Database Info

using the internal memory as a virtual sdcard

I managed to break my micro sd card in half today and I wasn't able to pickup a class 10 or 6 replacement locally so I thought I could use some of the 6gb of internal memory as a virtual filesystem to get me out of trouble.
So, after quickly looking at the android docs and the supported busybox commands I created a 2gb sdcard.img in /data and mounted to /sdcard. I copied some files to it with astro filemanager and fired up raging thunder 2 and it went ahead and downloaded the game data to /sdcard/ and worked correctly.
But, a few apps won't recognise it as an sdcard (Motorola SD card and phone storage settings applet) as well as things like PlayPro (states I have no sdcard present). I thought perhaps I could modify the /etc/vold.fstab file to auto mount the sdcard.img I created using vi but I'm a bit clueless as to what I should change on the dev_mount /sdcard line to get it automounted at boot and hopefully fool the rest of the apps into thinking it is a physical sdcard.
Can anyone possibly point me in the right direction? Not sure how to invoke cmd mode in vi using the milestone qwerty either but I'll keep digging.
What I did (roughly), maybe I'm going about it wrong but any advice would be appreciated.
1. rooted device
2. installed the free terminal app from the market
3. fired up the terminal shell
4. su
5. dd if/dev/zero of=/data/sdcard.img bs=1024 count=1 seek=2000000
6. busybox mkfs.vfat /data/sdcard.img (didn't seem to support -F 32)
7. busybox mount -o loop /data/sdcard.img /sdcard/

+ 1 for this, it would be great to can use internal storage for user data

Why do you let this nice post die.. so "flibbulator" found anything more out?.. I'd like to know more.. like if you got it to work with Music Players and Video players??

Try to mount /data/sdcard.img to /mnt/sdcard (/sdcard is a link to /mnt/sdcard)
or try "export EXTERNAL_STORAGE /sdcard"
I made in a different way: created a 4GB storage.img in /data and mounted it in /sdcard/storage, so internal storage is finally usable for user data
the problem was to set mount point on boot, I can't find a way to execute a script on boot (you can't permanently modify init.rc)

flibbulator said:
What I did (roughly), maybe I'm going about it wrong but any advice would be appreciated.
1. rooted device
2. installed the free terminal app from the market
3. fired up the terminal shell
4. su
5. dd if/dev/zero of=/data/sdcard.img bs=1024 count=1 seek=2000000
6. busybox mkfs.vfat /data/sdcard.img (didn't seem to support -F 32)
7. busybox mount -o loop /data/sdcard.img /sdcard/
Click to expand...
Click to collapse
I have actually tried this on my Droid2Global, and I get the error "unknown operand if/dev/zero" I feel like I am missing the point or do not fully understanding how to use the "dd" command?

the correct syntax is:
dd if=/dev/zero of=/data/sdcard.img bs=1024 count=4194340
4194340 --> 4GB

patton82 said:
the correct syntax is:
dd if=/dev/zero of=/data/sdcard.img bs=1024 count=4194340
4194340 --> 4GB
Click to expand...
Click to collapse
Thank you bro.
Quick question I keep getting these errors. I do have a folder in "/" named "sdcard-int"
Better Terminal Emulator Pro
/ # busybox mount -o loop /data/sdcard.img /sdcard-int/
mount: can't setup loop device: No such file or directory
/ # busybox mount -o /data/sdcard.img /sdcard-int
mount: can't read /etc/fstab: No such file or directory
/ #
Sent from my DROID2 GLOBAL using Tapatalk

you can't place anything in root folder, /sdcard is a link to /mnt/sdcard and is created by init.rc (you can't edit init.rc, it's provided by boot.img, so need to extract from boot.img and repack)
I made in this way but I have to manually execute a script or a command from terminal after every boot to mount storage.img
mkdir /sdcard/storage
su
dd if=/dev/zero of=/data/storage.img bs=1024 count=4194340
busybox mkfs.vfat /data.storage.img
mount -o loop -t vfat /data/storage.img /sdcard/storage

Will be lost anything after reboot when use this storage?
Sent from my MotoA953 using XDA App

all the stuff in img file will not be lost, as long as you put it in /data/
on the contrary the mount point must be restored after reboot

patton82 said:
you can't place anything in root folder, /sdcard is a link to /mnt/sdcard and is created by init.rc (you can't edit init.rc, it's provided by boot.img, so need to extract from boot.img and repack)
I made in this way but I have to manually execute a script or a command from terminal after every boot to mount storage.img
mkdir /sdcard/storage
su
dd if=/dev/zero of=/data/storage.img bs=1024 count=4194340
busybox mkfs.vfat /data.storage.img
mount -o loop -t vfat /data/storage.img /sdcard/storage
Click to expand...
Click to collapse
Thank you, I will use the Thank you button when I login via PC.
I still get the same error, I know that I'm doing something incorrectly or maybe I don't understand "mount" comment correctly?
/ $ su
/ # mkdir /sdcard/storage
/ # dd if=/dev/zero of=/data/storage.img bs=1024 count=41943404194340+0 recordsn
4194340+0 records out
4295004160 bytes (4.0GB) copied, 339.823883 seconds, 12.1MB/s
/ # busybox mkfs.vfat /data/storage.img
/ # mount -o loop -t vfat /data/storage.img /sdcard/storage
mount: can't setup loop device: No such file or directory
/ #
I am using my sdcard also, I'm not too sure if that makes any difference?
Sent from my DROID2 GLOBAL using Tapatalk

Better terminal pro uses BASH shell, I presume
try to switch to android shell, in preferences
or to use terminal emulator (free) from market

Okay, I tried Android Terminal Emulator, and this is a new error.
export PATH=/data/local/bin:$PATH
$ $ su
# mount -o loop -t vfat /data/storage.img /sdcard/storage
ioctl LOOP_SET_FD failed: Device or resource busy
#
Not too sure where to go now. I thank you again for all your help, and time.
Sent from my DROID2 GLOBAL using Tapatalk

resource busy, you have to reboot the phone
I use Gscript lite, add a script with the string
mount -o loop -t vfat /data/storage.img /sdcard/storage
and create a shortcut to homescreen, so when I reboot, I can mount the img file in one click

Cool mod for my ROM. Could I take it??

sure, they are simple shell commands
the best would be to do what happen with Samsung Galaxy S: internal storage mounted as sdcard and physical sdcard mounted in a folder /sdcard/sd
storage.img is 3-4 times faster than my peak 8GB class 6

There is an application "Autostart" in the market, which can automatially execute a script with root after boot up.

I up because I'm now also interested in making profit of the huge internal storage. I'd like to put my wikipedia data from wikidroyd to the internal storage. Hopefully I'm skilled enough to follow the given steps...I doubt that though

fKngFtd said:
Okay, I tried Android Terminal Emulator, and this is a new error.
export PATH=/data/local/bin:$PATH
$ $ su
# mount -o loop -t vfat /data/storage.img /sdcard/storage
ioctl LOOP_SET_FD failed: Device or resource busy
#
Not too sure where to go now. I thank you again for all your help, and time.
Click to expand...
Click to collapse
Guys, I need your help! I have exactly. The same problem:
Every time I try to mount my storage.img I get
Ioctl LOOP_SET_FD failed: Device or resource busy.
I rebooted several times and also tried to mount smaller images (first I tried 3gb then I tried 1mb).
Any solution?
Edit: I solved it myself. I always forgot to punch in busybox before the command. Now it worked for me!!

I do have a question now. With help of Gscript I made a shortcut to mount the storage.img to my sdcard. But my pc wont recognise the sdcard as long as the image is mounted. What is the command to unmount the partition so I wouldnt have to reboot my phone before connecting it to the pc...?
Any help is much appreciated! Thx
(Something like busybox unmount -o loop -t vfat...?)
Sent from my MotoA953 using XDA App

[HOWTO] chroot Ubuntu 11.10 under CM7

INTRODUCTION
This document describes a procedure for installing Ubuntu 11.10 Oneiric Ocelot onto your Android device to run alongside an existing Android rom. My instructions assume you are running CyanogenMod 7. I will try to provide workarounds for other roms.
Ubuntu on a mobile device, running alongside Android, is somewhat difficult to use and is useless for most users. You should not attempt this procedure unless you have a need to run arbitrary Linux software from a mobile device. Many mobile computing needs can be met by installing remote access software on a traditional desktop computer. Conversely if you find the idea of having a general purpose Linux system in your pocket to be freaking awesome, whether you need it or not, please read on.
CAUTION
The following procedure assumes familiarity with Linux fundamentals, and basic familiarity with Android's Linux underpinnings. Data loss is possible, especially for the data on your SD card, so please make backups. Some commercial Android software is recommended, specifically Tasker and Better Terminal Emulator Pro. A large, fast SD card is also recommended. (I <3 my PNY 32 GB class 10 card)
Some optional steps are proposed that may interfere with how your Android device manages its SD card. You may be required to manually run a script before certain Android features, like mounting your device's SD card on a desktop PC via USB cable, will function properly.
Each step will have, whenever possible, a recommended procedure and one or more alternative procedures. If the recommended procedure doesn't work for you, the alternative procedure might require some research, manual-page reading, or other outside assistance to accomplish.
Shell commands should be executed on a root shell on your Android device. Use the built-in Terminal Emulator, ConnectBot in local mode, Better Terminal Emulator Pro, "adb shell" from a connected PC, or your favorite terminal emulator.
OVERVIEW
Too long; didn't read? Here's a quick summary of the steps involved:
Partition your SD card, creating a 2 GB or 4 GB Linux partition
Confirm the new partition is mounted at /sd-ext
Unpack http://cdimage.ubuntu.com/ubuntu-core/daily/current/oneiric-core-armel.tar.gz to /sd-ext
Create an empty file /sd-ext/.nomedia
Edit /system/etc/init.d/05mountsd to bind proc, dev, and sys to /sd-ext
Optionally edit /system/etc/init.d/05mountsd to bind /data, /system, and /cache to /sd-ext/mnt
Prepare a script to open a chroot shell with correct environment variables
Update /etc/apt/sources.list and /etc/resolv.conf according to your preference
Overwrite /sbin/start with /sbin/true
Copy or link important files into /etc and /lib
Initialize the package manager and begin downloading packages
(optional) Integrate Ubuntu services with Tasker profiles
STEP 1: Partition your SD Card
While a basic Ubuntu system can be installed in as little as 200 MB of disk space, many software packages require more space. Also many Linux tasks require unusual file attributes, permissions, or types, which cannot be placed on your SD card's regular FAT32 / VFAT file system.
Recommended: Use an existing Ubuntu system, or even an Ubuntu live CD, and a USB card reader to repartition your SD card without losing any data. Be sure the first primary partition remains FAT32 / VFAT, and create a second primary partition of type ext3 or ext4.
Alternative 1: Use any desktop system to back up all of the data on your SD card, either with a card reader or using your Android device. Use your phone's recovery partition to destructively repartition your SD card with a 2 or 4 GB ext3 or ext4 partition, and NO swap partition. Then copy your SD card contents back to your SD card.
Alternative 2: If you don't want to partition your SD card, you can create large empty files on your SD card and mount those. Some of the later steps will work differently and you may have to improvise.
Create large empty files on your SD card to contain your Ubuntu filesystem: dd if=/dev/zero of=/mnt/sdcard/UBUNTU.IMG bs=32768 count=65536
Identify a free loopback device number that isn't currently in use and won't likely be occupied by Android Apps2SD in the future: ls /dev/block
Create a new loop device for your file. Note the first number is the loop filename number you observed wasn't in use (at least a few dozen higher than the highest number you see), then a b and a 7, and then a number one less than the filename number. For example: mknod /dev/block/loop200 b 7 199
Associate the loop device with your new empty file: losetup /mnt/block/loop200 /mnt/sdcard/UBUNTU.IMG
Find which versions of mkfs are on your system: ls /system/xbin/mkfs*
Using whatever version you have (ext4 or ext3 preferred, but ext2 is acceptable) run: mkfs.ext# /dev/block/loop200
Save these commands in a script for later use. The dd and mkfs commands were only used this once, but the mknod and losetup commands will have to be run manually from a script each time you boot your phone.
STEP 2: Mount your Linux Partition
To avoid causing problems for your Android system, we shouldn't tamper with any of Android's critical files or directories. We will mount our Linux partition in a new directory that Android isn't using. With any luck, our rom already contains scripts that will automatically mount this for us.
Recommended: If you have partitioned your SD card and you are running CyanogenMod 7, use a root shell or file manager to confirm /sd-ext contains at least a directory called lost+found. If lost+found is present in /sd-ext then this step is done and you should continue to step 3.
Alternative 1: Use a root shell to navigate to /etc/init.d and look for a file called 05mountsd. If that file doesn't exist, you may need to create it or use another alternative method. If it does exist, run it with ./05mountsd and observe any error messages. If fsck or mount are failing because the filesystem type doesn't match what was expected, you can edit the file and change the filesystem type in the script.
Hint: you can do a quick search-and-replace using sed and a regular expression:
Code:
mv 05mountsd 05mountsd-old
cat 05mountsd-old | sed -e s/ext3/ext4/ > 05mountsd
diff 05mountsd-old 05mountsd
#changes look good to you? then proceed:
rm 05mountsd-old
ls -al
chown root.shell 05mountsd
chmod 750 05mountsd
#adapt owner (root), group (shell) and permissions (-rwxr-x---) to match the other files in that directory
Alternative 2: If your rom doesn't create, or attempt to mount, anything called /sd-ext you might have to create your own mount point.
Code:
mount -o remount,rw /system
mkdir /system/sd-ext
mount -o remount,ro /system
Then, in the following steps, replace any reference to /sd-ext with /system/sd-ext.
STEP 3: Install the Base System
Recommended: Download this file: http://cdimage.ubuntu.com/ubuntu-core/daily/current/oneiric-core-armel.tar.gz (Should be under 32 MB, and is the only potentially-insecure download required because the file is unsigned.)
Store it on your SD card somewhere, like in /mnt/sdcard/download/. (If you use your Android device's browser, it will probably land there automatically.)
If you're nervous about making a mistake, double-check your system partition is read-only:
Code:
mount | grep -v block/dm- | grep \(rw
#If anything there looks like it shouldn't be read-write, make it read-only:
mount -o remount,ro /system
Open a root shell and navigate to /sd-ext. Use pwd (present working directory) to confirm you really are in /sd-ext. Then go ahead and unpack:
Code:
tar zxvf /mnt/sdcard/download/oneiric-core-armel.tar.gz
STEP 4: Create a .nomedia file
Android may try to scan your Linux partition for images, videos, and pictures. The Linux partition contains many files and directories and this scan can take a long time. To avoid these lengthy scans, we will add a file to the Linux partition that blocks well-behaved Android services from scanning.
Recommended: Use a root shell to navigate to /sd-ext. Create the file and set its permissions:
Code:
echo > .nomedia
chown root.root .nomedia
chmod 644 .nomedia
STEP 5: Bind /proc, /dev, and /sys to the Linux partition
Recent versions of Linux provide a way to clone a partition, so when changes are made to one copy of the partition the changes take effect immediately in the other copy. We will use this to make the /proc, /dev, and /sys partitions used by Android available in our Linux partition as well.
This is necessary because when we run Ubuntu we will be using chroot (change root) to make /sd-ext the only filesystem Ubuntu can see. Ubuntu will need to be able to see /proc, /dev, and /sys, as well as some of the files in /etc, /vendor/lib, and /system/lib. We will meet some of these needs with mount --bind
Additionally we will need these bindings to be recreated every time the /sd-ext partition is mounted. So we will add some commands to the run-parts script that mounts /sd-ext, located at /etc/init.d/05mountsd.
Recommended: Open a root shell and navigate to /etc/init.d, and use a text editor to open 05mountsd.
Near the end of the file you should see some commands that operate on /sd-ext:
Code:
$BB chown 1000:1000 $SD_EXT_DIRECTORY;
$BB chmod 770 $SD_EXT_DIRECTORY;
Edit the chmod command and change the permission mask number from 770 to 775, which grants non-root users the ability to read the contents of that directory. Then add the following commands immediately after the chown and chmod commands already present:
Code:
$BB mount --rbind /dev /sd-ext/dev
$BB mount --rbind /proc /sd-ext/proc
$BB mount --rbind /sys /sd-ext/sys
STEP 6: (OPTIONAL) Bind /system, /data, and /cache to /sd-ext
This step is optional, and provides a way to operate on Android system files from within Ubuntu. If you're concerned about a stray command destroying your Ubuntu system and you want to make sure it doesn't take any Android system files with it, you should skip this step.
Recommended: Open a root shell and navigate to /sd-ext/mnt, and create some directories which will serve as mount points:
Code:
pwd
# you should be in /sd-ext/mnt
mkdir -m 700 system data cache
chown root.root system data cache
ls -al
# Each of system, data, and cache should show drwx------ and root for both owner and group
Then navigate to /etc/init.d and edit 05mountsd. Add the following under the existing mount --rbind commands you added earlier:
Code:
$BB mount --rbind /system /sd-ext/mnt/system
$BB mount --rbind /data /sd-ext/mnt/data
$BB mount --rbind /cache /sd-ext/mnt/cache
STEP 7: Prepare a script to open a chroot shell with proper environment variables
Now you will need an easy way to create a first process, a shell, in the new environment you've created. This shell will start life in a different world than regular Android shell processes live in: it will use a different root filesystem and will be able to see different files and directories, and it will have access to a vast number of full-featured programs and services.
We will be using the Bourne Again Shell, bash. We will launch bash with a program called env, which sets some environment variables and then launches a program with that new environment. Finally, we will be launching env with a program called chroot, which changes the root filesystem seen by a program before it launches it.
Option 1: Better Terminal Emulator Pro: I don't want to say "recommended" because it involves buying software that's not really necessary. I'm partial to Better Terminal Emulator Pro because it seems to have more available options (compared to the built-in Terminal Emulator) and it doesn't kill your shell unexpectedly when network connectivity changes (unlike ConnectBot). I'm not affiliated with the author of that software. Also, after I bought that I stopped looking for alternative shells, so there may exist other alternative shells that work better for this.
Use Better Terminal Emulator Pro and add the commands necessary for starting your chroot shell to BTEP's options. Once you do this, BTEP will essentially be a dedicated Ubuntu console for you, and may be difficult to use for other tasks.
My settings are:
Shell: Android Shell
Command Line: /system/bin/sh
Initial Command:
Code:
/system/xbin/chroot /sd-ext /usr/bin/env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=linux /bin/bash -l; exit
clear
Start as root: yes
Option 2: Terminal Emulator, and a shell script: Open a root shell and create a file:
Code:
#!/system/bin/sh
/system/xbin/chroot /sd-ext /usr/bin/env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=linux /bin/bash -l
exit
Save the file with whatever name you like, perhaps "ubuntu", and put it somewhere in your path. You could add it to /system/bin: mount -o remount,rw /system; mv ubuntu /system/bin/ubuntu; mount -o remount,ro /system
Option 3: ConnectBot: I don't recommend ConnectBot for this because, while it does offer "local" connection types, if your connectivity changes (even wifi to cell) it will close your "connection" immediately.
That said: create a new connection with type local, and give it the following initial command:
Code:
su -
/system/xbin/chroot /sd-ext /usr/bin/env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin TERM=linux /bin/bash -l; exit
clear
STEP 8: Update /etc/apt/sources.list and /etc/resolv.conf
Ubuntu uses a package manager which automatically finds, downloads, verifies, and installs software for you. The package manager requires a list of trusted repositories which contain binaries built for ARM CPUs, like the one in your Android device.
FIXME: Later I'll discuss the pros and cons of each of these selections. For now I'll just provide my sources.list file.
Open your Ubuntu shell, using the method from step 7, and issue the following commands:
Code:
echo nameserver 8.8.8.8 > /etc/resolv.conf
# you can use a nameserver of your choice if you like.
echo nameserver 8.8.4.4 >> /etc/resolv.conf
# notice the >> instead of > which means we're appending, not overwriting.
apt-get install nano
# follow the prompts - say yes if it asks if you want to proceed.
nano -w /etc/apt/sources.list
And here are the contents of my sources.list file, containing binary sources for ARM CPUs:
Code:
deb http://ports.ubuntu.com/ubuntu-ports/ oneiric main restricted universe multiverse
deb http://ports.ubuntu.com/ubuntu-ports/ oneiric-security main restricted universe multiverse
deb http://ports.ubuntu.com/ubuntu-ports/ oneiric-updates main restricted universe multiverse
deb http://ports.ubuntu.com/ubuntu-ports/ oneiric-backports main restricted universe multiverse
deb http://archive.canonical.com/ oneiric partner
deb http://archive.canonical.com/ oneiric-security partner
deb http://archive.canonical.com/ oneiric-updates partner
deb http://archive.canonical.com/ oneiric-backports partner
STEP 9: Overwrite /sbin/start with /sbin/true
Nothing too complicated here. Some Ubuntu packages install services, which the system will usually want to automatically start and end when the system boots and shuts down.
However, on an Android device Android is responsible for booting and shutting down the system, and it doesn't know much about Ubuntu services.
Later (FIXME: when?) we'll discuss how to use an Android program like Tasker to more intelligently manage Ubuntu services. But for now, we need to trick Ubuntu's package installation scripts into believing it has successfully started a service. We will use a useless program called true, which does nothing and reports that it was successful, in place of a program called start, which will be unable to start a service because it has no access to Android's init system.
Open your Ubuntu shell and do this: cp /sbin/true /sbin/start
STEP 10: Copy or link important files into /etc and /lib
FIXME: I haven't finished this section yet. Some of my software remains broken until I fix this.
STEP 11: Initialize the package manager and begin downloading packages
Now we can begin using our Ubuntu system's package manager to install any other packages we might need.
Open your Ubuntu shell and do the following:
Code:
apt-get update
# This will take a short while, and will download updated software catalogs from each of the update servers
apt-get upgrade
# This looks for updates to any currently-installed packages. There aren't many packages installed so this should be quick.
apt-get install PACKAGE NAMES GO HERE
Then keep using apt-get install to install whatever you need.
Here are some common packages and package sets:
ubuntu-dev-tools: development tools including a compiler and linker
tightvncserver: simple X server you can connect to with androidVNC
FIXME: I need to put a lot more here.

Sorry for bumping old threat, but I am kind of stuck. Everything goes fine, but when I try to create the script in BTEP (and android terminal) I am getting segmentation fault in both of them.
Checked for syntax errors 100 of times. I am using CM6 froyo 2.2 on Motorola milestone. SD card has 2 gb of ext3 partition mounted in /sd-ext.
*EDIT*
Reflashed CM 7 latest and same thing happens. Segmentation Fault.

[How to] get full ubuntu and your favorite desktop in webtop

Ok, Today I will show how to fully unlock the webtop feature in the Atrix 2, so that you can use your favorite Linux apps and desktop, to be more productive while using webtop.
This will be in several posts to make this easier to read and understand.
There are several requirements I will list here, first:
1) A way to use webtop - The HD, or lapdock, or have completed the webtop mod for the HDMI connection Here
2) This is most important, and if you completed 1, then you most likely have done it, root your Atrix 2
3) A USB SDcard reader. I have the Sandisk imagemagick, but any one you like will do
4) Be able to ADB from your computer to your phone
5) Not afraid of a little command line work
Partition Instructions:
Depending upon your operating system, free software is available so that you can partition and format your device without losing all the data on it.
You will need to get one of the apps / iso images below, I recommend the live iso with gparted on it, just because I am a UNIX/ Linux guy by trade and choice, and this is what I use.
Linux gparted live iso image:
http://gparted.sourceforge.net/livecd.php
Windows MiniTool Partition Wizard:
http://www.partitionwizard.com/free-partition-manager.html
You must create a parition on your SDcard for webtop, as this is is a full Operating System and takes a good bit of space. I made mine around 8GB on my 32GB card, and for the purpose of showing you here, I created a 4GB partition on a spare 16GB card I have. 1GB is the minimum, because that is what is already being used on the Atrix2 and I think it is about 80% full or so.
The partition you create MUST be a primary partition and formated to ext3.
For Windows here are some screen shots from another board that may help, with instructions:
This is what the MiniTool Partition Wizard screen looks like when I have an 8 GB SD card inserted. As you can see, there's currently one single FAT32 partition present.
http://forum.xda-developers.com/attachment.php?attachmentid=651143&d=1310342755
When you right click on the partition, you'll see a Move/Resize option. That's the one you want to select for non-destructive partitioning.
http://forum.xda-developers.com/attachment.php?attachmentid=651144&d=1310342755
At that point, you can select how large you want your partition to be. You want to make sure that the "Unallocated Space Before" stays at 0.00 MB, so that the new partition will be the second one. In my case, I've opted to create a 4 GB partition as the second partition.
http://forum.xda-developers.com/attachment.php?attachmentid=651145&d=1310342755
Once that has been set up, right click on the Unallocated space, then select Create.
http://forum.xda-developers.com/attachment.php?attachmentid=651146&d=1310342766
We're not worried about the warning that Windows throws up, particularly since we know we'll be creating a partition that Windows can't read anyways. So just hit Yes.
http://forum.xda-developers.com/attachment.php?attachmentid=651147&d=1310342766
Create the second partition at the maximum size with the following settings:
Create As: Primary
File System: Ext3
http://forum.xda-developers.com/attachment.php?attachmentid=651148&d=1310342766
After that's done, click on the Apply Changes button.
http://forum.xda-developers.com/attachment.php?attachmentid=651149&d=1310342766
And now you're done! Put the card back into your Atrix2
Now for gparted:
If you are familiar with Linux and know how to use gparted, just resize your FAT32 partition to whatever size you want, then create a partition at least 1GB in size (I recommend 4GB), and make it an EXT3.
Now for the rest that are using the iso here is some info and screen prints:
Launch gparted:
Here is a screen print of my desktop with gparted running:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Now in the upper right corner there is a little drop down that has something like /dev/sda in it, change this to your SDcard, mine was /dev/sdc.
Next right click on the partition in the middle of the screen, it should be surrounded in green, then click Resize/Move:
Then when the next screen comes up, drag the arrow from the left to the middle of the screen to resize the partition, to the size you want, this is in MegaBytes:
Now will have one partition that is ready to resize, and it should look like this, you will click on the "Apply all Operations button":
Then a little window with the percentage will show up and tell you when it is complete, just click the close button when it finishes.
Next you will right click on the unallocated part of the SDcard and click new:
Then you will tell it how big in new size box, I let it do the whole thing at 4GB, then select ext3 in the File system drop down menu:
Then after you click add in the last screen, you will click the "Apply all Operations button" Again:
Now it will show the percentage window again, and when it is complete, click the close button.
Done! Now it should look like this:
Put your SDcard back into your phone now.
Next will be how to copy over some patches and a script that will do a lot more, and a manual way for the brave.

Ok, so now that we are partitioned we can do some real fun stuff, and by fun stuff I mean command line.
I would make sure you are plugged into a power source when you are doing this part, becuase the script will run for a very long time, it is copying 1GB of data to your SDcard, and installing a patch that includes another 100 or so MB of needed programs.
Go get this tarball
IT IS VERY IMPORTANT THAT YOU COPY THIS INTO /data/local ON YOUR PHONE
Copy this to your system with:
adb push webtop_unlock.tar /data/local
Now connect to your phone with ADB
adb shell
su
cd /data/local
tar -xvf webtop_unlock.tar
chmod 755 setup_webtop.sh
sh ./setup_webtop.sh
This will do a whole lot of things, like copy the webtop install to your SDcard, then patch it, so that you can run synaptic and a termial and disable the FACLs and MACLs that Motorola has implemented, so that it is not locked down anymore.
***Note: I only had a chance to run and test this script once, so if it is an issue please let me know nicely in a post here, or PM me, but please copy any errors or get a screen print if you can, so that I know what to fix. Please don't post a reply with it did not work, give me as much info as you can.
After your phone reboots ADB into it again, and do this:
su
mount -o remount, rw /
**take note that you must run the "mount -o remount, rw /" command anytime you reboot your phone because any programs you get thru apt-get or synaptic will error out during installation

Now that you have most of what you need Do this:
Connect to webtop with whatever method you like, HD dock, or lapdock, or TV (you most likely have to have a bluetooth keyboard mouse to use your TV).
Then when the webtop session starts:
Ctrl+Alt+T
When the Terminal launches type this at the command line and hit return
sudo apt-get update
From here, you can run "gksu synaptic" and use the password "test" to start installing various different programs and packages that are normally available on Ubuntu.
Dependencies
Take caution when modding Webtop because there are some dependencies that will break Webtop if they are upgraded such as anything ending in a .mot or anything resembling that.
Credits
Please thank [mbm] for fixing what Motorola took out, without him, none of this would be possible without his patch.
Sogarth for being the pioneer of Webtop hacking.

Now that you can get into synaptic, go find a desktop you like and install it.
I use gnome and I like it, but here is a list of KNOWN working apps, I am sure there are many more, just know some will not work at all.
Working Programs:
OpenOffice
XFCE4
Xchat
LxTerminal
Transmission
lxpanel
rdesktop
VLC Player (Video is choppy)
Gnome-Panel
Evolution Email
Chrome-Browser
Now that you have a desktop you want to run, lets set it up to start for you instead of that launcher at the bottom of the screen now.
After installing your DE of choice thru apt-get or synaptic, navigate on your phone with Root File Explorer to /osh/usr/local/bin/ and open the file "start-oshwt-2.sh" in the text editor and you will be presented with something that looks like this:
#! /bin/sh
### BEGIN INIT INFO
# Provides: start_lxde2.sh
# Required-Start:
# Required-Stop:
# Default-Start:
# Default-Stop:
# Short-Description: started by adas user at login
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
. /lib/lsb/init-functions
export `fbcp_dsba`
log_action_msg "Will now start OSHWT 2 scripts"
sfalv -i "/usr/lib/gvfs/gvfs-gdu-volume-monitor"
# start OSHWT 2 scripts
sfalv -i "awn-autostart"
sfalv -i "webtop-panel"
sfalv -i "webtop-wallpaper"
sfalv -i "evbridge"
webtop-wallpaper &
evbridge &
sfalv -i "window_switcher"
system-config-printer-applet >/dev/null 2>/dev/null &
sr-test avahi_start &
# IKXWEBTOP-5690 workaround.
# xkb is broken in 10.10 in that each time a keyboard is connected
# the layout of all other keyboards become the layout of
# the last connected keyboard.
# There is an xorg.conf.d rule that forces all keyboards to
# layout 'us(android)' but for some reason it is not working for
# evfwd. Here we force xkb to work with 'us(android)' so evfwd
# is assigned the right layout.
setxkbmap 'us(android)'
Note:
I highlighted the section you are interested in in Blue.
The sfalv -i "awn-autostart" command might also bin the file /osh/usr/local/bin/start-oshwt-1.sh
From here, if you comment out the sfalv -i "awn-autostart", then add to the script sfalv -i "xfdesktop" and sfalv -i "xfce4-panel" if you installed xfce4 or whatever Desktop environment you installed. If you followed this, your script should look like this:
#! /bin/sh
### BEGIN INIT INFO
# Provides: start_lxde2.sh
# Required-Start:
# Required-Stop:
# Default-Start:
# Default-Stop:
# Short-Description: started by adas user at login
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
. /lib/lsb/init-functions
export `fbcp_dsba`
log_action_msg "Will now start OSHWT 2 scripts"
sfalv -i "/usr/lib/gvfs/gvfs-gdu-volume-monitor"
# start OSHWT 2 scripts
#sfalv -i "awn-autostart"
sfalv -i "webtop-panel"
sfalv -i "xfdesktop"
sfalv -i "xfce4-panel"
#sfalv -i "webtop-wallpaper"
#sfalv -i "evbridge"
webtop-wallpaper &
evbridge &
sfalv -i "window_switcher"
system-config-printer-applet >/dev/null 2>/dev/null &
sr-test avahi_start &
# IKXWEBTOP-5690 workaround.
# xkb is broken in 10.10 in that each time a keyboard is connected
# the layout of all other keyboards become the layout of
# the last connected keyboard.
# There is an xorg.conf.d rule that forces all keyboards to
# layout 'us(android)' but for some reason it is not working for
# evfwd. Here we force xkb to work with 'us(android)' so evfwd
# is assigned the right layout.
setxkbmap 'us(android)'

Hiya Jim! Thanks for posting this!
Question:
So with this it says you have to have a bluetooth keyboard and mouse for use with a TV. Did they disable the onscreen keyboard and mouse then?

voodoomurphy said:
Hiya Jim! Thanks for posting this!
Question:
So with this it says you have to have a bluetooth keyboard and mouse for use with a TV. Did they disable the onscreen keyboard and mouse then?
Click to expand...
Click to collapse
If you use the webtop patch for connecting to a tv, I THINK you can still use the touch screen on the phone for keyboard and mouse, but I will be real honest, I have not tried it, since I have the HD dock and I have used a lapdock or two to play with.

Jim,
I gparted my **** the other day and made a 4 gig partition called Linux, but when I ran the script I got this:
done. Sit back this will all take a while. ==========================================================
Finding the partition you setup and formatted to ext3....
Copying the scripts that will mount the osh partition on your sdcard at every boot.
Copied mountosh into place
stat: cannot stat '/tmp/osh': No such file or directory
Mounting your sdcard linux partition so that we can copy over the wetop install to it
link_image[1964]: 10279 could not load needed library 'liblog.so' for '/system/bin/mount' (link_image[1964]: 10279 could not load needed library 'libgcc_s.so.1' for 'liblog.so' (load_library[1106]: Library 'libgcc_s.so.1' not found))CANNOT LINK EXECUTABLE
[: 45881: unknown operand
Your SD card did not mount properly; Please send the log to the author of this script
[email protected]:/data/local# Chris-Murphys-MacBook-Pro:~ chrismurphy$
and now the web top will not load to my TV. I am using the hdmi hack for that. Thoughts?

voodoomurphy said:
Jim,
I gparted my **** the other day and made a 4 gig partition called Linux, but when I ran the script I got this:
done. Sit back this will all take a while. ==========================================================
Finding the partition you setup and formatted to ext3....
Copying the scripts that will mount the osh partition on your sdcard at every boot.
Copied mountosh into place
stat: cannot stat '/tmp/osh': No such file or directory
Mounting your sdcard linux partition so that we can copy over the wetop install to it
link_image[1964]: 10279 could not load needed library 'liblog.so' for '/system/bin/mount' (link_image[1964]: 10279 could not load needed library 'libgcc_s.so.1' for 'liblog.so' (load_library[1106]: Library 'libgcc_s.so.1' not found))CANNOT LINK EXECUTABLE
[: 45881: unknown operand
Your SD card did not mount properly; Please send the log to the author of this script
[email protected]:/data/local# Chris-Murphys-MacBook-Pro:~ chrismurphy$
and now the web top will not load to my TV. I am using the hdmi hack for that. Thoughts?
Click to expand...
Click to collapse
ok adb in and remove the files you used.
Code:
adb shell
cd /data/local
rm setup_webtop.sh
rm mountosh
rm mountosh1
rm unlock_webtop.tar
rm webtop_setup.log
mount -o remount, rw /system
cd /system/bin
rm mountosh
mv mountosh.orig mountosh
cd /data/local
mount -o remount, rw /system
End Code
Then go download the tarball again from the link in the OP (I made a slight change in the script that should fix the error about stating the /tmp/osh directory), and do the instructions in OP again.

jimbridgman said:
ok adb in and remove the files you used.
Code:
adb shell
cd /data/local
rm setup_webtop.sh
rm mountosh
rm mountosh1
rm unlock_webtop.tar
rm webtop_setup.log
mount -o remount, rw /system
cd /system/bin
rm mountosh
mv mountosh.orig mountosh
cd /data/local
mount -o remount, rw /system
End Code
Then go download the tarball again from the link in the OP (I made a slight change in the script that should fix the error about stating the /tmp/osh directory), and do the instructions in OP again.
Click to expand...
Click to collapse
ok so when I tried to rm mountosh it gave me permissions denied.
EDIT** Ahh, I needed to be su after going into dab
Edit***: Jim When I try to run the webtop SH file I get this:
[email protected]:/data/local# sh ./setup_webtop.sh
./setup_webtop.sh: 116: Syntax error: "}" unexpected (expecting "fi")
[email protected]:/data/local#

voodoomurphy said:
ok so when I tried to rm mountosh it gave me permissions denied.
EDIT** Ahh, I needed to be su after going into dab
Edit***: Jim When I try to run the webtop SH file I get this:
[email protected]:/data/local# sh ./setup_webtop.sh
./setup_webtop.sh: 116: Syntax error: "}" unexpected (expecting "fi")
[email protected]:/data/local#
Click to expand...
Click to collapse
Ok, I found the issue, I forgot to close out a new if loop I had to add to fix the last issue.
I have updated it, go re download and remove the files in /data/local
check to make sure that there is not a /system/mountosh.orig,
if there is, move it back to mountosh, and remove the mountosh script ONLY if there is a mountosh.orig. I am guessing that there is not one since this most likely did not run at all.
P.S. I can't test it, since I don't have my replacement phone yet, they did not have any in stock at the repair center, so Motorola had to send me a new one on Sat. I should have it tomorrow or Wed. at the latest, I will have to do all of these things again, and I can test it then is depth a little more. Otherwise if you don't mind Being the guinea pig I will fix any issues ASAP.

jimbridgman said:
Ok, I found the issue, I forgot to close out a new if loop I had to add to fix the last issue.
I have updated it, go re download and remove the files in /data/local
check to make sure that there is not a /system/mountosh.orig,
if there is, move it back to mountosh, and remove the mountosh script ONLY if there is a mountosh.orig. I am guessing that there is not one since this most likely did not run at all.
P.S. I can't test it, since I don't have my replacement phone yet, they did not have any in stock at the repair center, so Motorola had to send me a new one on Sat. I should have it tomorrow or Wed. at the latest, I will have to do all of these things again, and I can test it then is depth a little more. Otherwise if you don't mind Being the guinea pig I will fix any issues ASAP.
Click to expand...
Click to collapse
Well Now I get this when I try to open the sh file:
[email protected]:/data/local# sh ./setup_webtop.sh
.: Can't open /osh/upath.sh
[email protected]:/data/local#
I'll Keep trying as long as you think it's fixable. Last thing I want is to lose my web top entirely.
EDIT**: Right now when I connect my phone to my monitor I get a moving Motorola logo like it's a screen saver.

voodoomurphy said:
Well Now I get this when I try to open the sh file:
[email protected]:/data/local# sh ./setup_webtop.sh
.: Can't open /osh/upath.sh
[email protected]:/data/local#
I'll Keep trying as long as you think it's fixable. Last thing I want is to lose my web top entirely.
EDIT**: Right now when I connect my phone to my monitor I get a moving Motorola logo like it's a screen saver.
Click to expand...
Click to collapse
It is fixable! I used to be a system admin, (before I switched to consulting and system architecture) and you can always fix it until it no longer boots.
when you ran the script, did fully run and did you see files being copied, and did it reboot your phone?
ok, now I need you to run a few commands and collect some data. post the output here, after you get it.
Code:
adb shell
su
/system/bin/fdisk -l /dev/block/mmcblk0 | grep -i linux
busybox df -h
ls -l /system/mountosh
ls -l /system/mountosh.orig
cd /osh
cd /osh/etc
ls -l
End Code
I am suspecting that the script somehow applied the patch, and the FACLs and MACLs are still in place.
If things look good, then we will try and move tomoyo out of the way.

jimbridgman said:
It is fixable! I used to be a system admin, (before I switched to consulting and system architecture) and you can always fix it until it no longer boots.
when you ran the script, did fully run and did you see files being copied, and did it reboot your phone?
ok, now I need you to run a few commands and collect some data. post the output here, after you get it.
Code:
adb shell
su
/system/bin/fdisk -l /dev/block/mmcblk0 | grep -i linux
busybox df -h
ls -l /system/mountosh
ls -l /system/mountosh.orig
cd /osh
cd /osh/etc
ls -l
End Code
I am suspecting that the script somehow applied the patch, and the FACLs and MACLs are still in place.
If things look good, then we will try and move tomoyo out of the way.
Click to expand...
Click to collapse
files did copy, but then it all errored out. BTW I went back in and followed your instructions for the partitioning.
here's what I have from the code you asked for:
Chris-Murphys-MacBook-Pro:~ chrismurphy$ adb shell
[email protected]:/$ su
[email protected]:/# /system/bin/fdisk -l /dev/block/mmcblk0 | grep -i linux
/dev/block/mmcblk0p2 33 192864 6170624 83 Linux
[email protected]:/# busybox df -h
Filesystem Size Used Available Use% Mounted on
tmpfs 464.7M 76.0K 464.6M 0% /dev
tmpfs 464.7M 0 464.7M 0% /mnt/asec
tmpfs 464.7M 0 464.7M 0% /mnt/obb
/dev/block/system 477.5M 329.2M 148.3M 69% /system
/dev/block/userdata 4.5G 457.2M 4.1G 10% /data
/dev/block/cache 688.6M 16.7M 671.9M 2% /cache
/dev/block/pds 3.9M 1.1M 2.8M 28% /pds
/dev/block/preinstall
274.7M 23.5M 251.3M 9% /preinstall
/dev/block/vold/179:1
23.8G 4.0G 19.8G 17% /mnt/sdcard
/dev/block/vold/179:1
23.8G 4.0G 19.8G 17% /mnt/secure/asec
df: /mnt/sdcard/.android_secure: Invalid cross-device link
/mnt/sdcard 23.8G 4.0G 19.8G 17% /mnt/sdcard
/dev/block/dm-0 3.0M 1.8M 1.2M 60% /mnt/asec/com.ea.worms_na-1
[email protected]:/# ls -l /system/mountosh
/system/mountosh: No such file or directory
[email protected]:/# ls -l /system/mountosh.orig
/system/mountosh.orig: No such file or directory
[email protected]:/# cd /osh
[email protected]:/osh# cd /osh/etc
cd: can't cd to /osh/etc
[email protected]:/osh# ls -l
[email protected]:/osh# ls
[email protected]:/osh#

voodoomurphy said:
files did copy, but then it all errored out. BTW I went back in and followed your instructions for the partitioning.
here's what I have from the code you asked for:
Chris-Murphys-MacBook-Pro:~ chrismurphy$ adb shell
[email protected]:/$ su
[email protected]:/# /system/bin/fdisk -l /dev/block/mmcblk0 | grep -i linux
/dev/block/mmcblk0p2 33 192864 6170624 83 Linux
[email protected]son:/# busybox df -h
Filesystem Size Used Available Use% Mounted on
tmpfs 464.7M 76.0K 464.6M 0% /dev
tmpfs 464.7M 0 464.7M 0% /mnt/asec
tmpfs 464.7M 0 464.7M 0% /mnt/obb
/dev/block/system 477.5M 329.2M 148.3M 69% /system
/dev/block/userdata 4.5G 457.2M 4.1G 10% /data
/dev/block/cache 688.6M 16.7M 671.9M 2% /cache
/dev/block/pds 3.9M 1.1M 2.8M 28% /pds
/dev/block/preinstall
274.7M 23.5M 251.3M 9% /preinstall
/dev/block/vold/179:1
23.8G 4.0G 19.8G 17% /mnt/sdcard
/dev/block/vold/179:1
23.8G 4.0G 19.8G 17% /mnt/secure/asec
df: /mnt/sdcard/.android_secure: Invalid cross-device link
/mnt/sdcard 23.8G 4.0G 19.8G 17% /mnt/sdcard
/dev/block/dm-0 3.0M 1.8M 1.2M 60% /mnt/asec/com.ea.worms_na-1
[email protected]:/# ls -l /system/mountosh
/system/mountosh: No such file or directory
[email protected]:/# ls -l /system/mountosh.orig
/system/mountosh.orig: No such file or directory
[email protected]:/# cd /osh
[email protected]:/osh# cd /osh/etc
cd: can't cd to /osh/etc
[email protected]:/osh# ls -l
[email protected]:/osh# ls
[email protected]:/osh#
Click to expand...
Click to collapse
Ok, I see one issue, I think I miss-typed on location in those commands...
Run this for me.
Code:
adb shell
su
ls -l /system/bin/mountosh
ls -l /system/bin/mountosh.orig
End Code
show that to me...
It looks like /osh just is not mounted or the mountosh script is missing... That is easy to fix, at worst case if it is not there, that I can get for you when I get my replacement today or tomorrow.

jimbridgman said:
You are missing the script to mount the /osh parition completely that is why everything is not working. That means that right now, Android can't see anything on that partition, either the one you created or the one that ships with the phone.
About the best thing I can do right now is to have you hang tight until I have my replacement in hand and I can get a copy of the original mountosh file for you, so that the /osh parition will mount up again, that is a very easy fix for all this. Once I have that for you I will give you instructions on what to do to get you back up and running.
I was hoping that is all it was.
It looks like when you were cleaning up after one of the script runs you removed the mountosh.orig instead of moving it back to mountosh.
Click to expand...
Click to collapse
crap. User error strikes again. No Worries Jim, I will wait patiently. I wish there was a way to restore the whole phone to stock including the OSH info. Resetting up my phone prefs is damned easy. lol

voodoomurphy said:
crap. User error strikes again. No Worries Jim, I will wait patiently. I wish there was a way to restore the whole phone to stock including the OSH info. Resetting up my phone prefs is damned easy. lol
Click to expand...
Click to collapse
Wait I edited my post after you read it... I misread, re read.... oh well, here, twas my issue..
Ok, I see one issue, I think I miss-typed on location in those commands...
Run this for me.
Code:
adb shell
su
ls -l /system/bin/mountosh
ls -l /system/bin/mountosh.orig
End Code
show that to me...
It looks like /osh just is not mounted or the mountosh script is missing... That is easy to fix, at worst case if it is not there, that I can get for you when I get my replacement today or tomorrow.

jimbridgman said:
Wait I edited my post after you read it... I misread, re read.... oh well, here, twas my issue..
Ok, I see one issue, I think I miss-typed on location in those commands...
Run this for me.
Code:
adb shell
su
ls -l /system/bin/mountosh
ls -l /system/bin/mountosh.orig
End Code
show that to me...
It looks like /osh just is not mounted or the mountosh script is missing... That is easy to fix, at worst case if it is not there, that I can get for you when I get my replacement today or tomorrow.
Click to expand...
Click to collapse
[email protected]:/# ls -l /system/mountosh
/system/mountosh: No such file or directory
[email protected]:/# ls -l /system/mountosh.orig
/system/mountosh.orig: No such file or directory
[email protected]:/#
here's an LS of the directory:
[email protected]:/# ls
cdrom
misc
pds
config
cache
sdcard-ext
sdcard
acct
tmp
preinstall
osh
mnt
vendor
d
etc
ueventd.rc
ueventd.mapphone_umts.rc
ueventd.mapphone_cdma.rc
ueventd.goldfish.rc
system
sys
sbin
proc
init_prep_keypad.sh
init.rc
init.mapphone_umts.rc
init.mapphone_cdma.rc
init.goldfish.rc
init
default.prop
data
bin
root
dev
[email protected]:/#

voodoomurphy said:
[email protected]:/# ls -l /system/mountosh
/system/mountosh: No such file or directory
[email protected]:/# ls -l /system/mountosh.orig
/system/mountosh.orig: No such file or directory
[email protected]:/#
here's an LS of the directory:
[email protected]:/# ls
cdrom
misc
pds
config
cache
sdcard-ext
sdcard
acct
tmp
preinstall
osh
mnt
vendor
d
etc
ueventd.rc
ueventd.mapphone_umts.rc
ueventd.mapphone_cdma.rc
ueventd.goldfish.rc
system
sys
sbin
proc
init_prep_keypad.sh
init.rc
init.mapphone_umts.rc
init.mapphone_cdma.rc
init.goldfish.rc
init
default.prop
data
bin
root
dev
[email protected]:/#
Click to expand...
Click to collapse
I did the same thing.... take a look again.
it is....
Code:
adb shell
su
ls -l /system/bin/mountosh
ls -l /system/bin/mountosh.orig
End Code
I typed it wrong the first time....

jimbridgman said:
I did the same thing.... take a look again.
it is....
Code:
adb shell
su
ls -l /system/bin/mountosh
ls -l /system/bin/mountosh.orig
End Code
I typed it wrong the first time....
Click to expand...
Click to collapse
[email protected]:/# ls -l /system/bin/mountosh
/system/bin/mountosh: No such file or directory
[email protected]:/# ls -l /system/bin/mountosh.orig
/system/bin/mountosh.orig: No such file or directory
[email protected]:/#

voodoomurphy said:
[email protected]:/# ls -l /system/bin/mountosh
/system/bin/mountosh: No such file or directory
[email protected]:/# ls -l /system/bin/mountosh.orig
/system/bin/mountosh.orig: No such file or directory
[email protected]:/#
Click to expand...
Click to collapse
Ok, so then they really are not there... So, Sit tight I will get the original mountosh that they ship on my replacement, and get it uploaded for you, then you can run the script again... that is why all the errors happened, since /osh was not mounted, from the original ( do alot of tests for it to be there in my script), and it could not mount since the script that does this was not there, nor the one I hacked to mount our partition over the default one.

[HOWTO] Use pattern lock and device encryption

Normally, a pattern/gesture lock is not available when device encryption is activated.
But the lockscreen can be reactivated by changing the corresponding settings in /data/data/com.android.providers.settings/databases/settings.db to the values used for the pattern lock before enabling device encryption, namely resetting lockscreen.password_type to PASSWORD_QUALITY_SOMETHING.
If you don't run Android 4.0.4, you may verify that android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_SOMETHING still corresponds to 0x10000.
Enter a root shell and execute:
Code:
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='65536' WHERE name = 'lockscreen.password_type'"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='1' WHERE name = 'lockscreen.patterneverchosen'"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='1' WHERE name = 'lock_pattern_autolock'"
Generate a new gesture.key with the attached perl script (call it without arguments for help) and transfer it to the device:
Code:
mv gen-gesture.key.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
./gen-gesture.key.pl 01258 > gesture.key
adb push gesture.key /mnt/sdcard/Download/
adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^C
Reboot the device.
This was tested on my Samsung Galaxy S3 with Android 4.0.4.
Thanks to robberknight who initiated a thread about PIN locks and encryption.

Thanks for the post!
I tried this today with my Samsung Galaxy Note 2 but it didn't work (Android 4.1)
The only thing I couldn't do (regarding to your how-to) was using the sqlite3 command from the shell, because there is no sqlite3 on my device (installing it with "SQLite Installer for root" didn't work either, I'm getting a "CANNOT LINK EXECUTABLE" error). So I just pulled the settings.db to my computer, editied it with an sqlite-manager and pushed it back. But I guess this shouldn't make any difference ...
I simply can't get rid of the password unlock screen, no matter what I enter in the sqlite database.
And I would be happy if I could even use a PIN instead of an alphanumeric password (which is the only option for encryption now)
By the way, what did you mean with "If you don't run Android 4.0.4, you may verify that android.app.admin.DevicePolicyManager.PASSWORD_QUA LITY_SOMETHING still corresponds to 0x10000."?
On my phone this constant is 65536
Right now this would be my lock-settings from the settings.db:
"103","lock_after_timeout_rollback","60000"
"35","lock_motion_tilt_to_unlock","0"
"107","lock_pattern_autolock","1"
"108","lock_pattern_visible_pattern","0"
"104","lock_screen_lock_after_timeout","60000"
"94","lock_screen_owner_info","..."
"95","lock_screen_owner_info_enabled","1"
"59","lock_screen_quick_note","1"
"36","lock_signature_visible_pattern","1"
"29","lockscreen.disabled","0"
"109","lockscreen.lockexchange.enable","0"
"34","lockscreen.options","enable_facelock"
"105","lockscreen.password_type","65536"
"106","lockscreen.patterneverchosen","1"

Found the solution on my own: Just delete the /data/system/locksettings.db (this one was empty on my device anyway)
After a restart the lock-keys of settings.db now finally work. I guess there is some caching in place and removing the locksettings.db forces Android to update the settings of the lock-screen.

Hello!
This sounds very interesting.
How to define the unlock pattern:
Does the perl-script create a pattern/gesture that corresponds to the digits you entered. In your example:
gen-gesture.key.pl 01258 > gesture.key - This makes your pattern 01258? (Since there is no dot inte 3x3 pattern matrix to represent a "0" then this cannot be correct.)
How do I define the pattern I want to use then? Is this done separately by going in to the settings later when the phone is booted? I don't dare to do this in fear of "locking" the device with a pattern/gesture that I don't know.
I hope to get your help here...
Thank you!

Thank you very much mod23! My phone is finally usable again
Works as described on Galaxy R with leaked ICS.
-Android Freak- said:
This makes your pattern 01258? (Since there is no dot inte 3x3 pattern matrix to represent a "0" then this cannot be correct.)
Click to expand...
Click to collapse
Was confused at first as well, but running the perl script without arguments tells us:
0 1 2
3 4 5
6 7 8
Afterwards, you won't be able to change it in the settings. I think you have to newly generate the gesture.key

Warning
I do not want to give lessons to anybody, but just to highlight how the unlock pattern protection is low, thwarting almost certainly the extra layer of protection that is supposed to be brought by Android full-phone encryption. Just consider the following remarks:
1) Contrary to a PIN code, pattern lock equivalent digits will be linked to each other (except if you are really really cunning). For example, if you start at digit 0, the following digits are to be 1,4 or 3. Thus decreasing dramatically the entropy of the underlying number.
2) You can't use the same digit two times. As an example, try the greek PHI symbol. The equivalent PIN code can't be 03452147, because 4 can't be used two times. The equivalent code must be simpler: 034521 7. You will agree that this greatly reduces the number of possible equivalent PIN codes you can achieve with pattern lock.
3) The protection mechanism offered by Android is way too weak in my opinion for such lock mechanism. After 3 failed attempts, your phone just ask you to wait for 30 sec. It does not shutdown.
4) But the killing argument is: you have grease under your fingers. Except if you systematically think to wipe the screen of your phone after unlocking your phone, the gesture will let a fingerprint corresponding to the gesture you will repeat several times per day. Try by yourself, and see how easy it is to see the lock pattern used with an oblique light source.
So, if I was to steal your phone to have access to your personal data you think secured by encryption, I would
1) Steal your phone when it is on
2) Realize that it is "protected" by lock pattern
2) Use an oblique light with the almost certainty that I will see the fingerprint of the pattern lock (except if you wipe systematically your screen, or you wash your hands always before unlocking your phone).
3) Try to draw the pattern in one direction.
4) Try it in the other direction if it fails. Almost sure to unlock the phone at this point (except if the pattern is really really intricate).
5) Once your phone is unlocked, I could do whatever I would want to with it. So no need to be the king of crackers.
I hope, after reading this, you will reconsider using pattern lock in parallel to encryption. In my opinion, it is a total nonsense. But it is my only personal opinion. Just judge by yourself.
Edit:
------
For me, the only way, both secure and practical, to secure your phone is by using a PIN code of at least 4 numbers (6 is better). PIN codes let fingerprints much harder to "interpret" than unlock pattern. Then use a handy tool like EncPassChanger to have a true complex password for decryption at boot time. And, if you are clearly paranoid, follow this great tip: http://forum.xda-developers.com/showpost.php?p=26730989&postcount=2.
And, something that people may forget, always double check that USB debugging is disabled.

lolo250612 said:
For me, the only way, both secure and practical, to secure your phone is by using a PIN code of at least 4 numbers (6 is better). PIN codes let fingerprints much harder to "interpret" that unlock pattern. Then use a handy tool like EncPassChanger to have a true complex password for decryption only at boot time. And, if you are clearly paranoid, follow this great tip: http://forum.xda-developers.com/showpost.php?p=26730989&postcount=2.
Click to expand...
Click to collapse
There is one big problem with your solution: The SD card. The SD card is encrypted with your PIN Code as well, which is stored in the same file as your screen-unlock-PIN code. I have no idea why the Google developers choose to use the same file for everything, but they did. So your solution is a good idea as long as you don't care about the security of your SD card.

On my phone (Lenvo A789, with ICS 4.0.4), the sdcards (both internal and external) are not encrypted at all. Only /data and other "system" partitions. You can view them with Terminal Emulator, by typing the mount command. The encrypted partitions correspond to /dev/block/dm-x (x is a number). Just to be clear, I mean "sdcards", the partition /mnt/sdcard or /mnt/sdcard2 as reported by Android and mounted as such.
Anyway. I am certainly not an expert in security. I am just trying to document myself to have an overview of the security mechanisms I use. But, if I am right, your encrypted partitions are not encrypted directly with your password or your PIN code. They are encrypted by a random key generated by Android when you start the encryption process. This master key is then encrypted itself at first by your PIN code (if you choose this option) before being saved in a file. That's what allows the user to change his password without having to re-encrypt everything. And I agree with you, this is a major security flaw, as a password with only digits can be cracked in a few µsec by a casual PC, if somebody has access physically to the content of your phone memory and this key file.
This is where EncPassChanger acts. It reencrypts your master key (not the data itself) with a password that can be complex as you don't type it everytime you unlock your phone.
So you have your PIN code to unlock your phone when it is on ( and only when it is on); it does not decrypt anything, decryption only occurs at boot time; it just gives you access to the UI and allows you to interact with your phone. And you have a strong password for the encryption of the data that lay physically on the memory (even when the phone is off), that allows Android to decrypt your master encryption key at boot, and therefore your data. And the PIN code cannot be used to decrypt your encryption master key any longer.
"Online" protection (phone lock) and "offline" protection (encryption of data lying "physically" on the memory) are really two different things. They become completely disconnected from each other once you use EncPassChanger to make the encryption/decryption password different from the initial PIN code. The only thing you have to be careful about, is that if you change your PIN code for whatever reasons, Android reencrypts the master encryption key with this new PIN code, droping the job done previously by EncPassChanger. So you have to use it again.
And the fact that, for a reason I don't see clearly, your sdcard would be encrypted as well as /data, does not change anything to that.
But I may be wrong, don't I ?
For more extensive details, see: http://nelenkov.blogspot.fr/2012/08/changing-androids-disk-encryption.html and http://source.android.com/tech/encryption/android_crypto_implementation.html
And even more details (Android encryption is in fact more or less Linux LUKS): http://www.markus-gattol.name/ws/dm-crypt_luks.html

Confirmed working on Nexus 10 and Nexus 4 with 4.2.2
Check for records in settings.db first!
If they don't exist, use this method.
On newer devices, the fields above do not exist in the settings.db file once encryption has been activated. The proper way to do this for a device is to confirm the settings are there, and if not, go through the below process (note the INSERTs instead of UPDATEs).
Create gesture.key using the Perl script and copy to SDCARD
Ensure device is unlocked and keep screen active while running the below code. If the device locks, you can get stuck on a black screen after removing /data/system/locksettings.db.
Run the below code.
Code:
su -
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lockscreen.password_type', '65536')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lockscreen.patterneverchosen', '1')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lock_pattern_autolock', '1')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lock_pattern_visible_pattern', '1')"
cat /mnt/sdcard/gesture.key > /data/system/gesture.key
rm /data/system/locksettings.*
Reboot
Lastly, combine with EncPassChanger to use a 20+ character encryption password at boot to ease your mind about brute force attempts.
Thanks,
Ben

Fmstrat said:
Confirmed working on Nexus 10 and Nexus 4 with 4.2.2
Check for records in settings.db first!
If they don't exist, use this method.
On newer devices, the fields above do not exist in the settings.db file once encryption has been activated. The proper way to do this for a device is to confirm the settings are there, and if not, go through the below process (note the INSERTs instead of UPDATEs).
Create gesture.key using the Perl script and copy to SDCARD
Ensure device is unlocked and keep screen active while running the below code. If the device locks, you can get stuck on a black screen after removing /data/system/locksettings.db.
Run the below code.
Code:
su -
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lockscreen.password_type', '65536')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lockscreen.patterneverchosen', '1')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lock_pattern_autolock', '1')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lock_pattern_visible_pattern', '1')"
cat /mnt/sdcard/gesture.key > /data/system/gesture.key
rm /data/system/locksettings.*
Reboot
Lastly, combine with EncPassChanger to use a 20+ character encryption password at boot to ease your mind about brute force attempts.
Thanks,
Ben
Click to expand...
Click to collapse
Thanks for the update. I want to give this a try on my Razr Maxx HD running 4.1.1, any idea if this will work? Also, in your info here, your code says:
Code:
('lockscreen.password_type', '65536')"
But isn't it impossible to use the same number twice? Not sure I understand this correctly if that is a true pattern lock sequence.

gadsden said:
Thanks for the update. I want to give this a try on my Razr Maxx HD running 4.1.1, any idea if this will work? Also, in your info here, your code says:
Code:
('lockscreen.password_type', '65536')"
But isn't it impossible to use the same number twice? Not sure I understand this correctly if that is a true pattern lock sequence.
Click to expand...
Click to collapse
I don't see any reason why it wouldn't work, but of course, no guarantees. As for the password_type, 65536 is a code saying "use the pattern lock", it is not the same as the string of numbers used with the python file to create your gesture.key file.
Thanks,
Ben

Fmstrat said:
Confirmed working on Nexus 10 and Nexus 4 with 4.2.2
Check for records in settings.db first!
If they don't exist, use this method.
On newer devices, the fields above do not exist in the settings.db file once encryption has been activated. The proper way to do this for a device is to confirm the settings are there, and if not, go through the below process (note the INSERTs instead of UPDATEs).
Create gesture.key using the Perl script and copy to SDCARD
Ensure device is unlocked and keep screen active while running the below code. If the device locks, you can get stuck on a black screen after removing /data/system/locksettings.db.
Run the below code.
Code:
su -
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lockscreen.password_type', '65536')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lockscreen.patterneverchosen', '1')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lock_pattern_autolock', '1')"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "INSERT INTO secure (name, value) values ('lock_pattern_visible_pattern', '1')"
cat /mnt/sdcard/gesture.key > /data/system/gesture.key
rm /data/system/locksettings.*
Reboot
Lastly, combine with EncPassChanger to use a 20+ character encryption password at boot to ease your mind about brute force attempts.
Thanks,
Ben
Click to expand...
Click to collapse
Ok, I'm ready to do this, but I am afraid I have no idea what I'm doing! I couldn't find the settings.db like you said might happen. I tried running the perl script, but got permission denied when it tried to create /data/system/gesture.key. It did create the key and push it to the device, but then it stopped there.
After I verified it did push the gesture.key, I tried running the sqlite3 code in root shell. Some of the commands said adb does not recognize this command as an internal or external command. I have never ran commands like the ones shown here for sqlite3. My adb experience is pretty limited to following directions to root. I have done manual roots in adb, so I understand some basic commands, but this is out of my league! Can you help me a little bit to do this with some steps that are more beginner-ish? If you can help me out (PM is fine), I'll be glad to type out the instructions in an organized way for others to follow in the future. I really want to be able to set this up, any help would be greatly appreciated.

Ok, I think I need to stop messing with this now, been working on it all day! I ran all the sqlite3 commands you said, and got stuck at the cat command. It says no such file or directory. I think I did the perl script wrong and never got the gesture key done right. It pushed a file called gesture.key, but I don't know if it's right. I am not sure how to run the perl script, really. I have to get back to my job that I haven't done anything at today, yikes! Any help is appreciated.

Ok, I didn't quite understand the concept of how this worked yesterday, so I spent some more time on it today. I thought the perl script was to be ran from the PC. I didn't understand that I was supposed to be loosely following the steps in the other thread referenced here. Having no experience whatsoever with python, I didn't know what to do. Now, I understand the process, I am just having a little trouble. So far I have followed these instructions.
Fmstrat said:
Check for records in settings.db first!
If they don't exist, use this method.
Click to expand...
Click to collapse
I looked and could not find this, so I proceeded as described.
azoom1 said:
1) Load SLA4
2) Menu-View-Interpreters
3) Menu-Add
4) Select Python 2.6.2 - the SLA4 app will go get Python and intall it with the correct linking
5) Exit SLA4, then start Python and select Install, and when finished, exit Python
6) Put the pin_change.py file in the SLA4 "scripts" directory
7) Start SLA4
After that, when SLA4 is run you should see the script in the pick list. Upon selection SLA4 will pop-up an icon select-list. Pick the gear, which will run the script.
Click to expand...
Click to collapse
(I pasted this from the other thread, I did not use the script name here, I did use gen-gesture.key.py)
I installed SLA4 as described here and went to run the script with the gear icon. When I run it, all I get is a notification that gen-gesture.key.py was exited. Reading that I am supposed to generate the key, then copy it to the SD card, I thought maybe it did generate the gesture.key and I just have to find it, but I looked everywhere through files and couldn't find the file anywhere. I did locate a log file, gen-gesture.key.py.log, but it was blank, nothing to see.
Thinking there might have been a problem with the script, I tried to use the QR code here, but python said "Invalid QR code content". I double checked my script and I don't appear to have missed anything when I copied it, so I am lead to believe there is something else I am missing about how to use python. Only other thing I can think of that's wrong is the script extension, I used .py to run it in python, but wonder if it's supposed to be .pl since it's perl, or if I need .py to run it in python and the script runs as a perl script like that.
So, I am trying really hard to do this, I'm trying to learn on my own, but a little help would be really nice if anyone is able.

Bumped for help!

gadsden said:
Bumped for help!
Click to expand...
Click to collapse
You should not need to follow any directions in another thread. The Perl script is intended to be run on a PC, not on the phone, so there is no need for Perl to be installed. Running the script with out any arguments prints out the pattern of the android lock screen but instead of dots it has numbers. Run the script with the numbers after it as provided in the example in post number 1 to create the gesture.key file on your PC. Then copy that file over to the phone as described.
I'm also a little confused by your comment about not finding settings.db. I can think of no reason why the file would not exist, unless you mean that the records were not in the database file.
Thanks,
Ben

Fmstrat said:
You should not need to follow any directions in another thread. The Perl script is intended to be run on a PC, not on the phone, so there is no need for Perl to be installed. Running the script with out any arguments prints out the pattern of the android lock screen but instead of dots it has numbers. Run the script with the numbers after it as provided in the example in post number 1 to create the gesture.key file on your PC. Then copy that file over to the phone as described.
I'm also a little confused by your comment about not finding settings.db. I can think of no reason why the file would not exist, unless you mean that the records were not in the database file.
Thanks,
Ben
Click to expand...
Click to collapse
You said to check for records in settings.db first. When I search through my files, I can locate the directory data/data/com.android.providers.settings, but there is nothing inside of it. So, I did run the sqlite codes. I ran each line separately, and it said Error:too many options. So, I ran them all together and no errors came back. However, I still can't find anything in the directory.
Then to run the script, there is an attached file here called gen-gesture.key.pl.txt. Am I supposed to put that file into my platform tools folder and use the mv gen-gesture.key code to call the script? Or do I paste the text in the txt file into adb? I have tried running everything explained here in root shell in adb, I thought that was how I am supposed to do it, but I seem to be missing something. Sorry for the basic questions, but I'm still learning here.

Fmstrat said:
You should not need to follow any directions in another thread. The Perl script is intended to be run on a PC, not on the phone, so there is no need for Perl to be installed. Running the script with out any arguments prints out the pattern of the android lock screen but instead of dots it has numbers. Run the script with the numbers after it as provided in the example in post number 1 to create the gesture.key file on your PC. Then copy that file over to the phone as described.
I'm also a little confused by your comment about not finding settings.db. I can think of no reason why the file would not exist, unless you mean that the records were not in the database file.
Thanks,
Ben
Click to expand...
Click to collapse
Here's what I did so far.
1) Installed perl because it wasn't on my computer
2) changed permissions on /data/data/com.android.providers.settings/databases/settings.db to 777 so I could view the files in DDMS. Checked the settings.db and when I outputted it as a text file, all I got was a blank document
3) installed sqlite3 on my phone with sqlite installer
4) Entered root shell and entered
Code:
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='65536' WHERE name = 'lockscreen.password_type'"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='1' WHERE name = 'lockscreen.patterneverchosen'"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='1' WHERE name = 'lock_pattern_autolock'"
I didn't know if I was supposed to run each line individually, or all at once, so I did it both ways. neither one had an error
5) Saved the gen-gesture.key.pl.txt file to my platform tools folder. Ran
Code:
perl gen.gesture.key.pl.txt
It came back with this
Code:
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>perl C:\Android\ad
t-bundle-windows-x86-20130219\sdk\platform-tools\gen-gesture.key.pl.txt
Usage: gen-gesture.key.pl <sequence>
With sequence as number sequence drawn on this keypad:
0 1 2
3 4 5
6 7 8
The generated binary output has to be put into: /data/system/gesture.key
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>
6) then entered this all at once
Code:
mv gen-gesture.key.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
./gen-gesture.key.pl 01258 > gesture.key
adb push gesture.key /mnt/sdcard/Download/
adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^C
it came back with a bunch of errors and left me at root shell. I figured maybe I was supposed to run it from root shell anyway, so I entered it again. The very first command came back as "mv" is not a recognized internal or external command. I tried it a couple more times, but I'm not following what's supposed to happen here. I did do a reboot of the phone and when I did so, the lock settings were disabled. So, something is happening, but not everything that needs to. I I've probably spent over 12 hours on this over the past week and I am sure I'm doing it wrong. The OP doesn't describe in detail how a beginner needs to do this. I've learned as much as I can, but seeing as how I even got stuck on not knowing I needed to install perl, I'm positive that I'm missing more. The post just isn't beginner friendly. I'm trying hard to understand this but I'm becoming really discouraged here. Can someone provide a little more info here.
Here's the whole session if it helps
Code:
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>perl C:\Android\ad
t-bundle-windows-x86-20130219\sdk\platform-tools\gen-gesture.key.pl.txt
Usage: gen-gesture.key.pl <sequence>
With sequence as number sequence drawn on this keypad:
0 1 2
3 4 5
6 7 8
The generated binary output has to be put into: /data/system/gesture.key
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>mv gen-gesture.key
.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
'mv' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>./gen-gesture.key.
pl 01258 > gesture.key
'.' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb push gesture.k
ey /mnt/sdcard/Download/
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^Csu -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
[email protected]:/ $ su -
re.key > /data/system/gesture.key <
[email protected]:/ # mv gen-gesture.key.pl.txt gen-gesture.key.pl && chmod +x gen-g
esture.key.pl
./gen-gesture.key.pl 01258 > gesture.key
adb push gesture.key /mnt/sdcard/Download/
adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
n-gesture.key.pl && chmod +x gen-gesture.key.pl <
sh: ^Cmv: not found
adb push gesture.key /mnt/sdcard/Download/
adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
127|[email protected]:/ # ./gen-gesture.key.pl 01258 > gesture.key
sh: can't create gesture.key: Read-only file system
1|[email protected]:/ # adb push gesture.key /mnt/sdcard/Download/
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
error: device not found
1|[email protected]:/ # adb shell
error: device not found
1|[email protected]:/ # su -
re.key > /data/system/gesture.key <
[email protected]:/ #
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>mv gen-gesture.key
.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
'mv' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>./gen-gesture.key.
pl 01258 > gesture.key
'.' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb push gesture.k
ey /mnt/sdcard/Download/
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^Csu -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
[email protected]:/ $ su -
re.key > /data/system/gesture.key <
[email protected]:/ # exit
^Cexit
sh: ^Cexit: not found
127|[email protected]:/ # exit
exit
127|[email protected]:/ $ exit
exit
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>mv gen-gesture.key
.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
'mv' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>./gen-gesture.key.
pl 01258 > gesture.key
'.' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb push gesture.k
ey /mnt/sdcard/Download/
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^Csu -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
[email protected]:/ $ su -
re.key > /data/system/gesture.key <
[email protected]:/ #

Been working on this for a whole week now, just wondering if I'm even on the right track here?
gadsden said:
Here's what I did so far.
1) Installed perl because it wasn't on my computer
2) changed permissions on /data/data/com.android.providers.settings/databases/settings.db to 777 so I could view the files in DDMS. Checked the settings.db and when I outputted it as a text file, all I got was a blank document
3) installed sqlite3 on my phone with sqlite installer
4) Entered root shell and entered
Code:
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='65536' WHERE name = 'lockscreen.password_type'"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='1' WHERE name = 'lockscreen.patterneverchosen'"
sqlite3 -batch /data/data/com.android.providers.settings/databases/settings.db "UPDATE secure SET value='1' WHERE name = 'lock_pattern_autolock'"
I didn't know if I was supposed to run each line individually, or all at once, so I did it both ways. neither one had an error
5) Saved the gen-gesture.key.pl.txt file to my platform tools folder. Ran
Code:
perl gen.gesture.key.pl.txt
It came back with this
Code:
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>perl C:\Android\ad
t-bundle-windows-x86-20130219\sdk\platform-tools\gen-gesture.key.pl.txt
Usage: gen-gesture.key.pl <sequence>
With sequence as number sequence drawn on this keypad:
0 1 2
3 4 5
6 7 8
The generated binary output has to be put into: /data/system/gesture.key
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>
6) then entered this all at once
Code:
mv gen-gesture.key.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
./gen-gesture.key.pl 01258 > gesture.key
adb push gesture.key /mnt/sdcard/Download/
adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^C
it came back with a bunch of errors and left me at root shell. I figured maybe I was supposed to run it from root shell anyway, so I entered it again. The very first command came back as "mv" is not a recognized internal or external command. I tried it a couple more times, but I'm not following what's supposed to happen here. I did do a reboot of the phone and when I did so, the lock settings were disabled. So, something is happening, but not everything that needs to. I I've probably spent over 12 hours on this over the past week and I am sure I'm doing it wrong. The OP doesn't describe in detail how a beginner needs to do this. I've learned as much as I can, but seeing as how I even got stuck on not knowing I needed to install perl, I'm positive that I'm missing more. The post just isn't beginner friendly. I'm trying hard to understand this but I'm becoming really discouraged here. Can someone provide a little more info here.
Here's the whole session if it helps
Code:
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>perl C:\Android\ad
t-bundle-windows-x86-20130219\sdk\platform-tools\gen-gesture.key.pl.txt
Usage: gen-gesture.key.pl <sequence>
With sequence as number sequence drawn on this keypad:
0 1 2
3 4 5
6 7 8
The generated binary output has to be put into: /data/system/gesture.key
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>mv gen-gesture.key
.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
'mv' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>./gen-gesture.key.
pl 01258 > gesture.key
'.' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb push gesture.k
ey /mnt/sdcard/Download/
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^Csu -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
[email protected]:/ $ su -
re.key > /data/system/gesture.key <
[email protected]:/ # mv gen-gesture.key.pl.txt gen-gesture.key.pl && chmod +x gen-g
esture.key.pl
./gen-gesture.key.pl 01258 > gesture.key
adb push gesture.key /mnt/sdcard/Download/
adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
n-gesture.key.pl && chmod +x gen-gesture.key.pl <
sh: ^Cmv: not found
adb push gesture.key /mnt/sdcard/Download/
adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
127|[email protected]:/ # ./gen-gesture.key.pl 01258 > gesture.key
sh: can't create gesture.key: Read-only file system
1|[email protected]:/ # adb push gesture.key /mnt/sdcard/Download/
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
error: device not found
1|[email protected]:/ # adb shell
error: device not found
1|[email protected]:/ # su -
re.key > /data/system/gesture.key <
[email protected]:/ #
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>mv gen-gesture.key
.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
'mv' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>./gen-gesture.key.
pl 01258 > gesture.key
'.' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb push gesture.k
ey /mnt/sdcard/Download/
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^Csu -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
[email protected]:/ $ su -
re.key > /data/system/gesture.key <
[email protected]:/ # exit
^Cexit
sh: ^Cexit: not found
127|[email protected]:/ # exit
exit
127|[email protected]:/ $ exit
exit
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>mv gen-gesture.key
.pl.txt gen-gesture.key.pl && chmod +x gen-gesture.key.pl
'mv' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>./gen-gesture.key.
pl 01258 > gesture.key
'.' is not recognized as an internal or external command,
operable program or batch file.
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb push gesture.k
ey /mnt/sdcard/Download/
C:\Android\adt-bundle-windows-x86-20130219\sdk\platform-tools>adb shell
su -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
^Csu -
cat /mnt/sdcard/Download/gesture.key > /data/system/gesture.key
[email protected]:/ $ su -
re.key > /data/system/gesture.key <
[email protected]:/ #
Click to expand...
Click to collapse

thx

[MOD] Encrypt sdcard with EncFS

Introduction
While Android allows to encrypt the /data partition this is not the case for the sdcard with many ROMs. So there are many files on the sdcard that remain accessible for wicked persons who have physical access to it. This script is an attempt to solve this problem by encrypting the content of the sdcard with the help of EncFS.
This thread is for people who have an interest to encrypt their sdcard. If you don't need it of if you want to discuss the necessity of encrypting the sdcard or encryption in general, please stay away and open a new thread if necessary.
Why EncFS?
When I was looking for a proper way to encrypt my sdcard, I wanted the following points to be fulfilled:
well-known, strong encryption method - the encrypted data should be accessible with other devices and systems (e.g. with Windows, MacOS, Linux)
conventional plain data and encrypted data on one sdcard - some file possibly should stay unencrypted (e.g. files for osmand, video files,...)
shared space for plain and encrypted data - especially with small sdcards it is more comfortable to stay with one big partition instead of splitting the sdcard
EncFS fulfills these points. Furthermore, there are working binaries and build instructions for Android thanks to Cryptionite.
Is it stable? Will it slow down my device?
I'm running my phone with encrypted sdcard for about a year now without any serious problems. I tested it with Sultanxda's CM11 KitKat ROM and ivanich's CM12 Lollipop ROM so I expect it to work at least on every CM11 and CM12 ROM. Please let me know if it works / doesn't work for you.
Using encryption will obviously slow down the read/write speed from/to sdcard. However, for me it is fast enough. As encryption and decryption is taking place in the CPU I expect the deceleration to be less on slow sdcards. But this is only an assumption.
With a SanDisk Ultra Class10 and AES 128 Bit encryption I tested the speed with the dd method on Android Lollipop:
Without encryption:
Write: 9 Mb/s
Read: 21,3 Mb/s
With EncFS encryption:
Write: 4,5 Mb/s
Read: 19,4 MB/s
Again, I hope to hear about the speed you measure.
Installation Instructions
Please backup your device before you try this! I don't know if this is working on your device and ROM. Do it at your own risk! I'm not responsible for any damage or data loss!
encrypt your /data partition. Your password for the sdcard-encryption will be stored on /data in plain text, so this is essential
install the attached zip-file via recovery
create a folder named ".encrypted" in the root of your sdcard
create an EncFS repository in the ".encrypted" folder. This is not difficult, search for howtos if you don't know what to do. You can do this on your device via adb or terminal (as root):
Code:
/system/bin/mount.encfs /sdcard/.encrypted /sdcard/decrypted
or with Linux, Windows or MacOS (via MacPorts), for example:
Code:
encfs /path-to-sdcard/.encrypted /only-temporary
save the password you entered in /data/local/passwd on your phone (adb or terminal as root)
Code:
echo "your-encfs-password-here" > /data/local/passwd
reboot
if everything works, you have the decrypted files of the ".encrypted" folder in "/storage/sdcard0" and ordinary plain files on your sdcard in "/storage/sdcard1"
now you can move the data of your apps, photos, ringtones, music,... from "/storage/sdcard1" to "/storage/sdcard0"
After flashing a new ROM, you only have to flash the zip-file again.
How does it work?
The script is executed every time you mount your sdcard (at boot and when inserting the sdcard). To achieve this, the sdcard daemon at /system/bin/sdcard is replaced with a script which performs the mounting stuff. It is looking for the ".encrypted" folder on the sdcard. If the folder exists, it decrypts it with the password stored in "/data/local/passwd". You will have the following sdcard structure dependent of the presence of the ".encrypted" folder:
".encrypted" folder is present (and "/data/local/passwd" containing the right password):
/storage/sdcard0 -> the decrypted data of .encrypted (the EncFS folder)
/storage/sdcard1 -> all the data of your sdcard
".encrypted" folder is not present:
/storage/sdcard0 -> all the data of your sdcard
So if you rename or delete the ".encrypted" folder on your sdcard, the script should react as if it doesn't exist.
There are some apps which can be configured to use another folder as "sdcard0". These can make use of "sdcard1", especially if they must access big files very fast (like Osmand or some podcast-apps).
Where is the EncFS binary from?
The EncFS binary is an ARMv7-version taken from Cryptonite. You can also build it yourself and replace the one in the zip file.

[ Reserved ]

support!!

Info
Can i encrypt/decrypt a single folder in internal sdcard?

ki1120 said:
support!!
Click to expand...
Click to collapse
Yeah.. so... I don't know what to say...
ultrasound1991 said:
Can i encrypt/decrypt a single folder in internal sdcard?
Click to expand...
Click to collapse
This is exactly what cryptonite does. You can mount single encrypted folders via a comfortable GUI.
If you want to mount the folder automatically together with the sdcard my script can also be adjusted. However, umnounting the sdcard (from settings or when connecting USB) could be prevented. This sould be tested. You can ask me if you need help.

Info
Cryptonite is no longer supported.
I have smartphone with Android L, root, and only internal sdcard.
I want to use your script to mount an encrypted folder, that contain encfs6.xml file.
Can you help me? I am not a programmer.

EncFS (FUSE) UID, GID not set, always "0" ("root")
It's old though, I was experimenting on a KitKat. All sets up fine, just the permissions part. Whatever uid and gid is set in command, folder is always mounted as uid=0 and gid=0 i.e. root when checked by 'mount' command. Mount details are as under:
Code:
[email protected]:/ # mount | grep "storage/sdcard"
encfs /storage/sdcard0 fuse.encfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other 0 0
/dev/fuse /storage/sdcard1 fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
[email protected]:/ #
It's because sdcard daemon is run as root?
But apps need uid and gid 1023 (media_rw) or perhaps 1028 (sdcard_r). I'm not sure about this. As the init.qcom.rc lines say:
Code:
# create virtual SD card at /mnt/sdcard, based on the /data/media directory
# daemon will drop to user/group system/media_rw after initializing
# underlying files in /data/media wil be created with user and group media_rw (1023)
service sdcard /system/bin/sdcard -u 1023 -g 1023 -l /data/media /mnt/shell/emulated
class late_start
service fuse_sdcard1 /system/bin/sdcard -u 1023 -g 1023 /mnt/media_rw/sdcard1 /storage/sdcard1
.
Now, if I run command as user 1023 or 1028, encfs can't read /storage or /mnt directories due to restricted permissions:
Code:
[email protected]:/ # su 1023 /system/bin/mount.encfs -s -o "rw,nosuid,nodev,uid=1023,gid=1023,umask=006,allow_other" /mnt/media_rw/sdcard0/.encrypted /storage/sdcard0
The directory "/storage/sdcard0" does not exist. Should it be created? (y,n) y
Unable to create directory: : Permission denied
06:06:32 (main.cpp:435) Unable to locate mount point, aborting.
How to achieve this drop part?:
Code:
#daemon will drop to user/group system/media_rw after initializing
I think I'm missing something very simple.
And encfs latest static binary for arm can be made available somehow other than compiling? That's a real tough part.
Does EncFS work with Android 6+? If no, any similar alternatives i.e. command-line solution, not apps.

mirfatif said:
I think I'm missing something very simple.
Click to expand...
Click to collapse
Do you use the script I provided? It should create the sdcard as root before running encfs:
Code:
mkdir /storage/sdcard0 0700 root root
After that it runs encfs as root – the "drop part" is actually "uid=0,gid=01028" with which encfs mounts the encrypted folder:
Code:
/system/bin/mount.encfs -s -o "rw,nosuid,nodev,uid=0,gid=01028,umask=6,allow_other" /mnt/media_rw/sdcard0/.encrypted /storage/sdcard0
mirfatif said:
And encfs latest static binary for arm can be made available somehow other than compiling? That's a real tough part.
Click to expand...
Click to collapse
Development of Cryptonite seems quite inactive unfortunately. But there is a fork that seems to have some fixes for building, a build script and build instructions.
mirfatif said:
Does EncFS work with Android 6+? If no, any similar alternatives i.e. command-line solution, not apps.
Click to expand...
Click to collapse
I didn't test it with Android 6 as from there on adoptable storage is available. Adoptable storage fulfils most of the things I wanted for sdcard encryption (see my first post: strong encryption; conventional plain data and encrypted data). Thus, it basically makes my encfs-solution obsolete for Android 6+.

bastei said:
Do you use the script I provided? It should create the sdcard as root before running encfs:
Code:
mkdir /storage/sdcard0 0700 root root
After that it runs encfs as root – the "drop part" is actually "uid=0,gid=01028" with which encfs mounts the encrypted folder:
Code:
/system/bin/mount.encfs -s -o "rw,nosuid,nodev,uid=0,gid=01028,umask=6,allow_other" /mnt/media_rw/sdcard0/.encrypted /storage/sdcard0
Click to expand...
Click to collapse
I used these scripts without any problems on:
Android 4.4:
Code:
#!/system/bin/sh
#####################################################################################################
# DISABLE INTERNAL MEMORY (/data/media/0) AND USE EXTERNAL SD CARD AS INTERNAL STORAGE #
# ENCRYPT FILES ON EXTERNAL SD CARD FOR SECURITY #
# #
# STEPS: #
# 1. DIM i.e disable internal memory (KitKat, Lollipop), not explained here #
# #
# 2. change in boot.img > ramdisk > init.qcom.rc: #
# service fuse_sdcard0 /system/bin/sdcard -u 1023 -g 1023 -d /mnt/media_rw/sdcard0 /storage/sdcard0 #
# to #
# service fuse_sdcard1 /system/bin/sdcard -u 1023 -g 1023 -d /mnt/media_rw/sdcard0 /storage/sdcard1 #
# #
# ensure both lines exist in init.qcom.rc: #
# "mkdir /storage/sdcard1 0700 root root" and "mkdir /storage/sdcard0 0700 root root" #
# #
# 3. rename /system/bin/sdcard to sdcard_orig #
# 4. replace /system/bin/sdcard with this script (named "sdcard") #
# 5. copy encfs bianry to /system/bin #
# 6. set chmod +x permissions on all 3 files #
# #
# 7. encrypt internal storage (from settings) and save encfs password: #
# echo <your_password> | tee /data/local/pswd #
# 8. run this as root to mount encrypted directory: #
# /system/bin/encfs -o allow_other,umask=0 /mnt/media_rw/sdcard0/.encfs /data/local/SDCardTemp #
# copy all data on internal storage (/data/media/0/) to /data/local/SDCardTemp #
# reboot #
#####################################################################################################
export PATH=/system/bin:/system/xbin
# save log
mkdir -p /data/local/tmp
exec &>/data/local/tmp/encfs.log
date
echo "sdcard $*"
# mount encfs if not mounted already
if ! mountpoint /storage/sdcard0
then
cat /data/local/pswd | encfs -S /mnt/media_rw/sdcard0/.encfs /storage/sdcard0 -- -o allow_other,umask=0
# or may use uid=0,gid=1028,umask=006
fi
# pass original init command to sdcard daemon
sdcard_orig "[email protected]"
Android 5.0:
Code:
#!/system/bin/sh
# add following lines to boot.img > ramdisk > init.qcom.rc before sdcard service:
## service encfs /system/bin/encfs.sh
## oneshot
## class late_start
# save this script as /system/bin/encfs.sh
# copy encfs bianry to /system/bin
# chmod a+x /system/bin/encfs*
# echo <password> | tee /data/local/pswd
# /system/bin/encfs -o allow_other,umask=0 /data/media/encfs_crypted /data/local/SDCardTemp
# rsync -a --progress --exclude=encfs_crypted /data/media/ /data/local/SDCardTemp/
export PATH=/system/bin
# wait to avoid "PROTO_EXEC|PROTO_WRITE failed" error
sleep 5
# save log
exec &>/data/local/encfs.log
date
# mount encfs
exec cat /data/local/pswd | encfs -S /data/media_encfs_crypted /data/media -- -o uid=1023,gid=1023,umask=006,allow_other,nonempty &&
echo Mounted.
Mount options "nosuid" and "nodev" are set by default as a security measure. Mostly applications making use of FUSE (in kernel space) and optionally libfuse (in userspace) also set (or give a commandline parameters to set) "allow_other" and "default_permissions" options by default.
UMASK, UID, GID, ALLOW_OTHER
"umask" (or "dmask" and "fmask") needs to be provided explicitly to make files world accessible. Default mode set by "encfs" is 0600 (umask=177) and only mount owner (root) can access files unless every newly created file is manually chmod-ed.
Similarly, "uid" and "gid" options are needed to set desired owner/group. Default owner:group is the mount owner (0:0) unless every newly created file is manually chown-ed.
Actually mount owner and files/directories owner can be different, which was the source of my confusion. That's how FUSE is implemented to let non-privileged mounts work. Have a look at this:
user_id=N
group_id=N Specifies the numeric uid/gid of the mount owner.
This option should not be specified by the filesystem owner. It is set by libfuse (or, if libfuse is not used, must be set by the filesystem itself).​
. . .
uid=N
Override the st_uid field set by the filesystem (N is numeric).​
Click to expand...
Click to collapse
Since all "init" processes (including "sdcard" daemon) run as root (uid=0 and gid=0), 'mount' command always show "user_id=0" and "group_id=0". However it should be noted that provided "uid" and "gid" appear when we view files' ownership:
Code:
[B]/~#[/B] encfs -o allow_other,[COLOR="Red"]umask=7,uid=1023,gid=0[/COLOR] /.enc /enc
EncFS Password:
[B]/~#[/B] mount | grep enc
encfs on /encfs type fuse.encfs (rw,nosuid,nodev,relatime,[COLOR="red"]user_id=0,group_id=0[/COLOR],default_permissions,allow_other)
[B]/~#[/B] touch /enc/test
[B]/~#[/B] ls -l /.enc /enc
/.enc:
[COLOR="red"]-rw-rw-rw-[/COLOR] 1 [COLOR="Red"]0 0[/COLOR] 0 Mar 3 17:58 CoXOLL0fc0RaxZjq2HaSj9en
/enc:
[COLOR="YellowGreen"]-rwxrwx---[/COLOR] 1 [COLOR="YellowGreen"]1023 0[/COLOR] 0 Mar 3 17:58 test
[B]/~#[/B] chmod 0777 /enc/test
[B]/~#[/B] chown 0:1023 /enc/test
[B]/~#[/B] ls -l /.enc /enc
/.enc:
[COLOR="red"]-rwxrwxrwx[/COLOR] 1 [COLOR="red"]0 1023[/COLOR] 0 Mar 3 17:58 CoXOLL0fc0RaxZjq2HaSj9en
/enc:
[COLOR="YellowGreen"]-rwxrwx---[/COLOR] 1 [COLOR="YellowGreen"]1023 0[/COLOR] 0 Mar 3 17:58 test
[B]/~#[/B]
Setting "uid"/"gid" isn't necessarily required if universal access is granted using "umask=0" and "allow_other" mount options. Since every app is treated as a user on Android, so even the file explorer (same user who mounted filesystem by getting root privileges) can't access EncFS mounted directory without "allow_other" (if not running as root). So "allow_other" is necessarily required.
Mounting with "gid=9997,dmask=0007,fmask=0117,allow_other" at "/mnt/runtime/write/emulated/0/<mount_point>" on Android 6+ grants write access to apps with android.permission.WRITE_EXTERNAL_STORAGE granted. See this answer for details.
MOUNT OWNER
On Linux non-root users who are member of "fuse" group can mount and un-mount FUSE filesystems using "fusermount(3)" which is always run as root by set-UID-root or "setcap cap_sys_admin+ep". "fuse" group is the GID of "/dev/fuse". But non-privileged users can't set "allow_other" unless "user_allow_other" is set in FUSE configuration file /etc/fuse.conf. "/etc/fuse.conf" is used by "libfuse", and hence by all program depending on or linked to this library like "bindfs", "encfs", "sshfs", "rclone" and so on. So a non-root user can be the mount owner but other users (including root) can't access the mounted filesystem.
However on Android non-privileged user can't (u)mount FUSE filesystem because:
FUSE support is fully enabled from kernel side (on Linux it's usually a loadable module), can be checked by:
Code:
grep -E 'fuse|fuseblk' /proc/filesystems
But there are limitations in userspace.
There's no "fusermount" binary available on Android and the libfuse implementation doesn't use FUSE configuration because it's meant only for root users. But if we try to use binaries statically linked to standard Linux "libfuse" (like EncFS), they do read "/etc/fuse.conf" and may depend on "fusermount".
Apps on Android are run with all privileges dropped, so they can't make "mount" syscall even if "fusermount" is present with SUID bit set.
"/dev/fuse" is readable and writable only by root (0600, 0:0).
Non-root users on Android may face problem accessing filesystems (e.g. executing EncFS binary and reading "/dev/fuse") due to DAC or MAC permission checks. SELinux might need to be set "permissive" for the same reason, or the policy needs to be patched. SELinux also restricts Linux capabilities of processes.
So in short, EncFS and all other programs that make use of FUSE, can only be mounted by root on Android.
MOUNT NAMESPACE
Next important thing to be considered is "mount namespace" where even "allow_other" and root access won't help you. Mount namespaces enable apps to be exposed to an individual view of mounted filesystems. It means that "/proc/mounts" (which actually is "/proc/self/mounts") may look different to different processes. FUSE was implemented since KitKat to impose permissions derived from directory structure by emulating internal and/or external SD cards instead of direct mounting them. Mount namespaces are implemented since Marshmallow to serve the purpose of apps isolation in better way enforced by "zygote" at runtime. On rooted devices when an app requests a root shell, SU manager starts the shell in a new isolated namespace. While FUSE is implemented through UID's, namespaces are implemented through PID's. Super user rights with namespace separation are granted through
Code:
unshare -m sh
i.e. providing the app (process id) an independent view of mount points, not visible to the rest of apps.
Namespaces only affect (1) emulated SD card mounts handled by zygote or (2) any other filesystem mounted from a shell which was initiated by SuperSU with mount NS separation. All root processes started by Android ("init" on boot) run in global namespace. For example all mounts from adb shell will have no namespace separation because "adbd" is run in global namespace. Similarly, all shared mounts done at boot by init are propagated as a single unit from default/global/root namespace to all new zygote-forked per process namespaces. If we un-mount a filesystem from an app with root access, it will not affect the system and other apps. However if mount namespace separation is disabled, un-mounting a filesystem from any app will un-mount it globally. So isolated namespace feature provided by SU solutions is a security measure.
Say, you execute the following command from Termux (or any other terminal emulator app):
Code:
/system/bin/encfs -o allow_other /data/media/0/.encfs /data/media/0/encfs
Now, if mount namespace separation is enabled (by default), you will be able to open /data/media/0/encfs only from Termux app and from no other file explorer etc. For any other app, EncFS is not mounted at all. However Android su binaries provide a mount master option to always mount in global namespace:
Code:
[COLOR="Red"][B]su -mm[/B][/COLOR] /system/bin/encfs -o allow_other /data/media/0/.encfs /data/media/0/encfs
nsenter command can also be used to enter an existing isolated mount namespace. But note that namespaces are killed as soon as they have zero process running.
Other option is to disable "Mount Namespace Separation" in SuperSU app settings. However, do not disable this if you want to use apps like Titanium Backup or "Hide Root" feature as in Magisk etc. In addition to Isolated and Global, Magisk also provides a third option: Inherited i.e. run the root shell in same isolated namespace in which app is already running.
Related: Partition gets unmounted automatically in Android Oreo
DROP DAEMON PRIVILEGES
What I quoted earlier:
#daemon will drop to user/group system/media_rw after initializing
Click to expand...
Click to collapse
This "drop daemon privilege" thing is specific for "sdcard" daemon only as stated here and neither true for FUSE in general, nor related to filesystem "user_id" or "uid" options:
It must be run as root, but will drop to requested UID/GID as soon as it mounts a filesystem.
Click to expand...
Click to collapse
Code:
snprintf(opts, sizeof(opts),
"fd=%i,rootmode=40000,default_permissions,allow_other,user_id=%d,group_id=%d",
fd, uid, gid);
res = mount("/dev/fuse", dest_path, "fuse", MS_NOSUID | MS_NODEV, opts);
if (res < 0) {
ERROR("cannot mount fuse filesystem: %s\n", strerror(errno));
goto error;
}
/* Drop privs */
res = setgroups(sizeof(kGroups) / sizeof(kGroups[0]), kGroups);
if (res < 0) {
ERROR("cannot setgroups: %s\n", strerror(errno));
goto error;
}
res = setgid(gid);
if (res < 0) {
ERROR("cannot setgid: %s\n", strerror(errno));
goto error;
}
res = setuid(uid);
if (res < 0) {
ERROR("cannot setuid: %s\n", strerror(errno));
goto error;
}
fuse_init(&fuse, fd, source_path, write_gid, derive, split_perms);
umask(0);
res = ignite_fuse(&fuse, num_threads);
/* we do not attempt to umount the file system here because we are no longer
* running as the root user */
Process should call "setuid" itself to drop/elevate privileges which isn't the case for EncFS/FUSE by default. We can't use "su" or "setuidgid" or "chpst" commands to drop privileges later on but this isn't needed either as explained earlier. Only "uid=" and "gid=" options are enough.
Same source code file also explains somewhat how "legacy" and "derived permissions" work particularly on Android 4.4, 5 and 6 using FUSE filesystems for emulating SD card.
SUMMARY
On Android, only root can mount EncFS (FUSE) filesystem
Do mention "allow_other" option if you want to access EncFS mounted directory from a non-root app
Do mention "umask=" option if you want to read/write encrypted files from a non-root app
"uid" and "gid" need to be set if you want to give some specific non-root app write access to the filesystem. Otherwise "allow_other" and "umask" can suffice.
Disable "Mount Namespace Separation" option in SuperSU app if:
EncFS is to be mounted feom CLI (Terminal Emulator) app and not by some boot script or from adb shell, and
You want to access EncFS mounted directory from some app other than the root shell in CLI app
bastei said:
Development of Cryptonite seems quite inactive unfortunately. But there is a fork that seems to have some fixes for building, a build script and build instructions.
Click to expand...
Click to collapse
Latest EncFS binary is available here. Thanks to @DualJoe. It works with Android Oreo as well. However, overlapping with already mounted FUSE or sdcardfs (a FUSE-like filesystem implemented in Android 8+ that works in kernel space) should be avoided.
This is my understanding of EncFS and FUSE. Correct me if I'm wrong.

You could use /mnt/encfs. I think it might not be affected by namespace isolation.

DualJoe said:
You could use /mnt/encfs. I think it might not be affected by namespace isolation.
Click to expand...
Click to collapse
It didn't work for me. What I have understood is that mount namespace isolation implemented by SuperSU app is totally independent of that implemented by AOSP on emulated storage. SuperSU grants root access on the basis of app, not path. When an app requests root rights from SuperSU, a new namespace is created in which all global mounts are cloned. Now it's up to that app what it does with the mountpoints, not affecting any other process. So the path where filesystem is mounted doesn't matter. Also whatever location we choose, mount call won't be successful without root. I have added a few lines about this in my previous post.

Are you sure you're invoking 'mount' with 'su -mm'?
I can only speak for my system (LOS13, Magisk) but i can mount cifs or ecryptfs on any place (/data/media/0, /mnt/*) without problems. Magisk is still set to default namespace option (inherited). The '-mm' switch is always 'global namespace' though as it's primarily intended for public mounting (as described in 'su --help').

DualJoe said:
Are you sure you're invoking 'mount' with 'su -mm'?
I can only speak for my system (LOS13, Magisk) but i can mount cifs or ecryptfs on any place (/data/media/0, /mnt/*) without problems. Magisk is still set to default namespace option (inherited). The '-mm' switch is always 'global namespace' though as it's primarily intended for public mounting (as described in 'su --help').
Click to expand...
Click to collapse
Yes definitely 'su -mm' mounts in global namespace. I was talking about simple mount command from a su shell, without '-mm'.

After putting password in terminal after encfs command, does nothing. Means decrypted directory always remain empty. any idea how to resolve this ? Android 13
Edit1: now this working but new issue came which ia mentioned in next post.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

i using below command:
su -mm -c "encfs --public -o nonempty,allow_other,rw,noatime,noexec,nodev,nosuid,gid=9997,umask=006 -S /mnt/runtime/write/3B86-9400/.encrypted /mnt/runtime/write/emulated/0/decrypted"
I can see content in the file manager only but not gallery.
After Android media store refresh only content of decrypted folder showing in gallery but content of sub folder of decrypted folder is not showing in the gallery.
Any idea how to resolve this issue.