGER" uid="shell" />
<assign-permission name="android.permission.READ_FRAME_BUFFER" uid="shell" />
<assign-permission name="android.permission.DEVICE_POWER" uid="shell" />
<assign-permission name="android.permission.MODIFY_AUDIO_SETTINGS" uid="media" />
<assign-permission name="android.permission.ACCESS_DRM" uid="media" />
<!-- This is a list of all the libraries available for application
code to link against. -->
<library name="com.google.android.maps"
file="/system/framework/com.google.android.maps.jar" />
<library name="com.google.android.gtalkservice"
file="/system/framework/com.google.android.gtalkservice.jar" />
<library name="android.awt"
file="/system/framework/android.awt.jar" />
<library name="android.test.runner"
file="/system/framework/android.test.runner.jar" />
</permissions>

satru said:
your check this file?
\system\etc\ permission.xml
Click to expand...
Click to collapse
Those are the permissions you can give your program. Sadly there isn't a root access permission... but you could give a program all those permissions and maybe we can find a way of getting root.

Does the diagnostic permission group give us access to anything interesting on the file system?

Re: diagnostic permission
Unfortunately, you can't give an app the diagnostic permission, it is limited to system apps. The installer just ignores that permission if you ask for it in the AndroidManifest.xml for one of your apps.

Anyone here know anything about reading .rsa files? if we could fake that file we might be able to get somewhere.

That is a certificate from RSA The Security Division of EMC2 of all the contents in the upgrade.zip file.
If we could read it, it would look like the one for web sites. For example, go to citibankonline.com and depending on your browser, check the certificate for that site.
They get those certificates from companies like Verisign or RSA to prove that their site is secure or belongs to the people they say it does.
Same goes for these files, all the files are cross checked between each other.
MANIFEST.MF and CERT.CF both verify the files by hash. CERT.RSA is the certificate that these files are legit and that all/some are protected/encrypted with the private key from google.
We can't "fake" any of these files.
Methods for hacking never try this angle. It's always buffer overflows, securtiy holes, hardware hacks, etc. AFTER they get through, software hacks is easy because you can bypass the signature/certificate/private-public key checking or create our own keys.

Sha is hard to crack......but nowhere near the hardest...but as of now it is pretty much out of the realm of a realistic probability......
As for the IPhone kernel....I am assuming the iphone used an older kernel or something of the like that was vunerable to exploitation...as of now the kernel the android uses has no publicly available exploit
What I wonder is if we could get an exploitable app running? But probably still need somekind of root access

As afbcamaro pointed out, Apple put the root password out in the open.
Android doesn't even allow you to try to switch to root.
Honestly, exploitable app prob won't do it since the permissions are preset for app. Buffer overflow is proabably our best bet.
Speaking of, on the verbose log using addm (not sure, not at my computer) in the boot process, Bubble bash gets a error. Soon as I get to my computer I'll paste the error. Just wondering if anyone who might know, know if we might exploit it.

As per Apples Mind the Device was never Intended for Applications, Jailbreaks Disk Access and so they might never had seriously looked at Kernel security. But as the community Jail Breaks allowed the Apps, Got the Shell Access later using Exploits. They Later on patched it.
Uploading Apples Firmware in Infineon chips is little bit easy also compared to Samsung NAND Ram and their Boot loaders.
Now who know There may be 1 or 100 Exploits in Android also. That only will prove that.

Related

Request - Guide on how to bring G1 Functionality to ADP1

I have no idea where to begin when it comes to exploring the ins and outs of the Android platform. However, my goal is to eventually have an ADP1 that is basically identical in functionality to the G1 (ie. with the IM client, Voice Dialing, maybe Amazon music store, etc.).
I found this message on the android-platform Google group:
If your goal is just to get all the functionality of the G1 on your
DP1, it may be possible to just flash a G1 update onto the DP1.
* Add DP1's fingerprint to the first assertion in update-script or
just remove that line completely.
* adb pull recovery.img from your DP1 and replace the one in the G1
update file with it.
* adb pull the otacerts.zip and cacerts.bks files from DP1 and replace
the ones in the G1 update with them.
* Resign the update file with the test keys.
After flashing that you'd have a system partition for all intents and
purposes identical to a G1. Theoretically anyway. Maybe someone from
the Android team could confirm whether this would be a workable hack?
I don't have a DP1 to try it out on, so try it at your own peril!
Click to expand...
Click to collapse
Can anyone who has the resources attempt this, and if it works, release a tutorial for those of us who bought an ADP1 for app development, and want to touch the platform itself as little as possible.
Or, if all else fails, can I simply flash an image from a G1 phone onto my ADP1?
You quoted the answer to your question. Follow the directions in your quote and you can flash a g1 image. I suggest the jesusfreke rc30 v1.2
Well, he does explain how to do it, but in Android-terms. I just started messing around with the console and an emulator today. I'm not as familiar with the locations of files and what it is they do as everyone else here.
I have no idea what the ADP1's "fingerprint" is, or how to "resign the update file with the test keys". What I'm asking for is a step by step (or command by command) guide for those of us who don't know Android in and out and just want a fully functional system.
hallm, look at the thread about unpack and repack boot images....unzip the update that you want to install on your ADP1 look for the update-script which is located in the update.zip (META-INF>com>google>android>update-script) remove everything before format BOOT:
it should look something like the below:
__________
format BOOT:
show_progress 0.1 0
format SYSTEM:
copy_dir PACKAGE:system SYSTEM:
copy_dir PACKAGE:data DATA:
set_perm_recursive 0 0 0755 0644 SYSTEM:
set_perm_recursive 0 2000 0755 0755 SYSTEM:bin
symlink dumpstate SYSTEM:bin/dumpcrash
set_perm 0 3004 02755 SYSTEM:bin/ping
symlink toolbox SYSTEM:bin/dd
symlink toolbox SYSTEM:bin/df
symlink toolbox SYSTEM:bin/dmesg
symlink toolbox SYSTEM:bin/getevent
symlink toolbox SYSTEM:bin/getprop
symlink toolbox SYSTEM:bin/hd
symlink toolbox SYSTEM:bin/id
symlink toolbox SYSTEM:bin/ifconfig
symlink toolbox SYSTEM:bin/iftop
symlink toolbox SYSTEM:bin/insmod
symlink toolbox SYSTEM:bin/ioctl
symlink toolbox SYSTEM:bin/kill
symlink toolbox SYSTEM:bin/ln
symlink toolbox SYSTEM:bin/ls
symlink toolbox SYSTEM:bin/log
symlink toolbox SYSTEM:bin/lsmod
symlink toolbox SYSTEM:bin/mkdir
symlink /system/xbin/busybox SYSTEM:bin/mount
symlink toolbox SYSTEM:bin/mkdosfs
symlink toolbox SYSTEM:bin/mv
set_perm 0 3003 02755 SYSTEM:bin/netcfg
symlink toolbox SYSTEM:bin/netstat
symlink toolbox SYSTEM:bin/notify
symlink toolbox SYSTEM:bin/printenv
symlink toolbox SYSTEM:bin/ps
symlink toolbox SYSTEM:bin/reboot
symlink toolbox SYSTEM:bin/renice
symlink toolbox SYSTEM:bin/rm
symlink toolbox SYSTEM:bin/rmdir
symlink toolbox SYSTEM:bin/rmmod
symlink toolbox SYSTEM:bin/route
symlink toolbox SYSTEM:bin/schedtop
symlink toolbox SYSTEM:bin/sendevent
symlink toolbox SYSTEM:bin/setprop
symlink toolbox SYSTEM:bin/setconsole
symlink toolbox SYSTEM:bin/sleep
symlink toolbox SYSTEM:bin/smd
symlink toolbox SYSTEM:bin/start
symlink toolbox SYSTEM:bin/sync
symlink toolbox SYSTEM:bin/stop
symlink toolbox SYSTEM:bin/top
symlink toolbox SYSTEM:bin/umount
symlink toolbox SYSTEM:bin/vmstat
symlink toolbox SYSTEM:bin/watchprops
symlink toolbox SYSTEM:bin/wipe
symlink toolbox SYSTEM:bin/cat
symlink toolbox SYSTEM:bin/chmod
symlink toolbox SYSTEM:bin/cmp
symlink toolbox SYSTEM:bin/date
set_perm 0 0 04755 SYSTEM:bin/su
set_perm 1002 1002 0440 SYSTEM:etc/dbus.conf
set_perm 0 2000 0550 SYSTEM:etc/init.goldfish.sh
set_perm 1002 1002 0440 SYSTEM:etc/hcid.conf
set_perm 1014 2000 0550 SYSTEM:etc/dhcpcd/dhcpcd-run-hooks
show_progress 0.2 0
write_radio_image PACKAGE:radio.img
write_raw_image PACKAGE:boot.img BOOT:
show_progress 0.2 10
___________________________
then you get AndroidMod from one of JesusFreke's threads and put your update.zip in the SignAPK folder and resign it with the test keys (readme is included)
hallm2533 said:
I have no idea where to begin when it comes to exploring the ins and outs of the Android platform. However, my goal is to eventually have an ADP1 that is basically identical in functionality to the G1 (ie. with the IM client, Voice Dialing, maybe Amazon music store, etc.).
I found this message on the android-platform Google group:
Can anyone who has the resources attempt this, and if it works, release a tutorial for those of us who bought an ADP1 for app development, and want to touch the platform itself as little as possible.
Or, if all else fails, can I simply flash an image from a G1 phone onto my ADP1?
Click to expand...
Click to collapse
You have a couple of options here. Your easiest bet is to grab my modified RC30 v1.2 update and apply it. You just have to put it on your sd card named as update.zip and then boot the phone into recovery mode (home+power), and then once it's in recovery mode, do an alt+L to turn on text, and alt+s to apply the update. You will most likely need to do an alt+w as well, which will wipe the data on the phone, so you will lose any data you have on the phone (saved mms's, call log, etc).
Another option would be to resign the official RC30 update with test keys, and then apply it directly. Note that if you go this route, the only way you'll be able to flash/update the phone after that is to use fastboot.
A 3rd option is to wait just a bit. I'm in the process of finishing up v1.3 of my update, and I'll be releasing a v1.3 that is based on the ADP image (as well as an RC30 and RC8 version), which should have at least voice dialing, and probably the other IM providers and amazon as well.

[Q] Permission to turn on bluetooth bluedroid

Goal: Edit FM App on x10 mini in order to receive raw RDS
I am pretty close, I haev reversed and rebuilt the FM app successfully (Radio.apk). Additionally, i have reversed and rebuilt the FM service successfully (FmRxService.apk).
In doing so, I had to remove these from the FmRxService.apk:
android:sharedUserId="android.uid.system" (I do not have the Sony cert)
androidrotectionLevel="dangerous" to normal (Not sure needed, but why not)
androidrocess="system" (Taking it our of system, per above)
Added
<uses-permission android:name="ti.permission.FMRX" /> and <uses-permission android:name="ti.permission.FMRX_ADMIN" /> (I am pulling this out of the uid system, so need to be able to launch myself here)
<uses-permission android:name="android.permission.HARDWARE_TEST" /> and <uses-permission android:name="android.permission.BLUETOOTH_ADMIN" /> and <uses-permission android:name="android.permission.BLUETOOTH" /> (Somehow trying to make sure I can enable the bluetooth, but failing, error below)
Things seem to go decently, made my ay past permission errors and such. However, have this problem:
...
D/FmReceiver( 1966): FmReceiver:create
I/FMRXService( 1974): FmRxService: create - calling create.
I/JFmRx ( 1974): nativeJFmRx_create()-Entered
D/JFmRx ( 1974): Calling nativeJFmRx_Create
D/JFmRxNative( 1974): int nativeJFmRx_Create(JNIEnv*, _jobject*, _jobject*): Entered
E/bluedroid( 1974): open(/sys/class/rfkill/rfkill0/state) for write failed: Permission denied (13)
E/bluedroid( 1974): Failed to turn on bluetooth power
D/JFmRxNative( 1974): bt_chip_enable() failed
D/JFmRxNative( 1974): int nativeJFmRx_Create(JNIEnv*, _jobject*, _jobject*): Exiting With a Failure indication
D/JFmRx ( 1974): After nativeJFmRx_Create, status = FAILED, Context = -1
I/FMRXService( 1974): mJFmRx.create returned status FAILED
E/FMRXService( 1974): mJFmRx.create returned status FAILED
I/NotificationService( 1169): enqueueToast pkg=com.sonyericsson.fmradio [email protected] duration=1
...
And thus I fail to launch the FM App now. I tried to reboot and do a chmod 644 on /sys/class/rfkill/rfkill0/state first, but still unable to overcome the error. Does anyone know which permission I could use to allow for BT to power on through the FM App chain? Or any other permanent workarounds you could suggest to enable the FM radio to run well outside of the system uid?

[Q] [A700] CyanogenMod 10.1.2 adb access to /data/media/

I can't post this to the thread:
"[NIGHTLY][ROM][4.2.2] CyanogenMod 10.1 for Acer A700"
because of forum rules. Anyway I hope someone sees this ...
I just installed cm-10.1.2-a700 (2013.07.11) to my A700.
Installed CWM and boot.img via fastboot did a complete wipe and formated all the storage.
(Did this multiple times just to ensure I did not make anything wrong)
CM is working so far.
But I think there is a bug with permissions:
Trying to push files via adb to /data/media results in an error with "permissions denied".
The reason is:
the directory tree of /data/media is owned by user and group: media_rw
Code:
ls -l /data/media
drwxrwx--- 18 media_rw media_rw 4096 Jul 14 14:20 0
drwxrwxr-x 2 media_rw media_rw 4096 Jul 13 03:18 legacy
drwxrwx--- 14 media_rw media_rw 4096 Jul 14 14:05 obb
adb connects the A700 als user "shell".
But user shell does not belong into group media_rw
Code:
[email protected] / $ whoami
shell
[email protected] / $ groups
shell graphics input log mount adb sdcard_rw sdcard_r net_bt_admin net_bt inet net_bw_stats
also the file "/system/etc/permissions/platform.xml" states:
Code:
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" >
<group gid="sdcard_rw" />
</permission>
but correct would be:
Code:
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" >
<group gid="sdcard_rw" />
<group gid="media_rw" />
</permission>
Anyway changing that does not fix the problem.
Group and user IDs are hardcoded in Android so without baking the ROM myself there is no fix for the permission denied Problem. (am I right?)
Starting adbd with "adb root" would do the trick but only in developer builds, so this would be no solution for distributing a file transfer script which I am writing ...
Is there a solution or is this a real bug in cm-10.1.2 for A700?
lieschenmueller said:
I can't post this to the thread:
"[NIGHTLY][ROM][4.2.2] CyanogenMod 10.1 for Acer A700"
because of forum rules. Anyway I hope someone sees this ...
I just installed cm-10.1.2-a700 (2013.07.11) to my A700.
Installed CWM and boot.img via fastboot did a complete wipe and formated all the storage.
(Did this multiple times just to ensure I did not make anything wrong)
CM is working so far.
But I think there is a bug with permissions:
Trying to push files via adb to /data/media results in an error with "permissions denied".
The reason is:
the directory tree of /data/media is owned by user and group: media_rw
Code:
ls -l /data/media
drwxrwx--- 18 media_rw media_rw 4096 Jul 14 14:20 0
drwxrwxr-x 2 media_rw media_rw 4096 Jul 13 03:18 legacy
drwxrwx--- 14 media_rw media_rw 4096 Jul 14 14:05 obb
adb connects the A700 als user "shell".
But user shell does not belong into group media_rw
Code:
[email protected] / $ whoami
shell
[email protected] / $ groups
shell graphics input log mount adb sdcard_rw sdcard_r net_bt_admin net_bt inet net_bw_stats
also the file "/system/etc/permissions/platform.xml" states:
Code:
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" >
<group gid="sdcard_rw" />
</permission>
but correct would be:
Code:
<permission name="android.permission.WRITE_EXTERNAL_STORAGE" >
<group gid="sdcard_rw" />
<group gid="media_rw" />
</permission>
Anyway changing that does not fix the problem.
Group and user IDs are hardcoded in Android so without baking the ROM myself there is no fix for the permission denied Problem. (am I right?)
Starting adbd with "adb root" would do the trick but only in developer builds, so this would be no solution for distributing a file transfer script which I am writing ...
Is there a solution or is this a real bug in cm-10.1.2 for A700?
Click to expand...
Click to collapse
Well, don't have time to look at the issue, but can only state what I know about CM, PA, and that is, these roms change the directory structure of internal and external storage.
I always run into the issue, where evreything is put in a directory called "0". And sometimes, it will replicate itself, with several subdirectories called "0". Depends on how often you flash CM roms. (on my A501 it filled the internal memory, which is why I don't run CM anymore)
Hence, my former CWM backups don't work, as they have issues with this directory structure.
Not sure if this helps.
MD
I'm running cm10.1.2 stable with out that issue.
Currently that dir is owned by root
Is this the first rom you've loaded past stock?
My platform.xml looks the same as yours.
Just gid=sdcard_rw
jamart3d said:
I'm running cm10.1.2 stable with out that issue.
Currently that dir is owned by root
Is this the first rom you've loaded past stock?
My platform.xml looks the same as yours.
Just gid=sdcard_rw
Click to expand...
Click to collapse
Naw, I've flashed plenty, but mainly run my own custom from stock unless I'm testing somebody's build.
Like I said, even on my A501, everytime I flashed a CM build, I wound up with the directory "0". This also was created on the internal sd as well. Each sub-dir "0" contained an image of the previous contents. Haven't investigated it a lot, but suspect maybe CWM versions or something else, however, I typically run the latest.
With my rom, I can simply do a "mount /data" and push without issues.
EDIT I'll check out pushing to the media folder. I notice there are no permissions on "Other" for that folder.
A chmod in the script perhaps would fix?
Sorry MD, I was asking the op.
I've loaded cm10.1.+ before and after the build he ref'd.
I think if he loads the stable, he may not have this issue
Anyway, just trying to get my 10 posts too.
hey guys thanks for your replys!
@Moscow Desire
I always run into the issue, where evreything is put in a directory called "0". And sometimes, it will replicate itself, with several subdirectories called "0". Depends on how often you flash CM roms. (on my A501 it filled the internal memory, which is why I don't run CM anymore)
Hence, my former CWM backups don't work, as they have issues with this directory structure.
Click to expand...
Click to collapse
Yeah I recognized that. but I do not see a problem there, because log in as root and move the data and most stuff is working. It has to be done only right after you flash the ROM, so I don't care.
doing a chmod right after flashing so that /data/media/ belongs to sdcard_r ... I did that once and quite some apps were broken afterwards.
So messing with chmod onto /data/media seems not a good idea. Also doing a "fix permissions" in CWM resets the access rights, anyway ...
(and the other way: doing a chmod in the script won't work because shell has no rights on /data/media)
Not beeing able to access data which belongs to user and group "media_rw" via adb is my problem.
@jamart3d
if uid = root and gid = media_rw, then the same problem occures. User "shell" can't access, because he has uid=shell and does not belong to group media_rw.
last half year or so i had iconiaN 2.6 running, right before i testet an nightly version of cyanogenmod 10.0, but was not satisfied. Last days I thought i might improve my A700 with cyanogenmod 10.1.2, but I'm not that happy with it yet.
----
I further poked into darkness of the rom...
I found that "/mnt/shell/emulated" is the fuse-mounted dir of /data/media/, so that might do as workaround.
But I still think that user "shell" should belong into group media_rw. And that beeing not the case I would say it is a bug.
Sorry, I can't replicate the bug in stable version after 711
Have you tired 7comp version?
jamart3d said:
Sorry, I can't replicate the bug in stable version after 711
Have you tired 7comp version?
Click to expand...
Click to collapse
I cant find a stable version more recent than 2013.07.11 or do you mean a nightly build?
I have not tried 7comp yet.
Sorry, yes I did mean 2013.07.11. stable,
It is the version I'm on now.
For some reason I thought you were trying the version just before.

[GUIDE] Build any Custom ROM from Source [Noobfriendly]

I know there are many of these guides on XDA, but when I wanted to learn how to compile ROMs, all those guides didn't help me out cause all those guides are for more advanced users. I will try to explain every step clearly.
Step 1: Prepare your PC for building Android
Here's a good guide how to do that. http://forum.xda-developers.com/showthread.php?t=2639611
Follow this guide up to step 9, then return to this thread.
Step 2: Downloading the sources
First, in terminal type "mkdir <android>" and then "cd <android>". Replace <android> with the ROM name that you want to build. For example if you want to build omni, type "mkdir omni" and "cd omni". Now you created a directory called "omni" and switched to it. Now, pick a ROM that you want to build and go to its github page. Then search for a repository that has the word "manifest" in it (sometimes it's also just called "android"). Click on it. On the top, select the branch. Most times every branch is for a different android version. Select the latest android version (For this guide it's Android 5.1.1, so the branch most times is LP-5.1). Then scroll down to the readme, copy the command starting with "repo init" and paste it in your terminal. Now just type "repo sync" and it will download the sources. This will take time, since it's about 15gb that will be downloaded.
Step 3: Download the Device specific sources
Next, you have to download the device tree, the kernel and the vendor files. If you're lucky, someone already put together a roomservice.xml for your device where all the needed stuff is declared. Search for "<devicename> roomservice" and hopefully you'll find a github page with this file. If you do, download it and push it to <android>/.repo/local_manifests/. Then go back to the terminal and type "repo sync" again. This time it won't take that long. If there's no roomservice.xml for your device, You have to create it. The device tree and kernel most times can be found by going to github.com/CyanogenMod and searching for your brand. For example, if you have a Motorola Moto G 2nd Generation (codename titan), search for motorola and open android_device_motorola_titan (sources for titan), android_device_motorola_msm8226-common (sources for titan's chipset) and android_kernel_motorola_msm8226 (sources for the kernel of the chipset) in a new tab. Also you need the vendor files which can be found at github.com/TheMuppets. For motorola devices, open proprietary_vendor_motorola. Create a new file on your desktop called "roomservice.xml" and open it. Paste this:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<project name="" path="" remote="github" revision="cm-12.1" />
<project name="" path="" remote="github" revision="cm-12.1" />
<project name="" path="" remote="github" revision="cm-12.1" />
<project name="" path="" remote="github" revision="cm-12.1" />
</manifest>
Then go back to the github pages, copy the names of the repositorys and paste <project-name-on-github>/<name-of-the-repository> in the quotes after "name=". For titan, it would look like this:
Code:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<project name="CyanogenMod/android_device_motorola_titan" path="" remote="github" revision="cm-12.1" />
<project name="CyanogenMod/android_device_motorola_msm8226-common" path="" remote="github" revision="cm-12.1" />
<project name="CyanogenMod/android_kernel_motorola_msm8226" path="" remote="github" revision="cm-12.1" />
<project name="TheMuppets/proprietary_vendor_motorola" path="" remote="github" revision="cm-12.1" />
</manifest>
Now for the path, just copy the name of the repository, remove "android_" or "proprietary_" and replace each "_" with a "/"
Code:
<?xml version="1.0" encoding="UTF-8"?>
<manifest>
<project name="android_device_motorola_titan" path="device/motorola/titan" remote="github" revision="cm-12.1" />
<project name="android_device_motorola_msm8226-common" path="device/motorola/msm8226-common" remote="github" revision="cm-12.1" />
<project name="android_kernel_motorola_msm8226" path="kernel/motorola/msm8226" remote="github" revision="cm-12.1" />
<project name="proprietary_vendor_motorola" path="vendor/motorola" remote="github" revision="cm-12.1" />
</manifest>
Sometimes you need some more repositorys, for example for titan you also need android_hardware_qcom_fm and android_device_qcom_common. Add them the same way as you added all the other sources. You can find out which repositorys you need by opening cm.dependencies in your decive- and chipset sources.
Now save the file and push it to "<android>/.repo/local_manifests/". Now return to your terminal and type "repo sync" again.
Step 4: Edit the device tree
You have to edit the device tree so that it fits to the ROM that you want to build. Go to <android>/vendor. In there you will find a folder with the abbreviation for the ROM. For example for CarbonROM the abbreviation is carbon, for EuhoriaOS it's eos, for AOKP it's aokp and for CyanogenMod it's cm. Remember this abbreviation. Back in terminal, type "cd device/<brand-you-are-building-for>/<phone-you-are-building-for>/" and then "mv cm.mk <remembered-abbreviation>.mk" and "mv cm.dependencies <remembered-abbreviation>.dependencies". After that, type "nano <remembered-abbreviation>.mk" and replace "cm" with "<remembered-abbreviation>" where ever you see it. To save the file, hit Ctrl+O, then Enter and then Ctrl+X. Now type "cd .." and then "cd <chipset-you-are-building-for>. Now, type "mv cm.dependencies <remembered-abbreviation>.dependencies" again.
Step 5: Building
We finally arrived there! To build our ROM, in terminal type ". build/envsetup.sh" and then "brunch <codename-for-your-device>".
This process takes time, depending on your PC specs. On my PC (2 cores, 3gb RAM), building takes about 8h. On my friends Server (12 cores, 128gb RAM), building takes about 20 mins.
Happy building!
Credits:
@Sarath280 for teaching me how to build ROMs
My dad for teaching me everything else aboout technology
@sylentprofet for the guide how to prepare linux to build Android
@notiflux
Het Max, Amol here. Thank You So Much. Love ya.
Sent from my Moto G 2014 using Tapatalk
Thanks! For this great tutorial! I am testing it right now I had problems making the roomservice.xml but with this tutorial it was very easy .
I am using a china device so not so many ROMs avalible so I am building one myself
Hello @notiflux,
Thanks for the guide,
I have a little issue though,
The thing is that the device that i want to build the rom for(SM-T211) DO NOT have a device tree already built. So I need to make that first. Can you help me with that?
sscsps said:
Hello @notiflux,
Thanks for the guide,
I have a little issue though,
The thing is that the device that i want to build the rom for(SM-T211) DO NOT have a device tree already built. So I need to make that first. Can you help me with that?
Click to expand...
Click to collapse
I'm not really into that kinda stuff since I never worked on such a device, but I know that there are guides here on xda on how to create your own device tree. But I think your device needs to be rooted for that
http://forum.xda-developers.com/showthread.php?t=2010281 you can try this guide. Good luck!
help in source tree
Sir, i downloaded ,android aosp open source tree ,,in desktop directory ,,linux 16:10 ,next i downloaded open source ,,kernal and android files from lg website ,,as i am using lg ,,,in open source lg ,,i got 2 tar files,,1 android ,2nd is kernal tar,,and ine readme.txt i opened it ,,it showing that untar android. tar and merge ,in download.android source tree ,,but where i am not getting ,,please tell me where ,,please sir
I see this thread is from 2015, does the guide work for nougat also?
Any solution for this error?
Code:
Starting build with ninja
ninja: Entering directory `.'
ninja: error: '/home/harshone/android/lineage/out/target/product/m8/obj/KERNEL_OBJ/usr', needed by '/home/harshone/android/lineage/out/target/product/m8/obj/STATIC_LIBRARIES/libsdcard_intermediates/sdcard.o', missing and no known rule to make it
build/core/ninja.mk:151: recipe for target 'ninja_wrapper' failed
make: *** [ninja_wrapper] Error 1
make: Leaving directory '/home/harshone/android/lineage'
#### make failed to build some targets (02:30 (mm:ss)) ####
Hi, how do I apply security updates to the source?
HarshOne said:
Any solution for this error?
Code:
Starting build with ninja
ninja: Entering directory `.'
ninja: error: '/home/harshone/android/lineage/out/target/product/m8/obj/KERNEL_OBJ/usr', needed by '/home/harshone/android/lineage/out/target/product/m8/obj/STATIC_LIBRARIES/libsdcard_intermediates/sdcard.o', missing and no known rule to make it
build/core/ninja.mk:151: recipe for target 'ninja_wrapper' failed
make: *** [ninja_wrapper] Error 1
make: Leaving directory '/home/harshone/android/lineage'
#### make failed to build some targets (02:30 (mm:ss)) ####
Click to expand...
Click to collapse
It seams you don't have libsdcard folder/file in your device tree.
So try to search and download that file from github.
then copy and paste that file to your device tree
Hello respected developers,
I'm very enthusiastic and inspired by viper os to develop it for my other devices too. But first I tried to build the rom for my redmi 4a because i wanted to test the success of my building. I would like to inform you that i have gone through every process of establishing environment to reposync all learnig from aosp document and manifests on the viper os github and even downloaded device tree,vendor and kernel as from git hub . and i made neccessary edits to androidproducts.mk , lineage_rolex.mk to naming viper_rolex.mk and setting device path.
And finally i proceeded by :
Code:
./build/envsetup.sh
lunch viper_rolex-userdebug
mka poison
The build process then followed for about 5 hrs and i was hopefully waiting close success but alas! I came up with a error given this way:
Warning: Stripped invalid locals information from 2 methods.
In /home/shrawan/Desktop/workon_viper/out/soong/.intermediates/frameworks/base/packages/EasterEgg/EasterEgg/android_common/combined/EasterEgg.jar:kotlin/collections/SlidingWindowKt$windowedIterator$1.class:
Methods with invalid locals information:
java.lang.Object kotlin.collections.SlidingWindowKt$windowedIterator$1.doResume(java.lang.Object, java.lang.Throwable)
In /home/shrawan/Desktop/workon_viper/out/soong/.intermediates/frameworks/base/packages/EasterEgg/EasterEgg/android_common/combined/EasterEgg.jar:kotlin/sequences/SequencesKt___SequencesKt$zipWithNext$2.class:
Methods with invalid locals information:
java.lang.Object kotlin.sequences.SequencesKt___SequencesKt$zipWithNext$2.doResume(java.lang.Object, java.lang.Throwable)
Some warnings are typically a sign of using an outdated Java toolchain. To fix, recompile the source with an updated toolchain.
[ 82% 60970/74331] build /home/shrawan...icy_tests_intermediates/sepolicy_tests
FAILED: /home/shrawan/Desktop/workon_viper/out/target/product/rolex/obj/ETC/sepolicy_tests_intermediates/sepolicy_tests
/bin/bash -c "(/home/shrawan/Desktop/workon_viper/out/host/linux-x86/bin/sepolicy_tests -l /home/shrawan/Desktop/workon_viper/out/host/linux-x86/lib64/libsepolwrap.so -f /home/shrawan/Desktop/workon_viper/out/target/product/rolex/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f /home/shrawan/Desktop/workon_viper/out/target/product/rolex/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -p /home/shrawan/Desktop/workon_viper/out/target/product/rolex/obj/ETC/sepolicy_intermediates/sepolicy ) && (touch /home/shrawan/Desktop/workon_viper/out/target/product/rolex/obj/ETC/sepolicy_tests_intermediates/sepolicy_tests )"
The following types on /data/ must be associated with the "core_data_file_type" attribute: netmgrd_data_file
[ 82% 60975/74331] //bionic/libc:commo...ioner preprocess include [linux_glibc]
warning: attempted to generate guard with empty availability: obsoleted = 23
warning: attempted to generate guard with empty availability: obsoleted = 21
ninja: build stopped: subcommand failed.
11:58:35 ninja failed with: exit status 1
#### failed to build some targets (04:38:04 (hh:mm:ss)) ####
I did a enough of the search in and out of the forum but i couldn't able to know what problem is this and i dont have any idea how to solve this. Please give me some light on what problem is this and guide me where should i be looking to solve. I have a great enthusiasm of learning but this problem solution isn't available or discussed properly in any place or maybe i didn't find the place where to look. Please help me on this
[[/COLOR]I was able to fix it by modifying the file at device/qcom/sepolicy/vendor/common/file.te and specifying
Code:
type netmgrd_data_file, file_type, data_file_type, core_data_file_type;
I don't know why / how this file is ending up here though
HarshOne said:
Any solution for this error?
Code:
Starting build with ninja
ninja: Entering directory `.'
ninja: error: '/home/harshone/android/lineage/out/target/product/m8/obj/KERNEL_OBJ/usr', needed by '/home/harshone/android/lineage/out/target/product/m8/obj/STATIC_LIBRARIES/libsdcard_intermediates/sdcard.o', missing and no known rule to make it
build/core/ninja.mk:151: recipe for target 'ninja_wrapper' failed
make: *** [ninja_wrapper] Error 1
make: Leaving directory '/home/harshone/android/lineage'
#### make failed to build some targets (02:30 (mm:ss)) ####
Click to expand...
Click to collapse
mine have same error, seem like kernel have wrong config (i dont know how to fix ) )

Android's /data/system/packages.xml cert's key attribute

Android's /data/system/packages.xml contains a cert node that has a "key" attribute. How is that key attribute datastring generated? For example:
<package name="packageName" codePath="/data/app/packageName-4r-3P8gvwV53t8CAY1HaqQ==" nativeLibraryPath="/data/app/ packageName -4r-3P8gvwV53t8CAY1HaqQ==/lib" primaryCpuAbi="arm64-v8a" publicFlags="944275012" privateFlags="0" ft="1794526df30" it="179452759d5" ut="179452759d5" version="60" userId="10346">
<sigs count="1">
<cert index="17" key = "3082056f30820357a00302010202020357300d06092a864886f70d01010b0500306d310b3009060355040613025553311d301b060355040a131453796d616e74656320436f72706f726174696f6e311d301b060355040b1314416e64726f6964204170706c69636174696f6e733120301e0603550403131753796d616e74656320434120666f7220416e64726f6964301e170d3136313131353132343332345a170d3431313131303135353832315a3075310b300906035504061302494e311430120603550408130b4d61686172617368747261311430120603550407130b4e617669204d756d626169311c301a060355040a131353544154452042414e4b204f4620494e444941311c301a0603550403131353544154452042414e4b204f4620494e44494130820122300d06092a864886f70d01010105000382010f003082010a0282010100b40850398200afe7647c734cb4a04f2b67eee915301f6c5e8d5b7fbae3defa4b7c27894d35cceef222009333843b5e49c9382e64822d00fd0a8667f470f5fbeed677b768cbe4f39f9b71f10d6db2070d63220108a4e183e937fbf00ac3e69bf726890b9242c70262fbdd564ddbc4e63701d912df1f37e9b7dcb28b7b13b9fdd33a9f3bbba0fefbbbdcff30c3c605db8b6d61675b86f486d185cfdfe7c1ad73a4618a1b0f383d3d9b5c26ed6007cf89601453617fb07ef40daa4a307044e0eb8a6ce5cc7422fea1b2d244c6fb39a830368ac7b2855ee580c13e11b25bb8d0ae426c262303e7dd1b3bc84ada65f2cd758efce96700c91a5827331a7fc40f9a72870203010001a382010f3082010b301f0603551d230418301680148e55d1a566d0a824974eec77d0dcbea0936884dd303c06082b060105050701010430302e302c06082b060105050730018620687474703a2f2f616e64726f69642d6f6373702e67656f74727573742e636f6d300e0603551d0f0101ff0404030205e0302a0603551d250423302106082b0601050507030206082b06010505070303060b6086480186f8450108350130410603551d1f043a30383036a034a0328630687474703a2f2f616e64726f69642d63726c2e67656f74727573742e636f6d2f63726c732f616e64726f69642e63726c301d0603551d0e04160414c42e45c7eb54079d944c0a915e3c390544a20194300c0603551d130101ff04023000300d06092a864886f70d01010b0500038202010063e29f0f7c49b6f1724bd34376cda80acf1f2bb0fb5d5a50d84caa3862458b5dd8e5ac184c98bc424dd667e326938b003b7bdc05f9bfb449fa19fe52d7389d929b0979064cd6b1cd48e9c49b41a0a24ddd9968f3a98631a99f40213bc181f61f32b327016fcaff475cea7f8242fe0a571cf5d89fb26be0a0049050d57b5fdb9e8e75a439a6e6d42c324163ab39b2482aba1274dba663d94bbdc0bca47ad7d4d5fbe1cb41f8c2ea9d9be6c4de553aeaf9e82d8318034f37dadd5579edb1d43dd2ced3988353fe7c3a12e350dc188aa5019c96d3384fa2b6201335644d6650263fa92118ac18c1a571150fa9a16c2ca68dde38982cb9dd02fa8aac9c6dcfa40fcf95b858540434fa38c6e22cf65649c3844932a9fe77c4fabdf649787ba63978f19e1c4a696e678347a21b65908e67a543d1650544d5107499770b1ed82c1276edcaeb57cc8489bfab7e976621d6c8458c7ef4a4e5938afe6315fadfd11b818587f04ee23462bbef13a2825b6334a0154fd69de8b23be81129f5f328782f0222717481d155a478d02af378ab7d01427bbfdf33934bc113d8a8d34676487316c5d7c5861689ea8bd5ffb89e079295ac583bdf309deda1f9b40506dd204291fe5c062c88963600bbc573fabed63022b40cecb9b1858603b6a7532952c3742c7259e7185e5e2b3da5673a9a25b28327c71657770e30f4436d062444b15d82c553968d" />
</sigs>
I want to generate the same key value from the *.RSA file present inside the apk. I tried the following things but it did not work out:
Executed the command unzip -p path_to_appName.apk META-INF/CERT.RSA | xxd -p | tr -d '\n' (but it gave incorrect result)
openssl pkcs7 -inform DER -in filename.RSA -noout -print_certs -text
Tried to fetch the certificate details of the app using the above command and tried analysing the public key of the app but could not find any pattern
Does anyone know how to generate the key value from the signature file (*.RSA) file present inside the apk?
Thanks a lot for the help

Categories

Resources