WARNING: Not responsible for any damage caused by experimenting with the information in this thread
I didn't see this information previously posted anywhere on here. Hope I don't get flamed!
Thanks to ZanzDroid!
My goal is to publish as much information as we're able to discover about the Unrevoked Root Apk which only contains one button and explains very very little while quite a bit happens behind the scene.
The Unrevoked creators, claim they don't want to explain how everything works because people will abuse the root exploit method they found.
I'd rather trust the EVO community to be open but responsible.
I've only figured out a few things and hope this thread will get the ball rolling. I'm hoping with some of the great developers here we can find out more!
Had some free time tonight.
Brief Technical ANALYSIS:
Stock EVO with the OTA update for .6 software and .05 radio
Installed the apk thru the browser, http://www.unrevoked.com/m.
After installing the app and clicking the Start button, 5-6 seconds later it reports, Rooted!
It appears the payload is dumped to /data/DxDrm .
Inside this directory there are three files
ls -l /data/DxDrm
-rwxrwxrwx app_84 app_84 439428 2010-06-09 18:37 unrevoked
-rwxrwxrwx app_84 app_84 177 2010-06-09 18:38 unrevoked.log
drwxr-xr-x root root 1980-01-08 23:35 fuse
unrevoked - looks like the actual rooting application (payload) compiled into a binary so its not text readable. there is where the secret magic happens. name is an active link to the actual binary the .apk installs. it would great if somebody could decompile this or reverse engineer it.
unrevoked.log - shows a brief log of the application running and reporting root status
fuse - is an empty directory, comes stock on the phone.
Since /system is still locked due to NAND protection, unrevoked creates a new directory inside of /data/local called bin-shadow.
This is basically a shadow of /system/bin plus a few extras unrevoked installs - busybox 1.15.2, su and flash_image binaries.
Any file placed into /data/local/bin-shadow appears to be in /system/bin .
A quick run of the mount command shows this as:
/dev/block/mtdblock6 /system/bin yaffs2 rw 0 0
please post any other TECHNICAL details you discover!
unrevoked.apk - application apk file
unrevoked - binary installed by .apk
i wondered where that shadow-bin folder came from and what it was. thanks for tracking that down!
Can you post/send over the unrevoked binary? (from /data/DxDRM not the apk, thx!)
f00kie said:
Can you post/send over the unrevoked binary? (from /data/DxDRM not the apk, thx!)
Click to expand...
Click to collapse
http://www.sdx-downloads.com/evo/uroot/unrevoked
that is the binary, updated the main post with it.
it would be great if this could be reverse engineered or decompile ...
joeykrim said:
http://www.sdx-downloads.com/evo/uroot/unrevoked
that is the binary, updated the main post with it.
it would be great if this could be reverse engineered or decompile ...
Click to expand...
Click to collapse
my atari won't run them but baksmali on a current machine is the tool . http://jf.andblogs.net/2010/04/03/yabbfr/ Anddroid architecture is symbolic, you get to see names, not registers.
willy900wonka said:
my atari won't run them but baksmali on a current machine is the tool . http://jf.andblogs.net/2010/04/03/yabbfr/ Anddroid architecture is symbolic, you get to see names, not registers.
Click to expand...
Click to collapse
Wont help much. The binary in the apk/res folder does the work.
Never used baksmali.. is this what you wanted?
npace said:
Wont help much. The binary in the apk/res folder does the work.
Click to expand...
Click to collapse
if that binary is the same as /data/DxDrm/unrevoked, then i agree, otherwise im hesitant to agree because before the .apk was released, they originally released a single binary which roots the phone.
a rough test i have off the top of my head would be something to the effect of ... i think the unrevoked binary from /data/DxDrm can be copied to the /sdcard, remove the .apk, copy the binary back to /data and run it. it should root the phone w/o the .apk being installed.
The baksmali I posted was from apk, the batch file I found to do it just pulled the information from the apk.
Has anyone done a quick binary compare on the two unrevoked.bin to see if they are the same? (I'm at work otherwise I'd do it)
Vinny75 said:
The baksmali I posted was from apk, the batch file I found to do it just pulled the information from the apk.
Has anyone done a quick binary compare on the two unrevoked.bin to see if they are the same? (I'm at work otherwise I'd do it)
Click to expand...
Click to collapse
just grabbed the unrevoked.bin from your unrevoked.apk and the unrevoked binary from /data/DxDrm i uploaded last night.
md5sums don't match. they might have modified the binary slightly to work inside the .apk or baksmali might have modified things.
unrevoked 27e3c38141ac479344a24006cc88c2b3
unrevoked.bin 47e7d517b972b1703c4a4dc630a4fc62
any idea, although not as technical would be to load both onto the phone and try running them from the command line and see if they give different output ?
now that we have two versions of the binary, it would be nice to find out what it does! decompiling / reverse engineering is not my specialty but hopefully somebody can provide some more insight?
If someone have the rom cooking environment and all installed, they could compile strace which would really help.
Another possibility is to install debian just like we did on the G1 when it first came out.
I tried that last night but I just need the ext2.ko module (again, a rom developer could provide that). It has to be compile for the specific kernel version, otherwise it wont work.
I dont have much time unfortunately
npace said:
If someone have the rom cooking environment and all installed, they could compile strace which would really help.
Another possibility is to install debian just like we did on the G1 when it first came out.
I tried that last night but I just need the ext2.ko module (again, a rom developer could provide that). It has to be compile for the specific kernel version, otherwise it wont work.
I dont have much time unfortunately
Click to expand...
Click to collapse
strace is included in busybox, right?
i have toast's supersonic kernel loaded and compiled, i could try and compile ext2.ko as a module (module compiling was after my main kernel day)? im not understanding how debian and ext2.ko further our efforts?
joeykrim said:
strace is included in busybox, right?
i have toast's supersonic kernel loaded and compiled, i could try and compile ext2.ko as a module (module compiling was after my main kernel day)? im not understanding how debian and ext2.ko further our efforts?
Click to expand...
Click to collapse
strace is not included in busybox. Or at least not in my busybox. If it were there, I would not have gone the debian route.
I just wanted to see if I can quickly run debian and do "apt-get install strace" then strace ./unrevoked.bin instead of having to cross-compile it for arm-eabi.
npace said:
strace is not included in busybox. Or at least not in my busybox. If it were there, I would not have gone the debian route.
I just wanted to see if I can quickly run debian and do "apt-get install strace" then strace ./unrevoked.bin instead of having to cross-compile it for arm-eabi.
Click to expand...
Click to collapse
i have the cross compile toolchain already setup for arm, but might not be the perfect processor match for the EVO. i dont have busybox source files with me, but let me grab them and see if i can compile it with strace ...
will post back with an update in a little bit! hope this works!
edit: strace is not part of busybox. NEXT! i'll see if i can grab the strace source and cross compile for the arm ... cross compiling was throwing errors which seemed like they might take a while to compile . NEXT!
grabbed the debian arm package - http://ftp.us.debian.org/debian/pool/main/s/strace/strace_4.5.14-2_arm.deb .
used a simple script to extract the .tgz from the .deb package
echo "#/bin/sh" > extract.sh
echo "ar p $1 data.tar.gz > `basename $1 .deb`.tgz" >> extract.sh
sh extract.sh strace_4.5.14-2_arm.deb
tar -zxvf strace_4.5.14-2_arm.tgz
the strace arm binary is put into usr/bin/strace and i've uploaded it here:
http://www.sdx-downloads.com/evo/tools/strace-arm.zip
hopefully this helps! let me know if this works or doesnt work and i'll go back to the drawing board on strace!
Used this method for my hero. Today I used it today to root 2 EVO's and I have to say this was an excellent root. I guess knowing the source would be great however I was burned last round of the hero updates when I lost root. You know someone from HTC was browsing these forums in order to figure out how to patch the exploits the devs had found. I just hope this exploit stays available for Froyo.
joeykrim said:
i have the cross compile toolchain already setup for arm, but might not be the perfect processor match for the EVO. i dont have busybox source files with me, but let me grab them and see if i can compile it with strace ...
will post back with an update in a little bit! hope this works!
edit: strace is not part of busybox. NEXT! i'll see if i can grab the strace source and cross compile for the arm ... cross compiling was throwing errors which seemed like they might take a while to compile . NEXT!
grabbed the debian arm package - http://ftp.us.debian.org/debian/pool/main/s/strace/strace_4.5.14-2_arm.deb .
used a simple script to extract the .tgz from the .deb package
echo "#/bin/sh" > extract.sh
echo "ar p $1 data.tar.gz > `basename $1 .deb`.tgz" >> extract.sh
sh extract.sh strace_4.5.14-2_arm.deb
tar -zxvf strace_4.5.14-2_arm.tgz
the strace arm binary is put into usr/bin/strace and i've uploaded it here:
http://www.sdx-downloads.com/joeykrim/evo/tools/strace-arm.zip
hopefully this helps! let me know if this works or doesnt work and i'll go back to the drawing board on strace!
Click to expand...
Click to collapse
I'm getting a 404 so I did the same:
I had forgotten about the debian-arm packages.
I used alien -t to convert it to tgz and upped it here:
http://bottomquark.org/android/strace
It doesnt run though and I think it's not the proper architecture
strace: 1: Syntax error: word unexpected (expecting ")")
npace said:
I'm getting a 404 so I did the same:
I had forgotten about the debian-arm packages.
I used alien -t to convert it to tgz and upped it here:
http://bottomquark.org/android/strace
It doesnt run though and I think it's not the proper architecture
strace: 1: Syntax error: word unexpected (expecting ")")
Click to expand...
Click to collapse
my mistake, link was wrong, fixed it.
ah another dead end...in the process earlier i got busybox to cross compile, but it has a nice make xconfig, dont think strace does...
ill try and devote some more time to getting the cross compiling setup and a working strace unless somebody else posts a working strace arm binary?
joeykrim said:
my mistake, link was wrong, fixed it.
ah another dead end...in the process earlier i got busybox to cross compile, but it has a nice make xconfig, dont think strace does...
ill try and devote some more time to getting the cross compiling setup and a working strace unless somebody else posts a working strace arm binary?
Click to expand...
Click to collapse
I'll go back to the debian route when I get a chance. It helps to have that running.
BTW, thanks a lot for all your work -- I have similar questions about everything you are currently pursuing!
npace said:
I'll go back to the debian route when I get a chance. It helps to have that running.
BTW, thanks a lot for all your work -- I have similar questions about everything you are currently pursuing!
Click to expand...
Click to collapse
good news, strace is part of the PC36IMG.zip. seems the userdebug version has quite a few developer tools in system/xbin. i've set them chmod 755 and setup root access on my ROM which is simple and clean.
if you dont want to load my ROM, you can setup the environment manually from recovery mode on a stock PC36IMG.zip, just chmod 4755 xbin/su and chmod 755 the xbin directory or just the strace binary.
hopefully this helps?
Related
If you do, can you please do me a favor: Can you please copy the gzip executable to /sdcard and upload to this thread?
Boot into recovery and:
Code:
mount /sdcard
cp /sbin/gzip /sdcard/gzip
devsk said:
If you do, can you please do me a favor: Can you please copy the gzip executable to /sdcard and upload to this thread?
Boot into recovery and:
Code:
mount /sdcard
cp /sbin/gzip /sdcard/gzip
Click to expand...
Click to collapse
ignore sig. reflashed 1.3.1. when i cp /sbin/gzip /sdcard/gzip i get cannont stat /sbin/gzip no such file or directory
edit: i found gzip in /system/bin. just take off .txt extension.
Thanks for you efforts. But the problem is I need the static binary that was present in the 1.3.1. The one in /system/bin is a dynamic one and won't run (tried it already) in 1.4 recovery.
I need to figure out where did that static binary in 1.3.1 come from. That binary is 3 times faster in compressing than the one in busybox.
sorry i couldn't find it. did you try asking cyanogen?
david1171 said:
sorry i couldn't find it. did you try asking cyanogen?
Click to expand...
Click to collapse
He is on vacay until the weekend is over.
erissiva said:
He is on vacay until the weekend is over.
Click to expand...
Click to collapse
can you extract it from the update.zip?
i believe the link was
http://n0rp.chemlab.org/android/cm-recovery-1.3.1-signed.zip
edit: nvm its proly a .img inside. i believe theres an image unpacking tool out here, ill try and find it
B-man007 said:
can you extract it from the update.zip?
i believe the link was
http://n0rp.chemlab.org/android/cm-recovery-1.3.1-signed.zip
edit: nvm its proly a .img inside. i believe theres an image unpacking tool out here, ill try and find it
Click to expand...
Click to collapse
Thanks guys, you are awesome!
Hmm... [No Luck]
Devsk, I just scowered every recovery image that Cyanogen has released (using unpack.pl http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images) for the gzip file you mentioned, however, I saw no static-binary that you speak of.
(yes, I checked every image file, including the ones in the .zip update file that cyanogen released for 1.3.1)
I'm actually curious myself, and have begun searching JF's recovery images too... still no luck...
HOWEVER, and I'm not too keen on scowering... perhaps if you ask Cyanogen if he ever released a recovery image in one of his update.zip's... perhaps thats what you're looking for?! *ponders*
good luck! I think i'm going to check it out!
rikupw said:
Devsk, I just scowered every recovery image that Cyanogen has released (using unpack.pl http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images) for the gzip file you mentioned, however, I saw no static-binary that you speak of.
(yes, I checked every image file, including the ones in the .zip update file that cyanogen released for 1.3.1)
I'm actually curious myself, and have begun searching JF's recovery images too... still no luck...
HOWEVER, and I'm not too keen on scowering... perhaps if you ask Cyanogen if he ever released a recovery image in one of his update.zip's... perhaps thats what you're looking for?! *ponders*
good luck! I think i'm going to check it out!
Click to expand...
Click to collapse
when in recovery 1.3.1, what does 'which gzip' give you? I am not sure where that executable is being gotten but doing 'gzip -h' and 'busybox gzip -h' resulted in two different things in 1.3.1 but same in 1.4.
One question: is it safe to go back to 1.3.1 and switch back & forth? I need to figure where some of the executables are coming from and how come it can load the same dynamic executable in 1.3.1 but not in 1.4.
devsk said:
when in recovery 1.3.1, what does 'which gzip' give you? I am not sure where that executable is being gotten but doing 'gzip -h' and 'busybox gzip -h' resulted in two different things in 1.3.1 but same in 1.4.
One question: is it safe to go back to 1.3.1 and switch back & forth? I need to figure where some of the executables are coming from and how come it can load the same dynamic executable in 1.3.1 but not in 1.4.
Click to expand...
Click to collapse
yes, it is safe, the ONLY issue i've had is I cannot seem to be able to successfully edit a recovery.img and reflash it, it works, the only issue is I don' thave command I get the "A N D R O I D" when i try to use terminal at the recovery menu, (although everything works via adb)
I am on 1.4, I just downloaded ALL the Cyanogen.zips (I hope I don't overuse his bandwidth, I would feel so bad...) but I found no recovery images within his .zips,
try flashing a 1.3.1, (I'm not able to use my android phone, as I left it at work haha)
and trying which. just m ake sure you do a nandroid backup before you flash back to 1.3.1 (though I doubt it should make a difference)
Code:
IDEA!
try to mount all your partitions within the recovery command (from the phone, not adb).
type
# mount -a
(it'll error, don't worry its normal )
# exit
press enter, and then type "which gzip"
I think that its actually loading the /system/bin/gzip... which would make sense... but idk, can you give it a try?
*EDIT AGAIN*
ok, the reason for what I told you, is that I noticed that if you reset the terminal (exit, enter) its like re-adding the PATH to the shell, i guess? I'm still a wee bit new to linux, but I know how to search (or rather... scower)
hi folks!
i'm not a developer but sometimes i do some scripting.Now i'm working on a project that called "APK2",and i think that could be useful!
Some months ago, I thought "why don't create a package manager and a package system to install real linux packages, and not just apps? I may want to install some command-line tools to run with terminal emulator" then I wrote this script, named apk2.sh, that installs some particular packages (I wrote another script to easily create this type of packages): he simply does the apt-like un-tar in /, but it installs a config directory too, to remove the installed packages.
It supports the preinst, postinst, prerm, postrm scripts too.
Tell me if it could be interesting, and I'll put it here.
If so, I need testers
If not, simply tell me, and I give up.
so could you be able to run like air crack through debian with this or?
olvap377 said:
so could you be able to run like air crack through debian with this or?
Click to expand...
Click to collapse
I could be able to run it on Android if someone can port all the libs to armv5e
I know, you have to do the porting in order to run it, but for example if there is the package for debian armv5 I think it should work if you take all the deps from the repo (may need some repacking, just to remove the CONTROL folder, and maybe to add the file needed to uninstall and various preinst, postinst etc. ).
And you don't need to run a debian or an ubuntu on Android, that's not really fast.
What do you think?
i think that this sounds really good and if it worked fully it would be a major addition to android development im hoping youll continue with this
olvap377 said:
i think that this sounds really good and if it worked fully it would be a major addition to android development im hoping youll continue with this
Click to expand...
Click to collapse
Thank you!
Any tester? I attach the scripts to now how apk2 works, just run it without any parameter, and it will show you
The other script it's simple to use, you just have to run it once to create in your home the basilar directory tree, you have to complete it and put the files in it, then you just have to put your preinst-postinst-prerm-postrm scripts in the ~/yourpackage/system/etc/apk2 directory, if you have some.
Then run the script again, insert the same package name, and here we are! The package is build! It's in the packagename directory in your home, in .apk2 and in .tar.gz, if you have to edit something do it on the tar.gz, and then change the extension in .apk2
PS: rename the files *.sh.txt into *.sh, because this forum doesn't allow .sh attachments...
xela92 said:
Thank you!
Any tester? I attach the scripts to now how apk2 works, just run it without any parameter, and it will show you
The other script it's simple to use, you just have to run it once to create in your home the basilar directory tree, you have to complete it and put the files in it, then you just have to put your preinst-postinst-prerm-postrm scripts in the ~/yourpackage/system/etc/apk2 directory, if you have some.
Then run the script again, insert the same package name, and here we are! The package is build! It's in the packagename directory in your home, in .apk2 and in .tar.gz, if you have to edit something do it on the tar.gz, and then change the extension in .apk2
PS: rename the files *.sh.txt into *.sh, because this forum doesn't allow .sh attachments...
Click to expand...
Click to collapse
in non-linux speak (layman's terms), what could i do with this...my interest is peaked
what are some "real linux packages" that one might want
tnpapadakos said:
in non-linux speak (layman's terms), what could i do with this...my interest is peaked
what are some "real linux packages" that one might want
Click to expand...
Click to collapse
i.e., the one olvap377 mentioned: air crack (I think it's possible).
or, we can run every app that does not need X server.
I created some demo packages (containing 2 scripts), one is SwapTools, and lets you enable/disable swap with 2 simple cmds (swap-enable and swap-disable); at the first run it collects some info, like the swappiness and the swap partition, then it saves the conf in a file (using swap-disable with --remove-conf will remove the conf file).
Another one I created is remount: you can remount your /system partition rw or ro just by typing on a terminal emulator
Code:
remount rw
or
Code:
remount ro
But you can try to use other appz compiled for armv5 processors, like all the debian apps, except for the one with GUI (we run on framebuffer, no X server :/ )
PS: I attach the pkgs, I added the .zip extension, just rename it in pkgname.apk2
Honest question: Why reinvent the wheel? Other embedded Linux projects have used ipkg to good effect, or its close relative opkg (refs from same link) which is used by Openmoko. A port of this to Android systems which have uClibc should be nearly trivial.
xela92 said:
i.e., the one olvap377 mentioned: air crack (I think it's possible).
or, we can run every app that does not need X server.
I created some demo packages (containing 2 scripts), one is SwapTools, and lets you enable/disable swap with 2 simple cmds (swap-enable and swap-disable); at the first run it collects some info, like the swappiness and the swap partition, then it saves the conf in a file (using swap-disable with --remove-conf will remove the conf file).
Another one I created is remount: you can remount your /system partition rw or ro just by typing on a terminal emulator
Code:
remount rw
or
Code:
remount ro
But you can try to use other appz compiled for armv5 processors, like all the debian apps, except for the one with GUI (we run on framebuffer, no X server :/ )
PS: I attach the pkgs, I added the .zip extension, just rename it in pkgname.apk2
Click to expand...
Click to collapse
thanks dude
olearyp said:
Honest question: Why reinvent the wheel? Other embedded Linux projects have used ipkg to good effect, or its close relative opkg (refs from same link) which is used by Openmoko. A port of this to Android systems which have uClibc should be nearly trivial.
Click to expand...
Click to collapse
I have also an Openmoko phone
I know very well ipkg/opkg, it could be interesting a porting, but I thought it was better to create a little lighter script to do it, because 1. a script that uses sh is usable in every system, you can either to install armv5e pkgs, or any armv* pkg, you have just to change some little things; 2. I don't know how to port, and I'm not able to do programming.
If you are interested and know how to do a porting, it could be very useful, because opkg has really lots of functions...
I just did what I could
xela92 said:
I have also an Openmoko phone
I know very well ipkg/opkg, it could be interesting a porting, but I thought it was better to create a little lighter script to do it, because 1. a script that uses sh is usable in every system, you can either to install armv5e pkgs, or any armv* pkg, you have just to change some little things; 2. I don't know how to port, and I'm not able to do programming.
If you are interested and know how to do a porting, it could be very useful, because opkg has really lots of functions...
I just did what I could
Click to expand...
Click to collapse
Ahh, okay, I see what you mean. Fair enough; I haven't seen your work so far, I was just concerned you were doing unneeded work. 'Course sometimes it's good to do that for the learning experience.
I don't have a full build setup for Android, so I can't recompile (I do have a full build setup for building Optware packages, but that's not quite the same), but I believe most custom ROMs ship uClibc. I'm not familiar enough with uClibc to know if you need to build against an exact version, though you could copy opkg from your Openmoko phone for the heck of it and see if it runs
olearyp said:
Ahh, okay, I see what you mean. Fair enough; I haven't seen your work so far, I was just concerned you were doing unneeded work. 'Course sometimes it's good to do that for the learning experience.
I don't have a full build setup for Android, so I can't recompile (I do have a full build setup for building Optware packages, but that's not quite the same), but I believe most custom ROMs ship uClibc. I'm not familiar enough with uClibc to know if you need to build against an exact version, though you could copy opkg from your Openmoko phone for the heck of it and see if it runs
Click to expand...
Click to collapse
Ya mean, copy the binary??? If so, it won't work of course, because the architecture of the openmoko processor is armv4t, it wouldn't see my binary
Nethertheless, if someone is interested
PS: please, could someone test my scripts? Thank you dudes
xela92 said:
Ya mean, copy the binary??? If so, it won't work of course, because the architecture of the openmoko processor is armv4t, it wouldn't see my binary
Nethertheless, if someone is interested
PS: please, could someone test my scripts? Thank you dudes
Click to expand...
Click to collapse
Heh, oh, older ARM core. Not paying attention. I will now stop hijacking your thread
olearyp said:
Heh, oh, older ARM core. Not paying attention. I will now stop hijacking your thread
Click to expand...
Click to collapse
No problem, man
No testers?
Please give me a feedback. If u want, I can make some apk2 by debs for armv5... Then I accept hints like "howto manage dependencies", 'cause I've no ideas...
"Tester"
xela92 said:
Please give me a feedback. If u want, I can make some apk2 by debs for armv5... Then I accept hints like "howto manage dependencies", 'cause I've no ideas...
Click to expand...
Click to collapse
Hi I have and HTC Hero from Sprint, I'm not a linux power user but I spent lots of time in my computer running Ubuntu just for 2 big reasons 1 freeware and 2 it has the best an simplest packet manager... I love deb files that installs like any .exe win programs I love that! I'm son not a coder and have little to no skills under Linux shell I use my sudo nautilus commands and so because I need it but I hate to untar or tar gz crap... for me that it old and useless some linux power user may get offended by that comment but hi times changes we love GUI... if you manage to post prints screens or a word open office or PDF documentation dummy proof I'm very up to be a Happy tester... the other thing I'm a Digital Graphic Designer if you need some design for a GUI and can try to help you in making and eye candy app...
Here it the way I will love to see grow this project... finding a way to installed it as an apk file like others in the android market so users can install the app easy then...in top of that a simple GUI to browse to the SD card in order to get the apk2 file... you where talking about not being able to run programs that has GUI that it is sad but still interesting but a lot of work to do without a good community because that means that all GUI may need to be re-design to the different resolution on the phones and be touch friendly...
I'm not sure if I'm helping at all but I love the big picture behind your project...
I'm porting opkg on Android, but i'm can't tell that's a trivial task )))
i also wrote simple howto "building and porting linux apps for android from scratch", but on russian. If needed i can do some translating and put here too.
Also may be we can open project for buildroot-like framework for android and opkg's repository. In my how-to i'm use crosstool-ng + gcc + uClibc.
XVilka said:
I'm porting opkg on Android, but i'm can't tell that's a trivial task )))
i also wrote simple howto "building and porting linux apps for android from scratch", but on russian. If needed i can do some translating and put here too.
Also may be we can open project for buildroot-like framework for android and opkg's repository. In my how-to i'm use crosstool-ng + gcc + uClibc.
Click to expand...
Click to collapse
Wow! Please do some translating!
But, when you finish the porting, how will you manage to port the packages?
Will you use the debian pkgs changing the extension? Would it work?
Thanks a lot!
No, we want to create only android repository of packages, based on opkg (ipkg)
for arm, mips and others platfofms.
Somebody could please tell me the right way to install the Jhinta Kernel on a Dualboot tablet ?
Well, i know I have to dowload these files and replace it in the OLiFE folder.
but how about the rest of the files ? (the initrd folder and 3.1.10-g8c2655b-dirty.tar.gz)
Thanks and advance my friends
when you using linux the best way is to biuld it by yourself, you can do that on tablet itself.
i'll rite you an script which do it by itself okay?
NoDiskNoFun said:
when you using linux the best way is to biuld it by yourself, you can do that on tablet itself.
i'll rite you an script which do it by itself okay?
Click to expand...
Click to collapse
That would be amazing man, I've never been able to compile jhintas kernel I always get errors (its hard debugging the problem when you have no idea about the commands your using lol)
JoinTheRealms said:
That would be amazing man, I've never been able to compile jhintas kernel I always get errors (its hard debugging the problem when you have no idea about the commands your using lol)
Click to expand...
Click to collapse
kernel.tar.gz
extract it in home directory and run ./kernel-updater.sh from terminal ... needs about an hour so plug in AC
Trying this.
You're awesome man !
FLAWLESS !!! After all the script, all i need to do was flash the kernel files by way of OLiFE.
prog19 said:
Trying this.
You're awesome man !
FLAWLESS !!! After all the script, all i need to do was flash the kernel files by way of OLiFE.
Click to expand...
Click to collapse
normally the script should flash it by itself ...
this one should flash it ... make an mistake in last one
NoDiskNoFun said:
normally the script should flash it by itself ...
this one should flash it ... make an mistake in last one
Click to expand...
Click to collapse
So just to make sure im doing this right, Ive deleted tf101-gnu-kernel from the previous script and ran the new version (Here comes the really noob question) how do i know if jhintas kernel has been installed, would uname -a work?
JoinTheRealms said:
So just to make sure im doing this right, Ive deleted tf101-gnu-kernel from the previous script and ran the new version (Here comes the really noob question) how do i know if jhintas kernel has been installed, would uname -a work?
Click to expand...
Click to collapse
you can see it in systemonitor ...
uname -r should give you 3.1.10-(blah)-dirty ... the you have jhinta's kernel on it ...
Hey man Ive ran the script 3 times and im still on 2.6, I get:
"Cloning into 'abootimg'...
fatal: unable to connect to gitorious.org:
gitorious.org[0: 42.2.0.192]: errno=Connection timed out
gitorious.org[1: 2a02:c0:1014::1]: errno=Network is unreachable
/home/josh/kernel-updater.sh: 11: cd: can't cd to abootimg
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `abootimg': No such file or directory
chmod: cannot access `/usr/bin/abootimg': No such file or directory"
This is the error i get when ive tried manually.
Hi,
I've been trying out NoDiskNoFun's net-install ubuntu as well as this script but i've been getting this message on the terminal:
INFO: task kinteractiveup:61 blocked for more than 120 seconds
Can anyone point me in the right direction on how to fix this?
I have been able to get to the point where only trackpad is not working, but after a few minutes while using it the window manager crashes and the only thing i can do is open a new terminal (via Ctrl+Search+TrackpadToggle). I'm wondering if the problem i mention above is the cause.
jammerkiai said:
Hi,
I've been trying out NoDiskNoFun's net-install ubuntu as well as this script but i've been getting this message on the terminal:
INFO: task kinteractiveup:61 blocked for more than 120 seconds
Can anyone point me in the right direction on how to fix this?
I have been able to get to the point where only trackpad is not working, but after a few minutes while using it the window manager crashes and the only thing i can do is open a new terminal (via Ctrl+Search+TrackpadToggle). I'm wondering if the problem i mention above is the cause.
Click to expand...
Click to collapse
first: wrong thread! post this in Net-Install thread please
this:INFO: task kinteractiveup:61 blocked for more than 120 seconds means nothing and does nothing, just ignore it. i don't know where it comes
i need more details, i don't know hich windows manager you mean. please post used version and your configfuration: Display Manager, Desktop Environment, etc
AND post this in right thread please
---------- Post added at 04:56 PM ---------- Previous post was at 04:54 PM ----------
JoinTheRealms said:
Hey man Ive ran the script 3 times and im still on 2.6, I get:
"Cloning into 'abootimg'...
fatal: unable to connect to gitorious.org:
gitorious.org[0: 42.2.0.192]: errno=Connection timed out
gitorious.org[1: 2a02:c0:1014::1]: errno=Network is unreachable
/home/josh/kernel-updater.sh: 11: cd: can't cd to abootimg
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `abootimg': No such file or directory
chmod: cannot access `/usr/bin/abootimg': No such file or directory"
This is the error i get when ive tried manually.
Click to expand...
Click to collapse
try to run script while you have internet connection
I did have an internet connection because i downloaded the script before hand lol, Even when i tried compile it manually on my Ubuntu desktop i got the same error, I'm so confused lol
JoinTheRealms said:
I did have an internet connection because i downloaded the script before hand lol, Even when i tried compile it manually on my Ubuntu desktop i got the same error, I'm so confused lol
Click to expand...
Click to collapse
may you can't connect to github cause of your proxy settings like you can't in china ... try ping github.org
I have tried running the script manually. Everything goes smooth until i get to where i am supposed to copy the zImage from /TF101-GNU-kernel...
The zImage is not in that folder.
Rinkydink said:
I have tried running the script manually. Everything goes smooth until i get to where i am supposed to copy the zImage from /TF101-GNU-kernel...
The zImage is not in that folder.
Click to expand...
Click to collapse
It is in ./TF101-GNU-Kernel/arch/arm/boot/ if the build process was succesfull
Rinkydink said:
I have tried running the script manually. Everything goes smooth until i get to where i am supposed to copy the zImage from /TF101-GNU-kernel...
The zImage is not in that folder.
Click to expand...
Click to collapse
it isn`t build right ...
So i have been following these posts for the past week trying to find out how to get jhintas kernel to work with my tab. Finally i got it through compiling, after fixing a couple bugs, but now i am not sure what to do. I have used OLife and i am running dual boot. I've tried making the flashable image using the dualboot.cfg found in OLIfe and i have tried a couple different initrd found on xda but nothing works. After flashing the proper partition, found by dissecting lilstevie's update script, the system now crashes during boot. It complains about read-only filesystem. This is very frustrating and would greatly appreciate assistance.
nazbert said:
So i have been following these posts for the past week trying to find out how to get jhintas kernel to work with my tab. Finally i got it through compiling, after fixing a couple bugs, but now i am not sure what to do. I have used OLife and i am running dual boot. I've tried making the flashable image using the dualboot.cfg found in OLIfe and i have tried a couple different initrd found on xda but nothing works. After flashing the proper partition, found by dissecting lilstevie's update script, the system now crashes during boot. It complains about read-only filesystem. This is very frustrating and would greatly appreciate assistance.
Click to expand...
Click to collapse
you don't need dualboot.cfg ... you need bootimg.cfg
NoDiskNoFun said:
you don't need dualboot.cfg ... you need bootimg.cfg
Click to expand...
Click to collapse
I am having the very same problem. I managed to compile the kernel and now i have my zImage and I have been trying to use different initramfs. After editing dualboot.cfg i managed to get rid of the read only problem by changing ro to rw. Now it boots but freezes at boot. Sometimes it gets as far as to a black screen with the cursor but then it just freezes again. I am a total noob and i dont know if i need a different initramfs or if i need to configure something else.
I am using second boot partition for Ubuntu.
My dualboot.cfg now looks like this
bootsize = 0x8d6000
pagesize = 0x800
kerneladdr = 0x10008000
ramdiskaddr = 0x11000000
secondaddr = 0x10f00000
tagsaddr = 0x10000100
name =
cmdline = [email protected] [email protected] vmalloc=128M gpt video=tegrafb console=tty0 usbcore.oldscheme_first=1 [email protected] root=/dev/mmcblk0p8 rw quiet splash
If anyone would be able to help me i would be very glad since I am litteraly going insane over this.
Sooo yeah.... anybody got some help for this one? I have searched google and the forums but can't clearly figure this out, but how do I get a Boot.img for this phone??? I have rebuilt the kernel 3 or 4 different ways and the output never yeilds one, however I apparently NEED one so I can peel away the ramdisk x( any ideas?
EDIT: Okay, so now that I can compile a working stock kernel for the Sidekick, where should I start now? I know we already have a working voodoo lagfix kernel, but I want to make CWM for the stock kernel, that sounds like a good spot. And adding in init.d sounds like another good start. Making my own may help me in understanding it all. I AM taking notes too
Zydrate_blue said:
Sooo yeah.... anybody got some help for this one? I have searched google and the forums but can't clearly figure this out, but how do I get a Boot.img for this phone??? I have rebuilt the kernel 3 or 4 different ways and the output never yeilds one, however I apparently NEED one so I can peel away the ramdisk x( any ideas?
Click to expand...
Click to collapse
If I recall correctly, I used the split_bootimg.pl script, and accompanying instructions, found here:
http://www.android-dls.com/wiki/?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
Start by unpacking and repacking a kernel that you already know is functional -- i.e. a copy of a kernel you have already successfully flashed. Once that repack can be flashed successfully, you can move on to making modifications to it, or packing a whole new initramfs and kernel.
I had to remove references to a few of Samsung's proprietary modules to get the kernel to build -- Samsung helpfully supplies the places for those sources to be put (IN TREE -- shame on you Samsung), but not the sources themselves. One such module was rfs, IIRC. I removed the Makefile references so I could finish a compile, then used copies of the compiled modules from an existing initrd. Where you run into compile failures, where the source code appears to be simply missing, this is probably the cause.
I found that I had to manually strip at least the modules that resulted when I built from sources, otherwise the finished image was far too large. Compare the sizes of your compiled kernel and module files to those of a known-working reference image. They should not be too far out of line.
I wish I had saved more notes from my own kernel builds. Regular Linux kernels are so easy, but earlier Android kernels are unnecessarily horrible to build. Still, if you run into any more issues, I'll try to help...
Oh, and please disable the keystroke logger!
nxd said:
If I recall correctly, I used the split_bootimg.pl script, and accompanying instructions, found here:
http://www.android-dls.com/wiki/?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images
Start by unpacking and repacking a kernel that you already know is functional -- i.e. a copy of a kernel you have already successfully flashed. Once that repack can be flashed successfully, you can move on to making modifications to it, or packing a whole new initramfs and kernel.
I had to remove references to a few of Samsung's proprietary modules to get the kernel to build -- Samsung helpfully supplies the places for those sources to be put (IN TREE -- shame on you Samsung), but not the sources themselves. One such module was rfs, IIRC. I removed the Makefile references so I could finish a compile, then used copies of the compiled modules from an existing initrd. Where you run into compile failures, where the source code appears to be simply missing, this is probably the cause.
I found that I had to manually strip at least the modules that resulted when I built from sources, otherwise the finished image was far too large. Compare the sizes of your compiled kernel and module files to those of a known-working reference image. They should not be too far out of line.
I wish I had saved more notes from my own kernel builds. Regular Linux kernels are so easy, but earlier Android kernels are unnecessarily horrible to build. Still, if you run into any more issues, I'll try to help...
Oh, and please disable the keystroke logger!
Click to expand...
Click to collapse
Wow thanks nxd! I don't know if you have seen my other posts, but I'm a newbie at this stuff. Never too late to learn though right?
Now, as for the issues in the build, when I first tried to compile I was getting errors of an undeclared SEGMENT_SIZE in binfmt_aout.c so I searched around and was informed that the aout method is outdated? So I removed it from the config as instructed, seeing as it wasn't needed.
I've gotten to a compile resulting in the zImage and about 8 modules created. Now, the zImage is incomplete at this point if I am correct? If it's flashed, it will simply bootloop. (Because there is more to be done? i.e the ramdisk gz that loads the rom at the bootloader?)
Also, I will check the link about the logger, so I can disable it.
I appreciate all your help I really want to get this stuff down-pat eventually.
Zydrate_blue said:
I've gotten to a compile resulting in the zImage and about 8 modules created. Now, the zImage is incomplete at this point if I am correct? If it's flashed, it will simply bootloop. (Because there is more to be done? i.e the ramdisk gz that loads the rom at the bootloader?)
Click to expand...
Click to collapse
Correct, you need to put the modules onto an initramfs, and then assemble the zImage and initramfs into a boot.img. The URL I posted has instructions to both unpack and repack. I suggest that you obtain repack settings (command line, perhaps memory addressing) from an existing working image.
You can probably use the initramfs from an existing image as the basis for your new boot.img as well, replacing the modules from the old imitramfs with your new modules.
nxd said:
Correct, you need to put the modules onto an initramfs, and then assemble the zImage and initramfs into a boot.img. The URL I posted has instructions to both unpack and repack. I suggest that you obtain repack settings (command line, perhaps memory addressing) from an existing working image.
You can probably use the initramfs from an existing image as the basis for your new boot.img as well, replacing the modules from the old imitramfs with your new modules.
Click to expand...
Click to collapse
I hate to ask this because I'm afraid of being a pain in the a**.... but I hope you won't mind working with me, I'm in for the long run. Anyway, am I supposed to have a initramfs after the compile somewhere within the source? Or is this something I acquire from an an outside source? I promise I have done like 30-40 searches before hand. I have a feeling am missing something obvious -_-
Again, thank you for your generous help
Zydrate_blue said:
I hate to ask this because I'm afraid of being a pain in the a**.... but I hope you won't mind working with me, I'm in for the long run. Anyway, am I supposed to have a initramfs after the compile somewhere within the source? Or is this something I acquire from an an outside source? I promise I have done like 30-40 searches before hand. I have a feeling am missing something obvious -_-
Again, thank you for your generous help
Click to expand...
Click to collapse
The kernel compile will NOT produce an initramfs for you. It will produce the zImage (compressed kernel image) and modules.
The initramfs is an archive containing some files. During boot, when the kernel reaches the end of device initialization, it then creates an empty memory-backed filesystem, and extracts the initramfs contents into that new filesystem.
Ideally the initramfs would be generated by the Android build system, using the binaries produced by the kernel compile. But Samsung provides the bare minimum for GPL compliance, and so we don't get all the pieces we'd need for that. Presumably assembling those pieces is a big part of what windxixi has done, however.
When I worked up my boot.img, I used someone else's existing initramfs, dropped in my compiled modules and a few other minor changes, and then re-assembled it with my compiled zImage. If you're already working with windxixi's build kit and kernel sources, it might save you some time to use his initramfs as a basis for your own.
Really, once you've unpacked basically any SK4G boot.img, and extracted the files from the initramfs, I think you'll see the layout and that aspect the process will be clearer to you.
nxd said:
The kernel compile will NOT produce an initramfs for you. It will produce the zImage (compressed kernel image) and modules.
The initramfs is an archive containing some files. During boot, when the kernel reaches the end of device initialization, it then creates an empty memory-backed filesystem, and extracts the initramfs contents into that new filesystem.
Ideally the initramfs would be generated by the Android build system, using the binaries produced by the kernel compile. But Samsung provides the bare minimum for GPL compliance, and so we don't get all the pieces we'd need for that. Presumably assembling those pieces is a big part of what windxixi has done, however.
When I worked up my boot.img, I used someone else's existing initramfs, dropped in my compiled modules and a few other minor changes, and then re-assembled it with my compiled zImage. If you're already working with windxixi's build kit and kernel sources, it might save you some time to use his initramfs as a basis for your own.
Really, once you've unpacked basically any SK4G boot.img, and extracted the files from the initramfs, I think you'll see the layout and that aspect the process will be clearer to you.
Click to expand...
Click to collapse
I haven't found any boot.img from another kernel, however I have finally figured out how to unpack the zImage D I think I'm a bit closer now, however, now I need to figure out how to un-cpio the initramfs.cpio and/or use the intramfs folder I now have. (in the unpacked zImage)
Then the next step I suppose would be learning how to incorporate the modules that I have. hmm..
Zydrate_blue said:
I haven't found any boot.img from another kernel, however I have finally figured out how to unpack the zImage D I think I'm a bit closer now, however, now I need to figure out how to un-cpio the initramfs.cpio and/or use the intramfs folder I now have. (in the unpacked zImage)
Then the next step I suppose would be learning how to incorporate the modules that I have. hmm..
Click to expand...
Click to collapse
On the page I linked to in my first reply, under "Alternative Method", those instructions worked for me to split, unpack, repack, and assemble. Did they not work for you?
Regarding how to incorporate the modules, you would copy them into the extracted directory in the same locations in the initramfs as the existing module files. Generally something like /lib/modules. Look for files ending in '.ko'. They may be spread out a bit in your compiled kernel sources, but they should all be in one directory in your extracted initramfs directory.
As for an existing boot.img, it's a Froyo kernel, but there's this: http://forum.xda-developers.com/showthread.php?t=1663622.
nxd said:
On the page I linked to in my first reply, under "Alternative Method", those instructions worked for me to split, unpack, repack, and assemble. Did they not work for you?
Click to expand...
Click to collapse
I tried this method of repacking, but so far I have not been able to re-pack my zImage successfully. (I feel pretty close to getting this) Maybe I am putting the modules in the wrong place? Or perhaps I am skipping a step. I believe I need to assign more room for the modules. I am getting the error that initramfs_cpio is too large.
My initramfs has 2 directories in it- and I created a folder within called lib and placed the modules in there... that may be the wrong way, but I don't think it changes the need for more room in the kernel. Something to do with padding values maybe? /:
Also, the script I am using for this is from JunYoung- it is repack-zImage.sh a tool for de-compiling and recompiling a zImage. That's how I got to my initramfs directory in the new zImage I built with the source.
Zydrate_blue said:
I tried this method of repacking, but so far I have not been able to re-pack my zImage successfully. (I feel pretty close to getting this) Maybe I am putting the modules in the wrong place? Or perhaps I am skipping a step. I believe I need to assign more room for the modules. I am getting the error that initramfs_cpio is too large.
My initramfs has 2 directories in it- and I created a folder within called lib and placed the modules in there... that may be the wrong way, but I don't think it changes the need for more room in the kernel. Something to do with padding values maybe? /:
Click to expand...
Click to collapse
I think your extracted initramfs should have more than two directories.
Would you paste a listing of the files and directories here? Do this:
Code:
cd [path_to_extracted_initramfs] && find *
nxd said:
I think your extracted initramfs should have more than two directories.
Would you paste a listing of the files and directories here? Do this:
Code:
cd [path_to_extracted_initramfs] && find *
Click to expand...
Click to collapse
This is what I have after I unpack the zImage:
cpio-t
decompression_code
initramfs
initramfs/root
initramfs/dev
initramfs.cpio
kernel.img
padding3
padding_piggy
part3
piggy
piggy.gz
piggy.gz+piggy_trailer
piggy_trailer
ramfs+part3
sizes
EDIT: I also tested unpacking another zImage that is working, in fact I tried it on the Bali SK4G that we use currently (I hope that was okay with you /: I probably should have asked) but it just keeps displaying code as if it won't finish unpacking. It makes sense because there is a lot more to unpack, I think it is because it is compressed.
Zydrate_blue said:
This is what I have after I unpack the zImage:
cpio-t
decompression_code
initramfs
initramfs/root
initramfs/dev
initramfs.cpio
kernel.img
padding3
padding_piggy
part3
piggy
piggy.gz
piggy.gz+piggy_trailer
piggy_trailer
ramfs+part3
sizes
EDIT: I also tested unpacking another zImage that is working, in fact I tried it on the Bali SK4G that we use currently (I hope that was okay with you /: I probably should have asked) but it just keeps displaying code as if it won't finish unpacking. It makes sense because there is a lot more to unpack, I think it is because it is compressed.
Click to expand...
Click to collapse
You don't need my permission to use my Bali-based Linux kernel image or patches.
Where can I get a copy of this other boot.img you're working with? It seems clear the hacks and workarounds I used with the Bali-era kernel don't translate directly across. I'd like to take a look and see what I can make of it.
nxd said:
You don't need my permission to use my Bali-based Linux kernel image or patches.
Where can I get a copy of this other boot.img you're working with? It seems clear the hacks and workarounds I used with the Bali-era kernel don't translate directly across. I'd like to take a look and see what I can make of it.
Click to expand...
Click to collapse
Well, I never really found a literal "boot.img" from what I read I have to compile a zImage and in the sidekick's style system boots this as a boot.img??? And I have only used the one from kernel source so far, seeing as I could not get the Bali zImage to split.
As for the initramfs.cpio that us within the zImage, I tried to un-cpio it and I get an error about removing '/ from name?
I could send you the zImage I got from source o.e
EDIT: I never found a copy of boot.img, I couldn't even get one from an outer-source.
Sent from my SGH-T959V using xda app-developers app
Zydrate_blue said:
As for the initramfs.cpio that us within the zImage, I tried to un-cpio it and I get an error about removing '/ from name?
Click to expand...
Click to collapse
That's more of an advisory than an error. It's just telling you that it's stripping off the leading /, i.e. extracting to a relative path.
It sounds like you probably succeeded in extracting the initramfs.
nxd said:
That's more of an advisory than an error. It's just telling you that it's stripping off the leading /, i.e. extracting to a relative path.
It sounds like you probably succeeded in extracting the initramfs.
Click to expand...
Click to collapse
Well, then that sounds better! But what about this one:
cpio: dev/console: Cannot mknod: Operation not permitted
1 block
I forgot there was a following error
Zydrate_blue said:
Well, then that sounds better! But what about this one:
cpio: dev/console: Cannot mknod: Operation not permitted
1 block
I forgot there was a following error
Click to expand...
Click to collapse
You'll probably want to extract the files as root. Otherwise device nodes won't be created, like above, and permissions won't be kept on any of the files.
Be careful to be in a safe (i.e. empty) working directory when you do that. It will extract the files into your current working directory.
nxd said:
You'll probably want to extract the files as root. Otherwise device nodes won't be created, like above, and permissions won't be kept on any of the files.
Be careful to be in a safe (i.e. empty) working directory when you do that. It will extract the files into your current working directory.
Click to expand...
Click to collapse
Okay so now after I execute as root, it gives me this message:
cpio: /dev/console not created: newer or same age version exists
So the directories are empty after extracted?
Zydrate_blue said:
Okay so now after I execute as root, it gives me this message:
cpio: /dev/console not created: newer or same age version exists
So the directories are empty after extracted?
Click to expand...
Click to collapse
There's another argument you needed: --no-absolute-filenames
Unfortuantely it looks like cpio will have kept the absolute path and overwritten files on your real machine.
Extract into a directory using --no-absolute-filenames and see what files on your host system were overwritten. Those files should be recovered somehow before proceeding.
Sorry I didn't catch that.
nxd said:
There's another argument you needed: --no-absolute-filenames
Unfortuantely it looks like cpio will have kept the absolute path and overwritten files on your real machine.
Extract into a directory using --no-absolute-filenames and see what files on your host system were overwritten. Those files should be recovered somehow before proceeding.
Sorry I didn't catch that.
Click to expand...
Click to collapse
Oh god -_- wow I messed up then. well....the only file that was within the cpio was a file named console.... so I think I need to fix that?
I'm not mad or anything, it's a risk you take ya know? But I may need help.
EDIT: Okay so I reboot my laptop and it reboot fine, no issues. I don't think it actually overwrote any file (luckily because that cpio file didn't have anything in it...heh) So should I now try the command with the new argument?
Zydrate_blue said:
Oh god -_- wow I messed up then. well....the only file that was within the cpio was a file named console.... so I think I need to fix that?
I'm not mad or anything, it's a risk you take ya know? But I may need help.
EDIT: Okay so I reboot my laptop and it reboot fine, no issues. I don't think it actually overwrote any file (luckily because that cpio file didn't have anything in it...heh) So should I now try the command with the new argument?
Click to expand...
Click to collapse
I'll take a look at the boot image this evening. It would seem very odd to me if the only file on the initramfs was /dev/console.
Hello!
Device: i535PP
Kernel version: 3.4
Build date: July 22(futex(towelroot) patched)
So, I am trying to get the symbol table or whatever the heck it is.
I do not have root access, that is what I need the symbol table for > read about that here
So I can't do this the easy way of just open /proc/kallsyms
I have the zImage from boot.img.
I have kept reading on google ect that the most common type of compression used by Android kernels is gzip.
I have looked for the gzip magic numbers in a hex editor and also using hexdump/grep and dd.
I tried using binwalk zImage | head and it didn't see any gzip headers in the file, it found lzo and "pcrypt" or something like that but. I found the magic numbers for gzip... I did some googling and. I belive the whole "pcrypt" is because I had my device encrypted, and I had the OTA flash able rom on my and did all the extracting and Shia on my phone. I have since then decrypted the device and reextract everything.
I believe I am supposed to be after piggy.gz...
When I get the offset and use dd to skip to the beginning of the gzip header and save, I do gunzip piggy.gz and it says that it's corrupted. When I use a hex editor it's also corrupted...
Anyone who has done this before, mind helping me out?
I'll upload the zImage if needed.
Just don't go get the addresses yourself and post them here, I want to get some of the experience out of this
I will be more than happy to add to the list of thankyous/credits when it's all done and I test then make a release. I would also be able to port the exploit to other devices too.
I think I know why....
Probably messed it up when I tried going it on a pc I moved it back and forth via ftp... I didnt have a usb cable at the time.
If anyone wants to take a shot at this, please do. I will love you forever.
No clue what you're trying to do, but my ArchiKitchen should be able to split kernel into zImage and ramdisk, and also unpack the ramdisk, allow you to make changes, and repack it back. You can also replace zImage only if you wish... However, beware, invalid zImage may lead to brick.
You're interested in barebones project. Then you put boot.img in proper folder, restart kitchen, and unpack boot.img.
And if you're interested in decompressing zImage, then sorry, but you're doing it wrong, zImage is compressed binary, and you can't unpack the binary, even if you manage to decompress it.
@JustArchi
Well, thanks for getting me some info about that. But if I understand correctly, zImage is the kernel yes? From what I have read on boot it decompresses itself and copies it into memory. I am not really trying to modify anything, trying to get to the kernel symbols for a device that currently has not working rooting method I am aware of(i535pp on latest build...). Locked boot loader, signature verification of system.img.ext4 so no adding su binary and done. Futex is a no go, kernel compiled July 22. I am trying to port cve 4322 to the device from poc code by retme7 to get a root shell and go from there. If you know how I can go about doing that or point me to a tut, would be great.
Would this help? http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=I535pp
OpenSourcererSweg said:
@JustArchi
Well, thanks for getting me some info about that. But if I understand correctly, zImage is the kernel yes? From what I have read on boot it decompresses itself and copies it into memory. I am not really trying to modify anything, trying to get to the kernel symbols for a device that currently has not working rooting method I am aware of(i535pp on latest build...). Locked boot loader, signature verification of system.img.ext4 so no adding su binary and done. Futex is a no go, kernel compiled July 22. I am trying to port cve 4322 to the device from poc code by retme7 to get a root shell and go from there. If you know how I can go about doing that or point me to a tut, would be great.
Would this help? http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=I535pp
Click to expand...
Click to collapse
If device has locked bootloader, you won't be able to flash custom kernel you made anyway.
Otherwise, you just compile kernel from sources, get zImage, and combine it with the ramdisk through my kitchen.
JustArchi said:
If device has locked bootloader, you won't be able to flash custom kernel you made anyway.
Otherwise, you just compile kernel from sources, get zImage, and combine it with the ramdisk through my kitchen.
Click to expand...
Click to collapse
I am not trying to make a custom kernel. I am trying to extract information from the kernel required for exploitation. I am not even sure I am going about this correctly. I need to symbol table. I believe I ptmx_fops and perhaps a few other things... I have the src, anything valuable?
OpenSourcererSweg said:
I am not trying to make a custom kernel. I am trying to extract information from the kernel required for exploitation. I am not even sure I am going about this correctly. I need to symbol table. I believe I ptmx_fops and perhaps a few other things...
Click to expand...
Click to collapse
Stop it, you're talking nonsense. You won't achieve the thing you want in that way.
JustArchi said:
Stop it, you're talking nonsense. You won't achieve the thing you want in that way.
Click to expand...
Click to collapse
How do I go about making cve 2014 4322 work on my device?
I have been looking and looking...
You dont understand what not having root does to me....