"Forknife" - the Android G1 controlled robot. - G1 Android Development

Since I got my G1 I have been thinking of interesting ways to talk with my arduino prototyping board since there is no USB support yet (my next software/hardware project?.. it would be handy to use a G1 as a serial console)
I ended up using DTMF tones and to see how well it worked, I quickly built a simple robot for testing. You can take a look at a video, pictures, overview of how it works, and the GPL-ed source code/schematics to build your own or improve it here:
http://macpod.net/misc/android_robot/android_robot.php
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Enjoy!

this is awesome man. fantastic work!
EDIT: Dude I got forknife on engadget!
http://www.engadget.com/2009/01/26/video-t-mobile-g1-powered-forknife-robot-goofs-off-eats-cupcak/
http://www.engadgetmobile.com/2009/...powered-forknife-robot-goofs-off-eats-cupcak/

If I just had your knowledge!
Awsome work !!!!!!!!

Awesome project!

Could someone make a quick program for the Dream to output all of its sensor data (GPS, Compass, accelerometer)?
It would save money from having to buy these parts for the arduino...

Yep, you could do this pretty easily. If you did it via dtmf you could send 1 nibble of data per tone without checksumming it. If you modified the kernel and made you own ttl level cable (I'm waiting on parts to make mine) you might be able to do two way communications up to 115Kbps!

I do not have a dtmf decoder to do this yet, so I am looking into alternate means to send the data.
It looks that I will have it set up opposite of the Forknife robot, with Android sending data over wifi (via a modified Gmote program) through the serial monitor in the Arduino Environment.
I'm also gonna try to grab the sensor data from the Tricorder app on my phone.
Time to see if I can get the Source code for these two.
-Brian

If you have wifi avaliable why would you need to reverse how this is done? I would just setup a server socket on the arduino, connect to it via the arduino and talk.
What wifi module will you use?
Oh, if you have a light sensor you could try sending out the G1's data by blinking the LED (you even have multiple colors so if you had a color sensor you could perform flow control!)
edit: check out bluetooth solutions too.
edit2: I guess it would make sense to reverse the flow.. I was thinking you were suggesting that there would be only one way communications from the arduino --> phone

My arduino doesnt have wifi, Android and my computer do.
At this point the Arduino isn't going anywhere, its plugged in with USB.
Would Android's Bluetooth API's allow for serial communication? as I was considering getting bluetooth modules for the Arduino.
Blinking the tricolor LED would be fun, but i have no experience coding Android, I am still working on setting up Eclipse for it.

Oh! Sorry, I didn't look at how the gmote setup worked.
If computer is in the picture this is really easy. You already have server code on the computer and client network code on the G1. All you would have to do is change what data is sent (and also send to the server as opposed to the server sending data to the client.. that's a trivial change).
On the server side you would need to forward the data you recieve from the G1 to your arduino.. and I'm sure the gmote code already shows how to work with serial ports.
On the client side, you would just need to rewrite the data in the thread to write out values from the sensors.
Edit: I'm not sure about bluetooth setups with the arduino as I have never worked with them. Something tells me that the communication protocols could be proprietary (i.e. both sender and recievers just work as serial ports.. they can't actually connect to other real bluetooth devices)

Hm, I cannot get the souce code for either the gmote.apk nor the server. I found a PICaxe based color sensor on sparkfun.com for $35, could that be used with the ardiuno to read the rgb notification LED on the G1? I would need a program to encode sensor data to the rgb.
I feel it would be easier to make a photo resistor read IO from the g1, and input directly into the RX on the arduino.

Using a photo sensor is a very hackish way to do this.. and would also cost more than just using wifi. It would also require significantly more code. Not to mention it only allows one way communication.
Just use the wifi method! It's the simplest method
I'm sure there is example code for how to read the sensors in android.
On the client side I'm sure there is code that discusses how to read sensor values
and on the computer side, all you need to do is implement code to talk to the serial port the arduino is associated with.. for linux/unix/os x it's just opening up a device in /dev/ for reading/writing!

Okay, i have eclipse set up for android, but still cannot get source code for the gmote.apk, I tried adb pulling it, but it is encrypted, so I cannot edit it's settings.
could i use "ghost" programs to control my input through these programs. I can easily place the cursor in the Serial Monitor for Arduino, but could I use a program to copy the serial data, then Paste the input into the gmote program to be sent to the serial monitor on the computer's side.
How easy would a code like this be? it would have to run on top (or underneath another program).

Now, I heard you say that a kernel patch could enable serial communication through the USB port. A friend of mine is really good in linux and modifying kernels.
Would you have any idea of what part of the kernel I should look for, and what it has to be changed to? I have to have an idea of what to ask him.
Thanks
-Brian

belding said:
Now, I heard you say that a kernel patch could enable serial communication through the USB port. A friend of mine is really good in linux and modifying kernels.
Would you have any idea of what part of the kernel I should look for, and what it has to be changed to? I have to have an idea of what to ask him.
Thanks
-Brian
Click to expand...
Click to collapse
It's actually supported in the kernel already, although I'm not sure if that particular configuration option is turned on in the default built. So at worst you would just have to recompile the kernel with a different configuration.

So I will have to ask my friend to find usb serial communicaton in the kernel, and enable it for program use?
If that is the case, how would I write programs to take advantage of this, wouldn't I need a new API?
Or since the kernel already has it, is there already an API for serial communication?
Thanks

belding said:
So I will have to ask my friend to find usb serial communicaton in the kernel, and enable it for program use?
If that is the case, how would I write programs to take advantage of this, wouldn't I need a new API?
Or since the kernel already has it, is there already an API for serial communication?
Thanks
Click to expand...
Click to collapse
I haven't played with it, but I assume it's just a device in /dev that you can read/write

belding, what is it about the wifi solution you don't like? It is a software only solution to your problem and alot of code is already written for you in the robot project.
Indeed the serial solution over the 11 pin connector would be best, but that requires you to buy hardware, solder tiny pins, and then modify your kernel which you don't seem to be comfortable doing. In addition, it is my understanding the modification requires you to disable adb support!
Perhaps if you told us your knowledge background I could explain it better? I kinda assumed you were computer science oriented, but I suppose if you are cpe or ee oriented I could have lost you. It would also help to know what your computer is runnng.

The wifi solution would work, but i cannot get source code to rewrite the gmote client or server.
I do not currently have the hardware (DTMF decoder) to implement your premade solution.
Okay, For my knowledge background: in Android, most things I can see are update.zip based, and I can change anything in the android system that is contained on the update. Looking through /system/usr I found the kernel config, but most options were enabled, and the two that were not do not seem to be related to Serial. I have basic knowledge of command prompt tools in Windows and the Android terminal.
Knowledge again, I am learning Arduino and processing, and am fairly good with electrical circuits, the ee you mentioned.
My computer is dual booting Windows XP and Windows 7.
PS, I talked to my friend, and we are looking into the Android Kernel, specifically where it is located, and where the terminal is located.
Where is the terminal in android located, inside or outside Dalvik VM?

belding said:
The wifi solution would work, but i cannot get source code to rewrite the gmote client or server.
I do not currently have the hardware (DTMF decoder) to implement your premade solution.
Okay, For my knowledge background: in Android, most things I can see are update.zip based, and I can change anything in the android system that is contained on the update. Looking through /system/usr I found the kernel config, but most options were enabled, and the two that were not do not seem to be related to Serial. I have basic knowledge of command prompt tools in Windows and the Android terminal.
Knowledge again, I am learning Arduino and processing, and am fairly good with electrical circuits, the ee you mentioned.
My computer is dual booting Windows XP and Windows 7.
PS, I talked to my friend, and we are looking into the Android Kernel, specifically where it is located, and where the terminal is located.
Where is the terminal in android located, inside or outside Dalvik VM?
Click to expand...
Click to collapse
Well, you can get to a terminal with the terminal emulator application of course, or through adb shell.
But if you want an actual console on the phone itself, try out the recovery image from JFv1.41. It boots into the normal recovery image, but it provides an alt+x option to exit the recovery program, and go to a console.
Also, the android kernel source is here. Make sure you grab the .25 branch if you want it to work with the current official builds. The .27 branch is only for cupcake.
To download the source, make sure you have git installed, and then:
git clone git://android.git.kernel.org/kernel/msm.git
cd msm
git checkout android-msm-htc-2.6.25
to build the kernel, you can use the pre-compiled gcc cross-compiler that is provided in the android source. make sure that it is in your path, and then invoke make with the arguments ARCH=arm CROSS_COMPILE=arm-eabi-
(or you can set those variables in the Makefile, so you can just do "make").
If you have any questions about getting everything set up to compile the kernel, feel free to ask. It seems a bit daunting the first time you do it, but it's actually fairly straight forward.

Related

Secret Code

Here is what I found from the source code, anymore?
*#06# Display IMEI
*#*#8351#*#* Voice Dialer Logging Enabled
*#*#8350#*#* Voice Dialer Logging Disabled
*#*#4636#*#* Phone Setting
*#*#7262626#*#* FieldTest
android.provider.Telephony.SECRETE_CODE
Already know that 5 Secret Code but could not find any thing which can out it into Diagnostic Mode which was there in Windows Mobile.
Please Upload the Source code also so every body also start searching for something very usefull.
hetaldp said:
android.provider.Telephony.SECRETE_CODE
Already know that 5 Secret Code but could not find any thing which can out it into Diagnostic Mode which was there in Windows Mobile.
Please Upload the Source code also so every body also start searching for something very usefull.
Click to expand...
Click to collapse
The source code is online and available VIA git
And if you are trying to use the field test use anycut to make a shortcut on the desktop and it has a menu item to output diagnostics.
Of course if you have DDMS or Eclipse you can output diagnostics as well.. I believe they have a linux boot image on open handset alliance
those aren't that secret, and aren't anything special.
Any app can register a "secret code" and they are specified in the manifest.xml file.
most of the time those numbers are things like "INFO" and are a lot easier to remember if you think of them that way instead of the digits.
We talking abiut the Diagnostic Mode of Phone Radio so we can plug the Phone into USB and get QxDM (Qualcomm Extendible Diagnostic Mode) Software and look into Radio NVItem from 0 to 4000. DDMS is useless for that kinda Stuff. Radio Software is build using Some Different Core other then Linux, i have seen commnet of CMonex He said it the same as General other Radio, Remeber Radio and Android is connected with RIL (Radio Interface Layer) using Internally Exposed Serials Ports.
did somebody say exposed serial port?
Over my head a bit, but sounds cool, internally exposed serial ports sound useful, id assume you,d get i/o from both sides radio/droid. Back on the WIZ you could find a radio that works with the rom ver. and carrier to get best clarity, call handling, stability and battery life. This is cool reminds me of the early days of palm os rom hacking/cooking (we didn't call it that back then)
I'm glad I got it and I'm glad its an htc, so the homies at xda-dev will have this bad boy totally tricked out and custom...I love this plave, in a non homo way
Will we all be adding db9 ports on pur g1s
Bhang
no, i do not believe we will ever see a db9 on the G1. First of all, that connector went out of style in the late 90's and second, its rather huge (want do drill a hole in your screen to make room for it??). I would however like to see usb host, but someone commented that it is probably not enabled in the kernel and if it is, there are no drivers for it (hint hint driver g writers). cmonex (is a girl by the way) has been looking into methods to get root on RC30 and many other things so we hope to see some fun new hacks from that.
nice shrring,this is a good source where someone can learn something about their mobile secret functions,meantime i would like to share something which i found last week this is a site where it has network unlock code for all mobiles find further

Android Tablet in car (bmw)

In the near future once an android tablet comes out that has GPS and dosnt cost me an arm and a leg i will be intergrating it into my bmw.
Since many tablets have usb host and on the web i can purchanse an ibus to usb adapter which people use when they make a car pc would this work with an android tablet? to control volume tracks and maybe even voice control/calls etc.
Does anyone know if anyone is working on the android software which would allow the tablet to recognise the ibus signal? this would be purfect for me.
Can anyone help?
I doubt that you'll get a helping answer soon, because there are not many people knowing about the IBUS.
For people who don't know what the IBUS is: It's a communcation bus used by BMW for controlling most of the cars electronics (light, radio, navigation system, electric window, ...). There are adapters for controlling all these things with a PC, so it should be possible to do this with an Android App.
But I'm affraid that there is none available at present. Also I think the app is not the only trouble: You'll need a working driver for your adapter, too.
So long
kadolf
Galaxy Tab. Since you have a Beamer I'm going to assume that you have some spare cash, the Galaxy Tab should have GPS, and I'm sure someone will make a car mount for it, or you could be the first .
If you havent gone to mp3car.com go there and check it out, ill be doing the same thing in my e36 pretty soon, although i have an external touch screen im going to try and link my g2 to
kadolf said:
I doubt that you'll get a helping answer soon, because there are not many people knowing about the IBUS.
For people who don't know what the IBUS is: It's a communcation bus used by BMW for controlling most of the cars electronics (light, radio, navigation system, electric window, ...). There are adapters for controlling all these things with a PC, so it should be possible to do this with an Android App.
But I'm affraid that there is none available at present. Also I think the app is not the only trouble: You'll need a working driver for your adapter, too.
So long
kadolf
Click to expand...
Click to collapse
Im sure that eventaully someone will create the drive/app for this. If i can use my phone with a bluetooth obd2 connector and rear my cars information on my phone surely what im asking is do-able.
cheers for the reply
mswiss said:
If you havent gone to mp3car.com go there and check it out, ill be doing the same thing in my e36 pretty soon, although i have an external touch screen im going to try and link my g2 to
Click to expand...
Click to collapse
My initial plan was to do that with my htc desire but unfortunatly it dosnt have tv out or usb host (OTG).
318vert said:
In the near future once an android tablet comes out that has GPS and dosnt cost me an arm and a leg i will be intergrating it into my bmw.
Since many tablets have usb host and on the web i can purchanse an ibus to usb adapter which people use when they make a car pc would this work with an android tablet? to control volume tracks and maybe even voice control/calls etc.
Does anyone know if anyone is working on the android software which would allow the tablet to recognise the ibus signal? this would be purfect for me.
Click to expand...
Click to collapse
old post, but i might be on the same wavelength as you, except with some changes.
android tablets will already do most everything you need, so my plan will be to ditch the head unit all together. in the spirit of the carPC and liliput touchscreens, my goal is to come up with a custom docking unity in the space of a double-din (which means i'll be required to use a 7 or 5in tablet). from there, the rest is relatively easy... or complicated.
the problem, so far, is i've yet to see any android tablets with a way to extract audio without using a headphone jack. so creating a docking station will be difficult in the sense of attempting to attach the audio.
so a couple things have been going through my mind;
1. you won't have to worry about power saving as much as a carPC. the tablet will be mostly safe to run off of the USB power (hooked directly to a 12v source) or maybe through a power inverter. removing the battery would eliminate concerns of dead battery, exploding battery from heat, etc., etc.
2. most built in FM tuners require the headphones to be attached to act as an attenna. can't be that hard to engineer the headphone component to work back into the car's radio antenna, it's just a matter if there's any benefit to be gained.
3. speaking of audio, once it's out of the device, it's just a matter of conditioning and amplifying the signal, which is all proven technology.
4. there's a huge probability that i'll skip an "in service" device in favor or a wifi only one, and then use tethering from my phone. still to be decided. i'd hate to add another cell line to my already high bill.
5. most, if not all, of the tablets will have some sort of hdmi out capability. attaching the device to external displays should be easy as pie. unfortunately, everyone will probably see what is on the main display, which may not be a problem. what might be a problem is accessing and using an SD card (of any size) to store movies, mp3s, etc. you're only so limited and it might be a little bit of a pita.
anyway, these were just some of my ideas. i know the interest is out there. the "dock" is going to be a little tricky. the tablet needs to be instantly accessible (easily removed), yet secure. i suppose you could fabricate something to where the audio cable is loose enough that you could attach it before docking.
Isn't Parrot working on single and double din headunits?
Sent from my Zio using XDA App
LiuAnshan said:
Isn't Parrot working on single and double din headunits?
Sent from my Zio using XDA App
Click to expand...
Click to collapse
are you talking about the android-driven HUs about to be released? from my understanding, they're just utilizing it as a core OS and not in the format you're used to on a phone, etc. similar to how Ford/BMW uses MS in their systems. i don't believe it'll have access to the market, which is a negative IMO.
the HUs might be sweet, in relation to what's available, but unless it's a dedicated tablet, i doubt you'll get the functionality you'd want to expect out of Android.
If you had a phone with usb host (OTG) then i would think we could just connect a MIMO Touchscreen monitor to it and use the released drivers for it and then we would all have what we want . here is some of what i have found that might help . Lets make this happen !!!!
http://sven.killig.de/android/N1/2.2/usb_host/
https://github.com/magoroku15/DisplayLink-driver-for-android
http://www.mimomonitors.com/
http://libdlo.freedesktop.org/wiki/
I would be interested in the hardware install aspect.
have anyone tried using the IOIO for android: http://www.sparkfun.com/products/10585
ypsmav said:
have anyone tried using the IOIO for android: http://www.sparkfun.com/products/10585
Click to expand...
Click to collapse
I'll bring this thread back to say that I have. Its an ongoing project but heres what I have so far:
http://www.youtube.com/watch?v=iBdQnFnXtgQ
any updated progress I have a 2007 335i and would be interested in getting a setup like this
Right now I'm working on making sure all of the commands work. Progress is slow since Java really isn't the best language for manipulating individual bytes (although that could also be my lack of experience). Unfortunately if you have a 335i, none of this will help you. I think all of the current generation of BMW's (those with iDrive) and most european cars for that matter use the MOST bus. This is based on a fiber optic physical layer. The supported transfer rates are in the 100's of MHz so you'd need more than a microcontroller to talk to it. That being said, if anyone wants to fund me for a couple weeks and lend me their iDrive equipped BMW, I'd be happy to crank something out
http://www.youtube.com/watch?v=80a-T37amdE
Howabout this... video looks cool... http://www.youtube.com/watch?v=80a-T37amdE
Also...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Image stolen from here http://forum.e46fanatics.com/showthread.php?t=839753
TunaCanyon said:
I'll bring this thread back to say that I have. Its an ongoing project but heres what I have so far:
http://www.youtube.com/watch?v=iBdQnFnXtgQ
Click to expand...
Click to collapse
Hi TunaCanyon,
good to hear, that some other people are engaged with this topic.
I built a IBUS Bluetooth gateway half a year ago, last weekend I used to make the circuit look a bit more "professional"
I already built some piece of software based on the Bluetooth SPP example ("Bluetooth Chat") of Android SDK. It features logging ibus data (including simple packet recognition) and sending data to the ibus (with automatic checksum and length calculation). I just added CD changer emulation.
As I'm not experienced with Android programming and also didn't start with Java long ago, building a clean and working app is pretty hard for me, especially when it comes to services and threads... So after the easy datasheet reading and circuit routing part now the hard part follows.
Greetings,
kadolf

[TUTORIAL] FM TRANSMITTER (dev needed)

please vote on the poll if you would like to see the transmitter support!!!
the evos Broadcom chip has a built in fm receiver and also a transmitter.
according to some threads and diagrams ive seen the transmitter does have a power source, it just doesnt have and software code to actually work.
like hdmi the hardware was there but there was no code set up, therefore we didnt have full hdmi out. it had to be built from scratch.
the hardware for the fm transmitter is there we just need some one to build the code for it.
some one please take this on!!
This tutorial was originally posted in > android development and hacking > android software development.
i am reposting it here in the evo forums for guidelines
its a nice tutorial but its old. i think it was for android 2.0 ive followed the tutorial but i couldnt get it working, and i by no means have the experience to switch things up and get it working.
[TUTORIAL] Reverse engineering HTC FM Radio for noobs (on EVO 4G)
Okay, I'm writing this because I want to help any other newbies trying to learn how to reverse engineer. The technical details involved in this are extremely daunting, so the purpose of this tutorial is to first explain in layman terms exactly what you're trying to accomplish and what to expect. Then we'll go over the details. That way you're not completely blind going into this. I'm fairly new to the scene, so I'm not as knowledgeable as everyone else. If you see any errors in my post, let me know so I can change. I'm going to assume you know a little bit of Java, can find your way around a computer, and know nothing about Android. The techniques used should work with other Android phones. For this tutorial I'm using Windows 7, Cygwin, and my stock (not rooted) EVO 4G mobile phone.
The FM tuner for the Evo is run by a Broadcom chip: BCM4329. This chip is pretty amazing in that it does wireless, bluetooth, and it has an FM receiver/transmitter. We're interested in the FM receiver / transmitter.
Now, all android phones are based on a Linux kernel. Basically they're Linux running computers. The Android operating system is then installed onto the linux system. Every app is then run off of Android.
Android is based on Java but it is not a Java system. It uses a virtual machine called Dalvik. Google did this to get around licensing issues with Sun Microsystems. So they pretty much invented their own machine language (called byte code) for the Java language. This makes things complicated for the reverse engineer because from what I've read, once Java is converted into this machine language or byte code, it can't be converted back.
So let's rehash.
If you were programming strictly in Java, you would see these extensions:
Java source code = .java
Compiled Java source code = Java byte code = .class
Compressed file to package your program = .jar (Java Archive)
But since you're programming in Android and Dalvik, you will see these:
Java source code = .java
Compiled Java source code = Dalvik byte code = .dex
Compressed file to package your program = .apk
(I haven't mentioned this, but HTC further Optimizes their .dex code)
Optimized Dalvik byte code = .odex
I'm writing all of these down because it's very easy to get confused with all of the extensions. (for me at least!). remember how I said once you go dex, you can't go back to java? That's where JesusFreke comes in. He's a senior member of XDA, and he created "baksmali" and "smali", two programs that can convert the Dalvik code back into a human readable format. These files have extensions of .smali
Decompiled Dalvik byte code = .smali
But what can you do with .smali files? That's where this other senior member, brut.all comes in: He developed apktool. apktool takes JesusFreke's work to the next level. This program in conjunction with NetBeans, actually lets you trace through any program using the .smali code taken from JesusFreke's programs!
apktool does this by converting those .smali files into "fake" .java files that can be used by the NetBeans (program that compiles and makes java programs) IDE. I say "fake" because apktool embeds the .smali code into java files as comments. However, once you attach a debugger to NetBeans, you'll see that the debugger will follow line by line every execution statement found in the smali code!
So...... you can take the program you want, plug it into Net Beans using a debugger (using the default ddms command provided by Android SDK), and you can trace everything you do in the program. I have it connected to my phone, so whenever I push a button while running my HTC FMRadio app or unplug my headphones,I see the corresponding response to the HTCFMRadio code I have loaded in NetBeans. I can now see in real-time how the program operates from my own interactions... JAM.
Technical Aspects: How to get from ground zero to tracing HTCFMRadio?
1.) Download Android SDK - Go to google development site and follow instructions: Make sure to download the latest Java JDK. Once that is installed, download NetBeans 6.8. Unfortunately, smali debugging does not work with the lastest versions of NetBeans.
Download the "Java SE" version for minimal space
http://netbeans.org/downloads/6.8/index.html
You can follow the rest of Google walkthrough and download Eclipse and ADT plugin, but it's not pertinent to this. You're going to be using adb and ddms from the android SDK extensively, so make sure the path for </android SDK/tools> is included in the PATH variable in your ENVIRONMENT SETTINGS. To get here, right click My computer, click properties, Advanced Settings, ENVIRONMENT SETTINGS.
2.) Search for 7z and download it. It is an awesome and free compression tool that will be extremely useful. It can be used to "unzip" .jar, .apk, and other compressed formats.
3.) Get the Radio app. You can do this by going to "shipped-roms" website, downloading the latest Supersonic image, and following the directions in the unlockr tutorial for HTC kitchens at the unlockr website... (once you have extracted the files from the image, you can look in the system/app and system/framework directories to get the files listed below) or:
you can pull the following files from your phone:
Using the command prompt type (and with phone plugged in, and with USB debugging enabled on phone):
adb pull /system/app/HtcFMRadio.odex
adb pull /system/app/HtcFMRadio.apk
adb pull /system/framework ./framework
This will put HtcFMRadio.odex and HtcFMRadio.apk in the current directory and create a framework directory with more files. A couple of the files in the framework are needed for the HtcFMRadio app, but for simplicity, we're just going to pull the whole directory.
Now that we have the files, we have to make a few changes to make the app installable and to be viewable by the debugger. To do this we have to decompile the .odex format into a human readable format we can edit. That brings us to:
3.) Download baksmali and smali from Project Hosting on Google Code (google search smali).
Usually an Android application is made up of one file, an apk file. Inside the apk file is an AndroidManifest.xml file, a classes.dex file (compiled Java code for the program), and other folders. The other folders contain either graphics or other .xml files that tell the program how it should look to the user. We don't have to worry about those for now. This is important because APKTOOL only opens programs set up this way. But wait up? We didn't download one .apk file, we downloaded an .apk file and an .odex file! What gives? Well, if you right click the apk file and open it (using 7z), you'll see that it's missing the classes.dex file. The dex file for the app is actually the HtcFMRadio.odex file we downloaded. So, to make this system app more like a nominal app, we have to find a way to convert the HtcFMRadio.odex to a classes.dex file. That's easy with baksmali and smali!
Once you download goto command prompt and type:
java -jar baksmali-<version>.jar -d framework -x HtcFMRadio.odex
(Remember to match baksmali-<version>.jar with the filename of baksmali you downloaded)
If done correctly, you should see a newly created \out directory
This creates an out\com\htc\fm directory with many .smali files.
Now let's reverse the process and put it back as a dex file. Type at command prompt:
java -jar smali-<version>.jar out -o classes.dex
If done correctly you'll see a newly created classes.dex.
now, right click on HtcFMRadio.apk (select 7z and open). Drag classes.dex into the file. Say yes to the prompt. Now you have a normal apk file APKTOOL can read!
4.) Download APKTOOL from Project Hosting on Google Code and the helper apps for your OS. (If you're extracting files for windows OS you should have apktool.bat and aapt.exe). Extract (again using 7z, don't you love this program?) apktool.jar (keep it as a jar file, don't extract the stuff inside of it), apktool.bat, and aapt.exe to the directory you're working on. To make things neat, you can also delete HtcFMRadio.odex (you don't need it anymore) and classes.dex (make sure you put it in the HtcFMRadio.apk file first!)
If this is the first time you're using apktool, then you have to install the htc framework so apktool can baksmali the Radio app. You only have to do this once:
apktool if ./framework/com.htc.resources.apk
Alright, at the command prompt:
apktool d -d HtcFMRadio.apk
This extracts the contents of HtcFMRadio.apk and places them in the HtcFMRadio directory. However, there are two major differences between this content and the content created in step 3. If you go into the smali directory you'll see that instead of .smali files, you'll see .java files. And if you go back and edit the AndroidManifest.xml file, you will also see that it's in text! Android applications convert their xml files to binary format. Now that APKTOOL has converted everything to an IDE friendly format, we can use NetBeans to edit everything. The first thing we're going to do is edit AndroidManifest.xml (using notepad) and add the following:
android:debuggable="true" to the Application tag.
IT should now look like this:
<application android:theme="@android:style/Theme.Black.NoTitleBar" android:label="@string/fm_app_name" android:icon="@drawable/fm_radio" android:taskAffinity="android.task.fmradio" android:description="@string/htc_corp" android:allowTaskReparenting="true" android:debuggable="true">
This permission lets the debugger watch the program while it's running on the phone.
We are going to run into two problems if we try to install this program. One is that Android doesn't let you install more than one copy of a system app. The second issue is that if we change the signature of our system app, then we'll have to change the signatures of our other system apps as well! Ahh.... So, to get around that, we're going to trick Android into thinking we have a completely new program. We're going to do that by renaming the com.htc.fm class to com.htc.modradio class. Next step:
5.) Cygwin (or Linux virtual machine)
The easiest way that I can think of to replace strings in multiple files is by using linux. You can most definitely do it in WIndows, but I dont know how. If you let me know how, I can put it in this tutorial.
(update: you can use Notepad++ to easily find/replace strings in multiple files for Windows. You still, however, want to download Cygwin if you're going to develop with Android-NDK.)
For now, just search for Cygwin (Cygwin is a program that lets you run Linux commands from a command prompt using your Windows directories), and install it. Make sure to have the Perl option selected. You'll need Perl to make the following commands work.
Once you get Cygwin up and running
cd <to your HtcFMRadio directory>
in my case it's
cd /cygdrive/c/Users/Jerry/Desktop/HtcFMRadio
now type the following commands in this order:
this command changes all occurances of htc/fm to htc/modradio in your xml and .java files.
find ./ -type f | xargs perl -pi -e 's/htc\/fm/htc\/modradio/g'
this command changes all occurances of htc.fm to htc.modradio
find ./ -type f | xargs perl -pi -e 's/htc.fm/htc.modradio/g'
If you don't follow this order, your source code will get messed up.
If using cygwin, a bunch of .bak files will be created. Using windows search, find all .bak files in your HtcFMRadio directory, then select them all and delete them (Make sure they are only files with .bak!)
Now just rename the fm directory to modradio. It is located in HtcFMRadio/smali/com/htc
Now go to your windows command prompt and type:
apktool b -d .\HtcFMRadio modradio.apk
Now sign and install modradio.apk on your phone.
adb install modradio.apk
If you have never signed before, then you need to use keytool and jarsigner. These two files are in your JDK directory, so make sure you include your JDK directory in the PATH variable of your ENVIRONMENT SETTINGS. (To get here, right click on My Computer, click Properties, Advanced Settings, Environment Variables. Once you make change, open up a new COMMAND prompt to see changes).
cd to the directory which has modradio.apk
now type:
keytool -genkeypair
Answer all questions, then use the same password for all password prompts.
Next type:
jarsigner -verbose modradio.apk mykey
Type in the password you created in the above step. Your apk should now be signed.
Next install:
adb install modradio.apk
Success!
6.) Testing the app on phone
Go to your phone and you'll now see a new FMRadio icon next to your first. Click on it and watch it open. It should now be able to play music. Keep it open.
7.) Using Netbeans
Go into HtcFMRadio and delete the build directory created by APKTOOL.
Now open up Net Beans and click on File, New Project, Select Java Project with Existing Sources, click on Next
Select HtcFMRadio directory for Project Folder, rename Project Name to whatever you want. Let's type in ModRadio. click on Next
Next to "Source Package Folders" click on "Add Folder" and select the smali directory.
Click Finish. For a quick tutorial by Brut.all, search APKTOOL in youtube and click on: Apktool Demo 2 - Smali improvements
Right click on Libraries. Click on "Add Jar / Folder". You want to add Android.Jar. Since I have Android 2.1 loaded I went to /platforms/android-7 located in my android SDK directory.
Your project is now ready for editting!
8.) Running the Debugger to trace through program.
Next go back to Windows command prompt and type ddms. This runs the Dalvik Debug Monitor. A window should open up. In the left hand side you should see com.htc.modradio. That's our app! To the right you're going to see 2 numbers, you're interested in the one to the right, 4 cells away from com.htc.modradio. This number is a port number, and you're going to use it to communicate with NetBeans. (In my case it is 8603)
Go back to NetBeans and click on Debug, Attach Debugger.
In the host field type: localhost
In the Port field: type in the second number you saw. (8603)
If everything is working you'll see a bug appear next to com.htc.modradio in the Dalvik Debug Monitor. Look at the bottom bar of NetBeans for feedback. If you get errors make sure the numbers match, or try port 8700 and make sure you select com.htc.modradio in the Dalvik Debug Monitor. Port 8700 is the default port used for whatever program you select in Dalvik Debug Monitor.
9.) Setting a breakpoint
I'm making this a seperate step because it is completely arbitrary. When creating a break point be sure to follow this rule:
You must select line with some instruction, you can't set breakpoint on lines starting with ".", ":" or "#".
Rather than looking for a spot to breakpoint, though, I'll tell you where to put one so you can quickly see how the debugger traces through the code. You aren't "REQUIRED" to do the next step, but if you want to trace you have to put a breakpoint somewhere.
In Net Beans click on the Project tab, click on Source Packages, com.htc.modradio, and then doubleclick on BroadcomFMTuner.java
We're going to insert a breakpoint. Scroll down to line 3226 and on your keyboard press: CTRL-SHIFT-F8, select line in dropdown box and hit ok. (To keep it simple, I usually look for "invoke" instructions to set breakpoints at)
Now go to your phone and click on the physical "back" button on your phone. This will clear the radio,(you should still be able to listen to music). Drag your status bar down. You should see a radio icon. Click on it again. The radio backgroudn will appear, but you wont' see any text or anything. Now go back to your netbeans application. You should now see debug options highlighted! Click on Step Over (F8) to step through!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
i found a few things.
http://pdf.eccn.com/pdfs/Datasheets/Broadcom/BCM4329.pdf
http://www.broadcom.com/products/Bluetooth/Bluetooth-RF-Silicon-and-Software-Solutions/BCM4329
I've read everything there is about this, and have yet to see anyone get it working. I don't have nearly enough experience to even take a stab at it, but I would love it.
The only phone I've seen where it was implemented was my first sprint phone: LG FUSIC, And I used it all the time.
yea im hoping some one actually tries to get it working
apple products use this same chips interesting...
http://jaxov.com/2010/04/ipad-can-play-fm-radio-broadcom-bcm4329-chip-found-by-ifixit/
i would love to see this working
I think I read about this before the EVO was released and a bunch of people got all excited but nothing ever really happened!
http://forum.xda-developers.com/showthread.php?t=693253
Not trying to rain on anyone's parade because this would be cool if it actually took off the ground BUT I doubt it will go anywhere because two reasons in my opinion!
1. Is easier to just buy a FM transmitter, some as low 35 dollars
http://www.amazon.com/Generation-Transmitter-integrated-Gomadic-TipExchange/dp/B0045DIQ9K
2. The developers on here have soooo much on their plate already. For example I think everyone would rather have Sense 3.0 up and running instead of this.........BUT like I said before, I'm not trying to rain on any parade! I for one would donate, support or whatever if we could actually get someone working on this ASAP.
That is all....LOL
I think this is just as important as HDMI and 4G.
In all honesty, I've never used HDMI or 4G.
This on the otherhand, is something I'd use everyday, as would many others.
Good luck to those who take it upon themselves to become immersed in this project.
I'd love to see this come off the ground.
~ I'm a fungi
Edit: one thing comes to mind....
What would be used as an antenna?
i think that is the biggest prob the headphones act as a headphone for the fm transmitter that would prob mean we would have to have headphones in to see any real use out of this thing
filebug said:
i think that is the biggest prob the headphones act as a headphone for the fm transmitter that would prob mean we would have to have headphones in to see any real use out of this thing
Click to expand...
Click to collapse
That, to me, seems like the smallest problem...
~ I'm a fungi
From what I've read the antenna is already built in.
Sent from my PC36100 using XDA Premium App
a senile fungus said:
That, to me, seems like the smallest problem...
~ I'm a fungi
Click to expand...
Click to collapse
He means the headphones act as an antenna, which defeats the purpose of the transmitter, at least for me, since the purpose of the transmitter, in my case, is to broadcast my music to my car radio.
And to the guy who said the antenna is built in, if you try to use the FM radio, it will tell you you need to plug in headphones to use as an antenna. At least, the MIUI radio did.
Yes but that is stock app. If an app is built you can over ride that request.
The reason for the headphones is obviously get better reception.
They wouldn't be needed BC the FM would only need to transmit about 5 to 10 feet.
Sent from my PC36100 using XDA Premium App
dtr145r said:
Yes but that is stock app. If an app is built you can over ride that request.
The reason for the headphones is obviously get better reception.
They wouldn't be needed BC the FM would only need to transmit about 5 to 10 feet.
Sent from my PC36100 using XDA Premium App
Click to expand...
Click to collapse
Actually you would need an antenna. Take a blank headphone plug and plug it into the headphone jack to enable the receiver then try to tune in a radio station. Unless you a very close to the transmitting station you are not going to hear much other than hiss. Receivers are not as picky to antenna length as transmitters are. As long as the length of wire is close to the resonant frequency in length a receiver will operate fine. With transmitters you are now pushing a current through it. If the antenna is not there, or cut close to the resonant operating frequency that RF energy will be reflected back into the transmitter causing it to heat up,and eventually fail.
In our EVO's there are several antennas inside. Mainly for connecting to cellular, 3g, 4g, BT/WiFi on the UHF bands. FM broadcast is on the lower portion of the VHF band. So the FMBC antenna (3meters) will be considerably longer than say lower CDMA antenna (42cm). The higher the frequency the shorter the wavelength (and antenna).
http://en.wikipedia.org/wiki/Cellular_frequencies#Frequency_bands_used_in_the_United_States
To fashion an antenna for this project you would need a blank headphone plug, some sort of material to fashion a dipole antenna (if you or someone you know makes plastic models the left over plastic would be perfect. Wood is not a good insulator to this project), and very thin insulated (painted) speaker wire. now for a full wave antenna you will need about 9 feet of wire (you can shorten it to 1/2, or 1/4 wave). Take the plastic rods from a model kit and fashion it into a T placing the lower part of the T into the plug then running the wires from the appropriate connections in the plug up to the top portion of the T then winding the wire out to each end. Effectively making a loaded dipole antenna.
Now I skipped alot of stuff because I don't have all the information on the chip used so I don't know if it has a tuning circuit for loading the transmitting antenna or not. You may have to add a capacitor at the top of the T between the two stubs to properly tune it. the reason I chose a dipole over a omnidirectional (whip) is because the dipole is more efficient, and easier to tune. As a matter of fact the antennas in most cellphones are now dipoles. Since most phones now have to operate hands free the omnidirectional (whip) is impractical since our hands were used as the groundplane.
Hope this helps.
Where's teamwin at .....
Igotsanevo4g said:
Where's teamwin at .....
Click to expand...
Click to collapse
now thats the comment I was anticipating.
So do all those FM transmitters we buy have 9ft of wire for the antenna?
Sent from my PC36100 using XDA Premium App
aimbdd said:
So do all those FM transmitters we buy have 9ft of wire for the antenna?
Sent from my PC36100 using XDA Premium App
Click to expand...
Click to collapse
More than likely no. The use loading coils, and coil-capacitor circuits. Depending on which is cheaper at the moment, and enclosure size.
For a fullwave antenna yes. Several things you can do to "shorten" it. You can coil it, you can cut it to the appropriate wavelength (1/2, 1/4, or 1/8th wave), and coil it. The drawback is once you shorten it either way you narrow the bandwidth, and the ability to properly tune it to whatever frequency you set the transmitter to.
For example using the full sized antenna you are able to use the transmitter the full broadcast band (87MHz-107.5MHz) with it not going out of tune causing power loss, and power being reflected back to the transmitter itself. Shorten the antenna to a 1/2 wave (4.5') you may be only be able to tune from say 95MHz to 102MHz, and so on. Effectively you are narrowing the amount of usable bandwidth you can use. now you can make an L-C (capacitor-coil) circuit so you can use the full spectrum but you will incur line losses so your effective radiated power will be lower (not that you had much to begin with). Depending on your receiver that you would be transmitting to the lower power may lead to more outside interference (ie noise).
ive been trying to find the pin out for the broadcom chip but i cant find it anywhere.
dtr145r said:
ive been trying to find the pin out for the broadcom chip but i cant find it anywhere.
Click to expand...
Click to collapse
I've been trying as well. Broadcom posted almost every other chip's datasheet, but not that one.. I am going to call Broadcom's tech support line on Monday and see if I can get one out of them besides that crappy incomplete block diagram in the promo handout. Know anybody that has the actual schematic for the EVO? That would even be more helpful. Then you would know what is, and what is not connected. Plus you wouldn't have to tear one down to check the connections.
any update?, this is a very good idea for everybody that don't have a bluetooth radio.
i can't wait for somebody to get this going
bump bump.

[Dev] Kernel code execution

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Decrement ci.dll!g_CiOptions(ci.dll+0xF984) by 0x08 using the exploit (It is 0x26, we need the 0x08 bit high, I chose 0x1E as the result since it's the closest we can get to the original mask).
I haven't actually compiled a driver for it yet, but I'm working on that.
Edit: Played with loading a default system driver with modified code and a custom signature. Instead of subtracting 0x08 to set testsigning high, subtract 0x25 to set all but the 1 bit low. Seems to be working, now. There is absolutely no driver signing now, though. Perhaps setting only 0x08 high would give a similar result but still require a test signature. Not sure, I don't like kernel driver signatures anyways.
More edit: Fun fact: Windows acts odd if null.sys is unloaded.
Even more edit: I'm going to get this, along with a couple other small tweaks, such as a registry-based startup, pushed in the next Jailbreak release, too.
Now, to get the DDK working. I haven't had any luck getting a driver compiled for ARM so far. I heard that there was a leaked DDK out there, anyone happen to know where it is?
oh hoo... awesome! :good:
I was able to use a tweaked version of THIS to get a driver built that loads into the kernel. I had to dump my own libs for ntoskrnl.exe (and somehow managed to get it to look for ntoskrnl.dll, blah), but I did get a Hello BSoD driver to run.
Also I've been looking for ARM DDK, but still not find yet.
It must be only released to device manufacture, but that also can be meaning that it already might have been leaked.
M-m-m, Netham45 I'm not so perfect Guru as you. Please, tell me, using "english", what are we allowed to obtain? Persistent JB or possibility to use/install system drivers w/o signaturest?
Denis_63 said:
M-m-m, Netham45 I'm not so perfect Guru as you. Please, tell me, using "english", what are we allowed to obtain? Persistent JB or possibility to use/install system drivers w/o signaturest?
Click to expand...
Click to collapse
Second part, this lets you get system drivers loaded without valid signatures. It's not ready for the average joe quite yet, but I'm working on getting it implemented into the jailbreak so everyone can use it.
Edit: Latest version of the jailbreak should support kernel-mode code unlocking now.
I've been working on the same thing, to allow unsigned drivers to dynamically load
I decrement by 0x22
I would strongly suggest keeping this separate from the run unsigned user mode win32 code jailbreak
as most people wont need it except in rare circumstances
(and its more likely to lead to the vunerability we all need being closed off)
xsoliman3 said:
I've been working on the same thing, to allow unsigned drivers to dynamically load
I decrement by 0x22
I would strongly suggest keeping this separate from the run unsigned user mode win32 code jailbreak
as most people wont need it except in rare circumstances
(and its more likely to lead to the vunerability we all need being closed off)
Click to expand...
Click to collapse
I think it'd be better if they were both loaded at the same time, so tools like OpenVPN and whatnot that require kernel-mode drivers can still function properly.
By the way, would the drivers work on the RT without this hack (but with a jailbreak) if they were signed with my own (bought, not self signed) code signing certificate or is there a specific list of trusted publishers (ony Microsoft?) that are allowed?
DarkoLord said:
By the way, would the drivers work on the RT without this hack (but with a jailbreak) if they were signed with my own (bought, not self signed) code signing certificate or is there a specific list of trusted publishers (ony Microsoft?) that are allowed?
Click to expand...
Click to collapse
I think the certificate for drivers is different from the certificate for applications.
Nice job, netham.
I'll try incorporating this into what I'm working on. My implementation works like this:
1. Start Notepad with a specific name in the title bar.
2. Attach nonobtrustively to Notepad with cdb.exe.
3. Overwrite user32!GetMessageW using a cdb.exe script.
4. Use taskkill to send a WM_CLOSE to that Notepad, causing the GetMessageW overwrite to execute.
5. The injected code I wrote with cdb.exe loads a DLL and runs it. It loads the DLL by mapping it as a file instead of an image, then marks it PAGE_EXECUTE_READWRITE with VirtualProtect.
6. The initialization sequence of the DLL fixes relocations and loads imports.
7. The DLL finds csrss.exe in the current session.
8. Open ntoskrnl.exe and ci.dll to look for the needed addresses.
9. EnumDeviceDrivers to find the ntoskrnl.exe and ci.dll base addresses.
10. The DLL injects itself into csrss.exe using NtMapViewOfSection and RtlCreateUserThread. (CreateRemoteThread can't be used on csrss.exe, because the new thread will try to connect to csrss over LPC.)
Steps 1-10 are already implemented and working. This leaves the next few steps:
11. Use the exploit to set g_CiOptions as per this thread.
12. Load the driver using NtSetSystemInformation(SystemLoadAndCallImage).
13. Use DeviceIoControl to communicate with the driver in order to set the variables we want.
14. Unload the driver somehow.
Myriachan said:
Nice job, netham.
I'll try incorporating this into what I'm working on. My implementation works like this:
1. Start Notepad with a specific name in the title bar.
2. Attach nonobtrustively to Notepad with cdb.exe.
3. Overwrite user32!GetMessageW using a cdb.exe script.
4. Use taskkill to send a WM_CLOSE to that Notepad, causing the GetMessageW overwrite to execute.
5. The injected code I wrote with cdb.exe loads a DLL and runs it. It loads the DLL by mapping it as a file instead of an image, then marks it PAGE_EXECUTE_READWRITE with VirtualProtect.
6. The initialization sequence of the DLL fixes relocations and loads imports.
7. The DLL finds csrss.exe in the current session.
8. Open ntoskrnl.exe and ci.dll to look for the needed addresses.
9. EnumDeviceDrivers to find the ntoskrnl.exe and ci.dll base addresses.
10. The DLL injects itself into csrss.exe using NtMapViewOfSection and RtlCreateUserThread. (CreateRemoteThread can't be used on csrss.exe, because the new thread will try to connect to csrss over LPC.)
Steps 1-10 are already implemented and working. This leaves the next few steps:
11. Use the exploit to set g_CiOptions as per this thread.
12. Load the driver using NtSetSystemInformation(SystemLoadAndCallImage).
13. Use DeviceIoControl to communicate with the driver in order to set the variables we want.
14. Unload the driver somehow.
Click to expand...
Click to collapse
I really don't get the point of this, we already have an established and working "jailbreak" (god I really hate this term) procedure.
lilstevie said:
I really don't get the point of this, we already have an established and working "jailbreak" (god I really hate this term) procedure.
Click to expand...
Click to collapse
No volume button required. No 2 minute delay after boot. No hardwired addresses - the last remaining one in the .bat file, in winsrv.dll, is obviated by thread injection. Higher stability, because we're not messing with csrss.exe's existing threads. No Internet access needed, because the code can find addresses without symbols.
By the way, Windows RT does not require validate signatures on .msi files. You'll get the otherwise-never-seen yellow UAC dialog box, and then it will install. So another part of my jailbreak is that you'll install it by double-clicking an .msi file. I've tested the .msi functionality. You could then even uninstall the jailbreak the usual way.
These are just improvements to make jailbreaking more user-friendly.
I'm not a fan of the term "jailbreak" either, but it's the current one.
Myriachan said:
I'm not a fan of the term "jailbreak" either, but it's the current one.
Click to expand...
Click to collapse
Me either, I always rename the bat FreeRT.
lilstevie said:
I really don't get the point of this, we already have an established and working "jailbreak" (god I really hate this term) procedure.
Click to expand...
Click to collapse
It's also got the benefit of not being automatic at reboot, unlike what he's talking about. I think that this is part of the reason that MS decided it wasn't a security issue because it requires user interaction every single boot, and a malicious program couldn't possibly install it silently.
Wow, a lot of news, GOOD news!!!
Myriachan
By the way, Windows RT does not require validate signatures on .msi files. You'll get the otherwise-never-seen yellow UAC dialog box, and then it will install. So another part of my jailbreak is that you'll install it by double-clicking an .msi file. I've tested the .msi functionality. You could then even uninstall the jailbreak the usual way.
Click to expand...
Click to collapse
First, that .msi container doesn't need signature for installing - this fact simplifies installation process! And now, if anyone wants to create programs for non-JB devices with Win RT on board, all he needs - is to make out the program in .msi formfactor. Magnificently!!!
No volume button required. No 2 minute delay after boot. No hardwired addresses - the last remaining one in the .bat file, in winsrv.dll, is obviated by thread injection. Higher stability, because we're not messing with csrss.exe's existing threads. No Internet access needed, because the code can find addresses without symbols.
These are just improvements to make jailbreaking more user-friendly.
Click to expand...
Click to collapse
Heavenly!!! When ordinary users (like me) will obtain user-friendly variant of your product? Next moment - will your variant of JB be persistenet, or non-persistent, just like actual (Netham45)? If even non-persistent, it won't be the problem with those perfect features ))) We'll place it in auto-startup
Netham45
About unsigned drivers. Should unsigned drivers be recompilled for Win RT (ARM), or non-modified drivers for Win7 (8) usage is possible (in .msi variant or by right-button clicking on .inf file) ??? And, also, when your usefull decision with user-friendly interface will be available for ordinary users???
Guys, thanks for your work and for your help from all Win RT users community :good:
netham45 said:
It's also got the benefit of not being automatic at reboot, unlike what he's talking about.
Click to expand...
Click to collapse
I was referring to what he was talking about
Denis_63 said:
Wow, a lot of news, GOOD news!!!
Myriachan
First, that .msi container doesn't need signature for installing - this fact simplifies installation process! And now, if anyone wants to create programs for non-JB devices with Win RT on board, all he needs - is to make out the program in .msi formfactor. Magnificently!!!
Heavenly!!! When ordinary users (like me) will obtain user-friendly variant of your product? Next moment - will your variant of JB be persistenet, or non-persistent, just like actual (Netham45)? If even non-persistent, it won't be the problem with those perfect features ))) We'll place it in auto-startup
Netham45
About unsigned drivers. Should unsigned drivers be recompilled for Win RT (ARM), or non-modified drivers for Win7 (8) usage is possible (in .msi variant or by right-button clicking on .inf file) ??? And, also, when your usefull decision with user-friendly interface will be available for ordinary users???
Guys, thanks for your work and for your help from all Win RT users community :good:
Click to expand...
Click to collapse
We've been able to use MSIs for a while, I documented it in the desktop apps thread, I believe. I've even posted some MSIs (MWB, DosBOX). They're just a pain in the ass to deal with right now, and most people don't feel like it.
His jailbreak will also be non-persistent. The persistence is because we are not saving any changes to Windows files, but only overwriting bits in memory (which are reset on next boot). I would love to have a persistent JB, but we just don't.
Unsigned drivers need to be compiled for Windows RT. That should be obvious, it's an ARM process and kernel-space has no knowledge of any JIT languages, so everything is compiled into assembly before being ran. x86 assembly will not run on ARM.
As far as the kernel exploit, it's available in the latest version of my jailbreak (1.2.0). There are also some other tweaks in there (registry-based startup, cleaned up how I check for admin, etc...), but since there are no ARM-compiled drivers available it's not really required to update right now.
lilstevie said:
I was referring to what he was talking about
Click to expand...
Click to collapse
And I was referring to my jailbreak in relation to his.
His jailbreak will also be non-persistent.
Click to expand...
Click to collapse
Clear... but what about uselessness of "Vol -" button pressing? Its the great step forward, I think :good: Automatical startup will be the solution for non-persisting
but since there are no ARM-compiled drivers available it's not really required to update right now.
Click to expand...
Click to collapse
Sad, but true (c)... but what about non-system, for example, peripheral drivers - printers, scanners etc. Its very simple, does peripheral drivers also need recompilling? :crying:
netham45 said:
And I was referring to my jailbreak in relation to his.
Click to expand...
Click to collapse
Ah right.
Denis_63 said:
Clear... but what about uselessness of "Vol -" button pressing? Its the great step forward, I think :good: Automatical startup will be the solution for non-persisting
Click to expand...
Click to collapse
Personally I think it is a great step back, the step requiring you to press "vol-" is one of the reasons microsoft aren't as interested in patching the exploit at this point in time, the more "Automatical" it becomes, the bigger the chance of it being used malliciously becomes, at which point microsoft will be forced to act (infact it would be rather irresponsible of them to not patch it at the first signs of mallicious use).
Denis_63 said:
Sad, but true (c)... but what about non-system, for example, peripheral drivers - printers, scanners etc. Its very simple, does peripheral drivers also need recompilling? :crying:
Click to expand...
Click to collapse
Yes

[DEV][ROOT] Pi-hole for Android // Deploy Pi-hole DNS server to ANY Android 4.x device.

Pi-hole for ARMv7 (2011 and newer) Android devices.
NOTE: This project has been supersceeded by the Raspbian APK installer.
The post below is still useful for Android 4.x devices.
________________
Original post...
[ Preface: I have successfully deployed this to several ARMv7 and ARMv8 devices, but looking for additional test devices to ensure the scripts are robust enough to detect the many various device configurations out there, especially interested in RockChip and Allwinner-based Android HDMI sticks. Please give it a spin and report your results - Thanks! ]
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole intended for use on a private network. It is designed for low-power embedded devices with network capability, most well-known being the Raspberry Pi.
This customized Linux Deploy image works on any rooted Android device with an ARMv7 (or newer) class CPU. This typically includes anything made in the past 10 years. Form factor is not important; it could be a phone, tablet, HDMI stick or any device running Android.
Requirements:
· Android device, rooted
· Developer Options -> Root Access -> Enabled for Apps
Instructions:
· Open browser on device and download+install the Linux Deploy APK below. You can also download it from the Play Store if you prefer:
​· https://github.com/meefik/linuxdeploy/releases​
· Download the Pi-hole for Android disk image: 1.6 [20220908]
· https://github.com/DesktopECHO/Pi-hole-for-Android/releases​​· Restart Phone (This is REQUIRED)
· Open Linux Deploy
· Open Properties Menu (Bottom Right)​· Distribution: rootfs.tar​· Source Path - This varies depending on the device, ie: ${EXTERNAL_STORAGE}/Download/p4a16.tgz​· Set password for user "android"​· Init -> Enable​
· Go back to main window, click Options Menu (Three dots, top right of screen) and click "Install"
· Wait a few minutes for the disk image to install.​· Allow the install to complete before proceeding to next steps.​· When install is complete, the Linux Deploy console window will show the following:​
Code:
[HH:mm:ss] >>> :: Configuring core/launchroot ...
[HH:mm:ss] >>> deploy
· Open Hamburger Menu (Top Left) and touch "Settings"
· Place check mark on Lock Wi-Fi​· Place check mark on Autostart​
Touch the [ -> START ] button and confirm when prompted.
Pi-hole is now installed and running!
Your Android device's IP is shown at the top of the Linux Deploy main window. You can interact with the Pi-hole instance in three ways:
Open a web browser to the Android device's IP address. Example:
http://10.13.12.11/admin
SSH to the instance on port 22. Example:
ssh [email protected]
RDP to the device's IP address to open an XTerm. Example:
mstsc.exe /v:10.13.12.11
Additional Info
You can restart (or "bounce") the Pi-hole instance in Linux Deploy by pressing [ ■ STOP ] and waiting a few seconds for the instance to indicate all services are stopped. Restart the instance by pressing [ ▸ START ]
When a Pi-hole instance starts up, the default setting is to let it automagically configure networking. If you change networks on the Android device simply restart the instance for Pi-hole to pick up the new settings.
Alternatively, set a static assignment by commenting-out two lines in /etc/rc.local (You will see which ones when you open the file in an editor.) After the lines are commented out with a hash "#" you can manually add your IP, subnet and interface name to /etc/pihole/setupVars.conf
The Pi-hole instance on Android otherwise behaves like it is running on a 'real' Raspberry-Pi or a standard PC. Consult the extensive documentation online to learn how to fully leverage Pi-hole's functionality.
Adjust QT display scaling: ~/startwm.sh
Change the font size in QTerminal: ~/.config/qterminal.org/qterminal.ini
If your Android device has a battery and was unused for months or years, replace its battery. Old, worn, or abused Li-ion batteries can fail when pushed back into service. Failure appears as a bulge in the battery, "thermal event" or worse. A new battery makes an excellent UPS for the tiny Linux box you just provisioned!
Thanks a lot for this, I find this the only working solution for Pi-hole + unbound on Linux Deploy. I was able to run pi-hole from scratch on debian/ubuntu based images but was not able to get unbound running and not sure why it always gave SERVFAIL.
Anyways, this worked I wonder why...
On a separate note I tried updating pi-hole but it only updated FTL version to v5.13 and I know the core and web-interface is also updated and newer versions are released but for some reason pihole shows it's up to date in the "pihole -up" command BUT it shows update available on web interface (admin panel).
Can you let me know why?
What model phone do you have?
CentOS 7 Was the only distro I could convince to work on every android phone. Android 4.x shipped with a 3.0 kernel and CentOS has a glibc juuuust old enough to be able to run with a kernel that old.
Yesterday I released version 1.5 which should take care of the update issue. Give that a shot and let me know how things look for you.
I dug into this more seems like this PR merge causes it: https://github.com/pi-hole/pi-hole/pull/4475
I reverted the changes to that script and it worked. I made a comment on that PR, hopefully they'll fix.
Thanks for the update, I'll check it now.
I use Xiaomi Redmi Note 4G (codename: dior). Using my own self-built LineageOS 14.1 (Kernel 3.4.0). I understand the issues with having older kernel version with newer distributions and yes, you're right CentOS 7 would be perfect for this use case. Unfortunately pihole install script by default didn't support CentOS 7 on ARM so I didn't go that way initially.
Also, Is there a way I could check for newer versions of your container other than XDA?
Hi Ashish, The 'official' page is located on GitHib:
https://github.com/DesktopECHO/Pi-hole-for-Android
Nice find with the git versioning issue! You can also just run ``p4a-install`` which does the same thing but skips the version check and force-installs the latest Pi-hole release. I think they will fix this... fyi the Pi-hole installer works on CentOS ARMv7, that may not have been the case a year or two ago. In any case if you're on Kernel 3.4 you should be able to get a modern distro running without too much grief. The project page on GitHub has all my fix-ups, you should be able to apply them against your preferred Linux flavour.
Very nice! Running on OnePlus Nord N10 here. arm64-v8a
Few hours later...
Stopped for some reason...
Going again, nothing is logged, however it seems to function well and good.
Hi there, I'm pretty sure the disk resize had something to do with your issue -- I see "pihole -up" was complaining there was no disk space left.
For what it's worth, my Galaxy S2 has been running Pi-hole months at a time without issues.
One more thing, just an FYI if you're interested... as of P4A update v1.5 you can tell Linux Deploy to install to a folder on your Android device instead of a disk image. That way you don't have to worry about filling up the image file.
ashishkotnala29 said:
I dug into this more seems like this PR merge causes it: https://github.com/pi-hole/pi-hole/pull/4475
I reverted the changes to that script and it worked. I made a comment on that PR, hopefully they'll fix.
Click to expand...
Click to collapse
I rebuilt a newer version of Git (2.34) for CentOS 7 on ARMv7. I can upload the RPMs if you want to try out updating with that version instead. It's probably all academic anyway as the Pi-hole folks are working on a resolution.
DesktopECHO said:
I rebuilt a newer version of Git (2.34) for CentOS 7 on ARMv7. I can upload the RPMs if you want to try out updating with that version instead. It's probably all academic anyway as the Pi-hole folks are working on a resolution.
Click to expand...
Click to collapse
Sure, thanks I can try that later.
Here you go!
GIT 2.34 CentOS 7 ARM v7
DesktopECHO said:
Here you go!
Click to expand...
Click to collapse
Had to figure out the dependencies and I only installed 4 packages out of all those and I think it is working... The results are promising.
This test is on your v1.4 image because it makes sense there. Using old git 1.8.x we only got FTL update here.
Finally going through the update and it was a success!
Thanks a lot for compiling these RPMs.
Here's are the prerequisites which are needed to install the RPMs you complied.
Bash:
sudo yum remove -y git
sudo yum clean all
sudo yum install -y emacs-filesystem pcre2
Then only install git, git-core, git-core-doc and perl-Git. That's all!
We managed to figure out the issue. It was the "git fetch --tags origin" command on v1.8.x. For some reason this doesn't work the same as in modern git versions.
Discussion here: https://github.com/pi-hole/pi-hole/pull/4475
Fix here: https://github.com/pi-hole/pi-hole/pull/4575
Thanks for your help!
ashishkotnala29 said:
We managed to figure out the issue. It was the "git fetch --tags origin" command on v1.8.x. For some reason this doesn't work the same as in modern git versions.
Discussion here: https://github.com/pi-hole/pi-hole/pull/4475
Fix here: https://github.com/pi-hole/pi-hole/pull/4575
Thanks for your help!
Click to expand...
Click to collapse
You’re welcome! And thank you for chasing down that bug.
They had a similar issue with bash on CentOS 7 a few months ago. Next re-spin of P4A I think I’ll just include the updated Git just for a little extra insurance. Will also be switching to OpenSSH from DropBear (so Gravity Sync can work) now that I have sorted out why it wouldn’t start.
Hey @DesktopECHO I have a small issue idk who to ask maybe you've come across this in your testing.
I have a very old Chinese android tablet running Android v4.1.1 on kernel v3.0.8. It has 2 cores Cortex-A9.
Everything seems to work fine but as soon as I turn the screen off the detected core count reduces to 1. It's like 1 core is put to sleep and is no longer "visible" to the OS. I've verified this using the "htop" utility and on pi-hole web-ui (hover over green/red status beside load averages).
I am using wake lock apps to keep the Wifi performance high. I also tried changing CPU governor to ondemand/interactive/performance still same behavior. Any ideas how can I keep both cores online while keeping screen off?
EDIT: Seems to be working fine when switched to ondemand governor and restarting.
Sometimes the closest you can get is to just turn down the screen brightness to zero which should be 'good enough' for most situations, we just need to find where that control is on your device.
Break out of chroot:
Code:
[[email protected] ~]$ unchroot
Find a hint for where screen brightness is controlled:
Code:
localhost:(unreachable) # find /sys/ -name brightness
For my device I get:
Code:
/sys/devices/platform/soc/1a00000.qcom,mdss_mdp/1a00000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/brightness
/sys/devices/platform/soc/78b5000.i2c/i2c-1/1-005a/leds/vibrator/brightness
/sys/devices/platform/soc/7864900.sdhci/leds/mmc1::/brightness
/sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,[email protected]:qcom,[email protected]/leds/charging/brightness
/sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,[email protected]:qcom,[email protected]/leds/green/brightness
/sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,[email protected]:qcom,[email protected]/leds/blue/brightness
In my case it was the first entry, so to confirm we'll try turning down the brightness:
Code:
echo 0 > /sys/devices/platform/soc/1a00000.qcom,mdss_mdp/1a00000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/brightness
It worked! Sometimes you have to try 1 instead of 0 as the minimum value. Usually it's 0-255
DesktopECHO said:
Sometimes the closest you can get is to just turn down the screen brightness to zero which should be 'good enough' for most situations, we just need to find where that control is on your device.
It worked! Sometimes you have to try 1 instead of 0 as the minimum value. Usually it's 0-255
Click to expand...
Click to collapse
Thanks for this. Yeah I was aware that keeping screen on will let me achieve my goal but I was trying to avoid it unless absolutely necessary.
I've been using this app for keeping wake locks since for some reason the CPU and Wifi lock options in Linux Deploy app do not work for me on the two devices that I tested. "Partial wake lock" option in this app works great, keeps wifi up and CPU too while screen off.
I've googled something like this a month ago, it's like you guessed. Thank you so much @DesktopECHO !!
This is probably a very silly question but give me some leeway.
If I'm browsing the web on the android device where my pihole is deployed, shouldn't it be blocking ads as I'm browsing ?

Categories

Resources