Related
So, since HTC is now almost 3 months past due releasing the kernel sources, I've been trying to adapt the GSM kernel to compile and work with our devices, by disassembling the stock kernel and going through line-by-line of the source to see what needs changing.
I started by copying all the '*hero*' files to be '*heroc*', and renamed all the symbols to be heroc as well. Then pulled /proc/config.gz to use as a base config. Also had to fix up the Kconfig's and Makefile's, as needed, to be able to support HEROC-specific stuff. That more or less gets it to a point where you can compile the kernel successfully, although it's still just a GSM kernel with the name and mtype of heroc.
Then I imported the stock kernel (extracted from boot.img, then decompressed) into IDA as a ROM, setup the CONST segment of string data, imported the symbols from /proc/kallsyms using an ida .idc script, and analyzed the remaining areas of the ROM. At that point, I had a virtually fully analyzed binary ROM in ida, complete with symbols. Then went through and renamed the important symbols from the board-heroc* segments as needed to match what is in the source. I also set up some of the more complicated structures/arrays to make them easier to identify.
I found several differences between the stock heroc ROM, and the make-shift hero-turned-heroc source code, and fixed most of what I came across, or just left notes for things to investigate later. What I have now is a hybrid GSM/CDMA kernel that will likely not boot on either device But I figure since I've put as much time into as I have, and I'm sure there are people more familiar with IDA and ARM than I am, I'm putting my IDA file out there for people to start from. If you're not familiar with ARM assembly, this is absolutely useless to you, so you probably shouldn't bother.
I've spent 2 sleepless nights on it already, and still can't get anything to boot. I also tried to get htc_fb_console working so that I could at least see where and why it was dying, but that hasn't worked out well either.
So, by all means, have fun: http://madcoder.binti.ehpg.net/~madcoder/stock_kernel_heroc.i64
It was created using IDA 5.2, 64-bit, but I don't know how well other versions are with compatibility. Oh yeah, it's 35MB
And if you make some breakthroughs, please post about it here. When I get some time, I'll make a patch set to go from the released GSM kernel, to what I have now, and put that up here too.
Thank you, sad but true
I just wanted to say thank you for this work and express how sad it makes me to see the necessity of reverse-engineering in an OPEN SOURCE kernel. I never thought I would see the day.
I would be very curious to hear from you about the specific differences your disassembling unearthed. Can you say with certainty that the Linux kernel code has indeed been changed to work on the CDMA Hero? I mean it's not simply a matter of some missing driver code or other userspace stuff? If so, this would be pretty damning for HTC.
Thanks again, it's amazing to watch the XDA developers' progress in spite of the barriers put in front of their work.
The majority of differences I found were in things like heroc_fixup() where it doesn't check for engineerid/skuid/etc; different camera driver (s5k3e2fx, vs cy8c); fewer checks for multiple pieces of hardware (which is weird considering the stock phone's kernel supports 4 devices) based on system_rev; wrong vreg_get() strings; etc.
The source that HTC released *does* appear to have all the support we need. With modifications to Kconfig and Makefile, and ignoring the missing board files, you *can* compile the kernel directly, using the stock /proc/config.gz, which means all the necessary drivers are already in the GSM source. It's quite obvious that they had a working kernel tree that supported the GSM phone, plus our 4 CDMA phones, and they simply yanked out the CDMA board files and Kconfig changes, before releasing the source code.
What worries me is that I can't get a console, so it's incredibly difficult to find out where it's dying at. If I could get even a serial console to work, it would make this task so much easier. I think my next step is going to be to load up my hacked kernel into ida, and see how different the two are -- that might be easier than translating asm into C and comparing that way. If I can just compare the assembly for the two, it'd probably be easier.
maejrep said:
plus our 4 CDMA phones
Click to expand...
Click to collapse
Not to derail this too much, but which 4 phones do you mean? does it name them in some way?
markachee said:
Not to derail this too much, but which 4 phones do you mean? does it name them in some way?
Click to expand...
Click to collapse
MACH_HEROC (sprint hero)
MACH_DESIREC (vzw droid eris)
MACH_HEROCT (not entirely sure, maybe bell south hero?)
MACH_NEONC (neon is supposed to be the touch dual, which afaik has never been planned as an android phone, so I'm not sure what's up with this name either)
You can see those in the /proc/config.gz on the phone (ungzip or zcat it first ), and just search for "CONFIG_MACH_".
Also in the htc_wifi.c source, you can see references to espresso, and many others.
Would it be possible to port the moment kernel over and use that since its the same processor type and then fill in the things we need?
Mr. Biggz said:
Would it be possible to port the moment kernel over and use that since its the same processor type and then fill in the things we need?
Click to expand...
Click to collapse
I was talking to zefie not too long ago and he was saying the hero kernel is so much more stable than the moments kernel... just my 2 cents.
Keep up the amazing work mad man.
travo1 said:
I was talking to zefie not too long ago and he was saying the hero kernel is so much more stable than the moments kernel... just my 2 cents.
Click to expand...
Click to collapse
Yeah, my fiance went through 2 moments, and they were so buggy she switched to the Hero. No problems since.
flipzmode said:
Keep up the amazing work mad man.
Click to expand...
Click to collapse
+1 for keeping up the good work!
:beer: (Does that emote work on this forum? I hope so...)
bumping this so it doesnt get buried 3 pages again
toastcfh said:
bumping this so it doesnt get buried 3 pages again
Click to expand...
Click to collapse
I thought you said you were going to bed
gu1dry said:
I thought you said you were going to bed
Click to expand...
Click to collapse
i was till i had to refresh again
Yeah, I basically put this on hold, due to work priorities (happens a lot unfortunately :/)
But with the news that HTC may be releasing the source soon, this is probably not worth continuing anyway
maejrep said:
Yeah, I basically put this on hold, due to work priorities (happens a lot unfortunately :/)
But with the news that HTC may be releasing the source soon, this is probably not worth continuing anyway
Click to expand...
Click to collapse
Honestly, I would continue it. Nobody's sure that HTC will release the source code (HTC said they would release the source for the "Gero"...we're hoping that was a mistype).
I have a feeling they won't release it anytime soon and you'll probably solve the entire issue with the cameras and more before that source is released.
bump.... its on the second page
Yea def keep the good work up HTC said over the weekends tht came and went so now all we got is you my good man
man we gotta get this thread stickied!!!!
toastcfh said:
man we gotta get this thread stickied!!!!
Click to expand...
Click to collapse
agreed... lol
anyhow i think this will work out before the htc hope does. bumped to the top
So, with some inspiration from NetRipper, I started trying to find a way that I could see how far it gets in the kernel booting before it stops, since I still don't have a console. Unfortunately, his suggests were LED-related (particularly gpio-enabled), and we don't have any of those. Did find one reaction that is very hard to miss, and luckily very easy to trigger: reboot via gpio
So now I'm stepping through the code, trying to find at what point in execution it stops rebooting and just hangs. So far I'm in init level 4 (of 6). I'm really hoping this leads me to something that will at least tell me "well THERE'S your problem!", and I can reverse the stock kernel asm to figure out what is different.
I have been looking at the fascinate forum and noticed they have a new Miui rom that has more functions closer to a fully functional rom than they ever have. I was hoping someone could port this to the mesmerize
http://forum.xda-developers.com/showthread.php?t=1120371&page=1
Trust me, I've had my eye on Andmer's twitter since Friday when he started it. I've got a thing or two I need to do tonight, but hopefully I can get this ported tonight.
EDIT: There *will* be stuff broken with it; anything that's broken with the Fascinate ROM will be broken with any Mesmerize port. They're still working on it (Andmer and JT1134), so it's still listed as an alpha, but enough people clearly want it.
ChromWolf said:
Trust me, I've had my eye on Andmer's twitter since Friday when he started it. I've got a thing or two I need to do tonight, but hopefully I can get this ported tonight.
EDIT: There *will* be stuff broken with it; anything that's broken with the Fascinate ROM will be broken with any Mesmerize port. They're still working on it (Andmer and JT1134), so it's still listed as an alpha, but enough people clearly want it.
Click to expand...
Click to collapse
So i what all is there that you have to do to port over a rom?
As I understand it, very little. Edit some framework stuff and the build.prop to identify as a US Cellular/Mesmerize device rather than Verizon/Fascinate. That's largely cosmetic. Remove the SMS padding the Verizon does, and that's more or less it.
As I say, I should be able to get it tonight.
ChromWolf said:
As I understand it, very little. Edit some framework stuff and the build.prop to identify as a US Cellular/Mesmerize device rather than Verizon/Fascinate. That's largely cosmetic. Remove the SMS padding the Verizon does, and that's more or less it.
As I say, I should be able to get it tonight.
Click to expand...
Click to collapse
sweetness i cannot wait! my friend has Miui for his Evo and i love how it is layed out. I just need the steps to install it so i dont screw it up when its available
Ive been wanting to learn how to port roms. just no one has really explained to me on how this whole process goes
veteranmina said:
Ive been wanting to learn how to port roms. just no one has really explained to me on how this whole process goes
Click to expand...
Click to collapse
"Porting ROMs" and "Porting ROMs from the Fascinate" are two different animals. Porting from the Fascinate is pretty easy once you have the steps (at least as I understand it), but everything gets ported over pretty quickly so no one really bothers to post the steps for it.
Porting ROMs from other phones, on the other hand, is a much more complicated process, often involving editing the source code before compiling it into the ROM. There really isn't a straight-forward step-by-step process to follow.
That's really why no one's posted the instructions.
I could I suppose, but I've only poked at it once or twice. I generally know how to do it, but I suspect I'll still be having one of the experts check my work. Still, one more thing off their plates, and MIUI that much sooner for us.
ChromWolf said:
"Porting ROMs" and "Porting ROMs from the Fascinate" are two different animals. Porting from the Fascinate is pretty easy once you have the steps (at least as I understand it), but everything gets ported over pretty quickly so no one really bothers to post the steps for it.
Porting ROMs from other phones, on the other hand, is a much more complicated process, often involving editing the source code before compiling it into the ROM. There really isn't a straight-forward step-by-step process to follow.
That's really why no one's posted the instructions.
I could I suppose, but I've only poked at it once or twice. I generally know how to do it, but I suspect I'll still be having one of the experts check my work. Still, one more thing off their plates, and MIUI that much sooner for us.
Click to expand...
Click to collapse
Looking forward to trying this as well
Sorry guys, didn't have a chance to get to this last night, I'm hoping I can tonight, but as always, we'll see. I've got a couple addons I personally wanna add to the ROM, but that will likely come later. Still, some teasers.
Awe come on i was looking towards getting Miui on my phone this morning! I hope you get it on here really really soon please
veteranmina said:
Awe come on i was looking towards getting Miui on my phone this morning! I hope you get it on here really really soon please
Click to expand...
Click to collapse
Wow. I really hope you were attempting to be funny because this comes off as incredibly ungrateful. The guy is attempting to do this for FREE and on his own free time. If he actually has a life that happens to take him away from being able to port this then good for him. If you're in a huge hurry to get it, then feel free to do some research and port it yourself. Otherwise sit back, relax, and be happy when it does get released.
akellar said:
Wow. I really hope you were attempting to be funny because this comes off as incredibly ungrateful. The guy is attempting to do this for FREE and on his own free time. If he actually has a life that happens to take him away from being able to port this then good for him. If you're in a huge hurry to get it, then feel free to do some research and port it yourself. Otherwise sit back, relax, and be happy when it does get released.
Click to expand...
Click to collapse
I wasnt meaning to be mean at all. Just all excited to finally get a Miui rom on my phone if you know what i mean. I understand he has a life just as i do and i respect that.
veteranmina said:
I wasnt meaning to be mean at all. Just all excited to finally get a Miui rom on my phone if you know what i mean. I understand he has a life just as i do and i respect that.
Click to expand...
Click to collapse
Excitement is perfectly fine and expected. Asking for ETA's and requesting something "really really soon" just comes off as impatient and like you are owed something. Not attacking you, just something to keep in mind.
i would like to see this also id use it... wut avoit the patch?
Sent from my SCH-I500 using XDA App
LOL It's all good, Life has just been really busy lately----but trust me, I've wanted GB MIUI for about a month now. XD To be perfectly frank, I'm still a little bitter I got so little help with it, banged my head against it for a month, and Andmer comes in in a *weekend* and gets it going. XD But I'm not complaining, cuz, well, I get GB MIUI. XD It just tells me I need to learn JavaScript and C++ and start compiling from source.
Again, stuff *will* be broken (this won't be my normal daily ROM until GPS is fixed, I MUST have my GPS), but I know Andmer and JT1134 are working on it (since it benefits JT's latest CM7 build as well).
I have to agree about the GPS... This is good news though. CM7 and MIUI are "almost" there now. Been watching and waiting for months on the progress of those.
I have been patient and I think not long off now, we will all be playing with fully working MIUI and CM7 ROMS...
Keep at it guys, I am rooting for you... (groan... root)..
Just a quick update: I won't get this completed tonight, but I did get a chance to start it. I need to bug BDE for some pointers, and hopefully hear back from JT on a code question. Even so, because of the way it's flashed (and how one must switch ROMs if they decide they want to go back to a different one), it'll get tested on IRC first before it's posted on XDA.
I won't get a chance to work on it tomorrow night for sure, but I'm hoping sometime during the weekend at the latest. Patience comes to those who wait as they say.
akellar said:
Wow. I really hope you were attempting to be funny because this comes off as incredibly ungrateful. The guy is attempting to do this for FREE and on his own free time. If he actually has a life that happens to take him away from being able to port this then good for him. If you're in a huge hurry to get it, then feel free to do some research and port it yourself. Otherwise sit back, relax, and be happy when it does get released.
Click to expand...
Click to collapse
I read their post as trying to be funny, not disrespectful.
Sent from my SCH-I500 using XDA App
ChromWolf said:
Just a quick update: I won't get this completed tonight, but I did get a chance to start it. I need to bug BDE for some pointers, and hopefully hear back from JT on a code question. Even so, because of the way it's flashed (and how one must switch ROMs if they decide they want to go back to a different one), it'll get tested on IRC first before it's posted on XDA.
I won't get a chance to work on it tomorrow night for sure, but I'm hoping sometime during the weekend at the latest. Patience comes to those who wait as they say.
Click to expand...
Click to collapse
Hey, with CM7 (the old non-MTD builds) Jt added some code to the rom so that all we'd have to do is remove one line from build.prop to fix the SMS padding issue (and copy in a few files from /lib/ and 1 from /bin/ on a working AOSP rom). I THINK he possibly did this for the new MTD build too, but I'm not sure, but if so we should be able to fix it up quick. If not, l3ttuc3 is the one who has manually removed the padding in the past, but i'm sure others could help out.
i accepted your gtalk invite last night so just hit me up
bdemartino said:
Hey, with CM7 (the old non-MTD builds) Jt added some code to the rom so that all we'd have to do is remove one line from build.prop to fix the SMS padding issue (and copy in a few files from /lib/ and 1 from /bin/ on a working AOSP rom). I THINK he possibly did this for the new MTD build too, but I'm not sure, but if so we should be able to fix it up quick. If not, l3ttuc3 is the one who has manually removed the padding in the past, but i'm sure others could help out.
i accepted your gtalk invite last night so just hit me up
Click to expand...
Click to collapse
so what are these files that need to be transfered? i can transfer those files myself from one rom to another. And i can look up and see what line it is to remove the sms padding possibly. I also heard there was some things in the framework that had to be changed but idk why and idk how to mess with those yet :/
This is a noon question and I appolagize but I figured I would ask anyways. If I were to build the ics myself and flash it would I have any issues getting back to 3.2.2 if I so wished to? I ask because I know the bootloader it picky for the images released for 3.2.2 and have never actually built it myself before. If its not obvious already I own a xoom 4g.
Sent from my ADR6400L using xda premium
Where do you plan to get all the code for all of the hardware drivers? Those are NOT included in the source code.
While we appreciate your enthusiasm for ICS and the developer community. We ask that you do many hours of research before diving into anything near the task you seek to accomplish. To start, you might want to try by flashing between roms, looking at different rom sourcecode, and different driver codes for hardware.
Thanks for the info, like I said I have never done anything like it before. I am kinda embarassed that I didnt even think about the hardware drivers that would be required as well. After doing a little reading on the aosp source site I come to find out an additional bit of information. As of ICS there is more needed than just the source code, there will also be some additional information for the graphics hardware acceleration to work , and the Xoom wasnt mentioned (only the Official Google Devices). Guess I will just sit tight and be happy with flashing ROMs for now. Thanks again.
I have no intention for hacking or anything i just want to use it for pentest on my systems.
Okay so i downloaded aircrack for ubuntu and extracted the sbin files and the bin files and pasted them into my system/bin and afterwards i went to terminal emulator and typed
su
aircrack-ng
and to my supprise it loaded. I have posted some screenshots.
So i think with some efforts and the right scripts it would work.
So anyone with the knowledge can help out.
**************UPDATE**************
i just uploaded the aircrack-ng file.
I am Very Sorrry. If you downloaded the first file i posted, that wont work, i have posted the correct one. so please download this one
aircrack-1.1-static.rar (1.90 MB)
Okay so i have found a site on which a group of developers were able to create some files to allow the Nexus one & Galaxy S II run in monitor mode.
here is the website.
[[ http://bcmon.blogspot.com/2012/09/working-monitor-mode-on-nexus-one.html ]]
If we are able to get the mytouch into monitor mode, we would be able to run "Aircrack" ont the packets.
According to the website, we need to Build the KO for our device.
The problem now is, i have no idea of how to create those KO files.
If anyone finds a nice tutorial, pls share it here and i would try and follow it to get the monitor mode working. (that is if possible).
************************************UPDATE***************************************************************************
Guys i have finnally figured out how to put the mytouch 4g in monitor mode.
here are the steps.
Download glacier_Pac_JB_4.2.2-V22.01_20130325-085620.zip
from here : http://d-h.st/5bA
(please flash Gapps)
Then Download this Kernel it was created by coderz ( i have uploaded it so see below.)
Afterwards head towards my other thread here ( http://forum.xda-developers.com/showthread.php?t=2302678 ) and download ubuntu distro the small image.
After the download load open the apk u downloaded from the other thread and select launch and choose ubuntu.
after it has launched, install aircrack.
from this guide ( http://answertohow.blogspot.com/2012/10/how-to-install-aircrack-ng-on-ubuntu.html )
Next head towards here ( http://pkgs.org/ubuntu-12.04/ubuntu-main-i386/iw_3.2-1_i386.deb.html ) for the IW package since its not available
in the ubuntu distro.
Now you are clear to go.
Now type these in the terminal emulator where the image was launched ( please do not open another tab in terminal emulator, use the one that was opened by the ubuntu distro.)
type
Su
Airmon-ng start 6 p2p0
and voila there it is you would see monitor mode started.
Please forgive me if somethings arent clear.
I am so happy to the extent that i cant even type.
What is that?
Sent from my myTouch 4G using xda premium
mymeatb18 said:
What is that?
Sent from my myTouch 4G using xda premium
Click to expand...
Click to collapse
I thinks it's something to hack wifi with.
Sent from my MyTouch 4G using xda app-developers app
N_otori0us_ said:
I thinks it's something to hack wifi with.
Sent from my MyTouch 4G using xda app-developers app
Click to expand...
Click to collapse
Actually its used for penetration testing but when it is used in the wrong way becomes a hacking tool.
So it can be used by someone to gain access to a secured WiFi network?
Sent from my myTouch 4G using xda premium
mymeatb18 said:
So it can be used by someone to gain access to a secured WiFi network?
Sent from my myTouch 4G using xda premium
Click to expand...
Click to collapse
yea i guess so. Dont really know much about it.
Which package did u download I can't find one that has bin and Sbin in it?
Sent from my GT-P3110 using xda app-developers app
I've been building the kernel module, which is what a "KO" as you called it is, into my customized kernel for about a week now. I've also successfully inserted said module into memory and that's about where I end as the binaries that come packaged with the source code aren't linked correctly for the glacier and can't interface correctly and I haven't taken the time to recompile them yet. The plus side is that this may save me having to do that but that also means that if you want the module you have to use my kernel and that is a hazard in and of itself, haha. I lack the post count to post it in the proper forum and I refuse to circumvent that restriction by posting it in the incorrect forum so for the moment I'm hosting it myself.
If you're interested in taking the chance send me a message but I'll tell you now the kernel variation, D3M0N as I've named it, is not for the faint of heart and you could do real damage to your device if you are careless as mine allows overclocking up to 2Ghz and let me tell you it gets hot enough to blister a finger on the metal battery cover. I have it set to run at 1.4 by default so you may want to adjust it to suit your needs and it's designed for 4.2.x ROMs and I can't guarantee it'll work with any other version of Android but I can build the module for any kernel version as long as the source is available as well.
On a final note, the aircrack suite is a hacking tool and hacking is not bad, cracking is the malicious brother of hacking and either way you're responsible for your own actions, not anyone else. That being said, I'm not liable for what you do or don't do. And to clarify, aircrack itself is only useful for WEP secured networks and it is not useful by itself. This isn't directed at anyone in particular but I thought I'd clear up the assumptions I felt were being made because there's no reason for ignorance and the only crime related to ignorance is refusing the ignorant the chance to be educated wherever possible. I hope nobody takes offense to the term ignorant because everyone is ignorant to something and everyone was ignorant at some point.
Sent from my myTouch 4G using xda premium
zygh0st said:
I've been building the kernel module, which is what a "KO" as you called it is, into my customized kernel for about a week now. I've also successfully inserted said module into memory and that's about where I end as the binaries that come packaged with the source code aren't linked correctly for the glacier and can't interface correctly and I haven't taken the time to recompile them yet. The plus side is that this may save me having to do that but that also means that if you want the module you have to use my kernel and that is a hazard in and of itself, haha. I lack the post count to post it in the proper forum and I refuse to circumvent that restriction by posting it in the incorrect forum so for the moment I'm hosting it myself.
If you're interested in taking the chance send me a message but I'll tell you now the kernel variation, D3M0N as I've named it, is not for the faint of heart and you could do real damage to your device if you are careless as mine allows overclocking up to 2Ghz and let me tell you it gets hot enough to blister a finger on the metal battery cover. I have it set to run at 1.4 by default so you may want to adjust it to suit your needs and it's designed for 4.2.x ROMs and I can't guarantee it'll work with any other version of Android but I can build the module for any kernel version as long as the source is available as well.
On a final note, the aircrack suite is a hacking tool and hacking is not bad, cracking is the malicious brother of hacking and either way you're responsible for your own actions, not anyone else. That being said, I'm not liable for what you do or don't do. And to clarify, aircrack itself is only useful for WEP secured networks and it is not useful by itself. This isn't directed at anyone in particular but I thought I'd clear up the assumptions I felt were being made because there's no reason for ignorance and the only crime related to ignorance is refusing the ignorant the chance to be educated wherever possible. I hope nobody takes offense to the term ignorant because everyone is ignorant to something and everyone was ignorant at some point.
Sent from my myTouch 4G using xda premium
Click to expand...
Click to collapse
Thats cool. So have you tried your new kernel with the aircrack suit i have uploaded or have you tried airmon or monitor mode with the zips found at the website i posted.
And thanks also for clarifying the hacking concept.
I just want to help in unleashing the power of the mytouch 4g. As i have seen and tested, there are many things that the mytouch 4g can do that people didnt really know about. Like Fm transmitting, this feature works on the mytouch 4g. I tried it myself. All its needs is the apk(if anyone needs it He or She should free to ask and i would send it to him or her). All it needs to work is the stock 2.2 Glacier rom as thats which i tested it on.
So as i have already said. You could pass by the website and download the packages and who knows, it might be easier than you think.
Thanks again for contributing. :good:
mickeyasamoah said:
Thats cool. So have you tried your new kernel with the aircrack suit i have uploaded or have you tried airmon or monitor mode with the zips found at the website i posted.
And thanks also for clarifying the hacking concept.
I just want to help in unleashing the power of the mytouch 4g. As i have seen and tested, there are many things that the mytouch 4g can do that people didnt really know about. Like Fm transmitting, this feature works on the mytouch 4g. I tried it myself. All its needs is the apk(if anyone needs it He or She should free to ask and i would send it to him or her). All it needs to work is the stock 2.2 Glacier rom as thats which i tested it on.
So as i have already said. You could pass by the website and download the packages and who knows, it might be easier than you think.
Thanks again for contributing. :good:
Click to expand...
Click to collapse
Yes, I did try the binaries from the OP; unfortunately they weren't the solution to my problem. Fortunately they seem to be just fine and my problem was due to an error on my part (I had duplicate binaries in /system/xbin while I was intending to use /system/bin and failed to realize it right away.) I set up an old Netgear router I had lying around and threw a random string in as the WEP key and was able to reverse it in ~12 minutes with the maximum CPU frequency at 1.4Ghz. Not bad at all as far as I'm concerned given that it takes ~5m on my laptop.
I've stabilized the kernel I've been mutilating so it's far safer than I previously alluded to, haven't had a single panic or hard lock in a good 18+ hours and I've been running it to death so my offer still stands for any who'd rather not deal with compiling it themselves. For those that do, my Github is always open: http://github.com/zygh0st/android_kernel_htc_msm7x30-3.0.git
BTW, thanks for starting the discussion; nice to see I'm not the only one who is interested in mobile devices as possible vectors for breaches of security in ways most people wouldn't consider. The next step is to give Reaver a shot, though I think it has a successor at this point but I can't recall the name of it. I doubt it's feasible, at least not on this device since if the time scales in a similar manner you'd be looking at nearly 24 hours but with something like a Note 2 or S4 one would expect to find a significant reduction in time I'd think, but I could be mistaken.
zygh0st said:
Yes, I did try the binaries from the OP; unfortunately they weren't the solution to my problem. Fortunately they seem to be just fine and my problem was due to an error on my part (I had duplicate binaries in /system/xbin while I was intending to use /system/bin and failed to realize it right away.) I set up an old Netgear router I had lying around and threw a random string in as the WEP key and was able to reverse it in ~12 minutes with the maximum CPU frequency at 1.4Ghz. Not bad at all as far as I'm concerned given that it takes ~5m on my laptop.
I've stabilized the kernel I've been mutilating so it's far safer than I previously alluded to, haven't had a single panic or hard lock in a good 18+ hours and I've been running it to death so my offer still stands for any who'd rather not deal with compiling it themselves. For those that do, my Github is always open: http://github.com/zygh0st/android_kernel_htc_msm7x30-3.0.git
BTW, thanks for starting the discussion; nice to see I'm not the only one who is interested in mobile devices as possible vectors for breaches of security in ways most people wouldn't consider. The next step is to give Reaver a shot, though I think it has a successor at this point but I can't recall the name of it. I doubt it's feasible, at least not on this device since if the time scales in a similar manner you'd be looking at nearly 24 hours but with something like a Note 2 or S4 one would expect to find a significant reduction in time I'd think, but I could be mistaken.
Click to expand...
Click to collapse
Wow Hurray!!!!!!!!!!!!!!. My problem now is that i am not using an AOSP Rom but a Sense Rom (Vipertouch) so would this kernel work on it??
Or wait i checked ur github, is that a package for ubuntu?? cause i can see some makefile in it??
Bro if you really want to pen test from your android download dSploit.
It doesn't require custom kernals or anything. Would you like me to find a link?
Sent from my myTouch 4G using xda app-developers app
I already have that, but it doesnt crack wep passwords.
Sent from my HTC myTouch 4g using xda app-developers app
mickeyasamoah said:
Wow Hurray!!!!!!!!!!!!!!. My problem now is that i am not using an AOSP Rom but a Sense Rom (Vipertouch) so would this kernel work on it??
Or wait i checked ur github, is that a package for ubuntu?? cause i can see some makefile in it??
Click to expand...
Click to collapse
Makefiles are generally going to be found anywhere that there is code written in C and as far as I know, or recall for that matter but that may not be saying much given my poor memory, the Linux kernel has been written in C since its inception. I tried flashing the kernel with Vipertouch earlier today but it never made it past the bootlogo so I'm going to say that it doesn't play nice (which is expected.) I've spent a little time hunting around for source code to the kernel that Team Venom used but I haven't come across it yet. As soon as I find the source for an ICS/Sense compatible kernel I'll see if I can't crank something out for you. Shouldn't be too hard, I'm just preoccupied and haven't had a good stretch of time to devote to finding what I need but I'm sure it'll be easy to find because one of the Sense ROMs ought to link to a repository I'd think (I hope so anyway, haha)
If you're familiar with compiling the kernel in Ubuntu then you're pretty much familiar with compiling kernels for Android, you'd just need to set up your build environment properly which is trivial in Ubuntu. If you're interested at all, here are a couple of links, one to a thread that I referenced a few times myself and one to XDA University's Guide to building a kernel from source. I'm no expert by any means, at least not with regard to Android specific issues, but my mind and the contents therein are at your service for what it's worth :good:
zygh0st said:
Makefiles are generally going to be found anywhere that there is code written in C and as far as I know, or recall for that matter but that may not be saying much given my poor memory, the Linux kernel has been written in C since its inception. I tried flashing the kernel with Vipertouch earlier today but it never made it past the bootlogo so I'm going to say that it doesn't play nice (which is expected.) I've spent a little time hunting around for source code to the kernel that Team Venom used but I haven't come across it yet. As soon as I find the source for an ICS/Sense compatible kernel I'll see if I can't crank something out for you. Shouldn't be too hard, I'm just preoccupied and haven't had a good stretch of time to devote to finding what I need but I'm sure it'll be easy to find because one of the Sense ROMs ought to link to a repository I'd think (I hope so anyway, haha)
If you're familiar with compiling the kernel in Ubuntu then you're pretty much familiar with compiling kernels for Android, you'd just need to set up your build environment properly which is trivial in Ubuntu. If you're interested at all, here are a couple of links, one to a thread that I referenced a few times myself and one to XDA University's Guide to building a kernel from source. I'm no expert by any means, at least not with regard to Android specific issues, but my mind and the contents therein are at your service for what it's worth :good:
Click to expand...
Click to collapse
OOOKay. But the only problem is that my pc fell and had developed some kind of fault so at the moment i am PC-less. But i hope to get it repaired soon. but in the meantime can you upload an already compiled version of the kernel so that i and anyone else who is intrested could download?? you know like a flashable zip or something and did you flash the kernel for the vipertouch through the recovery?? If so i dont think it would work. They created the rom in such a way that they change most of the directories so you would have to use thier inbuilt flasher. I guess. last time i tried flashing a bootanimation through recovery but it didnt work. So i guess u use thier inbuilt one.
mickeyasamoah said:
OOOKay. But the only problem is that my pc fell and had developed some kind of fault so at the moment i am PC-less. But i hope to get it repaired soon. but in the meantime can you upload an already compiled version of the kernel so that i and anyone else who is intrested could download?? you know like a flashable zip or something and did you flash the kernel for the vipertouch through the recovery?? If so i dont think it would work. They created the rom in such a way that they change most of the directories so you would have to use thier inbuilt flasher. I guess. last time i tried flashing a bootanimation through recovery but it didnt work. So i guess u use thier inbuilt one.
Click to expand...
Click to collapse
That's cause bootanimations on sense are in a different location then sense. I think
Sent from my myTouch 4G using xda app-developers app
Yea. So i guess the kernel also might be in a different directory. And also i have just remembered that i flashed a different kwrnel from the recovery and after the bootanimation, it failed to continue and got stuck. Reason why am saying all this is because, when i enter the root of my device, i see many folders that u wouldnt see in a normal rom (cyanogen, aosp, aokp,) as far as i know. So i guess he should create a flashable zip of the kernel and maybe steady the directories of the rom and maybe it might work.
Sent from my HTC myTouch 4g using xda app-developers app
mickeyasamoah said:
Yea. So i guess the kernel also might be in a different directory. And also i have just remembered that i flashed a different kwrnel from the recovery and after the bootanimation, it failed to continue and got stuck. Reason why am saying all this is because, when i enter the root of my device, i see many folders that u wouldnt see in a normal rom (cyanogen, aosp, aokp,) as far as i know. So i guess he should create a flashable zip of the kernel and maybe steady the directories of the rom and maybe it might work.
Sent from my HTC myTouch 4g using xda app-developers app
Click to expand...
Click to collapse
Disclaimer: Some of this may come off harsh, it's unintentional I assure you; I've been told by many people I sound like I'm being a jerk when I simply know no other way to present the information than in as simple a form as possible, so reader be warned and do try not to take offense!
Actually, all of the directories you see under / (the root of the filesystem or root for short) DO exist on every Android installation regardless of the version or ROM for the most part. There are a few alterations between major Android versions (think Gingerbread to ICS or ICS to JB) but those are mostly related to the SDCard or external filesystems in general. There are also differences related to specific devices, for example; you won't find /data/media on devices that don't have an internal storage designed to mimic an SDCard (such as the Samsung Galaxy series.)
That being said, the kernel does not reside in a directory at all, it resides on a partition that is mounted as /. The kernel's ramdisk is actually where /init and /init.rc and such actually are and that is why you can't change them and have the changes persist across reboots even if the root partition is remounted as read/write. In addition to this information, one does not simply "move things around" within a deeply rooted filesystem structure like you were rearranging furniture.
And to get to the real information you're after, the reason your device fails to boot when you flash an incompatible kernel is because the kernel and the ROM, for lack of a better example, don't know how to speak to one another and one get's pissed off and they stop talking; or in other cases one gets severe dementia and repeats itself indefinitely (bootloops anyone?). Oh, and the bootanimation.zip is in the same place on every Android device. You don't need to flash it at all, it goes in /system/media/ but you'll have to remount /system as read/write first (which is why flashable zips are convenient, you don't have to mess with it and you're going to have to reboot anyway to see your new animation, right?)
And in closing, the directory structure of Team Venom's ROM and every other ROM that exists is about 99% the same. You may not have seen it before, but there's no need to drag out Shrodinger's poor cat is there? I assure you it's been there lurking in the shadows What I need is the source code to a kernel that is known to work with ICS/Sense ROMs, and as I previously stated in another post I simply haven't looked that hard yet. I have an errand or two to run this early afternoon, but you have my word I'll do my best to try and get a working kernel to you by 0500 GMT, which is midnight for me. That gives me 12 hours from now, too easy And it'll be flashable, I'm a lazy person to be honest so I have a script that compiles the kernel, builds the ramdisk, makes the boot image from the two, creates a flashable zip, uploads said zip to the device, creates a script for recovery (I use TWRP 2.5.0.0 FYI) to flash the zip and reboot, and then reboots the device into recovery. That way I only have to press return once
I hope you found some of that useful and if you'd like any more information I'd be happy to give you all that I have, it's kind of an uncontrollable thing with me so be mindful of what you ask because you will get a wash of info in return and my stop button seems to work sparingly, haha. Have a good day!
zygh0st said:
Disclaimer: Some of this may come off harsh, it's unintentional I assure you; I've been told by many people I sound like I'm being a jerk when I simply know no other way to present the information than in as simple a form as possible, so reader be warned and do try not to take offense!
Actually, all of the directories you see under / (the root of the filesystem or root for short) DO exist on every Android installation regardless of the version or ROM for the most part. There are a few alterations between major Android versions (think Gingerbread to ICS or ICS to JB) but those are mostly related to the SDCard or external filesystems in general. There are also differences related to specific devices, for example; you won't find /data/media on devices that don't have an internal storage designed to mimic an SDCard (such as the Samsung Galaxy series.)
That being said, the kernel does not reside in a directory at all, it resides on a partition that is mounted as /. The kernel's ramdisk is actually where /init and /init.rc and such actually are and that is why you can't change them and have the changes persist across reboots even if the root partition is remounted as read/write. In addition to this information, one does not simply "move things around" within a deeply rooted filesystem structure like you were rearranging furniture.
And to get to the real information you're after, the reason your device fails to boot when you flash an incompatible kernel is because the kernel and the ROM, for lack of a better example, don't know how to speak to one another and one get's pissed off and they stop talking; or in other cases one gets severe dementia and repeats itself indefinitely (bootloops anyone?). Oh, and the bootanimation.zip is in the same place on every Android device. You don't need to flash it at all, it goes in /system/media/ but you'll have to remount /system as read/write first (which is why flashable zips are convenient, you don't have to mess with it and you're going to have to reboot anyway to see your new animation, right?)
And in closing, the directory structure of Team Venom's ROM and every other ROM that exists is about 99% the same. You may not have seen it before, but there's no need to drag out Shrodinger's poor cat is there? I assure you it's been there lurking in the shadows What I need is the source code to a kernel that is known to work with ICS/Sense ROMs, and as I previously stated in another post I simply haven't looked that hard yet. I have an errand or two to run this early afternoon, but you have my word I'll do my best to try and get a working kernel to you by 0500 GMT, which is midnight for me. That gives me 12 hours from now, too easy And it'll be flashable, I'm a lazy person to be honest so I have a script that compiles the kernel, builds the ramdisk, makes the boot image from the two, creates a flashable zip, uploads said zip to the device, creates a script for recovery (I use TWRP 2.5.0.0 FYI) to flash the zip and reboot, and then reboots the device into recovery. That way I only have to press return once
I hope you found some of that useful and if you'd like any more information I'd be happy to give you all that I have, it's kind of an uncontrollable thing with me so be mindful of what you ask because you will get a wash of info in return and my stop button seems to work sparingly, haha. Have a good day!
Click to expand...
Click to collapse
Thanks very much for your contribution. And dont feel bad or anything for your answers. I love to read especially when they are things that have to do with ICT or electronic Gadgets. So am cool with that.
And once again, thanks for your help and time,this could be a break through or a start to a new life for the mytouch 4g.
With this, we [ you (zygh0st), Notorious, me and some other young developers] could come out with a rom which has the necessary drivers and files to run Most Linux/Ubuntu/ Debian Distros and apps without any difficulties, Reason is that, the Linux/Debian?Ubuntu Images Available now lack some drivers and abilities to do certain things. SOme of which is Wireless tools in Ubuntu. ( I tried searching for wireless tools for these images but there wasn't any, the ones available were those for i386 and amd64. But those images needed one for armel.) So as i said this could be the beginning a very big project for a rom that fully supports Distros and has all the drivers for pentesting.
But until then we would be waiting for the kernel.
Thanks Again Buddy.:good:
Alrighty, well I had a little bit of unforeseeable life happen and I had to tend to that. That being said, undoubtedly it hasn't gone unnoticed that my given deadline is well, dead. It's proven a little harder than I anticipated to get the drivers to compile with 2.6.35 than it was with 3.0 and I haven't sorted it out in the short amount of time I've had this weekend. I'll have some time this evening, barring any additional cataclysms of course; so I plan to try and get it knocked out then. For those running JB, I've decided not to release my currently working (and I use the term working loosely) as I've discovered it causes an interesting issue that I'm having trouble tracking down and it may end with me having to start over from scratch unless I can find it. It works in its current state, however, and it may be an issue unrelated to the kernel itself but whenever I switch to a different one it goes away so I'd rather not risk putting something out there that is known to have frustrating issues. Bugs are one thing but when you press unlock and nothing happens for close to 45 seconds, that's just broken. Anyway, I feel like I'm threadjacking so this will be the last mention of it I make here and to get back onto topic, if anyone would like to try and succeed where I haven't yet I'd be glad to lend a hand with integrating the driver especially since I have the changes required to get it to compile cleanly with kernel version 3.0; though it was really only a single section of code that needed to be changed at all. Once again, my apologies for the delays but better to take time and do it right than to smash it together and hope the tape holds.
Howdy friends!
I was able to install the SM-N920C Lineage-14.1 ROM by RaymanFX on my SM-N920P Sprint device.
https://forum.xda-developers.com/note5/orig-development/rom-lineageos-14-1-t3572047
To make it install I simple unzipped the ROM, and edited the file "META-INF/com/google/android/updater-script" and remove the top line that starts with "assert". This line is basically the part of the script that makes the ROM abort in TWRP if your device isn't nobleltejv. Then I re-zipped the contents of the ROM, pushed via adb and flashed per the instructions in RaymanFX's thread.
It seems to run really well -- it seems more stable than the CM 13 ROM that I tried previously. However, like the CM 13 ROM, cellular doesn't seem to work.
I got a good deal on this device primarily for hacking on it, so I don't mind trying some things (although I'd prefer to avoid bricking it). My only limitation is that I am a GSM user so I can't test full CDMA functionality while I go. That being said, I don't mind grabbing a cheep prepaid CDMA SIM if I actually make any progress.
I'm looking for resources on how to diagnose why cellular doesn't work. I'm fairly new to hacking on Android, but I'm an experienced software engineer and have a strong Linux background, so I'm pretty confident that with docs I could get to the bottom of this.
If anyone with more experience in this realm can point me at the appropriate docs/examples/forums etc. I be happy to take a swing at it.
jnovek said:
Howdy friends!
I was able to install the SM-N920C Lineage-14.1 ROM by RaymanFX on my SM-N920P Sprint device.
https://forum.xda-developers.com/note5/orig-development/rom-lineageos-14-1-t3572047
To make it install I simple unzipped the ROM, and edited the file "META-INF/com/google/android/updater-script" and remove the top line that starts with "assert". This line is basically the part of the script that makes the ROM abort in TWRP if your device isn't nobleltejv. Then I re-zipped the contents of the ROM, pushed via adb and flashed per the instructions in RaymanFX's thread.
It seems to run really well -- it seems more stable than the CM 13 ROM that I tried previously. However, like the CM 13 ROM, cellular doesn't seem to work.
I got a good deal on this device primarily for hacking on it, so I don't mind trying some things (although I'd prefer to avoid bricking it). My only limitation is that I am a GSM user so I can't test full CDMA functionality while I go. That being said, I don't mind grabbing a cheep prepaid CDMA SIM if I actually make any progress.
I'm looking for resources on how to diagnose why cellular doesn't work. I'm fairly new to hacking on Android, but I'm an experienced software engineer and have a strong Linux background, so I'm pretty confident that with docs I could get to the bottom of this.
If anyone with more experience in this realm can point me at the appropriate docs/examples/forums etc. I be happy to take a swing at it.
Click to expand...
Click to collapse
Have you pm'd @RaymanFX to see if he can point you in the right direction. Also @tdunham, not sure where he stands in taking on another project. Either way hopefully you'll make some progress!!!
justlookin412 said:
Have you pm'd @RaymanFX to see if he can point you in the right direction. Also @tdunham, not sure where he stands in taking on another project. Either way hopefully you'll make some progress!!!
Click to expand...
Click to collapse
Not a bad idea. I don't really have time to be a project maintainer right now -- hoping if I make progress I can just submit a patch against Rayman's work and occasionally make any needed updates, but I don't really know how ROM projects are typically managed.
Like many folks on XDA, I love Samsung's hardware but don't care for their implementation of Android. I generally prefer something closer to stock like Lineage or AOSP. Sprint doesn't get a lot of love (although Moar is a pretty nice ROM) and I'm sure those folks who prefer something closer to stock would benefit.
jnovek said:
Not a bad idea. I don't really have time to be a project maintainer right now -- hoping if I make progress I can just submit a patch against Rayman's work and occasionally make any needed updates, but I don't really know how ROM projects are typically managed.
Like many folks on XDA, I love Samsung's hardware but don't care for their implementation of Android. I generally prefer something closer to stock like Lineage or AOSP. Sprint doesn't get a lot of love (although Moar is a pretty nice ROM) and I'm sure those folks who prefer something closer to stock would benefit.
Click to expand...
Click to collapse
I completely agree. I have no complaints. MOAR is an excellent ROM. I would like to run Lineage or an AOSP ROM just for a change, but I knew from the beginning what I was getting myself into.
I'm not sure what all needs edited, but AFAIK the RIL needs to be. How or what needs to be changed is beyond me.
Sent from my SM-N920P using Tapatalk
Moderator: should this thread live in one of the development sections?
Had a quick exchange with Rayman. He seems like a nice guy!
My objective is to get the modem working to some degree, but no promises about things like proper CDMA configuration, band selection, etc. Not really sure how all that stuff works, TBH. If I can get he modem to go, though, maybe someone who actually knows a thing or two about wireless can help with the other stuff?
Seems like the first order of business is to discover what modem hardware this thing is using, and what drivers it wants. I'll need to get root and dig around in sysfs/devfs. I'll post what I learn.
My day job is as a web developer and I'm an embedded hobbyist. Many of the ROM devs on XDA seem to work as embedded developers in their day jobs. I expect this to be a slow-going learning project for me in my limited spare time.
I'll do my best to document my progress (and foibles) in this thread in case anyone can learn a thing or two from it.
jnovek said:
Moderator: should this thread live in one of the development sections?
Had a quick exchange with Rayman. He seems like a nice guy!
My objective is to get the modem working to some degree, but no promises about things like proper CDMA configuration, band selection, etc. Not really sure how all that stuff works, TBH. If I can get he modem to go, though, maybe someone who actually knows a thing or two about wireless can help with the other stuff?
Seems like the first order of business is to discover what modem hardware this thing is using, and what drivers it wants. I'll need to get root and dig around in sysfs/devfs. I'll post what I learn.
My day job is as a web developer and I'm an embedded hobbyist. Many of the ROM devs on XDA seem to work as embedded developers in their day jobs. I expect this to be a slow-going learning project for me in my limited spare time.
I'll do my best to document my progress (and foibles) in this thread in case anyone can learn a thing or two from it.
Click to expand...
Click to collapse
It seems like talking to him has steered you in the right direction!!! Take your time. If anything you'll learn something that you can apply later in your career or personal projects!
Have u tried flashing the sprint modem?
@jnovek if you could provide the zip you put together to flash I would try something in my spare time to help. Doesnt seem to be a very busy thread.
Long time no chat. I've been busy .
Could someone post the output to "getprop" from a stockish Sprint device on 7.x? Among other things I'd like to see what magic incantations are used for the ro.telephony settings.
hackwoof said:
@jnovek if you could provide the zip you put together to flash I would try something in my spare time to help. Doesnt seem to be a very busy thread.
Click to expand...
Click to collapse
Not totally sure how to use the hosting that everyone here uses and I have limited time this morning to play around w/this, but I can give you brief instructions on how to roll it yourself. It's super easy.
1) Download the n920c rom linked in the first post.
2) Unzip it.
3) Edit the file "META-INF/com/google/android/updater-script".
4) Remove the first line -- it starts with "assert". You can just straight up delete it.
5) Zip everything back up.
6) Flash using the instructions provided in the linked thread for n920c.
Any headway here?
Sent from my SM-N920P using Tapatalk
link
Done according to guidelines by jnovek
If anyone can check
No time today. But I'll make a backup and try it tonight.
Sent from my SM-N920P using Tapatalk
It installs fine. No service tho.
Sent from my SM-N920P using Tapatalk
What that mean "No service tho"
It means the RIL and APNs need to be edited and added I believe.
Sent from my SM-N920P using Tapatalk
S Pen works?
I flashed the rom, but S pen is not working anymore. And has anyone figured out how to set up the network?
The developers of the ROM are working on it. But as of now this ROM is not for our phones unless you're going to only use it on WiFi. Cellular connections of any sort are out of order.
Sent from my SM-N920P using XDA Labs
Bump