Related
Hi,
I am trying to make custom mtd module, to expand the mtd devices to read whole nand and i am using as an example msm_nand.c
So what i have done is added a few devices to mtd partition and compiled. But at the compilation ld says msm_dmov_exec_cmd in not found.. Does not sound good, because original msm_nand.c compiled good as well as the whole kernel.
Could someone help me?
Here is the code i added, i left last lines from the original and my addition due to the code length restriction here:
Code:
/* drivers/mtd/devices/msm_nand.c
.....
msm_nand_release_ex(&info->mtd);
dma_free_coherent(/*dev*/ NULL, SZ_4K,
info->msm_nand.dma_buffer,
info->msm_nand.dma_addr);
kfree(info);
}
return 0;
}
#define DRIVER_NAME "msm_nand_ex"
static struct platform_driver msm_nand_driver = {
.probe = msm_nand_probe,
.remove = __devexit_p(msm_nand_remove_ex),
.driver = {
.name = DRIVER_NAME,
}
};
MODULE_ALIAS(DRIVER_NAME);
#if defined(CONFIG_ARCH_MSM7X30)
#define MSM_NAND_PHYS 0xA0200000
#else
#define MSM_NAND_PHYS 0xA0A00000
#endif
static struct resource resources_nand[] = {
[0] = {
.name = "msm_nand_dmac",
.start = DMOV_NAND_CHAN,
.end = DMOV_NAND_CHAN,
.flags = IORESOURCE_DMA,
},
[1] = {
.name = "msm_nand_phys",
.start = MSM_NAND_PHYS,
.end = MSM_NAND_PHYS + 0x7FF,
.flags = IORESOURCE_MEM,
},
};
static struct mtd_partition nand_ex_partitions[] = {
{
.name = "bootloader",
.size = 0x00000016,
.offset = 0,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "amss",
.size = 0x000000bf,
.offset = 0x00000016,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "amss_fs",
.size = 0x00000058,
.offset = 0x000000d5,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "fota0",
.size = 0x00000022,
.offset = 0x0000012d,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "fota1",
.size = 0x00000022,
.offset = 0x0000014f,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "recovery",
.size = 0x00000062,
.offset = 0x00000171,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "dsp1",
.size = 0x000000a2,
.offset = 0x000001d3,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}, {
.name = "boot",
.size = 0x00000062,
.offset = 0x00000275,
.mask_flags = MTD_WRITEABLE, /* force read-only */
}
};
struct flash_platform_data msm_nand_ex_data = {
.parts = nand_ex_partitions,
.nr_parts = ARRAY_SIZE(nand_ex_partitions),
};
static struct platform_device *msm_device_nand_ex;
static int __init msm_nand_init(void)
{
int ret;
msm_device_nand_ex = platform_device_alloc("msm_nand_ex", -1);
if (!msm_device_nand_ex)
return -ENOMEM;
ret = platform_device_add_data(msm_device_nand_ex, &msm_nand_ex_data,
sizeof(msm_nand_ex_data));
ret = platform_device_add_resources(msm_device_nand_ex, resources_nand,
ARRAY_SIZE(resources_nand));
printk("%s : res=%d\n", __FUNCTION__, ARRAY_SIZE(resources_nand));
if (ret == 0)
ret = platform_device_add(msm_device_nand_ex);
if (ret){
platform_device_put(msm_device_nand_ex);
return ret;
}
return platform_driver_register(&msm_nand_driver);
}
static void __exit msm_nand_exit(void)
{
platform_driver_unregister(&msm_nand_driver);
platform_device_unregister(msm_device_nand_ex);
}
module_init(msm_nand_init);
module_exit(msm_nand_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("msm_nand flash driver code");
And also i get in dmesg weird message that my kernel version string is wrong, though i used same kernel except the last modification string. And i can't find any other kernel..
Thanks guys!
you should edit the Makefile and set
EXTRAVERSION = <your kernel version>.
Yes i managed to bypass it but the insmod then says msm_dmov_exec_cmd is not found..
Weird..
anonymous2183 said:
you should edit the Makefile and set
EXTRAVERSION = <your kernel version>.
Click to expand...
Click to collapse
Hello Guys,Its My First Post In Forum I am Sorry If I made Any Mistake..
Actually i am tring to creat a php for android app before sometime i dont have any idea about how to view source code but thanks to xda-forum developer ...now i have knowledge to view source code of android app
Now Coming to point ..
Android App Contain Many java File In classes.dex Folder .... i have checked every file but i didnt get any web link
here is web links means ....
example-if we have any website like www . somesite . com
then if will view its soruce code then we will get like; -
action-register.php
something like this
i am searching the links in apk so please guys help me to find out it
Here is i am show off some codes of my apk file
Code:
import a.a.a.a.f;
import a.a.a.a.p;
import android.app.Application;
import android.content.Context;
import android.content.SharedPreferences;
import android.content.SharedPreferences.Editor;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.location.Location;
import android.os.Build;
import android.os.Build.VERSION;
import android.os.Bundle;
import android.os.Handler;
import android.support.v4.app.Fragment;
import android.support.v4.app.aj;
import android.util.SparseArray;
import com.android.volley.toolbox.m;
import com.android.volley.u;
import com.appsflyer.AppsFlyerLib;
import com.google.android.gms.common.ConnectionResult;
import com.google.android.gms.common.api.am;
import com.google.android.gms.common.api.an;
import com.google.android.gms.common.api.aq;
import com.google.android.gms.common.api.ar;
import com.google.android.gms.common.api.i;
import com.google.android.gms.common.api.j;
import com.google.android.gms.common.api.l;
import free.bux.d.b;
import free.bux.e.g;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
public class FreeBuzzApp
extends Application
implements j, l
{
public static final String a = FreeBuzzApp.class.getSimpleName();
private static FreeBuzzApp c;
protected com.google.android.gms.common.api.h b;
private u d;
private m e;
private g f;
private Handler g;
private HashMap h = new HashMap();
public static FreeBuzzApp a()
{
return c;
}
public static boolean a(String paramString)
{
Iterator localIterator = c.getPackageManager().getInstalledApplications(0).iterator();
do
{
if (!localIterator.hasNext()) {
break;
}
} while (!((ApplicationInfo)localIterator.next()).packageName.equals(paramString));
for (boolean bool = true;; bool = false) {
return bool;
}
}
private void c()
{
Object localObject1 = null;
boolean bool1 = true;
for (;;)
{
i locali;
try
{
locali = new i(this);
locali.j.add(this);
locali.k.add(this);
com.google.android.gms.common.api.a locala = com.google.android.gms.location.h.a;
locali.c.put(locala, null);
locali.a.addAll(locala.c);
boolean bool2;
if (!locali.c.isEmpty())
{
bool2 = bool1;
com.google.android.gms.common.internal.ap.b(bool2, "must call addApi() to add at least one API");
if (locali.e < 0) {
continue;
}
am localam = am.a(locali.d);
localObject1 = new com.google.android.gms.common.api.y(locali.b.getApplicationContext(), locali.h, locali.a(), locali.i, locali.c, locali.j, locali.k, locali.e, -1);
int k = locali.e;
l locall2 = locali.g;
com.google.android.gms.common.internal.ap.a(localObject1, "GoogleApiClient instance cannot be null");
if (localam.c.indexOfKey(k) < 0)
{
com.google.android.gms.common.internal.ap.a(bool1, "Already managing a GoogleApiClient with id " + k);
an localan = new an(localam, k, (com.google.android.gms.common.api.h)localObject1, locall2);
localam.c.put(k, localan);
if ((localam.a) && (!localam.b)) {
((com.google.android.gms.common.api.h)localObject1).a();
}
this.b = ((com.google.android.gms.common.api.h)localObject1);
}
}
else
{
bool2 = false;
continue;
}
bool1 = false;
continue;
if (locali.f < 0) {
break label497;
}
com.google.android.gms.common.api.ap localap = com.google.android.gms.common.api.ap.a(locali.d);
int i = locali.f;
if (localap.D != null)
{
aq localaq = localap.b(i);
if (localaq != null) {
localObject1 = localaq.i;
}
}
if (localObject1 == null) {
localObject1 = new com.google.android.gms.common.api.y(locali.b.getApplicationContext(), locali.h, locali.a(), locali.i, locali.c, locali.j, locali.k, -1, locali.f);
}
int j = locali.f;
l locall1 = locali.g;
com.google.android.gms.common.internal.ap.a(localObject1, "GoogleApiClient instance cannot be null");
if (localap.a.indexOfKey(j) < 0)
{
bool3 = bool1;
com.google.android.gms.common.internal.ap.a(bool3, "Already managing a GoogleApiClient with id " + j);
ar localar = new ar((com.google.android.gms.common.api.h)localObject1, locall1, (byte)0);
localap.a.put(j, localar);
if (localap.D == null) {
continue;
}
android.support.v4.app.al.a = false;
localap.j().a(j, localap);
continue;
}
boolean bool3 = false;
}
finally {}
continue;
label497:
localObject1 = new com.google.android.gms.common.api.y(locali.b, locali.h, locali.a(), locali.i, locali.c, locali.j, locali.k, -1, -1);
}
}
/* Error */
public final com.google.android.gms.analytics.u a(h paramh)
{
// Byte code:
// 0: aload_0
// 1: monitorenter
// 2: aload_0
// 3: getfield 42 free/bux/FreeBuzzApp:h Ljava/util/HashMap;
// 6: aload_1
// 7: invokevirtual 262 java/util/HashMap:containsKey (Ljava/lang/Object;)Z
// 10: ifne +43 -> 53
// 13: aload_0
// 14: invokestatic 267 com/google/android/gms/analytics/l:a (Landroid/content/Context;)Lcom/google/android/gms/analytics/l;
// 17: astore 4
// 19: aload_1
// 20: getstatic 272 free/bux/h:a Lfree/bux/h;
// 23: if_acmpne +46 -> 69
// 26: aload 4
// 28: ldc_w 274
// 31: invokevirtual 277 com/google/android/gms/analytics/l:a (Ljava/lang/String;)Lcom/google/android/gms/analytics/u;
// 34: astore 7
// 36: aload 7
// 38: iconst_1
// 39: putfield 280 com/google/android/gms/analytics/u:a Z
// 42: aload_0
// 43: getfield 42 free/bux/FreeBuzzApp:h Ljava/util/HashMap;
// 46: aload_1
// 47: aload 7
// 49: invokevirtual 281 java/util/HashMap:put (Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
// 52: pop
// 53: aload_0
// 54: getfield 42 free/bux/FreeBuzzApp:h Ljava/util/HashMap;
// 57: aload_1
// 58: invokevirtual 285 java/util/HashMap:get (Ljava/lang/Object;)Ljava/lang/Object;
// 61: checkcast 279 com/google/android/gms/analytics/u
// 64: astore_3
// 65: aload_0
// 66: monitorexit
// 67: aload_3
// 68: areturn
// 69: getstatic 287 free/bux/h:b Lfree/bux/h;
// 72: pop
// 73: aload 4
// 75: invokevirtual 290 com/google/android/gms/analytics/l:b ()Lcom/google/android/gms/analytics/u;
// 78: astore 6
// 80: aload 6
// 82: astore 7
// 84: goto -48 -> 36
// 87: astore_2
// 88: aload_0
// 89: monitorexit
// 90: aload_2
// 91: athrow
// Local variable table:
// start length slot name signature
// 0 92 0 this FreeBuzzApp
// 0 92 1 paramh h
// 87 4 2 localObject1 Object
// 64 4 3 localu1 com.google.android.gms.analytics.u
// 17 57 4 locall com.google.android.gms.analytics.l
// 78 3 6 localu2 com.google.android.gms.analytics.u
// 34 49 7 localObject2 Object
// Exception table:
// from to target type
// 2 65 87 finally
// 69 80 87 finally
}
public final void a(int paramInt)
{
this.b.a();
}
public final void a(Bundle paramBundle)
{
Location localLocation = com.google.android.gms.location.h.b.a(this.b);
if (localLocation != null)
{
free.bux.e.d.b(this, "latitude", String.valueOf(localLocation.getLatitude()));
free.bux.e.d.b(this, "longitude", String.valueOf(localLocation.getLongitude()));
new StringBuilder("startLocationUpdates--> User lat ").append(String.valueOf(localLocation.getLatitude()));
}
}
public final void a(ConnectionResult paramConnectionResult)
{
new StringBuilder("Connection failed: ConnectionResult.getErrorCode() = ").append(paramConnectionResult.c);
}
public final m b()
{
if (this.d == null) {
this.d = com.android.volley.toolbox.y.a(getApplicationContext());
}
if (this.e == null)
{
if (this.f == null) {
this.f = new g();
}
this.e = new m(this.d, this.f);
}
return this.e;
}
public void onCreate()
{
super.onCreate();
p[] arrayOfp = new p[1];
arrayOfp[0] = new com.a.a.a();
f.a(this, arrayOfp);
if (Build.VERSION.SDK_INT >= 9)
{
boolean bool = getSharedPreferences("free.bux_preferences", 0).getBoolean("APP_FLYER_TRACKING", true);
AppsFlyerLib.setAppsFlyerKey("4ffriSMaSjMyjrv5EDKJEB");
if (bool)
{
AppsFlyerLib.sendTracking(getApplicationContext());
SharedPreferences.Editor localEditor = getSharedPreferences("free.bux_preferences", 0).edit();
localEditor.putBoolean("APP_FLYER_TRACKING", false);
localEditor.commit();
}
}
try
{
PackageInfo localPackageInfo = getPackageManager().getPackageInfo(getPackageName(), 0);
b.a = "Freebuzz/" + localPackageInfo.versionCode + "(Android" + Build.VERSION.RELEASE + ";" + Build.MODEL + " Build /" + Build.FINGERPRINT + ";" + Locale.getDefault() + ";)";
new StringBuilder("http header is ").append(b.a);
c();
c = this;
this.g = new Handler();
a(h.b);
this.b.a();
return;
}
catch (PackageManager.NameNotFoundException localNameNotFoundException)
{
for (;;)
{
new StringBuilder("Cannot find package details with name ").append(getPackageName());
}
}
}
public void onLowMemory()
{
super.onLowMemory();
}
public void onTerminate()
{
super.onTerminate();
}
}
So, I decided I want to put Kali-Linux on my samsung s3 neo device, and I succeeded after hard work and a lots of research... Now I had another problem, that my built-in chipset does not support aircrack-ng, so i decided to work around it, and use a wireless usb adapter.
what i did is modifying the kernel, to be able to support some of the wireless devices... the point where i got stuck is at compiling the new-made kernel... basically i followed the following guide:
PHP:
http://forum.xda-developers.com/showthread.php?t=2338179
and i got stuck at the final section of the compiling segment...
So here is my error.
arch/arm/crypto/sha512_neon_glue.c: In function 'sha512_neon_update':
arch/arm/crypto/sha512_neon_glue.c:144:3: warning: implicit declaration of function 'crypto_sha512_update' [-Wimplicit-function-declaration]
error, forbidden warning: sha512_neon_glue.c:144
scripts/Makefile.build:307: recipe for target 'arch/arm/crypto/sha512_neon_glue.o' failed
make[1]: *** [arch/arm/crypto/sha512_neon_glue.o] Error 1
Makefile:950: recipe for target 'arch/arm/crypto' failed
make: *** [arch/arm/crypto] Error 2
Click to expand...
Click to collapse
so, first of all I have a question, where exactly do i put "KCONFIG_CFLAGS += -w" in the code of the Makefile, and if it would solve the error? according to the guide it should ignore errors that the compiler makes.
2nd question right under the code lines.
Makefile:
PHP:
https://github.com/CyanogenMod/android_kernel_samsung_s3ve3g/blob/cm-12.1/Makefile
Couldn't post it here, too long.
Second question, in case the first solution would not work, if i wanted to edit the problematic file, so it would see the declared functions, how do i do that?
NOTE: the error is in line 144
(will be marked with "------->")
Code:
*
* Glue code for the SHA512 Secure Hash Algorithm assembly implementation
* using NEON instructions.
*
* Copyright © 2014 Jussi Kivilinna <[email protected]>
*
* This file is based on sha512_ssse3_glue.c:
* Copyright (C) 2013 Intel Corporation
* Author: Tim Chen <[email protected]>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/mm.h>
#include <linux/cryptohash.h>
#include <linux/types.h>
#include <linux/string.h>
#include <crypto/sha.h>
#include <asm/byteorder.h>
#include <asm/simd.h>
#include <asm/neon.h>
static const u64 sha512_k[] = {
0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
};
asmlinkage void sha512_transform_neon(u64 *digest, const void *data,
const u64 k[], unsigned int num_blks);
static int sha512_neon_init(struct shash_desc *desc)
{
struct sha512_state *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA512_H0;
sctx->state[1] = SHA512_H1;
sctx->state[2] = SHA512_H2;
sctx->state[3] = SHA512_H3;
sctx->state[4] = SHA512_H4;
sctx->state[5] = SHA512_H5;
sctx->state[6] = SHA512_H6;
sctx->state[7] = SHA512_H7;
sctx->count[0] = sctx->count[1] = 0;
return 0;
}
static int __sha512_neon_update(struct shash_desc *desc, const u8 *data,
unsigned int len, unsigned int partial)
{
struct sha512_state *sctx = shash_desc_ctx(desc);
unsigned int done = 0;
sctx->count[0] += len;
if (sctx->count[0] < len)
sctx->count[1]++;
if (partial) {
done = SHA512_BLOCK_SIZE - partial;
memcpy(sctx->buf + partial, data, done);
sha512_transform_neon(sctx->state, sctx->buf, sha512_k, 1);
}
if (len - done >= SHA512_BLOCK_SIZE) {
const unsigned int rounds = (len - done) / SHA512_BLOCK_SIZE;
sha512_transform_neon(sctx->state, data + done, sha512_k,
rounds);
done += rounds * SHA512_BLOCK_SIZE;
}
memcpy(sctx->buf, data + done, len - done);
return 0;
}
static int sha512_neon_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
struct sha512_state *sctx = shash_desc_ctx(desc);
unsigned int partial = sctx->count[0] % SHA512_BLOCK_SIZE;
int res;
/* Handle the fast case right here */
if (partial + len < SHA512_BLOCK_SIZE) {
sctx->count[0] += len;
if (sctx->count[0] < len)
sctx->count[1]++;
memcpy(sctx->buf + partial, data, len);
return 0;
}
if (!may_use_simd()) {
------------> res = crypto_sha512_update(desc, data, len);
} else {
kernel_neon_begin();
res = __sha512_neon_update(desc, data, len, partial);
kernel_neon_end();
}
return res;
}
/* Add padding and return the message digest. */
static int sha512_neon_final(struct shash_desc *desc, u8 *out)
{
struct sha512_state *sctx = shash_desc_ctx(desc);
unsigned int i, index, padlen;
__be64 *dst = (__be64 *)out;
__be64 bits[2];
static const u8 padding[SHA512_BLOCK_SIZE] = { 0x80, };
/* save number of bits */
bits[1] = cpu_to_be64(sctx->count[0] << 3);
bits[0] = cpu_to_be64(sctx->count[1] << 3 | sctx->count[0] >> 61);
/* Pad out to 112 mod 128 and append length */
index = sctx->count[0] & 0x7f;
padlen = (index < 112) ? (112 - index) : ((128+112) - index);
if (!may_use_simd()) {
crypto_sha512_update(desc, padding, padlen);
crypto_sha512_update(desc, (const u8 *)&bits, sizeof(bits));
} else {
kernel_neon_begin();
/* We need to fill a whole block for __sha512_neon_update() */
if (padlen <= 112) {
sctx->count[0] += padlen;
if (sctx->count[0] < padlen)
sctx->count[1]++;
memcpy(sctx->buf + index, padding, padlen);
} else {
__sha512_neon_update(desc, padding, padlen, index);
}
__sha512_neon_update(desc, (const u8 *)&bits,
sizeof(bits), 112);
kernel_neon_end();
}
/* Store state in digest */
for (i = 0; i < 8; i++)
dst[i] = cpu_to_be64(sctx->state[i]);
/* Wipe context */
memset(sctx, 0, sizeof(*sctx));
return 0;
}
static int sha512_neon_export(struct shash_desc *desc, void *out)
{
struct sha512_state *sctx = shash_desc_ctx(desc);
memcpy(out, sctx, sizeof(*sctx));
return 0;
}
static int sha512_neon_import(struct shash_desc *desc, const void *in)
{
struct sha512_state *sctx = shash_desc_ctx(desc);
memcpy(sctx, in, sizeof(*sctx));
return 0;
}
static int sha384_neon_init(struct shash_desc *desc)
{
struct sha512_state *sctx = shash_desc_ctx(desc);
sctx->state[0] = SHA384_H0;
sctx->state[1] = SHA384_H1;
sctx->state[2] = SHA384_H2;
sctx->state[3] = SHA384_H3;
sctx->state[4] = SHA384_H4;
sctx->state[5] = SHA384_H5;
sctx->state[6] = SHA384_H6;
sctx->state[7] = SHA384_H7;
sctx->count[0] = sctx->count[1] = 0;
return 0;
}
static int sha384_neon_final(struct shash_desc *desc, u8 *hash)
{
u8 D[SHA512_DIGEST_SIZE];
sha512_neon_final(desc, D);
memcpy(hash, D, SHA384_DIGEST_SIZE);
memset(D, 0, SHA512_DIGEST_SIZE);
return 0;
}
static struct shash_alg algs[] = { {
.digestsize = SHA512_DIGEST_SIZE,
.init = sha512_neon_init,
.update = sha512_neon_update,
.final = sha512_neon_final,
.export = sha512_neon_export,
.import = sha512_neon_import,
.descsize = sizeof(struct sha512_state),
.statesize = sizeof(struct sha512_state),
.base = {
.cra_name = "sha512",
.cra_driver_name = "sha512-neon",
.cra_priority = 250,
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
.cra_blocksize = SHA512_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
}, {
.digestsize = SHA384_DIGEST_SIZE,
.init = sha384_neon_init,
.update = sha512_neon_update,
.final = sha384_neon_final,
.export = sha512_neon_export,
.import = sha512_neon_import,
.descsize = sizeof(struct sha512_state),
.statesize = sizeof(struct sha512_state),
.base = {
.cra_name = "sha384",
.cra_driver_name = "sha384-neon",
.cra_priority = 250,
.cra_flags = CRYPTO_ALG_TYPE_SHASH,
.cra_blocksize = SHA384_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
} };
static int __init sha512_neon_mod_init(void)
{
if (!cpu_has_neon())
return -ENODEV;
return crypto_register_shashes(algs, ARRAY_SIZE(algs));
}
static void __exit sha512_neon_mod_fini(void)
{
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
module_init(sha512_neon_mod_init);
module_exit(sha512_neon_mod_fini);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("SHA512 Secure Hash Algorithm, NEON accelerated");
MODULE_ALIAS("sha512");
MODULE_ALIAS("sha384");
Please help me I will be very thankful.
(NOTE: I am not a developer, and I wish I was, or at least i'm ought to be so please explain carefully your solutions since I'm not familiar with any coding language, and for me, reaching this stage of the kernel compiling was time consuming and my only tools were my logic and the internet). thanks in advance for any help i can get i wish it will work so i can move on in learning kali better!
Hi,
A little tool or frontend that I've made and share to the community.
Intro
If you are like me :
Searching a way to backup your device, try some tools like SP Flash Tool, or MTK Droid Tools (for generating a Scatter File).
I have found a lot of thread, but I've allways got a dead end or a risk to brick the device (Never take a risk to brick your device if no stock rom available or backup).
A few days ago, i've found this thread : https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
It's not for my device, it's maybe not for your device, but help a lot to do our need. This exploit work for everyone and what to do the little tools below.
What's the change ?
Instead of that does jcadduono (a big thanks to him), via applypatch, it don't patch the recovery partition to run an Android in Permissive mode, my applypatch only open and read the boot or recovery partition and display all data to logging (binary converted to hex value).
Yes, I know, logging is not for that, it's realy hard-core, but it's the only way working. I've tried with socket, but SELinux in Enforced mode don't allow this.
You can see my recowvery-applypatch.c below :
Code:
#include <unistd.h>
#include <stdio.h>
#include <stdint.h>
#include <time.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <time.h>
#include <fcntl.h>
#include <sys/stat.h>
#define APP_NAME "recowvery"
#define HOST_NAME "applypatch"
#ifdef DEBUG
#include <android/log.h>
#define LOGV(...) { __android_log_print(ANDROID_LOG_INFO, APP_NAME, __VA_ARGS__); printf(__VA_ARGS__); printf("\n"); }
#define LOGE(...) { __android_log_print(ANDROID_LOG_ERROR, APP_NAME, __VA_ARGS__); fprintf(stderr, __VA_ARGS__); fprintf(stderr, "\n"); }
#else
#define LOGV(...) { printf(__VA_ARGS__); printf("\n"); }
#define LOGE(...) { fprintf(stderr, __VA_ARGS__); fprintf(stderr, "\n"); }
#endif
#define SEP LOGV("------------")
#include "bootimg.h"
/* Time delay in microsecond for next loop (1000 = 1ms)
* 250 is good for every PC
* (you can try with 0 to boost the process, but you can have an <unexpected EOF>)
*/
#define DELAY_T 250
void delay(long t)
{
if (t == 0)
return;
long timens = t * 1000;
nanosleep((const struct timespec[]){{0, timens}}, NULL);
}
/*
* Search in *str the word *word.
* &rslt => Result, a sort of substr version of *str from 0 to the last char of the searched *word if found.
* &len => Length of &rslt.
*
* Return 0 if found or -1 if not found.
* (A substr like)
*/
int findStr(char *str, char *word, char** rslt, int* len)
{
int i = 0;
int j = 0;
int allmatch = 0;
char *temp;
*len = 0;
for (i = 0; i < (int)strlen(str); i++)
{
if (str[i] == word[0])
{
allmatch = 0;
for (j = 0; j < (int)strlen(word); j++)
{
if (str[i + j] != word[j])
{
allmatch = 1;
break;
}
}
if (allmatch == 0)
{
*len = i + strlen(word);
break;
}
}
}
if (*len != 0)
{
temp = malloc(*len);
for (i = 0; i < *len; i++)
temp[i] = str[i];
*rslt = temp;
return 0;
}
return -1;
}
/*
* run "mount" and find "/by-name/" from result.
* if matched, fill path var
* return 0 if success else -1
*/
int getBlockDevice(char** path)
{
FILE* cmd;
char br[512];
char* search = "/by-name/";
char* tmp;
int slength = 0;
cmd = popen("mount 2>&1", "r");
if (cmd)
{
/* Read result and try to find the first corresponding mount point */
while(fgets(br, sizeof br, cmd) != NULL)
{
/* If found, log the result */
if (findStr(br, search, &tmp, &slength) != -1)
{
/* Append "boot" (your can replace this by "recovery", "system") at the end */
sprintf(*path, "%srecovery", tmp);
break;
}
}
fclose(cmd);
}
else
{
LOGE("ERROR Getting filesystem mountpoint");
}
if (slength > 0)
return 0;
else
return -1;
}
int main(int argc, char **argv)
{
int ret = 0;
int i = 0;
LOGV("Welcome to %s! (%s)", APP_NAME, HOST_NAME);
char *blockDev = malloc(256);
if (getBlockDevice(&blockDev) == -1)
{
LOGE("ERROR : Could not find FileSystem mount point.");
ret = errno;
goto oops;
}
else
{
LOGV("BLOCK_DEVICE : %s", blockDev);
SEP;
}
/*
* Sometimes <applypatch> run before <dirtycow> finish its process that cause our device not ready to start <adb logcat -s recowvery>
* and we have to wait more than 3min...
* A little sleep of 30 sec ensure that our device is ready.
*/
LOGV("The process start in 30s");
sleep(30);
byte rb[32];
char *content = malloc(256);
FILE *fp;
size_t nread;
fp = fopen(blockDev, "r");
if (fp) {
LOGV("*** DUMP START ***");
while ((nread = fread(rb, 1, sizeof rb, fp)) > 0)
{
sprintf(content, "HEXDUMP = [");
for (i = 0; i < (int)nread; i++)
{
if (i == 0)
sprintf(content, "%s%.2x", content, rb[i]);
else
sprintf(content, "%s,%.2x", content, rb[i]);
}
sprintf(content, "%s];", content);
LOGV("%s", content);
/* sleep to prevent any unexpected EOF with with pipe stream */
delay(DELAY_T);
}
if (ferror(fp)) {
ret = errno;
LOGE("*** DUMP ERROR ***");
LOGE("Error while reading the file...");
}
LOGV("*** DUMP END ***");
fclose(fp);
}
else
{
LOGV("Can't read the file...");
ret = errno;
goto oops;
}
return 0;
oops:
LOGE("*** DUMP ERROR ***");
LOGE("Error %d: %s", ret, strerror(ret));
LOGE("Exiting...");
return ret;
}
Don't laugh please, I am very new in C
Ok, but about the tool ?
The tool is a frontend and easy to use, it copy exploit files for you, run exploit, read logging from adb and do the revert of applypatch (Convert hex to binary and write them to the image file) and finaly reboot your device when it's finish.
An example here :
Code:
~/Documents/dirtydump/bin/Debug$ ./dirtydump boot
***************
**** Init *****
***************
adb push ./bin/dirtycow /data/local/tmp
159 KB/s (9984 bytes in 0.061s)
adb push ./bin/recowvery-applypatch_boot /data/local/tmp
234 KB/s (10200 bytes in 0.042s)
adb push ./bin/recowvery-applypatch_recovery /data/local/tmp
238 KB/s (10200 bytes in 0.041s)
adb push ./bin/recowvery-app_process64 /data/local/tmp
240 KB/s (10200 bytes in 0.041s)
adb push ./bin/recowvery-app_process32 /data/local/tmp
411 KB/s (17992 bytes in 0.042s)
adb shell chmod 0777 /data/local/tmp/dirtycow
adb shell chmod 0777 /data/local/tmp/recowvery-applypatch_boot
adb shell chmod 0777 /data/local/tmp/recowvery-applypatch_recovery
adb shell chmod 0777 /data/local/tmp/recowvery-app_process64
adb shell chmod 0777 /data/local/tmp/recowvery-app_process32
* Android x64 version detected.
**********************
**** Run Exploit *****
**********************
adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/recowvery-applypatch_boot
warning: new file size (10200) and file old size (74712) differ
size 74712
[*] mmap 0x7faa6a7000
[*] exploit (patch)
[*] currently 0x7faa6a7000=10102464c457f
[*] madvise = 0x7faa6a7000 74712
[*] madvise = 0 1048576
[*] /proc/self/mem 1031798784 1048576
[*] exploited 0x7faa6a7000=10102464c457f
adb shell /data/local/tmp/dirtycow /system/bin/app_process64 /data/local/tmp/recowvery-app_process64
warning: new file size (10200) and file old size (22456) differ
size 22456
[*] mmap 0x7f8f303000
[*] exploit (patch)
[*] currently 0x7f8f303000=10102464c457f
[*] madvise = 0x7f8f303000 22456
[*] madvise = 0 1048576
[*] /proc/self/mem 2071986176 1048576
[*] exploited 0x7f8f303000=10102464c457f
*********************************
**** adb logcat -s recowvery ****
*********************************
--------- beginning of main
--------- beginning of system
--------- beginning of crash
01-24 15:40:37.206 5266 5266 I recowvery: Welcome to recowvery! (app_process64)
01-24 15:40:37.206 5266 5266 I recowvery: ------------
01-24 15:40:37.206 5266 5266 I recowvery: Current selinux context: u:r:zygote:s0
01-24 15:40:37.206 5266 5266 I recowvery: Set context to 'u:r:system_server:s0'
01-24 15:40:37.206 5266 5266 I recowvery: Current security context: u:r:system_server:s0
01-24 15:40:37.206 5266 5266 I recowvery: Setting property 'ctl.start' to 'flash_recovery'
01-24 15:40:37.211 5266 5266 I recowvery: ------------
01-24 15:40:37.211 5266 5266 I recowvery: Recovery flash script should have started!
01-24 15:40:37.211 5266 5266 I recowvery: Run on your PC or device to see progress: adb logcat -s recowvery
01-24 15:40:37.211 5266 5266 I recowvery: Waiting 3 minutes to try again (in case it didn't start or you forgot to dirtycow applypatch first)...
01-24 15:40:37.242 5269 5269 I recowvery: Welcome to recowvery! (applypatch)
01-24 15:40:37.272 5269 5269 I recowvery: BLOCK_DEVICE : /dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/boot
01-24 15:40:37.272 5269 5269 I recowvery: ------------
01-24 15:40:37.272 5269 5269 I recowvery: The process start in 30s
Start writing to file...
Block read : 524288 (Size : 16777216)
Finish
Image file saved here :
./boot.img
Rebooting your device...
************************
**** Reboot Device *****
************************
How to use ?
Extract all files from archive attached below in a directory of our choice.
./dirtydump boot : dump boot partition and store it to ./boot.img
./dirtydump recovery : dump recovery partition and store it to ./recovery.img
When all done, you have all to make your Custom Recovery for your device.
Requirements
<dirtycow> capable device.
Working adb (adb devices to check)
Linux distribution.
Source code
Code:
#include <iostream>
#include <stdio.h>
#include <regex>
using namespace std;
#define BOOT 0
#define RECOVERY 1
#define ANDROID_64 "64"
#define ANDROID_32 "32"
#ifdef __linux__
#define DIRECTORY_SEPARATOR "/"
#elif __APPLE__
#define DIRECTORY_SEPARATOR "/"
#else
#define DIRECTORY_SEPARATOR "\\"
#endif
typedef unsigned char byte;
static string appDirectory;
static string arch;
static FILE *fsout;
static bool startwrite = false;
static int ncrash = 0;
static int nBlock = 0;
static long currentSize = 0;
// Shorter regex is possible, but I prefer like that.
static regex rs("^.+I recowvery: (\\*\\*\\* DUMP START \\*\\*\\*)\\s+"); // Used to start writting binary file
static regex rl("^.+I recowvery: HEXDUMP = \\[([^\\]]+)\\];\\s+"); // Used to match all data block, and populate < datalist >
static regex rf("^.+I recowvery: (\\*\\*\\* DUMP END \\*\\*\\*)\\s+"); // Used to end writting, and exit infinit loop
static regex re("^.+I recowvery: (\\*\\*\\* DUMP ERROR \\*\\*\\*)\\s+"); // Used to intercept error from < recowvery-applypatch >
static regex radbe("^error:(.+)\\s+"); // ADB cmd error
static regex rarch("^.+(aarch64).*\\s+"); // Get arch from <uname -a>
/**
* Run command
* return : 0 if success else -1 if error
**/
int runcmd(string cmd)
{
char rslt[256];
int cmdv = 0;
FILE *fc = popen(cmd.c_str(), "r");
/* Redirect stderr to stdout */
cmd.append(" 2>&1");
// To remove the \n or \r\n at the end.
regex rcmdline("^(.+)\\s+");
if (fc)
{
while (fgets(rslt, sizeof rslt, fc) != NULL)
{
if (regex_match(string(rslt), rcmdline))
cout << regex_replace(string(rslt), rcmdline, "$1") << endl;
// If error matched, return -1
if (regex_match(rslt, radbe))
{
cmdv = -1;
break;
}
}
cout << endl;
fclose(fc);
}
else
{
cerr << "Error running '" << string(cmd) << "'" << endl;
return -1;
}
return cmdv;
}
/**
* Used to split string
* s : string to split (in)
* delim : used char for split (in)
* elems : string array result (out)
**/
void split(const string &s, char delim, vector<string> &elems) {
stringstream ss;
ss.str(s);
string item;
while (getline(ss, item, delim)) {
elems.push_back(item);
}
}
/**
* Used to split string
* s : string to split (in)
* delim : char delimeter (in)
* return : vector string
**/
vector<string> split(const string &s, char delim) {
vector<string> elems;
split(s, delim, elems);
return elems;
}
/** Convert hex string to byte array **/
void string_to_bytearray(std::string str, unsigned char* &array, int& size)
{
int length = str.length();
// make sure the input string has an even digit numbers
if(length%2 == 1)
{
str = "0" + str;
length++;
}
// allocate memory for the output array
array = new unsigned char[length/2];
size = length/2;
std::stringstream sstr(str);
for(int i=0; i < size; i++)
{
char ch1, ch2;
sstr >> ch1 >> ch2;
int dig1, dig2;
if(isdigit(ch1)) dig1 = ch1 - '0';
else if(ch1>='A' && ch1<='F') dig1 = ch1 - 'A' + 10;
else if(ch1>='a' && ch1<='f') dig1 = ch1 - 'a' + 10;
if(isdigit(ch2)) dig2 = ch2 - '0';
else if(ch2>='A' && ch2<='F') dig2 = ch2 - 'A' + 10;
else if(ch2>='a' && ch2<='f') dig2 = ch2 - 'a' + 10;
array[i] = dig1*16 + dig2;
}
}
/**
* Get architecture type
* Run <adb shell uname -a> and find the word : aarch64
* If found return <ANDROID_64> else <ANDROID_32>
**/
string getArchType()
{
char rslt[256];
string val;
FILE *fc = popen("adb shell uname -a", "r");
// To remove the \n or \r\n at the end.
if (fc)
{
while (fgets(rslt, sizeof rslt, fc) != NULL)
{
if (regex_match(string(rslt), rarch))
{
cout << "* Android x64 version detected." << endl;
val = string(ANDROID_64);
}
else
{
cout << "* Android x32 version detected." << endl;
val = string(ANDROID_32);
}
}
cout << endl;
fclose(fc);
}
else
{
cerr << "Error running 'adb shell uname -a'" << endl;
}
return val;
}
/**
* Display help
**/
void help()
{
cout << "dirtydump boot | recovery" << endl;
cout << "Usage :" << endl;
cout << "\tdirtydump boot : Dump device boot partition and save it to boot.img." << endl;
cout << "\tdirtydump recovery : Dump device recovery partition and save it to recovery.img." << endl << endl;
cout << "Information :" << endl;
cout << "\tThis app use the same exploit explained here : " << endl;
cout << "\thttps://github.com/jcadduono/android_external_dirtycow" << endl;
cout << "\tThe only difference is by the <applypatch>, instead of patching," << endl;
cout << "\tit read your boot / recovery partition." << endl;
cout << "\tConvert all data to hex value, and display it." << endl;
cout << "\tDuring the process, the app read all data through" <<endl;
cout << "\t<adb logcat -s recowvery> and do the reverse," << endl;
cout << "\tconvert all hex value to binary, and write it to a file." << endl;
cout << "\tBecause your device is like crashing, this app reboot" << endl;
cout << "\tautomaticaly when the process is finished." << endl;
cout << endl;
}
/**
* Initialize process.
* Push required files to your device and apply a chmod to them and exit.
**/
int init()
{
cout << "***************" << endl;
cout << "**** Init *****" << endl;
cout << "***************" << endl << endl;
string files[] = {"dirtycow",
"recowvery-applypatch_boot",
"recowvery-applypatch_recovery",
"recowvery-app_process64",
"recowvery-app_process32"};
string cmdlist[] = {"adb shell chmod 0777 /data/local/tmp/dirtycow",
"adb shell chmod 0777 /data/local/tmp/recowvery-applypatch_boot",
"adb shell chmod 0777 /data/local/tmp/recowvery-applypatch_recovery",
"adb shell chmod 0777 /data/local/tmp/recowvery-app_process64",
"adb shell chmod 0777 /data/local/tmp/recowvery-app_process32"};
char cmd[128];
/* Push files to the device */
for(auto s : files)
{
sprintf(cmd, "adb push %s%sbin%s%s /data/local/tmp", appDirectory.c_str(), DIRECTORY_SEPARATOR, DIRECTORY_SEPARATOR, s.c_str());
cout << string(cmd) << endl;
if (runcmd(cmd) != 0)
return -1;
}
/* Apply chmod to the pushed files */
for(auto s : cmdlist)
{
cout << string(s) << endl;
if (runcmd(s) != 0)
return -1;
}
arch = getArchType();
if (arch.empty())
return -1;
return 0;
}
/**
* Apply exploit to applypatch (for boot or process) and app_process64
**/
int runExploit(int v)
{
cout << "**********************" << endl;
cout << "**** Run Exploit *****" << endl;
cout << "**********************" << endl << endl;
string cmdlist[] = {
"", // For applypatch
"" // For app_process
};
if (v == BOOT)
cmdlist[0].append("adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/recowvery-applypatch_boot");
else if (v == RECOVERY)
cmdlist[0].append("adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/recowvery-applypatch_recovery");
else
return -1;
if (arch == ANDROID_64)
cmdlist[1] = "adb shell /data/local/tmp/dirtycow /system/bin/app_process64 /data/local/tmp/recowvery-app_process64";
else
cmdlist[1] = "adb shell /data/local/tmp/dirtycow /system/bin/app_process32 /data/local/tmp/recowvery-app_process32";
for(auto s : cmdlist)
{
cout << s << endl;
if (runcmd(s) != 0)
return -1;
}
return 0;
}
/**
* reboot device from adb
**/
int rebootDevice()
{
cout << "************************" << endl;
cout << "**** Reboot Device *****" << endl;
cout << "************************" << endl << endl;
return runcmd(string("adb reboot"));
}
/**
* Function that do the stuff
* If a line contain *** DUMP START *** it start to get all hex value in HEXDUMP = [a1,e2,b4,ect.] and convert to binary before writing to output file.
* All other line are :
* <*** DUMP ERROR ***> : Error during the process, or your device is disconnected, no more battery...
* <*** DUMP END ***> : Dumping is end / end of process.
* <Other lines> : Displayed
**/
int displayLogAndConvertData(string line)
{
/**
* If an unexpected EOF from recowvery-applypatch or if no <pipe>...
* We can't receive a null string, so break the loop, close fsout, and exit the program.
**/
if (line.empty())
{
cout << string("* < null > received !") << endl;
cout << string("Try again...") << endl;
return -1;
}
/**
* *** DUMP START ***
* set startwrite = true to write parsed data to fsout
**/
if (regex_match(line, rs))
{
startwrite = true;
cout << "Start writing to file..." << endl;
}
/**
* Parse all string received if match
* Note :
* It's possible to have matched string before intercept DUMP START,
* If we convert now, it's a good idea to have a broken output file.
**/
if (startwrite && regex_match(line, rl))
{
string s = regex_replace(line, rl, "$1");
vector<string> data = split(s, ',');
for (int c = 0; c < (int)data.size(); c++)
{
try
{
byte *b = NULL;
int sb;
string_to_bytearray(data[c], b, sb);
fwrite(b, 1, sb, fsout);
}
catch (const exception &ex)
{
cout << endl;
cout << string("** Exception **") << endl;
cout << string(" - When convert : ") << data[c] << endl;
cout << string(" - Message : ") << ex.what() << endl;
}
}
nBlock++;
currentSize = nBlock * 32;
cout << "\r";
cout << "Block read : " << nBlock << " (Size : " << currentSize << ")";
}
/**
* Display the other lines (for debuging, logging...)
**/
else if (!regex_match(line, rl) && (!regex_match(line, rf) && !startwrite) && line.length() > 1)
{
cout << line;
}
/**
* *** DUMP END ***
* Flush and close fsout, inform the user, and break the loop.
**/
if (startwrite && regex_match(line, rf))
{
cout << endl << "Finish" << endl;
startwrite = false;
return 1;
}
/**
* *** DUMP ERROR ***
* An error intercepted from ADB, close fsout, set start to false.
* < applypatch > will restart every 3 min.
* We break the loop after 3 errors.
**/
if (regex_match(line, re))
{
cout << std::string("* Error received from ADB *") << std::endl;
startwrite = false;
if (ncrash == 3)
{
cout << std::string("* Too many tries, please check your < recowvery-applypatch.c > and try again.") << std::endl;
return -1;
}
cout << std::string("* Be patient, recowvery-applypatch will restart in a few minutes.") << std::endl;
ncrash++;
}
return 0;
}
/**
* run <adb logcat -s recowvery> and send line by line to <displayLogAndConvertData> function
**/
int readFromLogcat()
{
cout << "*********************************" << endl;
cout << "**** adb logcat -s recowvery ****" << endl;
cout << "*********************************" << endl << endl;
char buff[1024];
int prc = 0;
FILE *fc = popen("adb logcat -s recowvery", "r");
if (fc)
{
while(fgets(buff, sizeof buff, fc) != NULL)
{
prc = displayLogAndConvertData(string(buff));
// Error occuring
if (prc == -1)
{
cerr << "Error during the process !" << endl;
break;
}
// Process finished
if (prc == 1)
break;
}
/*
* When finish or an error received from adb, <startwrite> is set to false.
* If set to true, a NULL string has been received before receiving a DUMP_END or DUMP_ERROR.
* So, so we display an error.
*/
if (startwrite)
{
cerr << "Error during the process !" << endl;
prc = errno;
}
fclose(fc);
}
else
{
cerr << "Error running <adb logcat -s recowvery" << endl;
}
return prc;
}
/** main **/
int main(int argc, char** argv)
{
int ret = 0;
string filename;
if (argc == 1)
{
help();
return ret;
}
/* Fix for windows
* If run in same directory as the exe, return only the exe name without folder where it run.
* So, if DIRECTORY_SEPARATOR not found in argv_str, appDirectory = "." for linux, mac and windows
*/
string argv_str(argv[0]);
if (argv_str.find_last_of(DIRECTORY_SEPARATOR) != string::npos)
appDirectory = argv_str.substr(0, argv_str.find_last_of(DIRECTORY_SEPARATOR));
else
appDirectory = string(".");
ret = init();
if (ret != 0)
return ret;
if (string(argv[1]) == "boot")
{
ret = runExploit(BOOT);
filename = "boot.img";
}
else
{
ret = runExploit(RECOVERY);
filename = "recovery.img";
}
if (ret != 0)
return ret;
else
{
fsout = fopen(filename.c_str(), "wb");
if (!fsout)
{
cerr << "Can't open or create file : <" << string(filename) << ">" << endl;
rebootDevice();
return errno;
}
else
{
ret = readFromLogcat();
fclose(fsout);
}
cout << endl;
cout << "Image file saved here :" << endl;
cout << " " << appDirectory << string(DIRECTORY_SEPARATOR) << string(filename) << endl;
cout << endl;
}
cout << "Rebooting your device..." << endl;
ret = rebootDevice();
return ret;
}
Note :
There is only linux binary, the windows version come soon.
(I don't know why Windows don't work as expected :x)
If you are interested by the source code, I can attach it.
Tested and build from Ubuntu 16.04 (x64) / Code::Blocks & gedit.
If any bug, I will do the best to solve this.
So sorry for my english, or any misspelling :x
Hey man great work
I was in need of such a tool
I needed the recovery partition for andromax x58
Though I dont own the phone its for someone(yeah you understand it right)
And now finally ported Twrp to it
please make compatible for 32 bit device
Hi,
Normaly, it may work for 32bit device, but can't test it :/
Can you give me error log, text displayed on your terminal please ?
And if possible, what do you have when you do : "adb shell uname -a" ? (because I detect 32 or 64bits device by this)
Regards,
Vincent
could you please post the dirty dump executable source code so i can port it to windows?
or just tell me how you determind what binary the device needs?
Ricky Divjakovski said:
could you please post the dirty dump executable source code so i can port it to windows?
or just tell me how you determind what binary the device needs?
Click to expand...
Click to collapse
The boss Appear.What a pleasant thing it is.
China user
Ricky Divjakovski said:
could you please post the dirty dump executable source code so i can port it to windows?
or just tell me how you determind what binary the device needs?
Click to expand...
Click to collapse
Hi and sorry for the time to answer...
I've added the source code at the end of the first post
The Hard Gamer said:
Hey man great work
I was in need of such a tool
I needed the recovery partition for andromax x58
Though I dont own the phone its for someone(yeah you understand it right)
And now finally ported Twrp to it
Click to expand...
Click to collapse
Hai Bro,what command you issue in linux to run ?
Thks
Hmm this is awesome except the part it doesn't work on Ubuntu 14.04 and source code need gcc-4.9 to build (not sure).
Anyway I will install Ubuntu 16.04 to make new things to LG K4 (2016) [MTK MT6735m], good job thanks for it
@Vince_02100 what compilers did you used to applypatch and app_process64?
I need to compile a version to armv7(aka 32), since my current device (the LG K4) have a x32 Android and a x64 CPU.
I'm improving your dirtydump but with limitations since I don't know much about C/C++.
Please reply or PM me, anyway I will try my best to make it x32 support
@Vince_02100
My question is, did you base the operation of your tool on the dirtycow exploit? Seems like it because of its name and reference to jcadduono.
This is actually awesome then because I have a tool very similar only it works as a shell command handler. The Greyhat Root Console essentially is it's own Terminal Interface specifically to use dirtycow for root shell commands.
I only bring that up because Stock OEM builds that are dated October 2016 or later pretty much can't utilize CVE-2016-5195. Some didn't get patched that soon but most did. The rule of thumb I've always had when working with Dirtycow is to use stock builds from September 2016. Since they are the most up to date builds still vulnerable. I don't know how many people reading this thread know that.
Here is the thread I made where @droidvoider explains how to use the Greyhat Root Console: https://forum.xda-developers.com/android/help/injecting-root-setting-selinux-stages-t3573036
The thread also details our journey into modifying the Device SEPolicy using the console in order to elevate our normal user privileges. We have the instructions to build the Console for both 32-Bit and 64-Bit Builds of Android 5.1.1 & 6.0.1
I think the source code and our thread may just give you some good insight going forward with your tool, even though The Greyhat Root Console was developed on an AT&T Galaxy Note 5. That thread is a gold mine for dirtycow information.
Thanks for your great tool and explanation @Vince_02100. I'm researching to dump boot, recovery for Onkyo DP-CMX1 to make custom TWRP. I have some stupid questions and need your help like following:
1. Tool will not break system partition and it can boot normally after dumping recovery, boot?
2. I don't have root so how can I copy dumped files: ./boot.img , ./recovery.img to /sdcard or to computer? Do I edit your code
fp = fopen(blockDev, "r"); to make it write to /sdcard/boot.img?
Could someone help me figure out how to display the gyroscope data as text on the watches screen using Native Tizen code (Tizen 3.0)?
:good:Update: I figured this out. Here is a link to download the Tizen Studio project:
https://drive.google.com/file/d/1izEePFnpUAww7Li7RdlyNxX85_1Mso3n/view?usp=sharing
Should this download link get removed at some point in the future here is the code:
/////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////SOURCE (.c) FILE///////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////
#include <sensor.h>
#include <stdbool.h>
#include <dlog.h> // for logging purposes
//Define objects to appear on screen
Evas_Object *GLOBAL_DEBUG_BOX;
Evas_Object *start, *stop;
Evas_Object *conform;
sensor_listener_h listener;
Evas_Object *event_label;
Evas_Object *GLOBAL_DEBUG_BOX;
Evas_Object *start, *stop;
Evas_Object *conform;
sensor_listener_h listener;
Evas_Object *event_label;
void on_sensor_event(sensor_h sensor, sensor_event_s *event, void *user_data)
{
// Select a specific sensor with a sensor handle
sensor_type_e type;
sensor_get_type(sensor, &type);
switch (type) {
case SENSOR_GYROSCOPE:
dlog_print(DLOG_INFO, LOG_TAG, "%d" , event->values[0], event->values[1], event->values[2]);
char a[100];
sprintf(a,"X:%.2f Y:%.2f Z:%.2f", event->values[0], event->values[1], event->values[2]);
elm_object_text_set(event_label, a);
break;
default:
dlog_print(DLOG_ERROR, LOG_TAG, "Not a gyroscope event");
}
}
void _sensor_accuracy_changed_cb(sensor_h sensor, unsigned long long timestamp,
sensor_data_accuracy_e accuracy, void *data)
{
dlog_print(DLOG_DEBUG, LOG_TAG, "Sensor accuracy change callback invoked");
}
void _sensor_start_cb(void *data, Evas_Object *obj, void *event_info)
{
void *user_data = NULL;
char out[100];
// Retrieving a Sensor
sensor_type_e type = SENSOR_GYROSCOPE;
sensor_h sensor;
bool supported;
int error = sensor_is_supported(type, &supported);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_is_supported error: %d", error);
return;
}
if(supported)
{
dlog_print(DLOG_DEBUG, LOG_TAG, "Gyroscope is%s supported", supported ? "" : " not");
sprintf(out,"Gyroscope is%s supported", supported ? "" : " not");
elm_object_text_set(event_label, out);
}
// Get sensor list
int count;
sensor_h *list;
error = sensor_get_sensor_list(type, &list, &count);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_sensor_list error: %d", error);
} else {
dlog_print(DLOG_DEBUG, LOG_TAG, "Number of sensors: %d", count);
free(list);
}
error = sensor_get_default_sensor(type, &sensor);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_default_sensor error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "sensor_get_default_sensor");
// Registering a Sensor Event
error = sensor_create_listener(sensor, &listener);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_create_listener error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "sensor_create_listener");
int min_interval = 0;
error = sensor_get_min_interval(sensor, &min_interval);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_min_interval error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "Minimum interval of the sensor: %d", min_interval);
// Callback for sensor value change
error = sensor_listener_set_event_cb(listener, min_interval, on_sensor_event, user_data);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_listener_set_event_cb error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "sensor_listener_set_event_cb");
// Registering the Accuracy Changed Callback
error = sensor_listener_set_accuracy_cb(listener, _sensor_accuracy_changed_cb, user_data);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_listener_set_accuracy_cb error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "sensor_listener_set_accuracy_cb");
error = sensor_listener_set_interval(listener, 100);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_listener_set_interval error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "sensor_listener_set_intervals");
error = sensor_listener_set_option(listener, SENSOR_OPTION_ALWAYS_ON);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_listener_set_option error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "sensor_listener_set_option");
error = sensor_listener_start(listener);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_listener_start error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "sensor_listener_start");
sensor_event_s event;
error = sensor_listener_read_data(listener, &event);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_listener_read_data error: %d", error);
return;
}
switch (type) {
case SENSOR_GYROSCOPE:
dlog_print(DLOG_INFO, LOG_TAG, "X:%.2f Y:%.2f Z:%.2f" , event.values[0], event.values[1], event.values[2]);
sprintf(out,"X:%.2f Y:%.2f Z:%.2f", event.values[0], event.values[1], event.values[2]);
elm_object_text_set(event_label, out);
break;
default:
dlog_print(DLOG_ERROR, LOG_TAG, "Not a gyroscope event");
}
dlog_print(DLOG_DEBUG, LOG_TAG, out);
char *name = NULL;
char *vendor = NULL;
float min_range = -571.0;
float max_range = 571.0;
float resolution = 0.0;
error = sensor_get_name(sensor, &name);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_name error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "Sensor name: %s", name);
free(name);
error = sensor_get_vendor(sensor, &vendor);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_vendor error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "Sensor vendor: %s", vendor);
free(vendor);
error = sensor_get_type(sensor, &type);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_type error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "Sensor type: %s",
type == SENSOR_ACCELEROMETER ? "Accelerometer"
: type == SENSOR_GRAVITY ? "Gravity sensor"
: type == SENSOR_LINEAR_ACCELERATION ? "Linear acceleration sensor"
: type == SENSOR_MAGNETIC ? "Magnetic sensor"
: type == SENSOR_ROTATION_VECTOR ? "Rotation Vector sensor"
: type == SENSOR_ORIENTATION ? "Orientation sensor"
: type == SENSOR_GYROSCOPE ? "Gyroscope sensor"
: type == SENSOR_LIGHT ? "Light sensor"
: type == SENSOR_PROXIMITY ? "Proximity sensor"
: type == SENSOR_PRESSURE ? "Pressure sensor"
: type == SENSOR_ULTRAVIOLET ? "Ultraviolet sensor"
: type == SENSOR_TEMPERATURE ? "Temperature sensor"
: type == SENSOR_HUMIDITY ? "Humidity sensor"
: type == SENSOR_HRM ? "Heart Rate Monitor sensor (Since Tizen 2.3.1)"
: type == SENSOR_HRM_LED_GREEN ? "HRM (LED Green) sensor (Since Tizen 2.3.1)"
: type == SENSOR_HRM_LED_IR ? "HRM (LED IR) sensor (Since Tizen 2.3.1)"
: type == SENSOR_HRM_LED_RED ? "HRM (LED RED) sensor (Since Tizen 2.3.1)"
: type == SENSOR_LAST ? "End of sensor enum values" : "Custom sensor");
error = sensor_get_min_range(sensor, &min_range);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_min_range error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "Minimum range of the sensor: %f", min_range);
error = sensor_get_max_range(sensor, &max_range);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_max_range error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "Maximum range of the sensor: %f", max_range);
error = sensor_get_resolution(sensor, &resolution);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_get_resolution error: %d", error);
return;
}
dlog_print(DLOG_DEBUG, LOG_TAG, "Resolution of the sensor: %f", resolution);
elm_object_disabled_set(start, EINA_TRUE);
elm_object_disabled_set(stop, EINA_FALSE);
}
void _sensor_stop_cb(void *data, Evas_Object *obj, void *event_info)
{
int error = sensor_listener_unset_event_cb(listener);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_listener_unset_event_cb error: %d", error);
}
error = sensor_listener_stop(listener);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_listener_stop error: %d", error);
}
error = sensor_destroy_listener(listener);
if (error != SENSOR_ERROR_NONE) {
dlog_print(DLOG_ERROR, LOG_TAG, "sensor_destroy_listener error: %d", error);
}
elm_object_disabled_set(start, EINA_FALSE);
elm_object_disabled_set(stop, EINA_TRUE);
}
static void
win_delete_request_cb(void *data, Evas_Object *obj, void *event_info)
{
ui_app_exit();
}
Eina_Bool _pop_cb(void *data, Elm_Object_Item *item)
{
elm_win_lower(((appdata_s *)data)->win);
return EINA_FALSE;
}
Evas_Object *_new_button(appdata_s *ad, Evas_Object *display, char *name, void *cb)
{
// Create a button
Evas_Object *bt = elm_button_add(display);
elm_object_text_set(bt, name);
evas_object_smart_callback_add(bt, "clicked", (Evas_Smart_Cb) cb, ad);
evas_object_size_hint_weight_set(bt, EVAS_HINT_EXPAND, 0.0);
evas_object_size_hint_align_set(bt, EVAS_HINT_FILL, EVAS_HINT_FILL);
elm_box_pack_end(display, bt);
evas_object_show(bt);
return bt;
}
void _create_new_cd_display(appdata_s *ad, char *name, void *cb)
{
// Create main box
Evas_Object *box = elm_box_add(conform);
elm_object_content_set(conform, box);
elm_box_horizontal_set(box, EINA_FALSE);
evas_object_size_hint_align_set(box, EVAS_HINT_FILL, EVAS_HINT_FILL);
evas_object_size_hint_weight_set(box, EVAS_HINT_EXPAND, EVAS_HINT_EXPAND);
evas_object_show(box);
start = _new_button(ad, box, "Start", _sensor_start_cb);
event_label = elm_label_add(box);
elm_object_text_set(event_label, "Press Start and Wait");
elm_box_pack_end(box, event_label);
evas_object_show(event_label);
stop = _new_button(ad, box, "Stop", _sensor_stop_cb);
}
static void create_base_gui(appdata_s *ad)
{
// Setting the window
ad->win = elm_win_util_standard_add(PACKAGE, PACKAGE);
elm_win_conformant_set(ad->win, EINA_TRUE);
elm_win_autodel_set(ad->win, EINA_TRUE);
elm_win_indicator_mode_set(ad->win, ELM_WIN_INDICATOR_SHOW);
elm_win_indicator_opacity_set(ad->win, ELM_WIN_INDICATOR_OPAQUE);
evas_object_smart_callback_add(ad->win, "delete, request", win_delete_request_cb, NULL);
/* Create conformant */
conform = elm_conformant_add(ad->win);
evas_object_size_hint_weight_set(conform, EVAS_HINT_EXPAND, EVAS_HINT_EXPAND);
elm_win_resize_object_add(ad->win, conform);
evas_object_show(conform);
// Create a naviframe
ad->navi = elm_naviframe_add(conform);
evas_object_size_hint_align_set(ad->navi, EVAS_HINT_FILL, EVAS_HINT_FILL);
evas_object_size_hint_weight_set(ad->navi, EVAS_HINT_EXPAND, EVAS_HINT_EXPAND);
elm_object_content_set(conform, ad->navi);
evas_object_show(ad->navi);
// Fill the list with items
//create_buttons_in_main_window(ad);
_create_new_cd_display(ad, "Sensor", _pop_cb);
eext_object_event_callback_add(ad->navi, EEXT_CALLBACK_BACK, eext_naviframe_back_cb, NULL);
// Show the window after base gui is set up
evas_object_show(ad->win);
}
static bool app_create(void *data)
{
/*
* Hook to take necessary actions before main event loop starts
* Initialize UI resources and application's data
* If this function returns true, the main loop of application starts
* If this function returns false, the application is terminated
*/
create_base_gui((appdata_s *)data);
return true;
}
int main(int argc, char *argv[])
{
appdata_s ad;
memset(&ad, 0x00, sizeof(appdata_s));
ui_app_lifecycle_callback_s event_callback;
memset(&event_callback, 0x00, sizeof(ui_app_lifecycle_callback_s));
event_callback.create = app_create;
int ret = ui_app_main(argc, argv, &event_callback, &ad);
if (ret != APP_ERROR_NONE)
dlog_print(DLOG_ERROR, LOG_TAG, "ui_app_main() failed with error: %d", ret);
return ret;
}
/////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////HEADER (.h) FILE//////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////
#ifndef __charge2silence_H__
#define __charge2silence_H__
#include <app.h>
#include <Elementary.h>
#include <app.h>
#include <dlog.h>
#include <efl_extension.h>
#include <sensor.h>
#define _PRINT_MSG_LOG_BUFFER_SIZE_ 1024
#define PRINT_MSG(fmt, args...) do { char _log_[_PRINT_MSG_LOG_BUFFER_SIZE_]; \
snprintf(_log_, _PRINT_MSG_LOG_BUFFER_SIZE_, fmt, ##args); _add_entry_text(_log_); } while (0)
typedef struct {
Evas_Object *win;
Evas_Object *navi;
} appdata_s;
void _add_entry_text(const char *text);
Evas_Object *_new_button(appdata_s *ad, Evas_Object *display, char *name, void *cb);
void _create_new_cd_display(appdata_s *ad, char *name, void *cb);
Eina_Bool _pop_cb(void *data, Elm_Object_Item *item);
#ifdef LOG_TAG
#undef LOG_TAG
#endif
#define LOG_TAG "charge2silence"
#if !defined(PACKAGE)
#define PACKAGE "org.volume.charge2silence"
#endif
#endif /* __charge2silence_H__ */
//"charge2silence" is just the name of my project//