I know this will sound stupid, but is there a way to install WM (.cabs) on an android phone? (or port a program somehow)
Basically, nope!
Probably, same phone, same hardware, but the difference is, different operating system.
The only way to port stuff over, as yet, is to get hold of the source code and re-engineer it into the other OS. Not for the faint hearted, although it can be done.
The question to ask is, 'Is your App worth that amount of effort?'
'Where is the source code?', for starters.
If the App was written in .NET then a MONO CF for Android could be a solution. Anyone written it yet?
I have a few questions for the devs here. Please forgive any assumptions that may be incorrect. I've tried to do as much research as I can online but I think I need a more experienced Android dev to help me solidify my direction. Thank you in advance for your time.
That being said, I have some experience with a device known as the GP2X. It uses ARM architecture and, in the past, I have been able to cross compile for it. Notably the Stella VCS 2600 emulator. I do have some open source experience, but I've never had any formal training in programming. Seeing that Android uses the DVM to sandbox program code, I'm still a little iffy on what I can and can't get away with programatically.
First off, I've read that the Android Chrome Lite browser allows plugins/extensions through the NPAPI. I'm assuming this is the stock web browser. It's not clear to me at the moment what the default browser is or how it works. It appears that Gnash has a C++ NPAPI plugin that may need to be cross compiled and I'm hoping to get away with as little Java coding as possible.
My main questions are:
1. Does the stock browser allow NPAPI plugins?
2. If question 1 is true, does the plugin have to be compiled in ARM architecture? Are there any caveats to this?
3. From what I've been able to gather, Chrome Lite looks in the following location for Plugins:
Code:
/data/data/com.android.browser/app_plugins
Is this correct?
4. If a plugin is dropped in the correct folder, and assuming that the mime types are associated, will the Android browser recognize/utilize it? In which case, I'm sure there would be an API call that would cause it to rescan like Firefox or Opera would.
5. If cross compilation is necessary, is it better to use OpenGL, AGG, or Cairo as far as wide Android compatibility? Again, I don't know what's native or widely available in Android. I guess I'm looking for Best Practices.
I just wanted some feedback from someone knowledgeable before I go through the trouble of setting up a toolchain to handle this. Seeing that the community has been looking for a Flash player, I wanted to see if Gnash had any practical value on Android.
Thank you in advance for your time and again, please pardon my ignorance. I have holes in my knowledge and I want to get a little closer to understanding this particular subject before investing my time in development.
References:
NPAPI
http://en.wikipedia.org/wiki/NPAPI
Android Browser Plugin Path (I had to extrapolate from the batch file)
http://wiki.eclipse.org/Android_Selector_1.1
Gnash NPAPI Documentation
http://www.gnu.org/software/gnash/manual/gnashref.html#plugincppapi
I really need a developers answer to this question as this is a very technical one.
Ever since I've seen Ubuntu's site about Ubuntu on Android, I've wanted to do the same concept on my phone. I want to be able to do it myself as I've had experience with working with Gentoo and Arch but unfortunately not as deep of an understanding of how xorg and the kernel relate to each other (other than knowing xorg loads kernel modules and sets up the display) but understood that the Android OS has it's own display mechanism for creating things on the screen.
I'm also guessing that MHL (the tech behind the microUSB to HDMI) is a module of it's own as not all Android devices have access to doing this. If it's a module, I'm also guessing it's got it's own display driver which might be separate from the Android OS.
The root of my question is, would it theoretically be possible to get an xserver running off of that device for a chroot linux os so we can have a native linux on the phone when plugged into a MHL adapter? I am also guessing that I could script a chroot environment to start when the phone starts and maybe run a script on a hotplug from the MHL device to run the xserver... or if it works this way, have it running and it just needs a display show? Maybe an app to swap from linux to android display on the output through the phone? Would be a nice thing to have for us. Imagine being able to just work directly on the device through linux on the same device without using vnc.
I don't know if the Android OS display server (don't know what it's called) takes over all display devices and if that's why it's a problem or what the technical hurdles are, maybe that's another question that could be answered for me please?
I feel like I'm going to get a search the forums answer to this but I am searching, just hard to find answers to some of these questions since it's not the typical "I want wifi calling." or "I want (insert feature here)." or even "How does (insert feature here) work?"
This would be my first steps into developing, and I'm willing to take the time to learn, just would like a nice push in the right direction as to what the hurdles are and where I need to go for answers. Thank you in advance. =)
You may want to try the xda irc and look for linuxonandroid. You'll probably get much better answers than in q&a.
Sent from my M886 using Tapatalk 2
I am also interested in MHL support.
If you find any info please post it here too.
So I know pretty much how my jailbreak is going to work from end to end, except with regard to PatchGuard. I don't need to burn my "Holy Grail" exploit in order to release a jailbreak, but it means that I have to deal with PatchGuard.
In Windows 8.1, Microsoft modified the kernel and ci.dll so that PatchGuard protects the signing enforcement mode variables. This means that if you modify the variables that were modified by 8.0's jailbreak, some random time in the next hour from that point, your system will bugcheck (bluescreen) because PatchGuard detected something tampering with the kernel. It is very obvious that the addition of these variables to PatchGuard's protected list was a deliberate attack against the RT jailbreak, because there is little other reason to care about enforcing these variables' integrity after startup.
I need to get around PatchGuard somehow. PatchGuard itself is designed to be an obfuscated mess, deliberately difficult to modify in a stable manner. It does a lot of nasty tricks, things that you would typically find in copy protection systems. Obviously, disabling it would be nice, but quite difficult. So is stopping it from bugchecking.
I can load kernel drivers, so I know of a way in which I can hook parts of the system that would not anger PatchGuard such that arbitrary unsigned DLLs and drivers could be loaded without hassle. For things like the lockdown in WinDbg, VBScript and PowerShell, I can hook NtQuerySystemInformation in the user-mode ntdll.dll and intercept the request to check the lockdown setting. Even though the system lockdown state would still be active, as long as user mode programs don't know about it, it won't be enforced. (The kernel doesn't care at all.)
However, this leaves one thing to be desired: executing ARM code. I already know how we can patch the kernel so that ARM code can execute without the CPU being switched back to Thumb2 all the time. However, patching the kernel definitely will get PatchGuard's attention, so there's no way to pull that off without defeating PatchGuard.
The optimal solution is definitely to defeat PatchGuard, but I don't know how. I'm not an expert in the field of low-level NT kernel stuff.
please release your jailbreak so that other people can help you.
If i got it correctly, it will BSOD in a hour of running, so releasing it to public is not a good idea. Maybe via PM to other devs, but that depends on OP.
why not change the variables back after you launch your unsigned exe?
windowsrtc said:
why not change the variables back after you launch your unsigned exe?
Click to expand...
Click to collapse
I think about doing this too. Can we discard hacked? If it can done. Will it have problem with running unsigned exe? And did we know exactly when did PatchGuard notice about hack?
Myriachan said:
However, this leaves one thing to be desired: executing ARM code.
Click to expand...
Click to collapse
Perhaps I'm missing something, ... why do you want to do this? The reason I ask is because this seems to be your motivation for wanting to "defeat" patch guard.
WRT simply running native applications/driver - If you can successfully load a driver, even once, then there are a few easy ways to support this without a patch guard defeat.
Cheers!
bfosterjr said:
Perhaps I'm missing something, ... why do you want to do this? The reason I ask is because this seems to be your motivation for wanting to "defeat" patch guard.
WRT simply running native applications/driver - If you can successfully load a driver, even once, then there are a few easy ways to support this without a patch guard defeat.
Click to expand...
Click to collapse
That it's currently impossible to execute ARM code reliably on Windows RT is a major reason that Firefox hasn't been ported. Fixing that would require patching two context-switch routines in ntoskrnl.exe.
You're right that there are various ways of loading unsigned executables and drivers once the initial driver is bootstrapped. ci.dll and ntoskrnl.exe have so many variables that aren't protected by PatchGuard that this is pretty much inevitable. Ironically, removing the lockdown from WinDbg, PowerShell and VBScript is actually harder than running unsigned code when using this attack.
Defeating PatchGuard would be the optimal experience for users.
...
...
Myriachan said:
That it's currently impossible to execute ARM code reliably on Windows RT is a major reason that Firefox hasn't been ported.
Click to expand...
Click to collapse
Actually, I don't agree. There is no hard requirement for ARM code that I can see. The major reason for a lack of FF port is that the native RT community is too small to get behind the port to sort out re-writing parts of the code base. There is also the large build system/process that needs to be shifted to VS. Throw in the lack of a public RT 8.1 JB.. and there is little motivation for this community to invest the time/effort in making FF work.
Don't get me wrong, FF will likely come to RT (even 8.1) eventually.. but I don't see the lack of ARM code being the roadblock. Its time and effort along with a new JB.
bfosterjr said:
Actually, I don't agree. There is no hard requirement for ARM code that I can see. The major reason for a lack of FF port is that the native RT community is too small to get behind the port to sort out re-writing parts of the code base. There is also the large build system/process that needs to be shifted to VS. Throw in the lack of a public RT 8.1 JB.. and there is little motivation for this community to invest the time/effort in making FF work.
Don't get me wrong, FF will likely come to RT (even 8.1) eventually.. but I don't see the lack of ARM code being the roadblock. Its time and effort along with a new JB.
Click to expand...
Click to collapse
The javascript JIT engine is to ARMv7 not THUMB_2 though.
SixSixSevenSeven said:
The javascript JIT engine is to ARMv7 not THUMB_2 though.
Click to expand...
Click to collapse
I gathered as much. I'm suggesting a re-write of that as part of the port.
Cheers!
Possible, but not easy. The result would likely be significantly less efficient... but better than no JIT at all. It substantially increases the effort required for porting, though.
As for PatchGuard... I don't know as much about it as I'd like, but the fact that it only checks periodically suggests something that we can anticipate and head off, assuming we can get our own drivers loaded... hmm. This is a pretty "out there" solution, but is there any chance that the version of PG from RT8.0 could be substituted in? That may assume a greater degree of encapsulation of PG functionality than is actually warranted, but it does seem to me that, if we can't modify it, we might be able to just replace (or possibly remove) it. Another option: rather than modifying the value itself, modify the code that checks it? I mean, if they were smart, that's under PG as well, but it *might* not be. Either bypassing the check for the values, or the signature check, or just spoofing the signature check, or taking it a level even further and replacing the whole loader function with a clone that lacks the check (which allows the original to remain intact, aside from however the shim is injected).
Any which way, a lot of binary RE... ick, but that's life.
A few ideas:
1) Put a memory read breakpoint on the memory addresses you wish to change, check the context reading it and change it to what it should be if it's PatchGuard, and what you want if it's not.
2) Hook BugCheck to make it just return if PatchGuard calls it (I seem to recall reading something about PG wiping the stack/any context before calling BugCheck, so this may not work)
3) Forcibly enable Debug mode VIA setting the required kernel flag/calling the proper function (kdStartDebugger? something like that; I had found it at one point) to enable the debugger. I have no idea if PG will sense this on pre-existing threads or not, but if it does then it should shut itself down.
4) Check if THIS approach works in 8.1 (I suspect not, since it was published for 8.0 previews)
5) (This would work for g_ciOptions, but not patching the interrupt handlers), hook the usermode function that queries the state of the signing, make it call a driver that changes the bit back, check, then call the driver to set it to default again. You would only get a BSoD if you were really unlucky and PatchGuard happened to run during the 30ms that the flag was changed.
I'd like to play with some of these ideas, but without access to the current prototype (hint hint), and not having a PC I want to upgrade to 8.1 right now, it's difficult.
netham45 said:
A few ideas:
1) Put a memory read breakpoint on the memory addresses you wish to change, check the context reading it and change it to what it should be if it's PatchGuard, and what you want if it's not.
2) Hook BugCheck to make it just return if PatchGuard calls it (I seem to recall reading something about PG wiping the stack/any context before calling BugCheck, so this may not work)
3) Forcibly enable Debug mode VIA setting the required kernel flag/calling the proper function (kdStartDebugger? something like that; I had found it at one point) to enable the debugger. I have no idea if PG will sense this on pre-existing threads or not, but if it does then it should shut itself down.
4) Check if THIS approach works in 8.1 (I suspect not, since it was published for 8.0 previews)
5) (This would work for g_ciOptions, but not patching the interrupt handlers), hook the usermode function that queries the state of the signing, make it call a driver that changes the bit back, check, then call the driver to set it to default again. You would only get a BSoD if you were really unlucky and PatchGuard happened to run during the 30ms that the flag was changed.
I'd like to play with some of these ideas, but without access to the current prototype (hint hint), and not having a PC I want to upgrade to 8.1 right now, it's difficult.
Click to expand...
Click to collapse
1. You can't set a read breakpoint because PatchGuard is also checking the contents of the interrupt vectors/registers. It would notice that someone is using the hardware breakpoints before it tried to read kernel memory.
2. Yes, PatchGuard overwrites KeBugCheckEx with a pristine copy among other tricks.
3. PatchGuard knows that the debugger was not enabled at boot, and will not allow it to be enabled. It will bugcheck if you try to enable it.
4. It's possible that the approach where you look for the self-decryption code at the beginning of the DPC handlers would work.
5. There is a better way, closely related to how I'm writing my installation program, to allow unsigned PEs to load. It would escape PatchGuard's notice. A user-mode hook would be required in order to neuter wldp.dll, though, since ntoskrnl.exe would still tell programs that the current policy was locked down.
I think I can do everything I need to do except execute ARM code reliably without harassing PatchGuard.
Melissa
As a plain user, I have a question:
Why do we have to use ARM Instruction Set? Isn't just Thumb-2 okay? I thought other part of Windows all runs with Thumb-2 fine.
sahack said:
As a plain user, I have a question:
Why do we have to use ARM Instruction Set? Isn't just Thumb-2 okay? I thought other part of Windows all runs with Thumb-2 fine.
Click to expand...
Click to collapse
There is a lot of software that we would like to port over that is written in arm assembly. We would have to rewrite it to THUMB-2 to use it on Windows RT, though. Porting software is (relatively) easy, rewriting it is difficult.
sahack said:
As a plain user, I have a question:
Why do we have to use ARM Instruction Set? Isn't just Thumb-2 okay? I thought other part of Windows all runs with Thumb-2 fine.
Click to expand...
Click to collapse
Common one that needs the ARM instruction set would be a javascript engine. V8 which is the javascript JIT used in chrome only has x86 and ARMv7 versions available, it doesn't have a THUMB_2 version. Although V8 itself can compile for THUMB2, that is only the JIT'er itself, it will only ever JIT to the full instruction set. So to port chrome we wouldnt be able to use V8, there might be a way to get it to compile using the windows javascript engine (which is slower than V8 but perfectly fine) or something but its still a significant obstacle.
The same applies to quite a few other softwares.
Then as netham says, we have software written in arm assembly which people have requested, thats great but it takes alot of effort to rewrite it in thumb2 assembly.
If you have software which can indeed compile for thumb2 and function on thumb2, yeah thats great. But there is some which doesnt.
netham45 said:
There is a lot of software that we would like to port over that is written in arm assembly. We would have to rewrite it to THUMB-2 to use it on Windows RT, though. Porting software is (relatively) easy, rewriting it is difficult.
Click to expand...
Click to collapse
Okay... I used to think that only JIT compilers and media decoders needed that...
But that gives another question.... Were we able to let the CPU stay in ARM mode in Windows RT 8.0?
(And if PatchGuard checks periodically, is it possible to just reset its timer once in a while?)
sahack said:
Okay... I used to think that only JIT compilers and media decoders needed that...
But that gives another question.... Were we able to let the CPU stay in ARM mode in Windows RT 8.0?
(And if PatchGuard checks periodically, is it possible to just reset its timer once in a while?)
Click to expand...
Click to collapse
First question, no.
Second question, thats what the thread is discussing although your suggestion is perhaps worth a look into (if myriachan hasnt already)
SixSixSevenSeven said:
First question, no.
Second question, thats what the thread is discussing although your suggestion is perhaps worth a look into (if myriachan hasnt already)
Click to expand...
Click to collapse
Sure, you could reset the timer on PatchGuard continuously, if you can find all its timers and perfectly distinguish them from those that were created by legitimate drivers. That's the harder part, unfortunately. =/
Hi there, not sure if I'm on the right forum, but this seemed like the safest place to ask.
I have this project in my head that I would like to try, but I have no idea if it is even possible.
I'm currently doing a bachelors in computer science and as a way to learn, I would like to take on a big project.
As will soon become clear, I am a linux noob and know nothing about android development, but that's what I'm trying to change here.
Some time ago I bought a Chinese ereader (rebranded BOOX C67ML - using a rockchip rk3026 SoC, don't know how important that is -) and it's decent but it also kind of sucks. It runs android which overkill for a device like this if you ask me. When I look at the kindle or kobo ereaders, they have their proprietary os that is also Linux based, but much more streamlined without unnecessary features. This device doesn't even have wifi, so what am I going to do with full android on an e-ink screen? It only drains my battery more than it has to.
My question is, how feasible is it to create my own 'OS' for this device that is also Linux based and lightweight? I know that android devices can run gnu/linux in a sort of vm on top, but is it also possible to install this directly on the device? Wipe android and install a custom linux distro as you would a custom ROM.
Is this possible? Where do I begin? Any information on how the linux kernel underneath android functions and differs from a standard linux kernel would be great. I'm not asking for an easy solution served on a platter, I just want to know if it is possible and why or why not? Where do I go to learn about how to do this, point me in the right direction?
In searching around I came across postmarketOS, from what I understand they are trying to do something similar, only completely open source. No proprietary drivers for anything. For this project that is not a goal for me. If I can reuse parts of the android rom that it is running right now, I have no problem with that. Updating and keeping it up to date are not really a priority, I just need this to run a single application that works. Could also be that I completely don't understand what they are trying to do and I'm way off, but if so, please tell me what I don't understand and where I go to learn.
TLDR: Lightweight 'desktop' linux instead of android on an ereader, is it possible? Where do I start? Point me in the right direction please.
PS: If there is a better solution for this problem entirely, please do explain.
For anyone interested or with a similar idea, I'll just post what extra information I find here.
I stumbled upon Halium and Libhybris today. From what I understand, libhybris provides a compatibility layer between the android kernel and posix compatible applications. Halium uses libhybris and tries to create a common base that can be used to develop a non-android os for an android device. Please correct me if I'm wrong.