[GUIDE] Changing your WIFI/Bluetooth MAC address - HTC Desire S

Hi All
In my quest of trying to restore my phone to its original state after a hard-brick resurrection, I came up with a procedure to restore/change the WIFI-BT mac addresses.
So hoping that it could be helpful to the community, I'm sharing it with you.
I'm also writing a post about my investigations concerning the Radio/WLAN low level configuration.
As soon as it is ready I'll add a link here, so if you're willing to help or if you're interested in my investigations, stay tuned !!!
1. Prerequisite:
- Rooted and S-OFF Desire S
- USB Debug must be enabled on the phone
- Fast Boot must be disabled on the phone
- Android tools installed (look for tutorial in this forum on how to install them.)
- I assume that you already know how to use the android tools.
2. Disclaimer
- I decline all responsibilities for bricked phone and such.
- You're using this procedure at your own risk.
3. The Theory:
The Radio/WLAN configuration is stored in the mmcblk0p23 partition.
3.a. Changing the WIFI MAC address.
The WIFI configuration is located at the beginning of the partition:
Offset 0x0000000C : the length of the wifi configuration file. (2 bytes little-endian)
Offset 0x00000010 : 32bits CRC checksum of the wifi configuration file
Offset 0x00000040 : the actual wifi configuration file.
Offset 0x000110CC : the wifi mac address (Only informative - not used by the system).
The WIFI configuration "file" contains the MAC address along with other configuration parameters. And these other parameters depends on the revision of your phone's motherboard (and maybe other parameters as well)
The integrity of this "file" is also protected by the CRC checksum located at offset 0x00000010.
So you cannot just change the MAC address in this file as HBOOT will detect it at boot time and restore a "factory" default configuration.
The trick is to have HBOOT restore a "factory" default configuration with the MAC address you want to use.
For this, you should look in the HBOOT partition (mmcblk0p18) and find the "factory" default configuration that EXACTLY match the file of your Radio/WLAN partition (except for the mac address).
BE SURE TO FIND THE CORRECT ONE as the HBOOT partition contains several "factory" default configuration for the various motherboard revisions.
Then change the MAC address of this "factory" configuration file (which should be 00:11:22:33:44:55 if you never modified it).
Then you should alter the configuration file in the Radio/WLAN partition (change the mac address for example) so that the CRC checksum will fail and so that HBOOT will restore the new "factory" default configuration (with your new MAC address) during next reboot.
For consistency, you should also change the MAC address at offset 0x000110CC. (All the information contained at offset 0x00011000 seems to be only informative).
3.b Changing the Bluetooth MAC address.
The BT configuration is much more simple (no CRC or other parameters...)
Offset 0X00006000 : BT mac address (binary format !)
Offset 0x000110BC : the BT mac address (Only informative - not used by the system).
So you just need to put your new BT MAC address at this two offsets
4. The quick procedure...
- download the wlan_config tool I wrote
- open a command line console
- cd into the directory where you've put the wlan_config tool
- Then type:
Code:
> adb push wlan_config /data/local/tmp/
> adb shell chmod 777 /data/local/tmp/wlan_config
> adb shell /data/local/tmp/wlan_config --dry-run wf=<the new WIFI macaddr> bt=<the new BT macaddr>
******************************************************************************
***** HTC Desire S WLAN Configuration tool 1.0 by RXBoucher... *****
******************************************************************************
[!] **************************************************************************
[!] >>>>>> dry-run mode: no change will be made to partitions <<<<<<
[!] **************************************************************************
[*] **************************************************************************
[+] Reading partition(s)
[+] partition mmcblk0p23....................................................OK
[+] partition mmcblk0p18....................................................OK
[*] **************************************************************************
[+] Analyzing partition mmcblk0p23...
[+] ModelID : PG8810000
[+] Current WIFI mac address: 7C:61:--:--:--:--
[+] Current BT mac address: 7C:61:--:--:--:--
[*] **************************************************************************
[+] Backing up partition(s)...
[!] partition mmcblk0p23...............................................SKIPPED
[!] partition mmcblk0p18...............................................SKIPPED
[*] **************************************************************************
[+] Configuring WIFI -> 7C:61:DD:DD:DD:DD
[+] Looking up matching "factory" default WIFI configuration................OK
[+] Updating "factory" default WIFI configuration...........................OK
[+] Updating WIFI configuration.............................................OK
[*] **************************************************************************
[+] Configuring BT -> 7C:61:FF:FF:FF:FF
[+] Updating BT mac address.................................................OK
[*] **************************************************************************
[+] Writing partitions...
[!] partition mmcblk0p23...............................................SKIPPED
[!] partition mmcblk0p18...............................................SKIPPED
[*] **************************************************************************
[!] dry-run successful...
This will run the wlan_config tool in dry-run mode (will not actually perform any changes to the partitions.)
If the dry-run mode is successful then you can re-run the command without the --dry-run option
Code:
>adb shell /data/local/tmp/wlan_config wf=<the new WIFI macaddr> bt=<the new BT macaddr>
******************************************************************************
***** HTC Desire S WLAN Configuration tool 1.0 by RXBoucher... ****
******************************************************************************
[+] Reading partition(s)
[+] Analysing partition mmcblk0p23...
[+] Backing up partition(s)...
[+] Configuring WIFI -> 7C:61:DD:DD:DD:DD
[+] Configuring BT -> 7C:61:FF:FF:FF:FF
[+] Writing partitions...
[!] WLAN configured...
[!] please reboot phone
Then you must reboot your phone and enjoy your new WLAN configuration.
If the dry-run mode fails, it means that the tool was unable to find where or how to change the WLAN configuration.
In this case, maybe you should read the Long Procedure and try to perform the changes manually.
If you want to see the various options and parameters of the wlan_config tool
Code:
> adb shell /data/local/tmp/wlan_config --help
******************************************************************************
***** HTC Desire S WLAN Configuration tool 1.0 by RXBoucher... ****
******************************************************************************
USAGE:
wlan_config [OPTIONS] <PARAMETERS>
OPTIONS:
-d, --dry-run : test mode. The configuration tool will be run without
actually modifying partition(s)
-v : verbose mode. The configuration tool will output more
detailed information.
Can be added several times to increase verbosity
--help : display this usage message.
PARAMETERS:
wf=<macaddr>: the configuration tool will change the WIFI mac address
bt=<macaddr>: the configuration tool will change the BT mac address
with <macaddr>=XX:XX:XX:XX:XX:XX
5. The long procedure (manual)
Connect your phone to your PC using the Charger Only option.
Then open a command line console and dump the mmcblk0p18 (HBOOT) and the mmcblk0p23 (wlan/radio config) partitions:
Code:
>adb shell dd if=/dev/block/mmcblk0p18 of=/sdcard/mmcblk0p18.img
>adb shell dd if=/dev/blocl/mmcblk0p23 of=/sdcard/mmcblk0p23.img
>adb pull /sdcard/mmcblk0p18.img
>adb pull /sdcard/mmcblk0p23.img
>copy mmcblk0p18.img mmcblk0p18-org.img
>copy mmcblk0p23.img mmcblk0p23-org.img
You should keep the "org" files safe in case you need to restore them.
Now we're going to edit/modify the 2 files mmclkk0p18.img and mmcblk0p23.img with HexEdit:
- Go in the mmcblk0p23.img tab
- Select, in the Hex View (not Text View), everything starting at offset 0x0000005B (sromrev=) up to the last 0D 0A 00
- Copy it to clipboard (Ctrl+C)
- Go in the mmcblk0p18.img tab
- Open the search dialog box (Ctrl+F)
- In the "Search For" text field, paste the clipboard (Ctrl+F)
- In the "Datatype" drop down list select "Hex-values"
- Click OK
HedEdit should then find and highlight the corresponding match.
Just before the highlighted selection, you should have the factory default MAC address: macaddr=00:11:22:33:44:55
-Change this MAC address with the one you want to use (in the text-view)
-Save the file (Ctrl+S)
-Go back to the mmcblk0p23.img tab
-Put the new MAC address at offset 0x00000048 (in the text-view)
-Go to offset 0x000110CC (Ctrl+G)
-Put your WIFI MAC address here also (in the text-view)
-Go to offset 0x00006000
-In the hex-view type in you're new BT MAC address
-Got to offset 0x000110BC
-Put your BT MAC Address here to (in the text-xiew)
Save the file.
You're done with the editing.
You should now replace your partitions with the modified images.
Go back to your command line console then type:
Code:
>adb push mmcblk0p23.img /data/local/tmp/mmcblk0p23.img
>adb push mmcblk0p18.img /data/local/tmp/mmcblk0p18.img
>adb shell dd if=/data/local/tmp/mmcblk0p23.img of=/dev/block/mmcblk0p23
>adb shell dd if=/data/local/tmp/mmcblk0p18.img of=/dev/block/mmcblk0p18
Reboot your phone and enjoy your new WLAN configuration !!!

Can i use it for Desire
hi....
Can i use this method for htc desire
my desire has no bleutooth and wifi mac address...
i uses usb bricked method but all in vain.... sam problem...
could you please tell me how can i write mac addresses in htc desire...i have rooted and cm7 rom is installed
bootloader is cm7r2
i also tried radio update...
sorry for bad english...
Please help me thx....

Hi, thanks for this great tool!
I'm getting this error:
error: Android 5.0 and later only support position-independent executables (-fPIE)

Related

ADB help!

I'm very unfamiliar with adb and I'm wanting to unroot my thunderbolt and return it to stock. Anyone willing to help me with ADB?
DONT KNOW ADB.. BUT CAN HELP U UNROOTING UR PHONE
ok u can do this.. follow carefully..
1. go into recovery
2. make sure u have the nandroid backup in ur sd card
3. wipe data, cache, dalvik cache, sd ext..
4. download the first file
5. flash from recovery
6. this will format ur total system
7. now restore nandroid backup
8. u will go back to stock rom..
9. now download the 2nd file
10. install z4root and open it.. click on "unroot"
11. follow instructions if any
12. reeboot..
u will have a phone as good as new..
xTommyx23 said:
I'm very unfamiliar with adb and I'm wanting to unroot my thunderbolt and return it to stock. Anyone willing to help me with ADB?
Click to expand...
Click to collapse
DONT KNOW ADB.. BUT CAN HELP U UNROOTING UR PHONE
ok u can do this.. follow carefully..
1. go into recovery
2. make sure u have the nandroid backup in ur sd card
3. wipe data, cache, dalvik cache, sd ext..
4. download the first file
5. flash from recovery
6. this will format ur total system
7. now restore nandroid backup
8. u will go back to stock rom..
9. now download the 2nd file
10. install z4root and open it.. click on "unroot"
11. follow instructions if any
12. reeboot..
u will have a phone as good as new..
here are some basic things to know
xTommyx23 said:
I'm very unfamiliar with adb and I'm wanting to unroot my thunderbolt and return it to stock. Anyone willing to help me with ADB?
Click to expand...
Click to collapse
Have a look at this http://forum.xda-developers.com/showthread.php?t=872128
The first thing a noob (like me) needs to understand is directory path.
For example i have installed my ANDROID-SDK folder in the root of my computer, (also known as C drive) the "tools" folder is in the androidsdk folder and the "adb" is in the tools folder.
C:\androidsdk\tools\adb
If you move or rename a folder your commands must be the same.
C:\ANDROID-SDK\tools\adb help will not work on my computer because i dont have a folder named ANDROID-SDK I re-named it androidsdk so that is the command i must use C:\androidsdk\tools\adb help
C:\androidsdk\tools\adb help
Android Debug Bridge version 1.0.26
-d - directs command to the only connected USB device
returns an error if more than one USB device is present.
-e - directs command to the only running emulator.
returns an error if more than one emulator is running.
-s <serial number> - directs command to the USB device or emulator with
the given serial number. Overrides ANDROID_SERIAL
environment variable.
-p <product name or path> - simple product name like 'sooner', or
a relative/absolute path to a product
out directory like 'out/target/product/sooner'.
If -p is not specified, the ANDROID_PRODUCT_OUT
environment variable is used, which must
be an absolute path.
devices - list all connected devices
connect <host>[:<port>] - connect to a device via TCP/IP
Port 5555 is used by default if no port number is specified.
disconnect [<host>[:<port>]] - disconnect from a TCP/IP device.
Port 5555 is used by default if no port number is specified.
Using this ocmmand with no additional arguments
will disconnect from all connected TCP/IP devices.
device commands:
adb push <local> <remote> - copy file/dir to device
adb pull <remote> [<local>] - copy file/dir from device
adb sync [ <directory> ] - copy host->device only if changed
(-l means list but don't copy)
(see 'adb help all')
adb shell - run remote shell interactively
adb shell <command> - run remote shell command
adb emu <command> - run emulator console command
adb logcat [ <filter-spec> ] - View device log
adb forward <local> <remote> - forward socket connections
forward specs are one of:
tcp:<port>
localabstract:<unix domain socket name>
localreserved:<unix domain socket name>
localfilesystem:<unix domain socket name>
dev:<character device name>
jdwp:<process pid> (remote only)
adb jdwp - list PIDs of processes hosting a JDWP transport
adb install [-l] [-r] [-s] <file> - push this package file to the device and install it
('-l' means forward-lock the app)
('-r' means reinstall the app, keeping its data)
('-s' means install on SD card instead of internal storage)
adb uninstall [-k] <package> - remove this app package from the device
('-k' means keep the data and cache directories)
adb bugreport - return all information from the device
that should be included in a bug report.
adb help - show this help message
adb version - show version num
DATAOPTS:
(no option) - don't touch the data partition
-w - wipe the data partition
-d - flash the data partition
scripting:
adb wait-for-device - block until device is online
adb start-server - ensure that there is a server running
adb kill-server - kill the server if it is running
adb get-state - prints: offline | bootloader | device
adb get-serialno - prints: <serial-number>
adb status-window - continuously print device status for a specified device
adb remount - remounts the /system partition on the device read-write
adb reboot [bootloader|recovery] - reboots the device, optionally into the bootloader or recovery program
adb reboot-bootloader - reboots the device into the bootloader
adb root - restarts the adbd daemon with root permissions
adb usb - restarts the adbd daemon listening on USB
adb tcpip <port> - restarts the adbd daemon listening on TCP on the specified port
networking:
adb ppp <tty> [parameters] - Run PPP over USB.
Note: you should not automatically start a PPP connection.
<tty> refers to the tty for PPP stream. Eg. dev:/dev/omap_csmi_tty1
[parameters] - Eg. defaultroute debug dump local notty usepeerdns
adb sync notes: adb sync [ <directory> ]
<localdir> can be interpreted in several ways:
- If <directory> is not specified, both /system and /data partitions will be updated.
- If it is "system" or "data", only the corresponding partition
is updated.
environmental variables:
ADB_TRACE - Print debug information. A comma separated list of the following values
1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
ANDROID_SERIAL - The serial number to connect to. -s takes priority over this if given.
ANDROID_LOG_TAGS - When used with the logcat option, only these debug tags are printed.
Good one....thx
lest we forget
lmao, so here i am almost a full year since i posted in this thread....learning adb all over again!! too funny
has anything changed since then ?

How to perform full backup using ADB w/o touchscreen on PIN locked device (rooted)

My device screen cracked and killed the digitizer. The LCD is fine but I obviously can't interact with it. The device is fully encrypted, and while I have the password, I seem to have no way to unlock it (I don't have an MHL dongle to run a mouse). I'm sending the device back to LG for factory repair, but I'd like to make a full backup before I do. I thought this would be trivial with ADB but I can't seem to get things working and my suspicion is the device encryption is my problem. I'm running TWRP (I tried cwm first but couldn't get that to read by already-encrypted device, which I hear is a know issue somehow 4.2.2 related - I gave up caring about that when TWRP "just worked").
Anyway, what's the process to get a full backup? I've tried following the good tutorial on 'thesuperusersguide' (sorry I'm new xda-dev so I can't post the proper link) but the backup command get's ignored (see scrollback, below). My gut says there's something I need to send to my device to mount the encrypted partition, either a command or adb push a special file then reboot. Am I on the right track?
I thought this was supposed to be as simple as "plug in the device, make sure ADB can see it, then run ADB backup". Obviously I need a some cmdline args to get the backup to get all my data - that's not what I'm asking about. I'm asking the "previous step" that could be paraphrased as, "how to get adb backup to do *anything*?"
Code:
host:platform-tools user$ ./adb devices
List of devices attached
006854cc1d8e2d9e recovery
host:platform-tools user$ ./adb backup
Android Debug Bridge version 1.0.31
-d - directs command to the only connected USB device
returns an error if more than one USB device is present.
-e - directs command to the only running emulator.
returns an error if more than one emulator is running.
-s <specific device> - directs command to the device or emulator with the given
serial number or qualifier. Overrides ANDROID_SERIAL
environment variable.
-p <product name or path> - simple product name like 'sooner', or
a relative/absolute path to a product
out directory like 'out/target/product/sooner'.
If -p is not specified, the ANDROID_PRODUCT_OUT
environment variable is used, which must
be an absolute path.
devices [-l] - list all connected devices
('-l' will also list device qualifiers)
connect <host>[:<port>] - connect to a device via TCP/IP
Port 5555 is used by default if no port number is specified.
disconnect [<host>[:<port>]] - disconnect from a TCP/IP device.
Port 5555 is used by default if no port number is specified.
Using this command with no additional arguments
will disconnect from all connected TCP/IP devices.
device commands:
adb push <local> <remote> - copy file/dir to device
adb pull <remote> [<local>] - copy file/dir from device
adb sync [ <directory> ] - copy host->device only if changed
(-l means list but don't copy)
(see 'adb help all')
adb shell - run remote shell interactively
adb shell <command> - run remote shell command
adb emu <command> - run emulator console command
adb logcat [ <filter-spec> ] - View device log
adb forward <local> <remote> - forward socket connections
forward specs are one of:
tcp:<port>
localabstract:<unix domain socket name>
localreserved:<unix domain socket name>
localfilesystem:<unix domain socket name>
dev:<character device name>
jdwp:<process pid> (remote only)
adb jdwp - list PIDs of processes hosting a JDWP transport
adb install [-l] [-r] [-s] [--algo <algorithm name> --key <hex-encoded key> --iv <hex-encoded iv>] <file>
- push this package file to the device and install it
('-l' means forward-lock the app)
('-r' means reinstall the app, keeping its data)
('-s' means install on SD card instead of internal storage)
('--algo', '--key', and '--iv' mean the file is encrypted already)
adb uninstall [-k] <package> - remove this app package from the device
('-k' means keep the data and cache directories)
adb bugreport - return all information from the device
that should be included in a bug report.
adb backup [-f <file>] [-apk|-noapk] [-shared|-noshared] [-all] [-system|-nosystem] [<packages...>]
- write an archive of the device's data to <file>.
If no -f option is supplied then the data is written
to "backup.ab" in the current directory.
(-apk|-noapk enable/disable backup of the .apks themselves
in the archive; the default is noapk.)
(-shared|-noshared enable/disable backup of the device's
shared storage / SD card contents; the default is noshared.)
(-all means to back up all installed applications)
(-system|-nosystem toggles whether -all automatically includes
system applications; the default is to include system apps)
(<packages...> is the list of applications to be backed up. If
the -all or -shared flags are passed, then the package
list is optional. Applications explicitly given on the
command line will be included even if -nosystem would
ordinarily cause them to be omitted.)
adb restore <file> - restore device contents from the <file> backup archive
adb help - show this help message
adb version - show version num
scripting:
adb wait-for-device - block until device is online
adb start-server - ensure that there is a server running
adb kill-server - kill the server if it is running
adb get-state - prints: offline | bootloader | device
adb get-serialno - prints: <serial-number>
adb get-devpath - prints: <device-path>
adb status-window - continuously print device status for a specified device
adb remount - remounts the /system partition on the device read-write
adb reboot [bootloader|recovery] - reboots the device, optionally into the bootloader or recovery program
adb reboot-bootloader - reboots the device into the bootloader
adb root - restarts the adbd daemon with root permissions
adb usb - restarts the adbd daemon listening on USB
adb tcpip <port> - restarts the adbd daemon listening on TCP on the specified port
networking:
adb ppp <tty> [parameters] - Run PPP over USB.
Note: you should not automatically start a PPP connection.
<tty> refers to the tty for PPP stream. Eg. dev:/dev/omap_csmi_tty1
[parameters] - Eg. defaultroute debug dump local notty usepeerdns
adb sync notes: adb sync [ <directory> ]
<localdir> can be interpreted in several ways:
- If <directory> is not specified, both /system and /data partitions will be updated.
- If it is "system" or "data", only the corresponding partition
is updated.
environmental variables:
ADB_TRACE - Print debug information. A comma separated list of the following values
1 or all, adb, sockets, packets, rwx, usb, sync, sysdeps, transport, jdwp
ANDROID_SERIAL - The serial number to connect to. -s takes priority over this if given.
ANDROID_LOG_TAGS - When used with the logcat option, only these debug tags are printed.
host:platform-tools user$
FWIW this is a Nexus 4 running 4.2.2 rooted cm-10.1-20130304-EXPERIMENTAL-mako-M2 TWRP 2.4.4.0.
Feel free to link me to other threads. I tried both forum search and Google and really couldn't find anything useful to my cause. Also, thanks everyone!
AW: How to perform full backup using ADB w/o touchscreen on PIN locked device (rooted
What about flashing a non touch recovery via adb?
I don't know whether there are some for the n4 since it is a very new device but for my HTC Desire there are some you can control via volume and power buttons.
Tapatalked with my JellyBean powered HTC Desire

Kali-Android Hybrid Modification No "chroot" [Experimental How-to Mod]

Updated.
Disclaimer, I am not resposible for anything you do, and what works for me may not work for you. To start I am running Cyanogenmod 10 on a Galaxy s III sprint, rooted, busybox, and whatever else you may need.
First :Anything being done on the PC is being done on Kali Linux:
Create a custom kali.img as per http://docs.kali.org/armel-armhf/kali-linux-arm-chroot without a desktop as its not needed. I tried to make a list of packages you can use to have them get installed during the process, and have posted it here, alternatively one can run apt-get install and then copy and past the list into the command line over ADB or use the "testautokimg.sh" if you have trouble making one on your own, I'd rather have you make one than to upload one and everybody worry about rootkits and other evils. This script is setup to be used for this purpose but the img may also be used as a normal img to chroot into.
Second
Push the kali.img file to your phone, push it to "/storage/sdcard0/kali, make a folder called "/storage/sdcard0/kali" if one does not exist on your internal sdcard this is the root of your internal storage, not the root of your phone, if you don't have space on your internal sdcard you can put it an external one but a few lines of code will need to be changed in the script that is currently named "test.sh" as everything is still experimental.
I am still working on the script and will update it as often as I can.
Third
Download and move test.sh to "/system/bin/" and then make it executable
If you have trouble with this try on your phone or over ADB:
Code:
su
mount -wo remount systemfs /system
cp -i [location you pushed test.sh to] /system/bin
chmod 0755 /system/bin/test.sh
Then execute test.sh with:
Code:
test.sh
When it askes you if you would like to overwrite choose no for now. You should get a new prompt, go ahead and use the 'set' command to check your PATH variable and also 'which nmap' to make sure everything is available. You should now be able to explore the experimental Kali-Android hybrid system. Hope u Enjoy.
Please don't hesitate to improve on this with sanity checks and error handling, posting the improvments would be great. Ultimately I am going to get this all set up in the boot.img effectively making the mod persistant across reboots. As it is, a reboot will clean the changes, which is a good thing for now, some config, .rc, and other types of files clash in the etc folder but for now I havn't noticed too much harm form mounting the etc directory to androids root (again, this is my experience) but for safty's sake each device will eventually need to have those clashing files patched up to allow both systems the configurations they need to be in synch. Also the "linker" I think may not be right, to get it seamless I think the systems need to be built from scratch together. But hey, I thik this is a great place to start.
[Edit Aug 3, 2013] I finally got around to looking through the etc dir, less work then I thought with a fresh kali.img anyways. I just added a couple lines before mounting to Androids root we gotta make sure some files will still be available afterwards, this should only need to be done once as they wont get deleted off the kali.img file, but since it's interactive you can not overwrite or if Android updated you can overwrite if you choose to. Just make sure you note which files conflict and at least 'cat' their contents and see which one you want if your not going to make a new one that handles any options that are on one but not the other.
[Edit Aug 4, 2013](1) I uploaded a script to automate the kali.img creation. (2) I changed HOME="/sdcard" in test.sh
READ ME STILL DEBUGGING!
[About 'testautokimg.sh'] (1) Download (2) rename to "testautokimg.sh" (3) make executable (chmod +x ./testautokimg.sh) (4) Before exicuting make sure to rename or delete any existing ~/arm-stuff directory, run while logged in as root, and make sure debootstrap and qemu-user-static are installed.
NOTE: Because a large number of programms being installed this will take several hours, make sure you have the time to babysit things as it runs!
This will install a lot of programs and create the kali.img file in ~/arm-stuff/image directory, once complete push it to your device. I think the standard location for the img file is /storage/sdcard0/kali/kali.img if you put it on an external sdcard for whatever reason be sure to modify the mounting script "test.sh"
Updated
The List:
"""
wol-e xprobe dmitry netdiscover miranda casefile creepy jigsaw metagoofil theharvester twofi urlcrazy netmask nbtscan smtp-user-enum braa cisco-auditing-tool onesixtyone sslcaudit ssldump sslh sslscan sslsniff sslstrip sslyze stunnel4 tlssled cdpsnarf p0f tcpflow enumiax ike-scan cisco-auditing-tool bbqsql dbpwaudit hexorbase oscanner sidguesser sqlmap sqlninja sqlsus tnscmd10g bed fuzz powerfuzzer sfuzz siparmyknife lynis nikto unix-privesc-check openvas blindelephant plecost wpscan bbqsql sqlninja sqlsus ua-tester burpsuite powerfuzzer webscarab webslayer websploit wfuzz xsser paros proxystrike apache-users dirb dirbuster cadaver davtest deblaze fimap grabber joomscan padbuster proxystrike skipfish sqlmap w3af wapiti webshag websploit wpscan xsser pyrit chntpw crunch hash-identifier john johnny ophcrack-cli rsmangler samdump2 sipcrack sucrack truecrack cewl dbpwaudit findmyhash hydra medusa ncrack onesixtyone wireshark patator phrasendrescher thc-pptp-bruter zaproxy bluelog blueranger btscanner spooftooph mfcuk mfoc asleap cowpatty eapmd5pass fern-wifi-cracker giskismet kismet mdk3 wifi-honey wifitap wifite cisco-global-exploiter cisco-ocs cisco-torch yersinia ikat jboss-autopwn termineter darkstat dnschef hexinject sslsniff tcpflow fake fiked macchanger rebind sniffjoke tcpreplay iaxflood inviteflood ohrwurm protos-sip rtpbreak rtpflood sipp sipsak voiphopper driftnet ferret mitmproxy dbd intersect powersploit sbd u3-pwn cryptcat iodine miredo proxychains proxytunnel ptunnel pwnat sbd socat sslh stunnel4 webacoo weevely jad clang clang++ flasm javasnoop radare2 dhcpig inundator siege iaxflood thc-ssl-dos mdk3 reaver dex2jar smali extundelete autopsy binwalk foremost galleta sleuthkit missidentify pdgmail readpst reglookup vinetto magicrescue pasco pev recoverjpeg rifiuti2 safecopy scalpel scrounge-ntfs md5deep dc3dd dcfldd ddrescue dff chntpw pdf-parser peepdf volafox volatility casefile magictree metagoofil truecrypt cutycapt dnsenum dnsrecon dnstracer dnswalk fierce urlcrazy fragroute fragrouter arping cdpsnarf dmitry fping hping3 miranda netdiscover aircrack-ng android-sdk
"""
Bug
I created a plain jane kali.img as per the documentation at Kali's website, then I ran the 'test.sh' script and then ran the apt-get install command with the list and this is the result, I got an error at the end about PostgreSQL not working, any advice?
Code:
localhost / # apt-get install wol-e xprobe dmitry netdiscover miranda casefile creepy jigsaw maltego metagoofil theharvester twofi urlcrazy netmask nbtscan smtp-user-enum braa cisco-auditing-tool onesixtyone sslcaudit ssldump sslh sslscan sslsniff sslstrip sslyze stunnel4 tlssled cdpsnarf p0f tcpflow enumiax ike-scan cisco-auditing-tool bbqsql dbpwaudit hexorbase oscanner sidguesser sqlmap sqlninja sqlsus tnscmd10g bed fuzz powerfuzzer sfuzz siparmyknife lynis nikto unix-privesc-check openvas blindelephant plecost wpscan bbqsql sqlninja sqlsus ua-tester burpsuite powerfuzzer webscarab webslayer websploit wfuzz xsser paros proxystrike apache-users dirb dirbuster cadaver davtest deblaze fimap grabber joomscan padbuster proxystrike skipfish sqlmap w3af wapiti webshag websploit wpscan xsser pyrit chntpw crunch hash-identifier john johnny ophcrack-cli rsmangler samdump2 sipcrack sucrack truecrack cewl dbpwaudit findmyhash hydra medusa ncrack onesixtyone wireshark patator phrasendrescher thc-pptp-bruter zaproxy bluelog blueranger btscanner spooftooph mfcuk mfoc asleap cowpatty eapmd5pass fern-wifi-cracker giskismet kismet mdk3 wifi-honey wifitap wifite cisco-global-exploiter cisco-ocs cisco-torch yersinia ikat jboss-autopwn termineter darkstat dnschef hexinject sslsniff tcpflow fake fiked macchanger rebind sniffjoke tcpreplay iaxflood inviteflood ohrwurm protos-sip rtpbreak rtpflood sipp sipsak voiphopper driftnet ferret mitmproxy dbd intersect powersploit sbd u3-pwn cryptcat iodine miredo proxychains proxytunnel ptunnel pwnat sbd socat sslh stunnel4 webacoo weevely jad clang clang++ flasm javasnoop radare2 dhcpig inundator siege iaxflood thc-ssl-dos mdk3 reaver dex2jar smali extundelete autopsy binwalk foremost galleta sleuthkit missidentify pdgmail readpst reglookup vinetto magicrescue pasco pev recoverjpeg rifiuti2 safecopy scalpel scrounge-ntfs md5deep dc3dd dcfldd ddrescue dff chntpw pdf-parser peepdf volafox volatility casefile magictree metagoofil truecrypt cutycapt dnsenum dnsrecon dnstracer dnswalk fierce urlcrazy fragroute fragrouter arping cdpsnarf dmitry fping hping3 miranda netdiscover
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'libclang-common-dev' for regex 'clang+'
Note, selecting 'libclang1' for regex 'clang+'
Note, selecting 'libclang-dev' for regex 'clang+'
Note, selecting 'clang' for regex 'clang+'
Note, selecting 'libsclang1' for regex 'clang+'
reaver is already the newest version.
The following extra packages will be installed:
apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common arj
aspell aspell-en bind9-host binfmt-support bkhive blt bluez brasero
brasero-common bwidget ca-certificates-java cdrdao comerr-dev cryptsetup-bin
default-jdk default-jre default-jre-headless desktop-file-utils
dictionaries-common dmsetup dnsutils dosfstools dsniff ed eject enchant
firebird2.5-common firebird2.5-common-doc fonts-droid fonts-freefont-ttf
fonts-liberation fonts-lyx freepats freetds-common fuse gccxml gcr
geoip-database gir1.2-atk-1.0 gir1.2-clutter-1.0 gir1.2-clutter-gst-1.0
gir1.2-cogl-1.0 gir1.2-coglpango-1.0 gir1.2-evince-3.0 gir1.2-freedesktop
...[...]...[...]...
xfonts-cyrillic
Recommended packages:
firmware-mod-kit vbetool wish
The following NEW packages will be installed:
apache-users apache2 apache2-mpm-worker apache2-utils apache2.2-bin
apache2.2-common arj arping asleap aspell aspell-en autopsy bbqsql bed
bind9-host binfmt-support binwalk bkhive blindelephant blt bluelog
blueranger bluez braa brasero brasero-common btscanner burpsuite bwidget
ca-certificates-java cadaver casefile cdpsnarf cdrdao cewl chntpw
...[...]...[...]...
The following packages will be upgraded:
libgcrypt11
1 upgraded, 1049 newly installed, 0 to remove and 2 not upgraded.
2 not fully installed or removed.
Need to get 983 MB of archives.
After this operation, 2200 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://http.kali.org/kali/ kali/main libevent-2.0-5 armhf 2.0.19-stable-3 [152 kB]
Get:2 http://security.kali.org/kali-security/ kali/updates/main libgcrypt11 armhf 1.5.0-5+deb7u1 [289 kB]
Get:3 http://security.kali.org/kali-security/ kali/updates/main libgssrpc4 armhf 1.10.1+dfsg-5+deb7u1 [76.5 kB]
Get:4 http://http.kali.org/kali/ kali/main libgnutls-openssl27 armhf 2.12.20-7 [216 kB]
Get:5 http://http.kali.org/kali/ kali/main libgpm2 armhf 1.20.4-6 [34.0 kB]
Get:6 http://security.kali.org/kali-security/ kali/updates/main libkadm5clnt-mit8 armhf 1.10.1+dfsg-5+deb7u1 [60.4 kB]
Get:7 http://security.kali.org/kali-security/ kali/updates/main libkdb5-6 armhf 1.10.1+dfsg-5+deb7u1 [58.8 kB]
Get:8 http://http.kali.org/kali/ kali/main libpci3 armhf 1:3.1.9-6 [51.6 kB]
Get:9 http://http.kali.org/kali/ kali/main geoip-database all 20130213-1 [1466 kB]
Get:10 http://security.kali.org/kali-security/ kali/updates/main libkadm5srv-mit8 armhf 1.10.1+dfsg-5+deb7u1 [73.0 kB]
Get:11 http://http.kali.org/kali/ kali/main libcap2-bin armhf 1:2.22-1.2 [20.7 kB]
Get:12 http://security.kali.org/kali-security/ kali/updates/main libgbm1 armhf 8.0.5-4+deb7u2 [750 kB]
Get:13 http://http.kali.org/kali/ kali/main kismet armhf 2013.03.R1b-1kali1 [1735 kB]
Get:14 http://security.kali.org/kali-security/ kali/updates/main libegl1-mesa armhf 8.0.5-4+deb7u2 [69.4 kB]
...[...]...[...]...
Get:1033 http://http.kali.org/kali/ kali/main volatility all 2.2-1kali0 [1710 kB]
Get:1034 http://http.kali.org/kali/ kali/main w3af-console all 1.1svn5547-1kali3 [9954 kB]
Get:1035 http://http.kali.org/kali/ kali/main w3af all 1.1svn5547-1kali3 [392 kBPackage configuration
��������������������������Ĵ sslh configuration ���������������������������Ŀ
� sslh can be run either as a service from inetd, or as a standalone �
� server. Each choice has its own benefits. With only a few connection per �
� day, it is probably better to run sslh from inetd in order to save �
� resources. �
� �
� On the other hand, with many connections, sslh should run as a �
� standalone server to avoid spawning a new process for each incoming �
� connection. �
� �
� Run sslh: �
� �
� from inetd �
� standalone �
� �
� �
� <Ok> �
� �
����������������������������������������������������������������������������
(Reading database ... 55161 files and directories currently installed.)
Preparing to replace libgcrypt11:armhf 1.5.0-5 (using .../libgcrypt11_1.5.0-5+deb7u1_armhf.deb) ...
Unpacking replacement libgcrypt11:armhf ...
Selecting previously unselected package libevent-2.0-5:armhf.
Unpacking libevent-2.0-5:armhf (from .../libevent-2.0-5_2.0.19-stable-3_armhf.deb) ...
...[...]...[...]...
Selecting previously unselected package libice6:armhf.
Unpacking libice6:armhf (from .../libice6_2%3a1.0.8-2_armhf.deb) ...
Selecting previously unselected package libsm6:armhf.
Unpacking libsm6:armhf (from .../libsm6_2%3a1.2.1-2_armhf.deb) ...
Selecting previously unselected package libxt6:armhf.
Unpacking libxt6:armhf (from .../libxt6_1%3a1.1.3-1+deb7u1_armhf.deb) ...
...[...]...[...]...
Unpacking xfonts-encodings (from .../xfonts-encodings_1%3a1.0.4-1_all.deb) ...
Selecting previously unselected package xfonts-utils.
Unpacking xfonts-utils (from .../xfonts-utils_1%3a7.7~1_armhf.deb) ...
Selecting previously unselected package lmodern.
Unpacking lmodern (from .../lmodern_2.004.2-1_all.deb) ...
Selecting previously unselected package libkpathsea6.
Unpacking libkpathsea6 (from .../libkpathsea6_2012.20120628-4_armhf.deb) ...
Selecting previously unselected package luatex.
Unpacking luatex (from .../luatex_0.70.1.20120524-3_armhf.deb) ...
Selecting previously unselected package libjudydebian1.
Unpacking libjudydebian1 (from .../libjudydebian1_1.0.5-1_armhf.deb) ...
Selecting previously unselected package miredo.
Unpacking miredo (from .../miredo_1.2.3-1.1_armhf.deb) ...
Selecting previously unselected package fuse.
Unpacking fuse (from .../fuse_2.9.0-2+deb7u1_armhf.deb) ...
Processing triggers for man-db ...
Processing triggers for libglib2.0-0:armhf ...
Processing triggers for fontconfig ...
Processing triggers for hicolor-icon-theme ...
Processing triggers for initramfs-tools ...
Setting up libfuse2:armhf (2.9.0-2+deb7u1) ...
Setting up fuse (2.9.0-2+deb7u1) ...
Creating fuse group...
Adding group `fuse' (GID 111) ...
Done.
MAKEDEV not installed, skipping device node creation.
update-initramfs: deferring update (trigger activated)
Processing triggers for initramfs-tools ...
Selecting previously unselected package ntfs-3g.
(Reading database ... 61999 files and directories currently installed.)
Unpacking ntfs-3g (from .../ntfs-3g_1%3a2012.1.15AR.5-2.1_armhf.deb) ...
Selecting previously unselected package openjdk-7-jre-lib.
Unpacking openjdk-7-jre-lib (from .../openjdk-7-jre-lib_7u25-2.3.10-1~deb7u1_all.deb) ...
Selecting previously unselected package openjdk-6-jre-lib.
Unpacking openjdk-6-jre-lib (from .../openjdk-6-jre-lib_6b27-1.12.6-1~deb7u1_all.deb) ...
Selecting previously unselected package tzdata-java.
Unpacking tzdata-java (from .../tzdata-java_2013c-0wheezy1_all.deb) ...
Selecting previously unselected package java-common.
Unpacking java-common (from .../java-common_0.47_all.deb) ...
Selecting previously unselected package libnss3-1d:armhf.
Unpacking libnss3-1d:armhf (from .../libnss3-1d_2%3a3.14.3-1_armhf.deb) ...
Selecting previously unselected package openjdk-6-jre-headless:armhf.
Unpacking openjdk-6-jre-headless:armhf (from .../openjdk-6-jre-headless_6b27-1.12.6-1~deb7u1_armhf.deb) ...
Selecting previously unselected package default-jre-headless.
Unpacking default-jre-headless (from .../default-jre-headless_1%3a1.6-47_armhf.deb) ...
Selecting previously unselected package ca-certificates-java.
Unpacking ca-certificates-java (from .../ca-certificates-java_20121112+nmu2_all.deb) ...
Selecting previously unselected package openjdk-7-jre-headless:armhf.
Unpacking openjdk-7-jre-headless:armhf (from .../openjdk-7-jre-headless_7u25-2.3.10-1~deb7u1_armhf.deb) ...
Selecting previously unselected package stunnel4.
Unpacking stunnel4 (from .../stunnel4_3%3a4.53-1.1_armhf.deb) ...
...[...]...[...]...
Unpacking samba-dsdb-modules (from .../samba-dsdb-modules_2%3a4.0.6+dfsg-1kali1_armhf.deb) ...
Selecting previously unselected package samdump2.
Unpacking samdump2 (from .../samdump2_1.1.1-1.1_armhf.deb) ...
Selecting previously unselected package scalpel.
Unpacking scalpel (from .../scalpel_1.60-1_armhf.deb) ...
Selecting previously unselected package screen.
Unpacking screen (from .../screen_4.1.0~20120320gitdb59704-7_armhf.deb) ...
Processing triggers for initramfs-tools ...
Processing triggers for man-db ...
Processing triggers for ca-certificates ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Processing triggers for fontconfig ...
Processing triggers for mime-support ...
Processing triggers for libglib2.0-0:armhf ...
Processing triggers for hicolor-icon-theme ...
Processing triggers for shared-mime-info ...
Processing triggers for install-info ...
Processing triggers for postgresql-common ...
supported_versions: WARNING: Unknown Debian release: Kali Linux 1.0
Building PostgreSQL dictionaries from installed myspell/hunspell packages...
en_us
insserv: warning: current start runlevel(s) (empty) of script `postgresql' overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `postgresql' overrides LSB defaults (0 1 6).
insserv: warning: script '90userinit' missing LSB tags and overrides
insserv: warning: script '00banner' missing LSB tags and overrides
[....] Starting PostgreSQL 9.1 database server: main[....] The PostgreSQL server failed to start. Please check the log output: 2013-08-03 08:36:45 UTC LOG: could not create IPv6 socket: Permission denied 2013-08-03 08:36:45 UTC LOG: could not create IPv4 socket: Permission denied 2013-08-03 08:36:45 UTC WARNING: could not create listen socket for "localhost" 2013-08-03 08:36:45 UTC FATAL: could no[FAILate any TCP/IP sockets ... failed!
failed!
invoke-rc.d: initscript postgresql, action "start" failed.
dpkg: error processing postgresql-common (--unpack):
subprocess installed post-installation script returned error exit status 1
Processing triggers for gconf2 ...
Errors were encountered while processing:
postgresql-common
E: Sub-process /usr/bin/dpkg returned an error code (1)
localhost / #
Edit: It seems installing postgresql during the making of the img file works.
need to create a new group
Postgresql is looking for the aid_inet group which does not exist on the Kali Linux OS...this is why you are most likely getting a permission denied error.
You need to create the group aid_inet and do the following:
Step 1. Add aid_inet group
command -> groupadd -g 3003 aid_inet
Step 2. Install Postgresql 9.1
command -> apt-get install postgresql libpq-dev
Step 3. add user postgresq to group aid_inet
command -> sudo usermod -a -G aid_inet postgres
Then try -> "service postgresql restart" and all should work just fine.
Hope it helps...
-droidshadow

How to modify your APN to support an MVNO (FreedomPop, etc)

This guide will cover enabling a custom APN to support MVNO's (FreedomPop, Ting, etc) on your LG Urbane 2 for Android Wear 2.0.
Prerequisites:
Root watch (I recommend this thread)
ADB minimal and fastboot
Linux system
A little bit of SQL knowledge
Shoutouts:
zbask - Rooting the LG Urbane 2
majdinj - Dumping ROMs
hoodred - Changing APNs
Enable USB debugging on the watch
- Settings -> System -> About -> keep tapping Build Number until developer options are enabled
- Developer Options -> ADB Debugging
- Connect charger, then connect charger to computer
- Click "OK" on watch face for "Allow Debugging"
Extract /system from watch
The watch uses squashfs for /system, which is a compressed filesystem, and read-only, even if you have root. Therefore, it is not possible to directly make changes to /system through adb. However, we can dump the filesystem to an image, decompress it on a computer, modify it, and put it back on the watch.
Steps:
Code:
adb shell
su
ls -al /dev/block/platform/msm_sdcc.1/by-name
msm_sdcc.1 may be different on your watch. look for this line:
Code:
lrwxrwxrwx 1 root root 21 1970-01-02 00:25 system -> /dev/block/mmcblk0p27
The watch actually has 1GB or so of internal storage. Let's dump the system file there so we can get it with adb pull.
Code:
dd if=/dev/block/mmcblk0p27 of=/sdcard/system.img
Remember to erase this file later, since it's very large and you don't want it taking up all the internal storage on your watch.
Extract telephony database from watch
The watch's telephony database is under /data. On my watch it is /data/user_de/0/com.android.providers.telephony/databases/telephony.db. Your location might vary. I found this by going to root (cd /) and typing
Code:
find | grep telephony.db
Since this file is only accessible by root, let's copy it to the sdcard as well so we can get it off.
Code:
cp /data/user_de/0/com.android.providers.telephony/databases/telephony.db /sdcard
Copy files to computer
Code:
adb pull /sdcard/system.img
adb pull /sdcard/telephony.db
On your Linux computer - modify the telephony database
We're going to put our MVNO APN into the telephony database. The telephony database is a .db file, which is sqlite3. You'll have to install sqlite3 support on your Linux computer.
Code:
sudo apt-get install sqlite3
sqlite3 telephony.db
A useful SQLite3 command is
Code:
.schema
which shows the table structure.
Code:
sqlite> select * from siminfo;
1|890XX_MY_ICC_ID__|0|CARD 1|AT&T|0|-16746133||1|1|310|170|1|1|1|1|4|0|1|1|0|1|0|1
sqlite> select mcc,mnc from siminfo;
310|170
Take note of the MCC and MNC for your SIM card.
In my case, the carrier exists in the telephony database already as AT&T. My MVNO, Freedompop, is on the same MCC and MNC, so I am going to modify the record.
Code:
sqlite> select * from carriers where mcc = 310 and mnc = 170;
744|ATT Phone|310170|310|170|phone||||||proxy.mobile.att.net|80|http://mmsc.mobile.att.net|-1|default,mms,supl,fota,hipri|1|IPV4V6|IPV4V6|1|0|0|||-1|0|1|0|0|0|1410|0|1
Your carrier may not exist in the telephony DB. If that's the case, you'll have to insert a record with a SQL command, which is left as an exercise for the reader.
In my case, since the record exists already, just under the wrong name (AT&T), I updated its info:
Code:
sqlite> update carriers set name = 'FreedomPop', apn = 'fp.com.attz', mmsproxy = null, mmsport = null, mmsc = null where mcc = 310 and mnc = 170;
On your Linux computer - Decompress system.img
We are going to modify our /system image now. Your Linux system should have the squashfs tools installed. You can usually get these with:
Code:
sudo apt-get install squashfs-tools
Put system.img in a directory and decompress it.
Code:
sudo unsquashfs system.img
This creates a directory named squashfs-root with the contents of system.img. Modify the file squashfs-root/etc/apns-conf.xml. You will want to add your desired APN information here. You'll need to know your carrier's MCC and MNC. You can get it from the siminfo table in the prior telephony database step or look it up at http://mcc-mnc.com. My carrier is Freedompop, so I inserted this info:
Code:
<apn carrier="FreedomPop"
mcc="310"
mnc="170"
apn="fp.com.attz"
type="default,mms,supl,fota,hipri"
protocol="IPV4V6"
roaming_protocol="IPV4V6"
profile_id="0"
modem_cognitive="true"
mtu="1410"
/>
Now that apns-conf.xml is modified, it's time to recompress the file system into system.img so we can flash it back to the watch. First let's get some parameters from the original system.img:
Code:
unsquashfs -s system.img
Found a valid SQUASHFS 4:0 superblock on system.img.
Creation or last append time Fri Aug 3 20:22:45 2018
Filesystem size 333522.78 Kbytes (325.71 Mbytes)
Compression lz4
High Compression option specified (-Xhc)
Block size 131072
Filesystem is exportable via NFS
Inodes are compressed
Data is compressed
Fragments are not stored
Xattrs are compressed
Duplicates are not removed
Number of fragments 0
Number of inodes 1475
Number of ids 4
Check the block size and the compression, in this case it's 131072 and lz4. Recompress using that as a parameter:
Code:
sudo mksquashfs squashfs-root system-modified.img -comp lz4 -b 131072 -no-fragments -no-duplicates -Xhc
Replace the telephony database on the watch
Code:
adb push telephony.db /sdcard/
adb shell
cp /sdcard/telephony.db /data/user_de/0/com.android.providers.telephony/databases/telephony.db
rm /sdcard/telephony.db
rm /sdcard/system.img
Flash your modified system.img
Code:
adb reboot bootloader
fastboot flash system system-modified.img
After the watch reboots, you should be able to pick the new APN.
Settings -> Connectivity -> Cellular -> Advanced -> Access Point Names
Congratulations, your watch is now on an MVNO cellular network!

Ubuntu Touch Porting: Motorola Moto E 2015 4G/LTE

ATTENTION:
Code:
/*
* Your warranty is now void.
*
* I am not responsible for bricked devices, dead SD cards, the expulsion of some contestant at the Spanish version of Got Talent,
* thermonuclear war, or you getting fired because the alarm app failed. Please
* do some research if you have any concerns about features included in this ROM
* before flashing it! YOU are choosing to make these modifications, and if
* you point the finger at me for messing up your device, I will laugh at you.
*/
THIS WILL WIPE ENTIRELY YOUR DEVICE. YOU WILL NEED TO CHANGE THE FILE SYSTEM OF /DATA TO EXT4 FROM F2FS IN TWRP BEFORE ANYTHING ELSE. AND, IT IS A MUST REQUIREMENT DOING A NANDROID OF YOUR CURRENT ROM WITH TWRP: TWRP Home >> Wipe >> Advanced Wipe >> tick data >> Repair or Change File System >> Change File System >> EXT4 >> Swipe to change.
UPDATE 22/07/2021: It has been discovered that some American surnia units (with model code XT1526 and XT1527, sold on Sprint and AT&T carriers) have different partition table than the European or Global versions (XT1521 and XT 1524). Sprint and AT&T surnia models are NOT COMPATIBLE with UBPorts, and trying to do this steps will cause a bootloop (easily fixable with a reflashing of LineageOS/stock ROM).
Hello. I'm a developer from Spain and I'm doing a porting work on my Moto E 2015 in Halium and Ubuntu Touch, and I'm looking for testers with surnia (CAUTION: ONLY surnia is allowed in this, NOT otus, sorry for this, I don't have otus) for testing this compilated version of Halium and Ubuntu Touch, because I'm having trouble with the port (rootfs not flashing on /data properly). I have some instructions to test this, and files to download and test on a real device.
-INSTRUCTIONS (only with Ubuntu Linux):
1-Download halium-boot (https://mega.nz/file/6TRRgAAa#YjtJ35nXxIMS_tVyaURRHuJfvjx3mxLFY1H6WWzD_Z4). Boot in Recovery Mode and flash with:
Code:
fastboot flash boot /path-to the image of halium-boot/halium-boot.img
2-Download system.img and halium-install.zip
https://mega.nz/file/GXBVAQyA#w68fYNKZ3He4Zg69QC9bkvQI8702ZAho4M4TVmKdfxg
https://github.com/JBBgameich/halium-install/archive/master.zip
Uncompress halium-install.zip and get into the folder via Terminal.
3-Download the latest rootfs from UBPorts:
https://ci.ubports.com/job/xenial-r.../out/ubports-touch.rootfs-xenial-armhf.tar.gz
4-Boot into TWRP recovery (or your recovery with BusyBox) and run this command (in the folder halium-install):
Code:
halium-install.sh -p ut -v path/to/rootfs.tar.gz path/to/system.img
Put a password that you can remember when prompted.
Wait, and it should flash all succesfully, if all goes well. I do not guarantee the success in this (my device has a problem with /data partition), so I need all the feedback possible in this (Terminal logs, for example, would be useful to me).
5-Reboot. Now, it should be the phone on Bootloader screen, but if you text in a terminal
Code:
ssh [email protected]
It should ask for a password and load the rootfs successfully.
After that, with this settings:
Code:
sudo mount -o remount,rw /
and
Code:
sudo -i # And enter your password
cat /var/lib/lxc/android/rootfs/ueventd*.rc|grep ^/dev|sed -e 's/^/dev///'|awk '{printf "ACTION=="add", KERNEL=="%s", OWNER="%s", GROUP="%s", MODE="%s"n",$1,$3,$4,$2}' | sed -e 's/r//' >/usr/lib/lxc-android-config/70-[codename].rules
and, finally, rebooting the phone, it should boot Ubuntu Touch. The lock password is the same than the password you made before in the install.
I need feedback to do this well. Any comments on this will be welcomed.
Logo of the project licensed by UBPorts by Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License.
XDA:DevDB Information
Ubuntu Touch Porting: Motorola Moto E 2015 4G/LTE, ROM for the Moto E 2015
Contributors
impreza233, bartbart2003
Source Code: https://github.com/Halium/projectmanagement/issues/97
ROM OS Version: 7.x Nougat
ROM Kernel: Linux 3.10.x
ROM Firmware Required: Unlocked bootloader, latest TWRP or custom recovery with BusyBox installed
Version Information
Status: Alpha
Created 2018-09-29
Last Updated 2020-09-20
Great job!
Buen trabajo! Quizás lo testee más tarde, cuando esté seguro de que no necesitaré el celular para algo importante jajajaj.
~~
For English readers:
Great job! I may test it later, when I'm sure I won't be needing the phone for something important haha.
impreza233 said:
4-Boot into TWRP recovery (or your recovery with BusyBox) and run this command (in the folder halium-install):
Code:
halium-install-standalone.sh -p ut -v path/to/rootfs.tar.gz path/to/system.img
Click to expand...
Click to collapse
The file halium-install-standalone.sh is not existant. Tried using halium-install and /utils/standalone.sh, but both are giving me a "Permission denied" dialog. SU not found, using Squid's TWRP.
SonicoXD said:
The file halium-install-standalone.sh is not existant. Tried using halium-install and /utils/standalone.sh, but both are giving me a "Permission denied" dialog. SU not found, using Squid's TWRP.
Click to expand...
Click to collapse
Yes, it's a little fail on my install tutorial. The file is named halium-install.sh. utils/standalone.sh won't do nothing. I will fix this error in the tutorial. Thanks for the tip!!!
Otherwise, what version of Squid's TWRP do you use? I use the latest version from here: https://eu.dl.twrp.me/surnia/ and no problems on my side. I will investigate this too.
EDIT: fixed error on the install tutorial.
sh:halium-install.sh not found (twrp 3.2.3)
Android-fan117 said:
sh:halium-install.sh not found (twrp 3.2.3)
Click to expand...
Click to collapse
If you are inside the folder of halium-install.sh, when you have to type the command halium-install.sh, drag and drop the .sh file to the terminal, in this way:
path/to/halium-install.sh -p ut -v path/to/rootfs.tar.gz path/to/system.img
EDIT: fixed on the main tutorial.
ok... all flashed just fine,but ssh [email protected] gives Connection timed out (new network connection appears,when phone boots).I just can`t connect.
Android-fan117 said:
ok... all flashed just fine,but ssh [email protected] gives Connection timed out (new network connection appears,when phone boots).I just can`t connect.
Click to expand...
Click to collapse
Well, this is a good signal
What do you get if you do this command?:
Code:
ssh -vvvv [email protected]
I need to know that messages to debug this.
impreza233 said:
Well, this is a good signal
What do you get if you do this command?:
Code:
ssh -vvvv [email protected]
I need to know that messages to debug this.
Click to expand...
Click to collapse
I get this:
openSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "10.15.19.82" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.15.19.82 [10.15.19.82] port 22.
debug1: connect to address 10.15.19.82 port 22: Connection timed out
ssh: connect to host 10.15.19.82 port 22: Connection timed out
(But new network connection appears)
ALSO I saw some errors while installing:
I: Pushing rootfs and android image to /data via ADB
5528 KB/s (2147483648 bytes in 379.315s)
5243 KB/s (1895825408 bytes in 353.069s)
Installing udev rules
cannot stat './file/70-tenshi.rules': No such file or directory
cannot stat './file/70-tenshi.rules': No such file or directory
cannot stat './file/70-tenshi.rules': No such file or directory
Android-fan117 said:
I get this:
openSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "10.15.19.82" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.15.19.82 [10.15.19.82] port 22.
debug1: connect to address 10.15.19.82 port 22: Connection timed out
ssh: connect to host 10.15.19.82 port 22: Connection timed out
(But new network connection appears)
ALSO I saw some errors while installing:
I: Pushing rootfs and android image to /data via ADB
5528 KB/s (2147483648 bytes in 379.315s)
5243 KB/s (1895825408 bytes in 353.069s)
Installing udev rules
cannot stat './file/70-tenshi.rules': No such file or directory
cannot stat './file/70-tenshi.rules': No such file or directory
cannot stat './file/70-tenshi.rules': No such file or directory
Click to expand...
Click to collapse
Well, it means that the flashing of rootfs has been sucessful. Yipeee!!!! Well, the tenshi thing will be removed in future versions of the script. It was here only for debugging purposes.
For the ssh thing, I will provide a patch for that. Thanks again for your feedback!!!
impreza233 said:
Well, it means that the flashing of rootfs has been sucessful. Yipeee!!!! Well, the tenshi thing will be removed in future versions of the script. It was here only for debugging purposes.
For the ssh thing, I will provide a patch for that. Thanks again for your feedback!!!
Click to expand...
Click to collapse
Ok. Just let me know,when all be done. I'll test it again.
Android-fan117 said:
Ok. Just let me know,when all be done. I'll test it again.
Click to expand...
Click to collapse
Thanks for being the test case!
Android-fan117 said:
Ok. Just let me know,when all be done. I'll test it again.
Click to expand...
Click to collapse
Well, I have news. When you finish the halium-install process unpack and run the file attached to this message and remember to run the command to cancel previous connection with 10.15.19.82 in case of your ssh needs to. At that point it should be a connection to ssh.
impreza233 said:
Well, I have news. When you finish the halium-install process unpack and run the file attached to this message and remember to run the command to cancel previous connection with 10.15.19.82 in case of your ssh needs to. At that point it should be a connection to ssh.
Click to expand...
Click to collapse
get this(when run ssh_connection.sh):
* The device seems to be connected as enp0s20u7
RTNETLINK answers: File exists
RTNETLINK answers: File exists
PING 10.15.19.82 (10.15.19.82) 56(84) bytes of data.
From 192.168.2.89 icmp_seq=1 Destination Host Unreachable
From 192.168.2.89 icmp_seq=2 Destination Host Unreachable
From 192.168.2.89 icmp_seq=3 Destination Host Unreachable
--- 10.15.19.82 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2038ms
pipe 3
* Connecting using ssh
OpenSSH_7.2p2 Ubuntu-4ubuntu2.5, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.15.19.82 [10.15.19.82] port 22.
debug1: connect to address 10.15.19.82 port 22: No route to host
ssh: connect to host 10.15.19.82 port 22: No route to host
Android-fan117 said:
get this(when run ssh_connection.sh):
* The device seems to be connected as enp0s20u7
PING 10.15.19.82 (10.15.19.82) 56(84) bytes of data.
From 192.168.2.63 icmp_seq=1 Destination Host Unreachable
From 192.168.2.63 icmp_seq=2 Destination Host Unreachable
From 192.168.2.63 icmp_seq=3 Destination Host Unreachable
--- 10.15.19.82 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2052ms
pipe 3
* Connecting using ssh
OpenSSH_7.2p2 Ubuntu-4ubuntu2.5, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.15.19.82 [10.15.19.82] port 22.
debug1: connect to address 10.15.19.82 port 22: No route to host
ssh: connect to host 10.15.19.82 port 22: No route to host
Click to expand...
Click to collapse
Don't worry. I will continue tuning it for best results. My result is the same as you.
impreza233 said:
Don't worry. I will continue tuning it for best results. My result is the same as you.
Click to expand...
Click to collapse
Ok.I`ll be waiting for this.
Android-fan117 said:
Ok.I`ll be waiting for this.
Click to expand...
Click to collapse
I'm thinking about the fact that the system would not be properly booted when the phone is switched on. Could you do a dmesg -w when the phone is switched on and shows a network on your computer?
impreza233 said:
I'm thinking about the fact that the system would not be properly booted when the phone is switched on. Could you do a dmesg -w when the phone is switched on and shows a network on your computer?
Click to expand...
Click to collapse
I`ll do it right now
---------- Post added at 04:20 PM ---------- Previous post was at 04:04 PM ----------
impreza233 said:
I'm thinking about the fact that the system would not be properly booted when the phone is switched on. Could you do a dmesg -w when the phone is switched on and shows a network on your computer?
Click to expand...
Click to collapse
ok...I found this
[ 1373.515554] usb 3-7: New USB device found, idVendor=18d1, idProduct=d001
[ 1373.515560] usb 3-7: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1373.515564] usb 3-7: Product: Failed to boot
[ 1373.515568] usb 3-7: Manufacturer: Halium initrd
[ 1373.515571] usb 3-7: SerialNumber: halium-initrd telnet 192.168.2.15
Android-fan117 said:
I`ll do it right now
---------- Post added at 04:20 PM ---------- Previous post was at 04:04 PM ----------
ok...I found this
[ 1373.515554] usb 3-7: New USB device found, idVendor=18d1, idProduct=d001
[ 1373.515560] usb 3-7: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1373.515564] usb 3-7: Product: Failed to boot
[ 1373.515568] usb 3-7: Manufacturer: Halium initrd
[ 1373.515571] usb 3-7: SerialNumber: halium-initrd telnet 192.168.2.15
Click to expand...
Click to collapse
Just as I suspected. Halium fails to boot. I will continue investigating this. Thanks!!!

Categories

Resources