Related
Hi kernel hackers,
it is getting very silent recently about possible security hacks on the Milestone platform.
Today i stumbled over some kernel code located in /drivers/misc/sec.
Maybe this had been discussed already.... anyway
There're some interesting functions in the source code and i wonder which application is using this module to enter the secure world of OMAP.
Some of the functions are accessing registers, that are also involved in low level routines of the bootcode (e.g. mbmloader).
Some questions:
Which application in android userspace is using this module?
Could we tweak this module to get access to some of the protected OMAP registers?
Is it a signed module?
Would be nice to use a modified module and activate some of the blocked features (e.g. DAP controller for debugging).
Any comments welcome!!!
Regards,
scholbert
scholbert said:
Hi kernel hackers,
it is getting very silent recently about possible security hacks on the Milestone platform.
Today i stumbled over some kernel code located in /drivers/misc/sec.
Maybe this had been discussed already.... anyway
There're some interesting functions in the source code and i wonder which application is using this module to enter the secure world of OMAP.
Some of the functions are accessing registers, that are also involved in low level routines of the bootcode (e.g. mbmloader).
Some questions:
Which application in android userspace is using this module?
Could we tweak this module to get access to some of the protected OMAP registers?
Is it a signed module?
Would be nice to use a modified module and activate some of the blocked features (e.g. DAP controller for debugging).
Any comments welcome!!!
Regards,
scholbert
Click to expand...
Click to collapse
Well, I'm not a kernel hacker, but I have an educated guess...
I believe that the radio system uses those functions to check whether the kernel is valid or not, so, we have the radio not working with a replacement kernel that is loaded using kexec...
Perhaps, if it is possible to "change" this function using a module, we could get a function always telling the kernel is valid and have kexec working on Milestone. Again, I'm not a kernel hacker, but that is my guess.
Hi, I'm sorry that I wont be much help but these guys might;
https://www.droid-developers.org/
irc://irc.freenode.net/#milestone-modding
Hi,
thanks for your comments so far.
To be more precisely i think this kernel driver is calling the secure monitor in some way. See here:
https://www.droid-developers.org/wiki/Secure_Monitor
There's also a structure defined in that driver. I think i'll have to compare some of the ioctl entries.
https://www.droid-developers.org/wiki/Secure_Services
I'll do some investigation on this issue and search the web for some userland source code using this driver.
Again, if someone knows more about it, your welcome
Cheers,
scholbert
scholbert said:
Hi,
thanks for your comments so far.
To be more precisely i think this kernel driver is calling the secure monitor in some way. See here:
https://www.droid-developers.org/wiki/Secure_Monitor
There's also a structure defined in that driver. I think i'll have to compare some of the ioctl entries.
https://www.droid-developers.org/wiki/Secure_Services
I'll do some investigation on this issue and search the web for some userland source code using this driver.
Again, if someone knows more about it, your welcome
Cheers,
scholbert
Click to expand...
Click to collapse
you don't have to search for the source, it's on SourceForge:
http://sourceforge.net/projects/milestone.motorola/files/
SophT said:
you don't have to search for the source, it's on SourceForge:
http://sourceforge.net/projects/milestone.motorola/files/
Click to expand...
Click to collapse
Yeah sure, i knew this
Anyway, thanks for the hyperlink!
In the meantime i grepped all binaries from the latest distribution.
I found out, that two applications are using /dev/sec.
1. dbvc_atvc_property_set
2. tcmd
If someone knows which package of source code they belong to... would save some time searching.
EDIT:
O.K. Google did it for me...
Seems that both binaries are proprietary code. Some early conclusions:
1. dbvc_atvc_property_set
This one is started as a service in init.mapphone_umts.rc and seems to use /dev/sec for granting rights to access OMAP secure world (e.g. read eFuse values for unique device id, IMEI etc.).
This binary contains a certificate which is not Milestone specific (XT720 uses the same).
So right now i don't know, if this certificate is needed to access /dev/sec or the application itself identifies itself as trusted application (signed app).
Would make sense, if the BP uses signed applications to access certain low level functions, e.g. read/write the eFuse bank.
2. tcmd
This one is also started as a service in init.mapphone_umts.rc to access a variety of devices. Seems to be related to data streaming or stuff.
As stated it has an entry for /dev/sec and it got no certifcate.
Would be interesting to get some more info about that.
Further comments....
P.S.: This bloody security stuff is making me sick
Regards,
scholbert
Hi again,
i just compared some of the defines in the kernel driver headers (/drivers/misc/sec/sec_core.h) with the ones xvilka reversed inside mbmloader.
Code:
...
#define API_HAL_KM_SOFTWAREREVISION_READ 33 // 0x21
...
#define API_HAL_NB_MAX_SVC 39 // 0x27
#define API_HAL_MOT_EFUSE (API_HAL_NB_MAX_SVC + 10) // 0x31
#define API_HAL_MOT_EFUSE_READ (API_HAL_NB_MAX_SVC + 15) // 0x36
...
For comparison see the table here:
https://www.droid-developers.org/wiki/Secure_Services
It is obvious that /dev/sec allows to access OMAP secure world and uses the above mentioned API calls to push information to userspace apps.
The question would be, if ioctl must be certified through the API using some key ...
O.K. i see this is deep down code creeping, but maybe someone understands what i try to work out
See ya,
scholbert
scholbert said:
O.K. i see this is deep down code creeping, but maybe someone understands what i try to work out
Click to expand...
Click to collapse
I think I know what you are trying to work out, but I can't think of any way to help
You're pretty much comparing the results of your findings with that of the mbmloader dump right?
I would like so much to fully understand what you are doing, but I can understand just a little..
btw I hope that you'll be glad to know that you have all my psychological support!
mystichobo said:
I think I know what you are trying to work out, but I can't think of any way to help
You're pretty much comparing the results of your findings with that of the mbmloader dump right?
Click to expand...
Click to collapse
Yeah, kind of... we know for sure there's an API to access security functions on OMAP. I just digged out some parallels in kernel code and mbmloader.
If we could make use of security functions from within kernel space (by using a tweaked module) this would be a nice playground.
Perhaps, there's any bug or backdoor we could shamelessly exploit to:
a. boot custom kernel with second boot
b. tweak the security system and enable some hidden functions inside OMAP
puffo81 said:
I would like so much to fully understand what you are doing, but I can understand just a little..
btw I hope that you'll be glad to know that you have all my psychological support!
Click to expand...
Click to collapse
Thanks a lot for pointing out
Best regards,
scholbert
scholbert said:
Yeah, kind of... we know for sure there's an API to access security functions on OMAP. I just digged out some parallels in kernel code and mbmloader.
If we could make use of security functions from within kernel space (by using a tweaked module) this would be a nice playground.
Perhaps, there's any bug or backdoor we could shamelessly exploit to:
a. boot custom kernel with second boot
b. tweak the security system and enable some hidden functions inside OMAP
Click to expand...
Click to collapse
That's what I thought
Surprised noone has looked into it earlier really
Anyway good luck with it, adding my moral support too.
Cheers,
hobo
mystichobo said:
Surprised noone has looked into it earlier really
Anyway good luck with it, adding my moral support too.
Click to expand...
Click to collapse
I got into contact with xvilka.
Obviously there'd been some investigations concerning this issue.
To be honest, i don't know if it's worth to digg a little deeper or if it will ever led to something useful in the end. Could be fun though
Perhaps it would be nice idea to tweak the driver and put some debug message in the code.
Another interesting thing to do would be a logging function.
This way it would be possible to get some insights of the API to secure monitor.
Anyway, i think it's never useless to discuss about some hacking here. At least were at xda-developers
If you like to tweak some kernel code, join in!!!
Have fun!
scholbert
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Clean | Stable | Flexible | Optimized | Excellent
-> ArchiDroid 2.X <- || Change to ArchiDroid 1.X
A Port of JustArchis Rom to our S3 LTE
Changelog
ArchiDroid 2.5.1
- ArchiDroid_Init code review
- ArchiDroid_RunOnce code review
- Fixed ArchiDroid backend not being executed in some scenarios
- Updated all ArchiDroid backend tools to latest versions
- Updated PA GAPPS to 8 July
- Reverted back to official Google PlayStore # This means that multi-dpi patch is not included anymore in the app itself, use xposed module or patch yourself
- PlayStoreFix is now included with Xposed
- App Settings is now included with Xposed
- Updated BetterBatteryStats to 1.16 RC5
- Updated XPrivacy to 2.1.24
- Updated GravityBox to 3.2.5
- Updated sources
Download
All Files Dev-Host
ArchiDroid-20140715-i9305-2.5.1-Experimental: ArchiDroid 2.5.1 Dev-Host, Mirror: Mediafire
Oldstable: ArchiDroid 2.4.6 Dev-Host
Remember that you don't need anything else to flash. Google Apps are included already.
Recovery-Philz_Touch_6.41.6: http://www.mediafire.com/download/?rf75pfrp34zws7b
Known Issues
All known and unknown CyanogenROM bugs (if any)
INSTALLATION INSTRUCTIONS
- Download the latest build of ArchiDroid ROM
1.- Wipe data / factory reset (mandatory if you coming from STOCK OR 4.2.X version or any other ROM)
2.- Install the Main ROM via Aroma installer, make your choices and lean back.
3.- Reboot
Attention: first boot will last a couple of minutes, at least almost 5 minutes or a few more. So after flashing take a rest and drink a coffee or a beer !
And after rom has booted up, led it settle a bit, till all apps and settings are initialized!
UPDATE INSTRUCTIONS
- Download the latest build of ArchiDroid ROM
- Take a nandroid backup
- Flash ROM using recovery and aroma installer
- Reboot
- Enjoy!
Known Bugs:
none...-> tell me if any.
In Aroma Installer you can select for example:
- 3 different Kernels: Boeffla, Angi and Cyanogen Stock
- different Launchers
- different Keyboards
- different Bootanimations
- many additional apps
- to add nav bar
and many other things
Follow ArchiDroid On XDA!
Write A Review!
Rate This Thread!
Buy JustArchi a Beer!
Like ArchiDroid On Facebook!
Hit Thanks!
XDA:DevDB Information
[ROM] [4.4.4. - KTU84P] [OmniROM] [GCC 4.8] [Experimental] [Flexible] [Excellent] [27/06/14] ArchiDroid V2.5.1 | Power In Your Hands, a ROM for the Samsung Galaxy S3 LTE I9305
This Rom is an official kanging of i9300 thread by @JustArchi lead developer and author of ArchiDroid ®. So all credits and thanks goes to JustArchi!!
Contributors
rodman01
ROM OS Version: 4.4.x KitKat
ROM Kernel: Linux 3.0.x
Based On: CyanogenROM / ArchiDroid / SelfKANG
Version Information
Status: Experimental
Created 2014-05-01
Last Updated 2014-07-15
[ROM] [XXUEMKC] [4.3] ArchiDroid V1.7.15 [25/05/14] & FAQs
Clean | Stable | Flexible | Optimized | Excellent
-> ArchiDroid 1.X <- || Change to ArchiDroid 2.X
INSTALLATION INSTRUCTIONS
Be aware that this ROM includes Knox!!!
So your counter will be increased to 1
- Download the latest build of ArchiDroid ROM
1.- Wipe data / factory reset (mandatory if you coming from STOCK OR 4.2.X version or any other ROM)
2.- Install the Main ROM via Aroma installer, make your choices and lean back.
3.- Reboot
4.- After rom is up, led it settle and start SU app to led it deactivate Knox
Changelog
Sammy_ArchiDroid 1.7.15
- Initial release
- removed S5 Theme, because of systemui fc
- Boeffla Kernel as default
Download
Download: Sammy_ArchiDroid-XXUEMKC Dev Host
Known Issues
All known and unknown Sammy bugs (if any)
Wifi strength is a bit low
[SIZE="+3"]ArchiDroid's FAQ / Q&A Section for i9300[/SIZE][SIZE="+1"]There is a special thread in the SIII section with and for FAQs. If you are interested in, I am sure there are good infos about the rom, for everybody and also related to our S1.[/SIZE]
[SIZE="+1"]Features / Why ArchiDroid?[/SIZE]
First of all, ArchiDroid includes everything available in it's base. The whole point of ArchiDroid is to improve the base, without needing of making any trade-offs, so by flashing ArchiDroid, you're getting everything offered by the base itself. There's nothing to lose, everything to gain.
You can read detailed information about every ArchiDroid component here. It's a massive wall of text, so I'm only going to list the core features without describing them.
These were written from scratch, they're completely unique and you won't find exactly the same implementation in any other ROM.
ArchiDroid-Unique features:
- ArchiDroid's AROMA Installer
- ArchiDroid's Pocket Debian
- ArchiDroid's Flasher
- ArchiDroid's RunOnce
- ArchiDroid's Init
- ArchiDroid's Backend Control
- ArchiDroid's Hardware Volatile Entropy Gathering and Expansion Daemon (Haveged)
- ArchiDroid's Fast Random Number Generator (Frandom)
- ArchiDroid's Adblock (dnsmasq/dnrd, dnsproxy2, pixelserv)
- ArchiDroid's Forced Update
Apart from that, here, on the credits page, you can find all third-party projects, which have been implemented into ArchiDroid. In addition to that, it's up to YOU to decide if you want to install something, or not.
ArchiDroid focuses on flexibility and user choice.
If you're looking for fastest ROM, choose ArchiDroid.
If you're looking for most battery-saving ROM, choose ArchiDroid
If you're looking for cutting-edge functions, choose ArchiDroid
If you're looking for the most flexible rom ever created, definitely choose ArchiDroid
ArchiDroid adjusts to your needs. You can make it whatever you want. With bunch of presets, modes and questions, you can make your ArchiDroid behave. Check yourself why ArchiDroid is The TOP 1 ROM for Galaxy S3http://forum.xda-developers.com/galaxy-s3#romList, according to number of followers, rates, reviews and downloads count. Check the Reviews, take a look at Video Reviews, do whatever you want to, ArchiDroid is proven to be one of the best ROMs for Galaxy S3, ever created.
Try ArchiDroid once, and you'll never look back. I can assure you.
Disclaimer
Developer's Kitchen
Unless stated otherwise, all ArchiDroid components are licensed under the Apache License:
Code:
Copyright 2014 [email protected]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Especially:
ArchiDroid is one of the most complex ROMs ever created. When you start digging in my work, you can very easily get lost. And I'm not talking about base itself, but about everything next to it. You can use every part of my work, as long as:
1. You include proper credit where you should. This usually includes proper comment in a script/file and in the credits of the project, including license (if needed)
2. You let me know about this fact. Through PM on xda or e-mail
I'm always happy to help, especially with the problems I faced in the past. However I also want to be respected, considering that most of the ArchiDroid parts were written from scratch.
ArchiDroid 2.X vs. ArchiDroid 1.X
The long battle between choosing over ArchiDroid 2.X and 1.X is still recent. There's no one real and true answer to this. It's up to YOU to decide who wins this battle, because obviously every user is different. I'm only going to give you some tips and briefly describe differences.
Despite the name, ArchiDroid 2.X and 1.X are totally different ROMs. It all started with ArchiDroid 1.X, a ROM based on Sammy's stock firmware, with all needed goodies and features baked in. Then eventually I managed to implement everything what I ever wanted to implement, therefore making ArchiDroid 1.X more or less complete. Then I started with ArchiDroid 2.X project, built from scratch from AOSP sources, with all source codes available.
The point is, ArchiDroid 1.X is more or less complete, there's no "real" development going on, as I obviously don't have samsung sources to begin fun with. On the other hand, ArchiDroid 2.X will never be finished, there's always something to improve, something to add, something to fix... This is ongoing process, which will reach the end when I finally break my SGS3 or change the phone to another one .
If you're new user or you don't know how AOSP works on our SGS3s then I highly suggest to flash ArchiDroid 1.X firstly. ArchiDroid 2.X is targeted at advanced users, who don't mind some "core" features being broken. It will NEVER be as stable as ArchiDroid 1.X is, so if stability is the number 1 for you, choose 1.X.
ArchiDroid comparision
From 1-10, based on my own point of view
Stability
2.X - 5
1.X - 8
Compatibility
2.X - 4
1.X - 9
Battery
2.X - 6
1.X - 9
Performance
2.X - 9
1.X - 6
Features
2.X - 9
1.X - 4
Android Updates
2.X - 9
1.X - 6
-----------
Overall
2.X - 42
1.X - 42
This is ArchiDroid comparision in a nutshell. If you ask me, I think that ArchiDroid 1.X is far better choice for daily driver, but if you're advanced user and you know how to deal with possible broken functions then you can have great time using ArchiDroid 2.X as well.
Remember that only ArchiDroid 1.X supports Samsungs-specific features, such as Smart Stay, Screen mirroring, Allshare or whatever. This also includes closed-source proprietary drivers, such as many bluetooth headsets, which won't work under open-source AOSP. Think twice before considering 2.X if you're addicted to these Samsung goodies.
On the other hand, ArchiDroid 2.X is the only ArchiDroid with "real" development going on, however all universal changes are also backported back to ArchiDroid 1.X, so you're not missing any feature, which benefits also Sammy's base.
That's it. I hope that a choice between both of these awesome roms is a bit easier now. If you still can't decide I suggest to flash both of them for some time and then decide which suits you better.
Know Your ArchiDroid
ArchiDroid is not only a rom. It's not only a baked android with third-party apps, modifications and tweaks. ArchiDroid is an universal backend which improves rom by many built-in functions.
Let me tell you a story. During developing first version of ArchiDroid 2.0 I experienced many problems, which were not that easy to solve. First of all - apps data. Trust me or not but you can't simply extract data, put it in /data/data after install and hope that it works. Android will detect such injection, report inconsistent of data and wipe everything attached to that. Okay so... How I should provide you with my boeffla preset? CoolTool settings? STweaks profile? If I put my data during flashing it'll get wiped. If I put my data and deny wiping it then Android will report inconsistent of data to user and work unstable. Yes guys, it's impossible to do so without a trick or without recompiling whole rom.
I won't tell you a whole story, because you probably don't want to hear about ArchiDroid development. I'll simply tell you that I overcome MANY difficulties, simply because I do what I like, and I like what I do. After countless number of hours, I can finally provide you with the ROM, which is the best. Why is it the best? Because I'm improving the base, and I'm not making any trade-offs.
Video Reviews / How ArchiDroid looks like?
@Koogly
@SkywalkerZ
ArchiDroid User Signatures
ArchiDroid Features
Know your ArchiDroid, learn how to use it
Introduction / Basics
Welcome to ArchiDroid's world mortal. In this tutorial we will show you what ArchiDroid has "inside" and what it really offers. All of things included in this post are ArchiDroid-specific, which means that you won't find any ROM with the same features, as they're written from scratch.
Here you can find some definitions of the words used in sections below. You should know most of them, but in case somebody is lost here you can get back on track.
Terminal, Shell - Typical android shell, which may be obtained in three ways.
1. Through native Android Debug Bridge (ADB) with command "adb shell" from the PC or even "ADB through network" (if supported).
2. Through any Android terminal app, f.e. Android Terminal Emulator bundled with ArchiDroid.
3. Through secure shell daemon (sshd), which needs to be turned on firstly. This is extremely useful in terms of pocket debian, which will be described later.
You can use any of these methods to access android's terminal, however usually Android Terminal Emulator will be the easiest one, as it's android app bundled with ArchiDroid. WARNING! Most of the commands below WILL require root access. You can log in to super user shell by "su" command right after obtaining shell. If you're unsure if you're logged as root or not, "whoami" command should print actual user, "root" or "unknown uid 0" are OK, others are not.
ArchiDroid's Pocket Debian
From wikipedia:
From debian site:
How exactly this covers our beloved SGS3 (and countless number of other android arm-based phones)?
As you may (or even should!) know, Android operates on it's own Linux-based kernel. Android's kernel is literally a fork of Linux kernel, with a few special/unique functions which are required, mostly hardware-specific. Because of that kernel itself is VERY compatible with everything based on Linux.
However there have always existed one typical problem, lack of proper environment. We have a great kernel, great power, linux-based android environment, but this environment lacks of very common and required libraries/binaries. If you ever wondered what is or what does busybox, this is the answer. Busybox is just a small package which offers a few standalone GNU/Linux binaries, which are required to make certain things work. For example, swap priorities. Android knows what swap is, and nothing else. It doesn't know that swap could have a priority, so if you use android's swapon command on 4 devices, it will firstly fill first device, and then proceed to the next. That's why we need busybox in ALL custom kernels, because android environment isn't enough.
However busybox sometimes isn't enough. If we focus only on Android itself, it is. But if you for example want to run stricly linux-based service, I don't know, a web server for example... Is it possible to run a native linux web server on an android? No, it's not. You should firstly compile such service on arm architecture, including all dynamic and static libraries (wrrr ) in it only to finally get mad because of missing libraries or other dependencies. Of course if you're patient you'd finally compile everything and set up, however how long would it take? A few days maybe? If you're skilled in what you're doing...
This is why I included built-in "pocket" debian in ArchiDroid. It's FULLY compatible with everything compiled/based on armhf/armel GNU/Linux architecture, for example Raspberry Pi. With two easy commands you can literally jump into debian environment and use every typical GNU/Linux utilities known from debian itself. Of course this means nothing for most of the users, because they'll never have any reason to use such debian environment but from the developer side, it's big step forward. The best example is with github. As you know ArchiDroid has it's own repo on github, from where you can download/manage stuff. There also exists git app for linux and windows. If you want to follow "expert" way of flashing experimental ArchiDroid version, such program is required. The scenario is the same as compiling web server for an android, it requires much more effort than it's worth. And even then you can end up with syncing external dependencies and searching for solutions for the problems you've never seen before... And with ArchiDroid's pocket debian? It's as simple as in any debian/ubuntu distro. "apt-get update && apt-get install git" and voila. Your git is installed and ready for work. Going further I've even included git in pocket debian itself. Okay, I have debian, I have git, and what next? With git utility I can for example provide you with delta updates for ArchiDroid! ArchiDroid can easily use pocket debian to set up and sync ArchiDroid's repository and then pack and flash latest version without even needing of a PC, using 7-zip or anything else. Another example? A web server. I know that it's very dev-specific but if you for any reason need a web server running, just for example to test simple website, you can have it with just one command. Going further, VNC? MySQL server? PHP? Python? Perl? Ruby? Maybe conditional tasks with cron? Persistent minimal IRC client? rtorrent with rutorrent GUI over WWW? The list goes on... Anything based on linux will work. You can even host a server for your favourite game, as long as it has armhf/armel binaries (unfortunately most of the games don't).
So that's it. In short, debian is an operating system built-in in ArchiDroid to provide you with (unfortunately missing) GNU/Linux environment, with full power, ready to handle anything you could request. I made my best to include fully working debian in ArchiDroid for a minimal cost. Whole OS is packed in one big tar file, compressed using highest bzip2. As for now pocket debian has ONLY 40 megabytes of size, maybe in future it will have up to 50 megabytes, but no more. It's a VERY small cost for having such great power, especially if you know how to use it.
This is a really cutting-edge feature, mostly because I have no limitiations what I can include in my ROM right now, and while other developers are dealing with OpenDelta updates and many Android-based problems, I'm just launching my pocket debian and manages linux stuff.
I'm SURE that most of the advanced ArchiDroid user will just LOVE this feature, as much as I love it. I'm looking forward to your responses how YOU use pocket debian with your ArchiDroid. It's also a great time to learn what does the debian offer and how you can simplify your common tasks with just one example debian utility .
Technical informations:
1. Pocket Debian does not cause any additional overhead. We don't need to use emulation, neither virtualization to boot our monster. I used chroot technology to "jump" into debian environment with already running kernel and Android. That means additional required CPU/RAM is based on what you run in pocket debian. Booting itself doesn't require anything, just about one megabyte of ram for /bin/bash shell .
2. Android has some restrictions, mostly sockets. It doesn't allow to create inet sockets by default, even for root users. You will need to add your custom debian users to special group called "inet" (GID 3003) to allow creating of inet sockets, and you may also need to add a group to net_raw group (GID 3004) to allow creating of raw sockets. Please keep in mind that it's only required if you're running an app which required it's own socket, for example mysql server. So apt-get install mysql-server will fail right after booting, you will need to use "addgroup mysql inet" and then apt-get -f install to complete installation. Of course "mysql" is the new user under which mysql-server really operates. I've added root to both of these groups by default.
3. The only "real" restriction is the kernel. Our debian uses Android kernel and it's filesystem. It should work with most common tasks but in some cases our kernel may lack specific modules or built-in code, for example tun/tap required for OpenVPN. Still it's enough to run pretty much everything and if you get in touch with your favourite kernel developer you can also kindly ask for specific missing things.
4. Debian is built and included thanks to debootstrap utility, ArchiDroid command used for creating debian environment is debootstrap --verbose --arch armhf --include=git,ca-certificates,ssh,htop,tightvncserver,xterm,xfonts-base --exclude=manpages,man-db,rsyslog,vim-common,vim-tiny testing debian http://ftp.fr.debian.org/debian
HowTo:
Pocket Debian contains two main terminal commands, "adlinux" and "debian". Both of them are described below. By adlinux and debian you boot and jump into debian's chroot, which means you can use any debian-specific commands.
Examples:
passwd - changes password of actual user. This is needed to login as specific user, for example through ssh.
service ssh start - starts local SSH (secure shell) daemon on native port :22, to which you can easily access via any client supporting ssh, f.e. PuTTY. So basicly after you start shell you can literally connect to your local area network (LAN) IP on port 22 f.e. through PuTTY from your PC.
ifconfig - prints network-related informations about online interfaces, including your local IP, which may be useful for connecting to SSH.
htop - Enhanced top utility. Gives you very good terminal-based view on actual running processes, used ram, load, and more.
apt-get update - Syncs with debian's apt repository. This is mandatory to use many of apt commands because ArchiDroid's debian comes without local repo available, however fully configured to download and access it with just one command
apt-get install XXX - installs packet XXX from debian's repository.
apt-cache search XXX - searches for all packets including keyword "XXX". Ultra useful in terms of searching for specific packet.
Please note that pocket debian is VERY similar to normal native Debian/Ubuntu distribution, therefore above commands are not ArchiDroid's magic, they're very widely used in Debian/Ubuntu distros. If you want to learn more, most of the Debian/Ubuntu tutorials will be very helpful.
ArchiDroid's Pocket Debian Booter (adlinux)
You can call "adlinux" command from your favourite terminal.
adlinux is designed to boot and prepare ArchiDroid's Pocket Debian environment. It requires mode to be specified, and also respects any extra arguments passed.
If you call standalone "adlinux" command then it will print usage and then ask you what you want to do with giving proper informations about every choice. Additionally if you know what you want to do, you can also pass arguments directly to adlinux command, f.e. by executing "adlinux default", which will execute adlinux with "default" mode.
Available modes:
default - Will mount /data /system /storage/sdcard0 /storage/sdcard1 and core filesystems in chroot. Default suggested mode
safe - Will mount only core filesystems in chroot. Useful if you don't want to share your storage in chroot
bare - Won't mount even core filesystems such as /proc /dev or /sys. Requires "debian force" to enter chroot. This is the "real" safe mode. You won't be able to interact with an android in any way, while debian itself will work in very limited environment, making core functions unavailable. Suggested only for testing purposes
rebuild - Will automatically reboot your device and remove debian folder in the safe way. WILL CAUSE ALL DEBIAN DATA TO BE LOST!
unmount - Will automatically reboot your device to safely unmount debian environment
Extra options:
extsd - Use external sd card (/storage/sdcard1 /storage/extSdCard), if possible
intsd - Use internal sd card (/data/media/0)
Additional information about modes:
Debian shares core kernel filesystems in "safe" and "default" modes, while it also shares your internal and external sd card in "default" mode. This is nothing to be scared of, as you have full control of what you run in debian, however please note that you CAN'T do whatever you want. All mounted partitions in debian are "binded". "Bind" means that it's mirrored to the mount point and all changes on mounted partition WILL affect the mount point, which is logical. This is nothing to be scared of, as long as you know that debian only extends your environment, it does not fully works in it's own and you CAN cause serious problems from inside of chroot. The only really safe mode is "bare" mode, however in "bare" mode debian can't really do anything, as kernel filesystems are absolutely required for most of the functions. Okay so, you need to know one thing. If you have booted debian you SHOULD NOT touch debian's folder, which is ArchiDroid/debian (on your internal or external sd card, depends what you choosed).. As you know debian for example binds /data to it's folder /data, which is physically ArchiDroid/debian/data. If you for example delete ArchiDroid/debian through root explorer WITH mounted debian then it will ALSO delete debian/data folder, which is binded to /data, and therefore will delete your whole internal sd card, that's why it's extremely important to take care because booted debian becomes part of the android and deleting it can cause at least soft bricks, with a possibility of hard as well. If you want to delete debian folder PLEASE use "rebuild" mode, only through this way you're absolutely sure that nothing bad happens and you won't delete your whole system partition by accident.
Note about extsd option:
Debian requires symlink functionality, typically native windows filesystems DON'T support symlinks, therefore you need to have your external sd card formatted in one of the native linux filesystems, f.e. ext4. adlinux will automatically tell you if debian can be unpacked and used on your external sd card, however it won't be possible under most common filesystems, such as exFAT or FAT32.
Technical informations:
1. Pocket debian archive is located in ArchiDroid/System/debian.tar.gz file. This is "bare" system used for creating environment for the first time, you should not touch it.
2. adlinux detects if debian is already extracted when booting, if not, it's firstly extracted from the file described above.
3. After extracting (if required), core filesystems are mounted with "bind" option based on the mode you've selected in "mode" question above. Typically it mounts /data /system /storage/sdcard0 /storage/sdcard1 /storage/extSdCard /dev /proc /sys.
4. Unmounting is not fully supported right now (linux barrier), therefore both "unmount" and "rebuild" options require a restart to execute properly.
ArchiDroid's Pocket Debian Shell/Chroot (debian)
You can call "debian" command from your favourite terminal.
debian command is designed to allow you "jumping" into debian chroot created by adlinux. Please read how adlinux command works firstly if you haven't done that already. debian command checks if core filesystems are available (if debian is booted), and if they are then it firstly modifies required environment variables to make debian happy (such as TERM, HOME, PATH), then it changes root (chroots) into debian folder, therefore allowing you to execute everything from inside of chroot. It's very generic command, therefore standalone "debian" command won't give you a choice the way adlinux did.
Available options (parameters):
force - required for jumping into bare debian, created with "adlinux bare" command above. This skips debian checks for mounted core filesystems, normally you should avoid it at all cost, unless you know what you're doing. If core filesystems are missing then it's very likely that your debian will be disabled in more than 90%.
extsd - Use external sd card (/storage/sdcard1 /storage/extSdCard), if possible
intsd - Use internal sd card (/data/media/0)
cmd - Executes command in debian chroot
WARNING! cmd parameter will cause all further parameters to be threated as a command passed to debian, therefore you need to make sure that this is the last debian parameter which you want. For example "debian force cmd service ssh start" will skip filesystems checks and execute "service ssh start" in debian's chroot, however "debian cmd force service ssh start" will pass "force service ssh start" to debian, therefore respecting filesystems checks and passing invalid command.
This function is extremely useful for making init.d and other startup scripts. For example you can easily call "adlinux default" and then "debian cmd service ssh start" to call secure shell daemon on every boot with two easy steps.
Technical informations:
1. debian command uses chroot technology to change root of current shell to debian shell.
2. After chrooting to debian directory, /bin/bash shell is automatically called as default debian shell.
ArchiDroid's Flasher (adflash)
You can call "adflash" command from your favourite terminal.
adflash is a great small utility, which allows you to easily update your ArchiDroid to latest stable or experimental version with one easy command and delta upgrade. It utilizes ArchiDroid functions, therefore you must be running ArchiDroid to use it.
If you call standalone "adflash" command then it will print usage and then ask you what you want to do with giving proper informations about every choice. Additionally if you know what you want to do, you can also pass arguments directly to adflash command, f.e. by executing "adflash 2e git", which will execute adflash with 2.X-EXPERIMENTAL version using git mode.
Available versions:
2e - 2.X-EXPERIMENTAL
2s - 2.X-STABLE
1e - 1.X-EXPERIMENTAL
1s - 1.X-STABLE
Extra options:
git - Sets up local git repository, which gives you delta upgrades and bandwidth saving
direct - Downloads targeted branch as .zip file directly from github
clean - Cleans everything up, including local repo and tmp folder from ArchiDroid directory specified below
extsd - Use external sd card (/storage/sdcard1 /storage/extSdCard)
intsd - Use internal sd card (/data/media/0)
nozip - Shows changelog and changes only
Okay so, the most interesting option is the mode...
Direct mode is simple, fast and effective. It downloads target version (stable or experimental) from GitHub server, then it repacks downloaded zip file and makes it available for flash. You should use this mode for one-time downloads, such as once per stable version or two. The only advantage of this method is the ability to download from github (and with one command).
Git mode is complex. It uses ArchiDroid's Pocket Debian (read above) for cloning and updating local ArchiDroid repo. This gives several number of advantages, mostly for using experimental versions. Firstly, by having local ArchiDroid repo you have to download ONLY changes between your snapshot and server's snapshot, which means delta upgrades. Secondly, you have access to all commits from target branch, so you know exactly what has changed since your latest download. Again, this is extremely useful for experimental branch, as changelog may not be up-to-date. Keep in mind that git mode will require additional space on your device for keeping ArchiDroid repository, therefore you sacrifice some space for delta upgrades. This mode is extremely useful for flashing ArchiDroid often, for example daily experimental versions, because in fact you download only new commits instead of whole repo/archive.
ArchiDroid's RunOnce (Backend)
ArchiDroid's Init (Backend)
ArchiDroid's Backend Control
ArchiDroid Backend Control is a set of settings, which controls behaviour of ArchiDroid's Init. It's located in /system/archidroid/dev and contains a number of files, which are recognized by ArchiDroid's Init. You shouldn't directly touch /system/archidroid/dev, instead you can control behaviour of ArchiDroid's Backend through /system/archidroid/scripts. They can be easily executed through any script manager, f.e. Root Browser or Android Terminal Emulator. Some of the settings are also located in /system/archidroid/etc folder, mostly configurations for binaries utilized by ArchiDroid's Init.
ArchiDroid's HArdware Volatile Entropy Gathering and Expansion Daemon (Haveged)
The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers. Current development of haveged is directed towards improving overall reliablity and adaptability while minimizing the barriers to using haveged for other tasks.
The original HAVEGE research dates back to 2003 and much of the original haveged documentation is now quite dated. Recent work on haveged has included an effort to provide more recent information on the project and its applications.
The original research behind HAVEGE use was based upon studies of the behavior of processor caches from a hardware level. The 'Flutter' documents attempt to provide a modern view of HAVEGE at software level through the use of a diagnostic build of haveged that captures the non deterministic inputs to haveged for analysis by external tools.
ArchiDroid has built-in haveged entropy generator. It's controlable through ArchiDroid's Backend Control - ArchiDroid_Haveged_EnableDisable.sh. It's turned on in default configuration, through HAVEGED_ENABLED
ArchiDroid's Fast Random Number Generator (Frandom)
Frandom is a Linux kernel random number generator, which is 10-50 times faster than what you get from Linux' built-in /dev/urandom. And it uses very little (/dev/frandom) or none (/dev/erandom) of the kernel's entropy pool, so it is very useful for applications that require a handy source for lots of random data.
ArchiDroid has built-in frandom activator. It's controlable through ArchiDroid's Backend Control - ArchiDroid_Frandom_EnableDisable.sh. It's turned on in default configuration, through FRANDOM_ENABLED.
Notice: Kernel must support frandom module to actually make use of that. Init will try to search for frandom.ko module and load it, then use /dev/erandom for both /dev/random and /dev/urandom. If your kernel supports frandom, it will work. If it doesn't, obviously this will be skipped even if you have FRANDOM_ENABLED. Check ArchiDroid Init log located in /data/media/0/ArchiDroid/Init.log to check if frandom works properly for you.
ArchiDroid's Adblock (dnsmasq/dnrd, dnsproxy2, pixelserv)
dnsproxy2 is a replacement DNS proxy for Android 4.3+
This currently allows the user to manually override the DNS server IP,
and it sets the correct UID on outbound requests so they can be filtered
via iptables / AFWall+ / DroidWall / etc.
Dnsmasq is a lightweight server designed to provide DNS, DHCP and TFTP services to a small-scale network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP for network booting of diskless machines.
Dnrd, Domain Name Relay Daemon is a caching, forwarding DNS proxy server. Most useful on vpn or dialup firewalls but it is also a nice DNS cache for minor networks and workstations.
Pixelserv is a super minimal webserver, it's one and only purpose is serving a 1x1 pixel transparent gif file. Using some creative firewalling (netfilter/iptables) rules you can redirect some webrequests (for adds for example) to pixelserv.
ArchiDroid has built-in Adblock. It's controlable through ArchiDroid's Backend Control:
ArchiDroid_Adblock_DnsmasqDnrdModeSwitch.sh
ArchiDroid_Adblock_EnableDisable.sh
ArchiDroid_Adblock_EnableDisableLocalDNSes.sh
ArchiDroid_Adblock_EnableDisableLocalDNSesDaemon.sh
ArchiDroid_Adblock_LockUnlockHosts.sh
ArchiDroid_Adblock_MoabAdawayHostsSwitch.sh
ArchiDroid_Adblock_Reload.sh
It's turned on in default configuration, through:
ADBLOCK_ENABLED
ADBLOCK_LOCAL_DNSES_DAEMON_ENABLED
ADBLOCK_LOCAL_DNSES_ENABLED
ADBLOCK_USE_ADAWAY_HOSTS
ADBLOCK_USE_DNSMASQ
In short. This is a very advanced and powerful solution for blocking ads through DNS queries. First of all we're forwarding all DNS traffic to localhost (127.0.0.1). Then we're handling them through local DNS server - dnsmasq (default), or dnrd (option). Our local DNS server reads blocked hostnames through special /system/archidroid/etc/hosts file, then if no record is found, it forwards DNS query to OpenDNS/Google DNS servers, or if it's found, returns 127.0.0.1 as the address. Lastly, pixelserv is providing a 1x1 NULLGIF response on local web server, so instead of big black/white screen instead of the AD, we get 1x1 transparent pixel, which usually perfectly hides ad from the app or the website.
Extra features:
1. You can specify if you want to use dnsmasq (default), or dnrd (option) as a local dns server. Dnsmasq is more flexible, modern, faster and has less memory footprint, however I also left dnrd as an option, because it's proven to work stable.
2. You can specify hosts file, which you want to use. In default configuration we use AdAway's hosts file, with more than 30 thousand of records, which results in extra ~2.5 MB memory usage. You have also an option to use MOAB (Mother Of Ad Blocking) hosts file, with more than 330 thousand of records, which will result in about ~30 MB memory usage. Eventually you can append your own rules or use non-standard hosts file, available in /system/archidroid/etc/hosts. Pro tip: You can point AdAway to use this hosts file (/system/archidroid/etc/hosts_adaway), which will result in automatic updates. /system/archidroid/etc/hosts is a symbolic link, either to hosts_away or hosts_moab, if you want to specify your own hosts, you can delete symbolic link and write your own rules.
3. Original /system/etc/hosts file has been locked from editing. This is to ensure that AdAway or other adblockers won't use obsolete and slow method of blocking ads through hosts. The whole point of implementing Adblock in ArchiDroid is to provide you with super-fast, flexible and effective way of blocking ads, also with getting rid of black/white ad screen. In 99% situations you don't want to touch ArchiDroid's default behaviour, as it blocks ads perfectly. Eventually, if you have a very good reason, you can unlock original hosts file through ArchiDroid's Backend Control and modify them, however keep in mind that every additional rule WILL slow down your network speed.
4. In default configuration local dns server uses two OpenDNS servers at port 5353, two Google DNS servers at port 53 and up to two local DNS servers provided by your Wi-Fi/3G connection, which overall gives a sum of 6 remote dns servers. In some rare scenarios (f.e. some wi-fi hotspots) you can notice that a moron, administrator of this wi-fi, blocked all dns queries and forces you to use his DNSes. This is BAD because of freedom and so on, but it's very common practice, that's why I turned on local DNSes as well. If you want to improve your privacy at least a bit, you can disable local DNS servers and then use only OpenDNS and Google DNS.
5. Above option initialy has been written to allow you one-time access to such non-trusty wi-fi's. But if you for any reason need automatic update of your local DNSes (3G and Wi-Fi's will use different local DNSes), you can also turn on Local DNSes Daemon, which will automatically query and update local DNSes if needed. This is also turned on in addition to local dnses above, of course in default preset.
ArchiDroid's Forced Update (RunOnce)
Forced update selected during mode selection in aroma tells RunOnce to work in "INSTALL" mode even on "UPDATE" mode, apart from that it works exactly the same as update mode, only RunOnce is affected.
Credits
First of all many thanks to JustArchi, who gave me the permission to port this rom
and helped me not only one time to get all things to work :good:!!!
Many many thanks JustArchi for the help and support!
ArchiDroid Core
- AROMA Installer
- AROMA Filemanager
- Boeffla Kernel-> @Hbohd plus his team not only because he was the first who ported and provided us a kernel for JB 4.3 and is doing it till today!!!
- Angi Kernel -> @psndna88
- PhilZ Touch Recovery
- SuperSU
- Nova Launcher
- TouchPal Keyboard
- Hacker's Keyboard
- Android Terminal Emulator
- BetterBatteryStats
- Cool Tool
- Greenify
- MX Player & Custom Codec
- LMT
- Root Browser
- Titanium Backup
- CrossBreeder
- Online Nandroid
- Xposed Framework
- App Settings
- XPrivacy
- Debian
- cURL
- GitHub
ArchiDroid 2.X
- OmniROM for GT-I9300
- Linaro Toolchain
- Spirit 2
- Wanam Xposed
ArchiDroid 1.X
- SamMobile
- JustArchi's Android Kitchen & dsixda's Android Kitchen
- Boeffla Kernel
- Yank555.lu Kernel
- KitKat Revolution Theme
- Blue Theme
- All Backs Black Theme
- Wanam Xposed
Special thanks to:
- Kenshin, for graphic design and ArchiDroid Touhou bootanimation
- @mrtur, for graphic design and helpful hand during ArchiDroid experimental tests
- @malachow, for helping users across both international and polish board, sharing the spirit of ArchiDroid
- All ArchiDroid Contributors, for improving and making ArchiDroid better!
- ArchiDroid Facebook Group, for beta-testing the very first alphas of ArchiDroid 2.0.0
- ROM Cleaner, for awesome generic list of bloatware
- Android Revolution HD, for being ex-ArchiDroid 1.X base
- WanamLite, for being ex-ArchiDroid 1.X base
- Temasek's Unofficial Build, for being ex-ArchiDroid 2.X base
- crDroid, for being ex-ArchiDroid 2.X base
- You, for choosing ArchiDroid over other available ROMs
So finally finished
looks good bro, keep up the good work :good:
Thanks...yes and high five ...fortunately today is public holiday here in germany I got some time !
Awesome, I tried porting using porting guide before but unfortunately it didn't boot compiling from source is probably the way to go, I guess. Thanks very much @rodman01 and @JustArchi!
ohh typo in thread under the xda Dev
his Rom is an official kanging of i9300 <---- link has extra h in the http
chongc1996 said:
Awesome, I tried porting using porting guide before but unfortunately it didn't boot compiling from source is probably the way to go, I guess. Thanks very much @rodman01 and @JustArchi!
Click to expand...
Click to collapse
yeah tried that too, unfortunatly didnt boot. now im trying to build from source with VirtualBox Ubuntu, of course getting help from some guys like my neighbor Rodman, great guy btw! :laugh:
Nice looking ROM
I ran this ROM on my S1, nice to see it on the S3LTE now.
Thanks
For me it's better to port Archis 1.X rather than 2.X. We are still lacking of stable roms on our devices.
Waiting for boot fix since it's not booting ATM.
Wysłane z mojego GT-I9305 za pomocą Tapatalk 2
Perhaps I will do the 1.X too, because I am interested in too. But nor sure when...
painball said:
For me it's better to port Archis 1.X rather than 2.X. We are still lacking of stable roms on our devices.
Waiting for boot fix since it's not booting ATM.
Wysłane z mojego GT-I9305 za pomocą Tapatalk 2
Click to expand...
Click to collapse
Not sure if it doesn't boot, it should boot, me and maho_66 were talking about our own attempts to port this. You should give it a shot!
Sent from my GT-I9305 using XDA Free mobile app
rodman01 said:
Perhaps I will do the 1.X too, because I am interested in too. But nor sure when...
Click to expand...
Click to collapse
Get in touch with my ArchiKitchen if you wish to make 1.X release.
http://forum.xda-developers.com/showthread.php?t=2597220
Basically:
1. You download any Samsung release in .tar.md5 format for Odin.
2. You extract from this .tar.md5 system.img boot.img (cache.img modem.bin - these are optional)
3. You load it with ArchiKitchen and you make deodexing, rooting, busyboxing, zipaligning and ArchiDroid init.d.
4. Then you create a ROM from AK and the effect should be similar to my base release: http://forum.xda-developers.com/galaxy-s3/general/rom-sammys-stock-deodexed-rooted-t2682453
5. You put in in the ADROOT and you run known magic build.sh script with "sammy" parameter - "bash build.sh sammy"
6. It should start extracting and replacing everything, as you know .
What is a difference with sammy and no sammy parameter?
- When building in sammy mode, build.sh doesn't compile anything and jumps straight to extracting .zip
- It also applies some sammy-related misc tweaks like ArchiDroid wallpaper, because this requires putting image in .png format in framework-res.apk
The fact that its not booting has i.m.h.o something to do with the correct/missing libs and or wrong permissions, for someone who is new to all of this its very frusturating i know, but you could give it a try whe sure need more stable roms i agree
Sent from my GT-I9305 using XDA Premium 4 mobile app
@rodman01
https://github.com/JustArchi/ArchiDroid/commit/14739db139ca50eedbfef5b26ac2933a24c70cf5
This should make you happier .
Make sure to check RunOnce Init and Cron logs after you merge upstream.
2.X works a great here.. Many customizations very smooth battery friendly.. Illl be sticking with this for the time being for sure.. Great work mate!
Sent from my GT-I9305 using XDA Premium 4 mobile app
The lockscreen notifications commit to omni hasn't been merged as of yet, I'll be watching until it gets merged
Sent from my GT-I9305
Performance wise this is definitely the best ROM out for the 9305 and I've tries them all.... Highly recommended !!
Sent from my GT-I9305 using XDA Premium 4 mobile app
Has anyone worked out a way to add different quick tiles?
Sent from my GT-I9305 using XDA Premium HD app
This is the fully stock and unchanged Code Aurora Snapdragon Optimized Browser version m60. Everything is open source and I will also answer any questions how I built this APK. I am just a lone wolf with a Ubuntu 14.04 machine and Linux has been my hobby. I am NOT a full fledged developer but I know enough to build source and I am happy to share this here at XDA and help out.
I will gladly have this thread locked if anyone can point me to a vanilla and unchanged CAF Snapdragon Optimized Browser. Why Code Aurora does not build and make available this awesome browser is beyond me. I searched https://codeaurora.org and they do not offer their SWE Browser APK! I've searched here at XDA and elsewhere and most of those offering CAF browsers are not sharing their source code and/or are making changes or adding patches to the original source.
Before I begin, I'd first like to thank Code Aurora for their source code and this guide by ZeroX7C and gwinlord for his guide. I did NONE of the hard work at all. Those who I cited deserve all the thanks for their work. All I did was piece it together, strip out any changes that are non-CAF, build it, and offer it here. You may not donate any money to me as I feel I have done nothing to deserve it.
Just as ZeroX7C says, the documentation on how to build this browser is incomplete. It took me several hours and many curse words to finally get this browser to build. ZeroX7C's guide is also incomplete and gwinlords guide makes changes and adds patches to the original source so here I will help to complete the guide for an original unmodified CAF browser that ZeroX7C started.
Below is a guide to build your own Code Aurora Snapdragon Optimized Browser version m60:
Requirements:
Ubuntu 64 bit, preferabely 12.04 or 14.04
8GB RAM, 8GB Swap, 100GB Free Space
1) First, run
Code:
sudo apt-get update
2) Set up your build machine by following the Code Aurora Build Machine Requirements Guide. There will be an error about depot_tools using a deprecated URL. Allow the setup to install newer versions of depot_tools from Google. Do not install the Oracle JDK. Code Aurora uses OpenJDK 8 in build m60 and not Oracles JDK. Run the following code if your machine does not have OpenJDK 8 installed.
Code:
sudo apt-get -y install openjdk-8-jre openjdk-8-jdk
3) Create the .gclient file in the same directory where you git cloned depot_tools and build dependencies. Add the following code to .gclient
Code:
solutions = [
{ "name" : "src",
"url" : "git://codeaurora.org/quic/chrome4sdp/chromium/[email protected]/remotes/origin/m60",
"deps_file" : "DEPS",
"managed" : False,
"safesync_url": "",
},
]
target_os = ["android"]
4) Change directory to src, run
Code:
cd src
git clean -f -d
git reset --hard HEAD
GYP_CHROMIUM_NO_ACTION=1 gclient sync -v -r refs/remotes/origin/m58
./build/install-build-deps-android.sh
. build/android/envsetup.sh
GYP_CHROMIUM_NO_ACTION=1 gclient runhooks -v
GYP_CHROMIUM_NO_ACTION=1 gn gen out/Default --args='target_os="android" symbol_level=0 is_debug=false optimize_for_size=false remove_webcore_debug_symbols=true proprietary_codecs=true'
5) Add adblocking. Credit goes to AdAway, Adblockplus, ublock origin, and adguard for their recommended adblocking host files and @ArslanTheGreat for all the help.
Code:
nano chrome/java/res/raw/web_refiner_conf
Modify the code in web_refiner_conf to,
Code:
{
"version": "1.0",
"update": {},
"subscriptions": [
{
"name" : "Adaway",
"category" : "Hosts",
"format" : "WebRefiner 1.0",
"url" : "https://adaway.org/hosts.txt",
"expiration" : "5 days"
},
{
"name" : "hpHosts’ Ad and tracking servers",
"category" : "Hosts",
"format" : "WebRefiner 1.0",
"url" : "https://hosts-file.net/ad_servers.txt",
"expiration" : "5 days"
},
{
"name" : "Peter Lowe’s hosts file",
"category" : "Hosts",
"format" : "WebRefiner 1.0",
"url" : "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext",
"expiration" : "5 days"
}
]
}
6) To apply all the modifications all at once, download the attached patch and apply using
Code:
git apply swebld58ver0004.patch
7) (a.) Optional: If you want to create logs of the build for error checking, then
Code:
mkdir logs
nano build/makeswebrowser.sh
and add the following code
Code:
#1/bin/bash
set -e
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>logs/swebuild.log 2>&1
time ninja -C out/Default swe_browser_apk
then run,
Code:
chmod +x build/makeswebrowser.sh
build/makeswebrowser.sh
Logs will be in src/logs/swebuild.log
(b.) OR, if you just want to skip making logs, simply run
Code:
ninja -C out/Default swe_browser_apk
*Changelog*
Why build another CAF browser?
I am building this because I wanted a nicely developed and secure open source browser for my own personal use and for my family. I appreciate the offerings on f-droid and the open source chromium build, but I wanted the snapdragon optimized version and there is none to be found that are entirely open source and not making changes to the original Code Aurora source code! I am also somewhat concerned that some of the browsers on F-Droid may possibly have security vulnerabilities despite their respective developers best intentions.
Is this browser fast?
Yes! After optimizations posted in the build guide, the SWE Browser is faster than Chrome in every which way.
Will you be keeping this browser up to date?
Well, I do plan on keeping this up to date as long as there is no official Code Aurora browser being published. Would someone please complain to Code Aurora and ask why they are not building it and publishing it? My Ubuntu 14.04 machine runs all day and while I'm gone at work, why not have it build this browser and other things I'd like to have?
Will you add new features to this browser?
No, I will not. I plan on keeping these builds completely stock as it would come from Code Aurora themselves. There are however hidden features that may be enabled. I am looking into it.
I have a bug, can you fix it?
No I will not fix it. This is a beta build, m55. It probably does have some bugs! If there is a problem with the build, it's up to Code Aurora to fix and not me.
Hey, want to try a new compiler to optimize this build?
Sure! Or if you happen to know of other ways we can compile SWE_Browser and have suggestions for other compilers or libraries we can use to tune this build, please post them here! Let's gather a master list of ways we can all compile this APK ourselves!
*edit 12/23/2016*
After careful consideration, I decided not to try new compilers. I decided I am going to follow Code Aurora's build environment exactly as recommended on their own website. After all, I think they probably know what's best for their own software they created.
Can I post benchmarks in this thread?
Sure, please do! I ran several benchmarks and they are all over the place. The SWE Browser is faster than Chrome but runs about the same speed as other CAF based browsers.
If you have any suggestions at all about the browser or the build environment, please post!
--Helpful References--
https://github.com/scweeny/CAF/
https://forum.xda-developers.com/general/general/guide-building-chromium-snapdragon-t3255475
https://github.com/gwindlord/caf_chromium_build
https://source.codeaurora.org/quic/chrome4sdp/
Import Bookmarks from Chrome
Fix AMP pages
Thank you for the guide and i'm looking forward to the complete version, i been missing with this for pass few day and i still cant figure it out, also could you include how to customize it to add google sync and patches and stuff.
hello,
does it support cm 11?
TheUser123 said:
Thank you for the guide and i'm looking forward to the complete version, i been missing with this for pass few day and i still cant figure it out, also could you include how to customize it to add google sync and patches and stuff.
Click to expand...
Click to collapse
I just now updated the guide, see above. I am sorry, I don't plan on adding any patches at the moment. You can check gwinlords guide linked above. In it, there are several patches that can be added.
arjuntsgowda said:
hello,
does it support cm 11?
Click to expand...
Click to collapse
I'm sorry, it does not. The browser will only run on LP or MM based OS's at this time. I updated the title of this thread to reflect that.
Everyone who uses SWE Browser should always get the latest version. I notice people are still downloading the first build but I encountered several errors during that build. I've gotten much better at setting up the environment since then. I've noticed benchmark improvement on the latest build too, just sayin!
Why is Web Refiner not part of this build? Otherwise the browser is running fine and is pretty fast even compared to other CAF browsers, good job OP.
10goto10 said:
Why is Web Refiner not part of this build? Otherwise the browser is running fine and is pretty fast even compared to other CAF browsers, good job OP.
Click to expand...
Click to collapse
Web refiner must not be part of Code Aurora's m55 build. Is it part of other Code Aurora's builds? The SWE Browser is built exactly as recommended per their own sync and build instructions. I can't even use the Qualcomm LLVM even if I wanted to because m55 uses a newer toolchain.
I agree, the browser is pretty fast especially the last build. This is the only browser I use now. I compiled SWE browser last Saturday and the version number did not increment so I did not upload it in case anyone was wondering.
mattnin said:
Web refiner must not be part of Code Aurora's m55 build. Is it part of other Code Aurora's builds? The SWE Browser is built exactly as recommended per their own sync and build instructions. I can't even use the Qualcomm LLVM even if I wanted to because m55 uses a newer toolchain.
I agree, the browser is pretty fast especially the last build. This is the only browser I use now. I compiled SWE browser last Saturday and the version number did not increment so I did not upload it in case anyone was wondering.
Click to expand...
Click to collapse
Yes, I think. It's included in some custom builds: YuBrowser (m54, customized by the Mokee team) and TugaPower Browser (m54, m55, and m56). I like to browse the web without ads
I'm not a dev myself, but maybe these links can help you:
https://wiki.codeaurora.org/xwiki/bin/Chromium+for+Snapdragon/Customization+for+M42
https://source.codeaurora.org/quic/...5&id=950ba75f9296bfe4318ac39ff966cc2e48512ff5
10goto10 said:
Yes, I think. It's included in some custom builds: YuBrowser (m54, customized by the Mokee team) and TugaPower Browser (m54, m55, and m56). I like to browse the web without ads
I'm not a dev myself, but maybe these links can help you:
https://wiki.codeaurora.org/xwiki/bin/Chromium+for+Snapdragon/Customization+for+M42
https://source.codeaurora.org/quic/...5&id=950ba75f9296bfe4318ac39ff966cc2e48512ff5
Click to expand...
Click to collapse
Interesting. Looks like I should be able to enable this feature by including a proper configuration. Thanks for heads up! Once I have that completed, I'll update the download and the guide. :good:
Thanks again @10goto10 for the heads up on web refiner. It's working perfectly with the default host files recommended by AdAway.
The browser version number is the same as the previous build but I did sync the repository as of 07 Jan. Updated the guide with new build instructions and androidfilehost with the latest build.
*edit*
Dammit, I had a copy paste error in the adblocking conf file. I didn't have a lot of time tonight to work on the SWE Browser and I must have rushed a bit and didn't notice I used the same URL twice. So the last build's web refiner is only using two host files. Even though it is only using two files and not three, it's still doing a good job according to my tests.
Also, in case anyone is wondering, bookmarks are saved after updating manually.
*edit again*
Ok, fixed the guide and updated the pgl.yoyo.org url. Synced the local repo, didn't see any new changes from Code Aurora. Set it to build. I'll update androidfilehost with the build as soon as it's done!
The new build is up, and version number incremented to 55.0.2883.2641472, so get the newest version with web refiner in the top post.
mattnin said:
The new build is up, and version number incremented to 55.0.2883.2641472, so get the newest version with web refiner in the top post.
Click to expand...
Click to collapse
Just wanted to say thanks for doing this. I've had the same thoughts as you for a while now... wondering why CAF doesn't put out an official apk, and wanting to figure out how to build it for myself as well. Looks like you beat me to it haha.
The guide is awesome too. :good:
Can confirm now webrefiner is working as intended! @mattnin you rock!
FanDroid09 said:
Just wanted to say thanks for doing this. I've had the same thoughts as you for a while now... wondering why CAF doesn't put out an official apk, and wanting to figure out how to build it for myself as well. Looks like you beat me to it haha.
The guide is awesome too. :good:
Click to expand...
Click to collapse
You're welcome. Glad I could give back to this great community! I'm still working on the guide, it's not finished! I'll make it easier to follow and understand.
10goto10 said:
Can confirm now webrefiner is working as intended! @mattnin you rock!
Click to expand...
Click to collapse
Holy cow, it blocked 23 advertisements! That's gotta be a record!
Good news everyone. I know why the other CAF builds are larger than mine, and I also know why they are just a little faster than mine. Not anymore...
After taking the tip by @10goto10 and looking into webrefiner, I began to dig into the source code and look into other 'hidden' features of Code Aurora's SWE Browser. I came across the same optimizations that the other CAF browsers are running. I found that the optimizations sacrifice build size for speed. See the code below.
Code:
GYP_CHROMIUM_NO_ACTION=1 gn gen out/Default --args='target_os="android" symbol_level=0 is_debug=false optimize_for_size=false remove_webcore_debug_symbols=true'
Not only that, but there may be some other code aurora features I can enable. I will keep plugging away and see what I can accomplish, but here we are again with a new build. It's the same version as the last but optimized for SPEED! :laugh: run some benchmarks and see for yourself.
Here are benchmark scores using Octane,
Chrome 4792
SWE Browser 5443
SWE Browser smokes Chrome! :good:
Done some JS & DOM benchmarks myself against the latest Samsung Browser and the previous version of this browser.
~14% speed improvement compared to the previous version, awesome! :good:
...and it's even ~5% faster than TugaBrowser M55. YuBrowser M54 is ~8% faster though, but it eats RAM like nobody's business
10goto10 said:
Done some JS & DOM benchmarks myself against the latest Samsung Browser and the previous version of this browser.
~14% speed improvement compared to the previous version, awesome! :good:
...and it's even ~5% faster than TugaBrowser M55. YuBrowser M54 is ~8% faster though, but it eats RAM like nobody's business
Click to expand...
Click to collapse
I'm working on the YuBrowser speed advantage... It could be because YuBrowser is based on stable CAF, not sure at this point but I will get to the bottom of it.
10goto10 said:
Done some JS & DOM benchmarks myself against the latest Samsung Browser and the previous version of this browser.
~14% speed improvement compared to the previous version, awesome! :good:
...and it's even ~5% faster than TugaBrowser M55. YuBrowser M54 is ~8% faster though, but it eats RAM like nobody's business
Click to expand...
Click to collapse
Try the yubrowser comparison now. Maybe try clearing app cache after new install. Now getting 5759 on Octane. New build up, version incremented.
mattnin said:
Try the yubrowser comparison now. Maybe try clearing app cache after new install. Now getting 5759 on Octane. New build up, version incremented.
Click to expand...
Click to collapse
Man, you're a frikkin machine, cranking out these builds like it's nothing
On the left is your latest build, and on the right is the latest version of YuBrowser. (I cleared data and cache, etc.)
Still no luck on the JS performance forefront; YuBrowser M54 is still ~8% faster.
But DOM / Page load+manipulation is faster by ~6% on your (latest) build, and that's the reason why I prefer your browser over YuBrowser. :good:
Also, I can't confirm this right now since I'm on TouchWiz, but on CM13 peak memory usage under the same workload is higher on YuBrowser than.... any other browser I could think of, really. That sucks because other background apps get closed when I do some intensive browsing with it..
Your hypothesis might be correct: JS on M54 is probably more optimized because it's CAF's stable release, and there's probably something about M55 using a newer toolchain.
p.s: I attached a BT keyboard now while running the Speedometer benchmarks, because it likes to open the virtual keyboard from time to time, and that might affect the results. So that's why the benchmark score for that is higher than my previous runs.
Utility for background calibration, curation and tuning of the device towards an intuitive interface.
Subsystems being battery, entropy, encryption, disk, cpu, memory, filesystem, ui, scheduler, and network, all safe and open source technology.
Presented in this educational gaming metric format with infinite feedback and an interestingly assymetric chance. scribble anywhere, check in some stress, or find the 8!
waut.ch! does one hope to receive from this?
Well, increasing degrees and amounts of a certain "Je ne sais quoi" or responsiveness from the user interface for a start. Better battery life perhaps. Better quality of life, maybe.
And waut.ch! can only perhaps be described as "A qualified quantification of the placebo effect"
waut.ch! might benefit from this?
In the Android device space:
Designers
Users
Manufacturers
Recyclers
Developers
Compilers
Support personnel
OEMs
The Friendly Neighborhood Nerd/Technician.
“Make the most of yourself....for waut.ch! is all there is of you.” - Ralph Waldo Emerson ( paraphrase )
All along the waut.ch! tower - Bob Dylan
waut.ch! - Sometimes used in some colloquium as "watch!", keen upon reducing the TDP of mobile devices to 1.0 watt!
ARM variants of Android only Donut 1.6+
Please uninstall either Seeder or CrossBreeder prior to using this.
Root recommended, else reactivity metric is interesting and introduces uniqueness into the entropy pool anyway. Metric may demonstrate a certain asymmetry that is expected from predictable human actions. Efforts have been made to remove time seed logic from haveged in order to improve upon encryption and system-wide performance and security.
Also numerous other subsystems require careful calibration to facilitate this process.
Rewritten code, subset of functionality for upstream project - CrossBreeder ( https://forum.xda-developers.com/showthread.php?t=2113150 )
Please feel free to view and analyze source and functionality and report bugs and discuss etc on the XDA forum:
( https://forum.xda-developers.com/android/apps-games/app-waut-ch-calibration-android-t3549967 )
Google Play store:
( https://play.google.com/store/apps/details?id=ch.waut )
Please visit: /data/data/ch.waut/files/bin on the device itself for partial shell source code and XDA Downloads section and Github for full source code.
Reboot at convenience liberally or sparingly to reseed the entropy pool or as is known in common parlance, for good luck!
Thanks.
Havged source code:
https://github.com/Openand-I/haveged
Adhoc Payment URL to support development efforts : https://paypal.me/openand/10
Frappe ( "free-paid" ) same-version to support development efforts : http://waut.ch
Custom haveged source code as used in this piece of software: https://github.com/Openand-I/haveged
=====
Version Name: 59a6333e-9ed9-43f8-8dad-51ed46c17e28
cb.sh: cache pressure - 500
cb_io.sh: read_ahead - 0
cb_io.sh: nr_requests - 0
$ md5sum *.apk
661c30b02b2321300624af98feaa5bad *145-waut.ch.apk
661c30b02b2321300624af98feaa5bad *oi.apk
$ sha256sum *.apk
6d23b8da87dc5516583a55a3203c9f5068ea8fe8765ece489080ef663c8aee15 *145-waut.ch.apk
6d23b8da87dc5516583a55a3203c9f5068ea8fe8765ece489080ef663c8aee15 *oi.apk
https://github.com/Openand-I/haveged
https://github.com/openand-inc/waut.ch
https://forum.xda-developers.com/devdb/project/?id=19218#downloads
https://forum.xda-developers.com/android/general/app-waut-ch-calibration-android-version-t3858365
https://github.com/openand-inc/waut.ch/raw/cb0c60025f86a4fdc4778506e97ee80eb1c00b45/oi.apk
https://github.com/openand-inc/waut.ch/raw/master/145-waut.ch.apk
-------------------------
Recommended:
- ntp: automatic system time update from internet is enabled.
please check the clock and fiddle around with the timezone settings in case of any issues. one may need to set the timezone manually.
then simply run the app to initiate a time sync
the network time sync happens at around 3am. so the time to check is in the morning.
- Please disable mount namespace separation in the superuser app to take advantage of the mount optimisations.
- Reboot once and occasionally to reseed the entropy pool. It's good luck!
- Do ensure that the waut.ch service has started upon reboot. Just run if it doesn't start it automatically!
Note: Please note that the haveged binary in the APK is a static binary and works on both PIE and non-PIE environments. It is also UPX compressed. UPX for Android didn't compile. So UPX for linux was used to compress the executable file. It is an elegant solution as both on disk and in memory space(?) is reduced by 70% per executable. One is welcome to decompress the file using 'upx -d'.
Full source code is provided on Github and build scripts are attached here and on Github.
There is no license required to both install the app or distribute it, both within the developer ROM community or in commercial form. Adhoc payment URL to support development - https://www.paypal.me/openand/10
Again do note that the license to use the APP and source code is free worldwide and irrevocable in full or partial form. All other open source components simply inherit their license. But under no circumstances is any use thereof legally binding or relevant.
--------
Utility for background calibration, curation and tuning of the device towards an intuitive interface.
Subsystems being battery, entropy, encryption, disk, cpu, memory, filesystem, ui, scheduler, and network, all safe and open source technology.
Presented in this metric format with infinite feedback and an interestingly assymetric chance. scribble anywhere, check in some stress, or get lucky for that matter!
-----
ARM variants of Android only Donut 1.6+ ( should even be compatible with the latest ARM Android 9+ )
Please uninstall either Seeder or CrossBreeder prior to using this. And other "mods" or "tweaks".
Root recommended, else reactivity metric is interesting and introduces uniqueness into the entropy pool anyway. Metric may demonstrate a certain asymmetry that is expected from predictable human actions. Efforts have been made to remove time seed logic from haveged in order to improve upon encryption and system-wide performance and security.
Also numerous other subsystems require careful calibration to facilitate this process.
Rewritten code, subset of functionality for upstream project - CrossBreeder ( https://forum.xda-developers.com/showthread.php?t=2113150 )
Please feel free to view and analyze source and functionality and report bugs and discuss etc on the XDA forum:
( https://forum.xda-developers.com/android/apps-games/app-waut-ch-calibration-android-version-t3858365 )
Google Play store:
( https://play.google.com/store/apps/details?id=ch.waut )
Please visit: /data/data/ch.waut/files/bin on the device itself for partial shell source code and XDA Downloads section and Github for full source code.
The app will amongst other maintenance tasks tune sqlite databases regularly and reseed the entropy pool or as is known in common parlance, for good luck!
Thanks.
Payment URL: https://paypal.me/openand/10
XDAevDB Information
waut.ch!, App for all devices (see above for details)
Contributors
idcrisis
Source Code:
[url]https://github.com/Openand-I/haveged[/URL]
[url]https://github.com/openand-inc/waut.ch[/URL]
[url]https://forum.xda-developers.com/devdb/project/?id=19218#downloads[/URL]
Previous Version Information - 144
305bd30f-0c8a-40d8-baf5-330c68f62d51
Status: Stable
Created 2017-01-01
Last Updated 2020-08-18
$ md5sum *.apk
8ea8e8c132a584767a12e394f7975654 *144-waut.ch.apk
8ea8e8c132a584767a12e394f7975654 *oi.apk
$ sha256sum *.apk
4925066a106c83b18ac6e563f03331c56b72777e66973db591c9776d706595e3 *144-waut.ch.apk
4925066a106c83b18ac6e563f03331c56b72777e66973db591c9776d706595e3 *oi.apk
https://github.com/Openand-I/haveged
https://github.com/openand-inc/waut.ch
https://github.com/openand-inc/waut.ch/raw/master/144-waut.ch.apk
https://github.com/openand-inc/waut.ch/raw/f699d3763507ec1f91d82b9ce25c53036b460a9e/oi.apk
-----
Version notes:
haveged: static non upx binary used
cb.sh: lock fixes
Recommended:
- ntp: automatic system time update from internet is enabled.
please check the clock and fiddle around with the timezone settings in case of any issues. one may need to set the timezone manually.
then simply run the app to initiate a time sync
the network time sync happens at around 3am. so the time to check is in the morning.
- Please disable mount namespace separation in the superuser app to take advantage of the mount optimisations.
- Reboot once and occasionally to reseed the entropy pool. It's good luck!
- Do ensure that the waut.ch service has started upon reboot. Just run if it doesn't start it automatically!
Please support development, simply use https://paypal.me/openand/10 or the payment URL.
Or you can simply buy the "frappe" ( free-paid ) version of the app: http://waut.ch
Recommended:
- ntp: automatic system time update from internet is enabled.
please check the clock and fiddle around with the timezone settings in case of any issues. one may need to set the timezone manually.
the network time sync happens at around 3am. so the time to check is in the morning.
- Please disable mount namespace separation in the superuser app to take advantage of the mount optimisations.
- Reboot once and occasionally to reseed the entropy pool. It's good luck!
- Do ensure that the waut.ch service has started upon reboot. Just run if it doesn't start it automatically!
Issues:
- superuser - Please disable mount namespace separation in the superuser app ( for optional but recommended mount options ). Also please revisit the app entry inside the superuser app to ensure the waut.ch service can run on boot unattended. One can see the logs on another day to ensure that the scheduler ran correctly in the night.
- Non root users - User Interface can help in clearing the random device. Please try and obtain root to avail of most features
- Some Samsung users - One is also requested to raise a ticket with Samsung who may be running old PE detection rules that flag any compressed EXE.
- x64 users - Reports are that the binaries run on 64 bit as they are static! Please compile one's variant of the binary if required. Entropy generations removes CPU jitter and hence runs cooler and more secure.
- Intel users - User Interface can help in clearing the random device. Please compile one's variant of the binary if required. Entropy generations removes CPU jitter and hence runs cooler and more secure.
- Maintenance scheduler VACCUUMS and INDEXES "ALL" SQLITE databases. Some folks may not like that. But given that they're no WAL mode anyway, it's a bottleneck worth removing safely.
- There is a concerned effort to state that 32-bit ARM Android Go/One < 1 GB RAM devices are all that's required for long term functioning. Higher no issues.
- Please try and use a heap size of 96MB. Attempts have been made to set heap size dynamic but ideally this should be done in the build.
- Please clear cache or factory reset upon issues to gain at least another year of MTTR ( Mean Time To Recovery ) for each device.
Thank you!
License
License concerns:
haveged - inherited - https://github.com/Openand-I/haveged
busybox - inherited - https://github.com/openand-inc/busybox
- Busybox simple extract, possibly edit the .config file in 'vi' and type 'make'
The requisite tools are installed using:
apt-get install gcc-arm-linux-gnueabi
apt-get install libncurses5-dev
apt-get install gawk
The following is a step in another direction as the 'make' command works perfectly after extraction, but this is provided for posterity:
wget http://busybox.net/downloads/busybox-1.24.1.tar.bz2
tar -xjf busybox-1.24.1.tar.bz2
cd busybox-1.24.1/
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- defconfig
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi- menuconfig
At the menu, you can configure BusyBox options. Once configured, you can build BusyBox:
make ARCH=arm CROSS_COMPILE=arm-linux-gnueabi-
sqlite3 - inherited - https://github.com/openand-inc/sqlite
waut.ch - 'none', non legally binding, and non legally relevant on a worldwide scale and irrevocable ( derived works are allowed to add their own licenses as long as the import ( meaning ) of the phrase "non legally binding and non legally relevant" is implied throughout ( not required to include text at all )) and does not reflect upon future updates of this software in any manner adversely.
He is back! Welcome back! Looking forward to this great new project! The only thing I might be missing is the dnsmasq filtering, which in my opinion if by far better solution than any kid of firewall/blocker
Sent from my Galaxy Tab 2 3G using Tapatalk
qWantUS said:
He is back! Welcome back! Looking forward to this great new project! The only thing I might be missing is the dnsmasq filtering, which in my opinion if by far better solution than any kid of firewall/blocker
Sent from my Galaxy Tab 2 3G using Tapatalk
Click to expand...
Click to collapse
Mate!
There are some serious issues with DNSMASQ.
- It crashes on wrong syntax of any option. Cannot do for a server.
- Command line syntax changes between original branch, Android and Cyanogen MOD. Not merged.
- Android fork far behind main branch
- Consumes port 53 on server run without sharing interfaces. This is on the Android branch. Main branch has this resolved.
- CPU loop for most Android DNS versions that show up only upon server run, rather than the tethering run. Possibly hijacked open source branch.
- Tethering modifications to Android branch ( command line addons ) not required any more as the main branch has incorporated methods to dynamically change IP addresses on the fly.
- It is probably encumbered by coding standards and export issues with only one developer. It is emblematic of most such over-reused projects.
- Hash table in memory, therefore future block list will use up RAM. Some others have disk based caching.
- Static blocklists are fairly not scalable for 10 years hence. Needs wildcard blocklists.
- DNS cache poisoning/overloading ( leading to denial of service) possible by any process/app.
It is therefore recommended to use either of:
pdnsd
unbound
djbdns
and standalone dhcp clients and servers from the Entware repository. And also these are interesting:
DANE
DNSSEC over TLS
BTW, all Android is encumbered by simple denial of service attack simply by reading from /dev/random by any app.
In order to try and package this into a simplish product, deleting /dev/random was not implemented.
idcrisis said:
Mate!
There are some serious issues with DNSMASQ.
- It crashes on wrong syntax of any option. Cannot do for a server.
- Command line syntax changes between original branch, Android and Cyanogen MOD. Not merged.
- Android fork far behind main branch
- Consumes port 53 on server run without sharing interfaces. This is on the Android branch. Main branch has this resolved.
- CPU loop for most Android DNS versions that show up only upon server run, rather than the tethering run. Possibly hijacked open source branch.
- Tethering modifications to Android branch ( command line addons ) not required any more as the main branch has incorporated methods to dynamically change IP addresses on the fly.
- It is probably encumbered by coding standards and export issues with only one developer. It is emblematic of most such over-reused projects.
- Hash table in memory, therefore future block list will use up RAM. Some others have disk based caching.
- Static blocklists are fairly not scalable for 10 years hence. Needs wildcard blocklists.
- DNS cache poisoning/overloading ( leading to denial of service) possible by any process/app.
It is therefore recommended to use either of:
pdnsd
unbound
djbdns
and standalone dhcp clients and servers from the Entware repository. And also these are interesting:
DANE
DNSSEC over TLS
BTW, all Android is encumbered by simple denial of service attack simply by reading from /dev/random by any app.
In order to try and package this into a simplish product, deleting /dev/random was not implemented.
Click to expand...
Click to collapse
Very comprehensive explanation indeed! I am no expert in Linux, only an average user [emoji6]
I was not aware of so many obstacles using dnasmasq, but aware of it's unreliability while using it for blocking stuff in pfsense. But I must say, I had similar experience with unbound, however, probably due to the lack of linux knowledge.
The way I understand is that host blocking is no longer viable due to scales of blocking required today. But sadly there is no alternative for that on android. I have been trying another tool, called sharkmasq but developer sadly abandoned it, while it seems very unfinished and unreliable. I also understand the reasons behind leaving netfiltering out of your development, just, in desperation, I search for the hope [emoji3]
P. S.
Thank you very much for your reply and for your time putting it together. Nevertheless I will look forward to further developments of this new exciting project!
Sent from my LG-D855 using Tapatalk
Uhm, my device seems more responsive even when I use a very low CPU frequency, but is it normal that the app doesn't ask for root permission even if I'm fully rooted? I'm using a Nexus 5 running Nougat. Thank you
Inviato dal mio Nexus 5 con Tapatalk 2
Hi, yes, part of the design criteria. Without root, the metric is interesting. With root, it will automatically start the background processes including the daily cleanups.
Best way to know that the background processes are running is to install Seeder ( but whatever you do don't start it! . Entropy should show around 4096.
Still in the testing phase, does it worth excluding the app from "android optimisation list"? I also use "power nap", not sure will that cause any side effects...
Sent from my LG-D855 using Tapatalk
Let us know If Seeder has RNGD off and still reports ~ 4096 entropy then all is hunky dory.
The new update asked me for root permission, all right here now
Have been busy lately with life, but had occasionally played with phone. So my findings so far: I use this app on my old galaxy tab 2 3g on slim6. Seeder shows entropy being filled in no time at all. Can't really say much about performance, but it seems that it behaves a little smoother. I also use it on my daily LG G3 on stock MM rom with custom kernel, but seeder is reporting very low entropy, if seeded is left on for 1 minute, I can see that entropy never goes above 900? Goes up slowly but then gets used, and then very slowly goes up again and gets used.
Sent from my LG-D855 using Tapatalk
Reboot once after first install kicks in the animation changes. And good luck
New version uploaded with haveged updates. Build scripts also added.
Feedback solicited about the compiler flags etc. Basically the idea is that the ARM v5 binaries should work for all past and future versions of 32-bit Android without modification.
UPX binary could only be compiled for x86 linux.
To answer question, second device, not running, may need to check su logs
Also backend binaries are 32 bit, may not work on 64 bit. GUI's ok.
I am very confused about the frontend of this app that looks like some number game that I really don't understand . Also, I don't understand the description very well. Finding the 8??? Reboot when animation kicks in? What animation?? Nothing seems to happen. I just see a still of a beach with a red number
But something DID happen though, so I am in business. I will keep you curious for a moment, while firstly giving you a good reason for a hard laugh:
I am trying to revive an LG L3 E400! Yep, that's right . Just for fun and educion. In fact I already succeeded quite a bit. I flashed JellyCast V7rev1, used some stuff from V6 SuperCharger (not entropy thingie coz I already intended to use CrossBreeder for that) and 3 scripts from Fly-On Mod. I came here via the CrossBreeder thread (of course). I have already tried CrossBreeder 7.2.13 (I followed advise from @f3tus here, he advised to use that older version). Entropy went up (so it worked) but I did not experience much performance improvement. I did experience more "not responding" issues though. So I reverted to the pre-CrossBreeder backup. And then came your app.....
So that's a very short summary of the many, many, many hours I spent last 2 weeks on this ancient minimalistic but very adorable phone. Now... back to this Waut.ch! app. Presuming that it had done something, I checked the entropy level after first reboot: still a jumpy number between 150 and 200 or so. Despite the fact that the service shows up as running. Then, a lot more playing with the "game" without understanding what I was doing. Just hoping for some wonder. Some message.... just...... something! But nothing. Just a beach with a red number. And a clock. And a questionmark. Or exclamation mark. Pffffff.. So.... let's reboot again. Then eat a sandwich and drink (more) coffee. Then check entropy again. And there it is! Steady at 4089! At first I thought his app was failing because the number didn't change anymore. Just steady. With the old CrossBreeder 7.2.13 I got 4096 a lot but it was a very jumpy number, going even below 1000 a lot. Well, some time passed while writing this post so let's check again: Wow, right now it says 4091 (99%)! One hour later: 4092! (It had spontaneous reboots inbetween).
I am testing it now for a few hours and have these problems:
"Not responding" issues (same as old CrossBreeder).
Spontaneous reboots (3 already). One of them failing to boot at all (stuck at JellyCast logo).
Two times, after a reboot, GPS was disabled. Not consistently though.
No noticable performance gain.
By the way, I am testing like real world usage. Just opening, using and closing apps. I use the same apps all the time so that gives a very good feeling about performance. More meaningful than benchmarks to me. My goal is to make this phone suitable for normal daily usage.
Your app is using a combination of serveral mods, right? I would like to be able to enable / disable each one separately. How can I do that? For example, I have a gut feeling that my "not responding" issues (and reboots?) do not come from the entropy mod but perhaps from governor tweaks or something else. Any chance that you will add enable buttons in the app? Or supply seperate scripts?
Update: I DO have performance gain! Not consitently though. Apps sometimes starting faster than ever. Also still the aforementioned quirks. Last hours no more auto-reboots. Entropy reaching 4096 now, just a little bit wobbly. There seems to be a lot of potential.
The stutter was an issue with the last version.
Do try the latest one and let us know.
Also better if you install the Play store also so the updates are automatic.
Version name is changed GUID if comparing. Better than comparing version numbers.
GUI is non functional, just a visual representation of haptic feedback and actual randomness spread.
It's like drawing points in the whites of a poached egg. If you can see a pattern, you'll be rich in the stock market
Today I removed the app. The biggest problem is random reboots for me. As said, it has potential because sometimes apps started faster than ever on my ancient LG L3. But not consistently. So maybe I 'll try again later.
Sorry for my first post, probably tl;dr. I will repeat my most important question: can you provide us with separate scripts? I mean: I would like to test the entropy thing without the other tweaks as you described in the OP.
Dude!
You're probably using an old version. We'll never know. Will we? Will we now?
There's a small trick that borders on superstition. The famous random device block gremlin tends to disappear if you run the GUI in scribble mode. Basically what may be happening is the block is hit and then the stupid kernel makes whatever decision it makes. Usually at the cost of usability in favour of some stupid religious Linux fervour. Someone should report that to LINUX.
Or another entropy generator, haveged or RNGD or Seeder may be running. Which is a big no! Best to run it on stock ROMS or full custom ROMs ( please ask the developer if they're running any variant of above and to recommend coexistence or better variant of any subcomponents or piece of code. ). In other words, open source!
Also, the separate scripts are in the /bin directory on the phone itself. May require bash and ADB skills.
And full source on XDA and GitHub.
I'll construe this as a possible request to also post the shell scripts from GitHub into the XDA project as separate attachments. Which I can do. In due course
Cheers.
Well, I took it from Play Store. Is that an old version?
ABANDONED
Hi! Does anyone here use Linux desktop distributions in chroot environment on Android device?
I am developing wayland protocol server for Android devices. If anyone is interested in checking my project, latest version of apk is always available here:
ftp://ftp.drivehq.com/mogryph/sparkle/
Currently I am only focused on running Xwayland as client. Also apk supports audio output.
Simplest instruction:
1. Android 6 or newer required, busybox required, root required
2. Prepare linux distribution in directory, image or on partition. Make sure you have Xwayland installed in it. Make sure you specify which DE to run (or at least xterm) in ~/.xinitrc
3. Install and start sparkle.apk
4. Press "edit user.sh", uncomment (remove #) line starting with start_generic_container. Change rest of this line to match your device:
first arg - image or partition where distribution is installed. If distribution is installed in directory and mouting is not needed, leave this arg unchanged.
second arg - mount point or directory with distribution. If you use mounting (first arg), this arg can be left unchanged.
third arg - name of the user which will be used to start Xwayland and DE. Its better to specify non-root. Also this is the user who must have .xinitrc in his home dir (see step 2).
5. Save user.sh and click "Start".
6. Any problems and crashes will be reflected in the log.
If you want audio output:
1. Compile and install driver from pcm_sparkle.tar.gz in your distribtion
2. cp 1.asoundrc ~/.asoundrc
If you have blinking problem, change upload_mode from 1 to 2 in settings. If you have bad performance, setting no_damage to true may help, but in most cases no_damage=false is better. Fastest upload mode is 0 (if it works).
If you don't trust me and don't want to give sparkle root permissions (I perfectly understand this) you don't have to. Also you can do without busybox.
But in this case, you need to understand and do a lot of things. Check sparkle's user.sh to get idea about what needs to be done. Basically:
1. You need to make /data/data/com.sion.sparkle/files accessible from inside chroot container. You can use bind bound.
2. Make sure you have tmpfs mounted over /tmp in container.
3. You may need to change selinux context on /tmp to match sparkle's context or disable SELinux.
4. You need to create new directory in /tmp, symlink sparkle's wayland socket from /data/data/com.sion.sparkle/files/wayland-0 to this dir. And export XDG_RUNTIME_DIR to point to this dir. Dir must be (ch)owned by user who will be running Xwayland and DE.
5. After all this, you can try to start Xwayland and your DE.
new version
New version
rgho.st/8Fbz64Rxj
Added x86 and x86_64 support. Actually it is rewritten almost from scratch but x86 support is the only thing others can notice...
Hello! This project is interesting. I tried you app and it works on my Xiaomi Redmi Note 4X(chromium and glmark from chrooted environment works very well)! Can you publish source code on Github, because it really interesting project?
Also I'm interested, please post it on github!
Did you put this up on github or move this thread? Looks very interesting.
1
Argh, sorry, I decided to abandon this project. You are free to delete thread. Also no copyleft-licensed components were used so I don't have to bother releasing sources.
Hentacler said:
Argh, sorry, I decided to abandon this project. You are free to delete thread. Also no copyleft-licensed components were used so I don't have to bother releasing sources.
Click to expand...
Click to collapse
Check your PM please!
1
Hello again.
For last two weeks I was rewriting it from scratch (yes. again... yes, third time).
Probably need another week to make it stable.
Currently I am not sure it runs on any device except my own 5-year old phone (LineageOS 14).
I will maintain last version here:
ftp://ftp.drivehq.com/mogryph/sparkle/
There is no English documentation, but you can see script "user.sh" to get idea about how to start xwayland. In most cases it should be enough to edit few lines in that script to make it work on another device. If you execute this script on your device with "install" argument, it is supposed to place itself into sparkle's directory and sparkle is supposed to run it ("start" function) automatically. Sparkle doesn't request root unless script does.
Here is video of sparkle working:
https://www.youtube.com/watch?v=tOSFYxCF7Q8
But it seems that KDE + video recording was too much for my old phone
Still, if you going to see video, don't close it until 2:00 where I turned of composition which caused lags.
Also on device everything looks much smoother than on video, even after 2:00.
When I watch fullscreen (1280x720) video on my device, sparkle + xwayland together add just 5% of CPU load (20% load of single core).
Thats it I guess... I tried to to discuss sparkle on 4pda.ru (russian forums), but got very bad reception. "xsdl is perfect, dont reinvent the wheel" they say. So I started to hate humanity and I decided to make sparkle personal project. Also this is last time I am solving reCAPTCHA to leave post on XDA.
Still alive
We are still alive. I've changed first post to reflect actual state. Now sparkle supports audio, auto-mouting containers and is lot more stable.
Yet there are still many things I want to improve in sparkle's core before adding new functions.
Also there are few demo videos on ftp.
Amazing!
Working great on my redmi 6 pro. Stock miui 9.9.3 rom. With linuxdeploy and sparkle from your ftp. No lag on visual and sound. My Linux distribution is alpinelinux arm64 arch.
Since first time I see your posting on 4pda. I'm interested in it. And finally it's on xda.
Thanks dev.
---------- Post added at 02:52 AM ---------- Previous post was at 02:44 AM ----------
For anyone interested in the topic. Please follow the instructions in documentation from ftp. And Translate it to eng from rus.
This sounds amazing! Just curious, is it related to https://github.com/twaik/sparkle ?
I now have it working very well on my Samsung Tab S3 using Xwayland and a tiling window manager. Firefox runs amazingly well!
Is it meant to be used only with Xwayland or will it also work with native Wayland applications?
BTW, I think if you open sourced this project and promoted it a bit, it could become quite popular. It's basically the first way to run X11 GUI applications on Android devices at full speed. If you set up a donation link, you could also get compensated for your time and effort. I'll personally contribute $20 if it's open sourced, and I'm sure others will chip in as well.
robsmith11 said:
This sounds amazing! Just curious, is it related to https://github.com/twaik/sparkle ?
Click to expand...
Click to collapse
Thanks for feedback. Nice to hear that someone managed to start this thing
Twaik's repository is clone of my very very old version of sparkle. I made that version years ago when I was just starting to learn linux and C++. Sparkle was rewritten from scratch two or three times since that version. And (I believe) current version is much better.
Regarding making it open source... Few months ago I had to find real job. Can't spend much time on personal projects any more. But I have my own strange programming style and my own vision of what sparkle should be. Not sure I want others to paint on my picture. It's probably all because of Twaik! I hate how he used old open source version of sparkle. He did terrible things to it, outraging all my beliefs Sorry!
P.S.: Yesterday I've uploaded another apk to my ftp. The file is called "sparkle-testing.apk". This version is much newer and has many fixes. But I've also changed to many things since tested version including some fundamental changes. No guarantee it will run at all on other devices. Interest is mega low and I get no test reports at all.
Hi Hentacler, I've just found your project - it looks really promising. Unfortunately, the only link currently working on this thread is to github. Is this project still live?
I have a samsung galaxy note 10+, and am using it as a laptop replacement. In addition to the android apps using Samsung Dex (Samsung's desktop solution), I have several linux distributions installed inside a chroot using userLand - so far, its working great. I'd be keen to give you project a try if it's still live, and am happy to help out with testing from my device.
Re open source - while I like your project, I'm not super interested in investing time into something that's not open sourced - I appreciate your concerns about wanting to maintain the direction, but having transparent development is pretty important to me. Is Twaik's fork of your project a better place to go?
Cheers.
tillum said:
Hi Hentacler, I've just found your project - it looks really promising. Unfortunately, the only link currently working on this thread is to github. Is this project still live?
I have a samsung galaxy note 10+, and am using it as a laptop replacement. In addition to the android apps using Samsung Dex (Samsung's desktop solution), I have several linux distributions installed inside a chroot using userLand - so far, its working great. I'd be keen to give you project a try if it's still live, and am happy to help out with testing from my device.
Re open source - while I like your project, I'm not super interested in investing time into something that's not open sourced - I appreciate your concerns about wanting to maintain the direction, but having transparent development is pretty important to me. Is Twaik's fork of your project a better place to go?
Cheers.
Click to expand...
Click to collapse
ftp://ftp.drivehq.com/mogryph/sparkle/
Link to FTP should work and there you can get two versions:
sparkle.apk - old version, but confirmed to work by 3-4 people.
sparkle-testing.apk - latest version, but only briefly tested by me.
I don't ask anyone to invest anything... Sparkle doesn't request root access or any other dangerous permissions (unless you enable automatic container mounting and starting) so it's safe to try for anyone who wants.
Btw, somewhere between these two versions I've replaced BASH container initialization script with LUA version. That was probably a bad idea. LUA script is harder to start directly as root and hacks I used may not work (currently may even cause application freeze if root access is denied). Going to revert to BASH probably. But this only touches people who want sparkle to mount container and launch everything automatically on single button press.
p.s.: Why I need to solve captcha every time I post something?
Thanks for the new release! I've updated and everything seems to be working without any changes on my Samsung Tab S3 with chroot and Arch Arm Linux.
Your changes also solved the flickering for me! The old version would flicker the screen whenever my keyboard's trackpoint activated, but it's not flickering at all any more. Performance seems to be about the same.
I think this could be quite popular, but not many people know about it. Perhaps a post on Hacker News or Reddit would raise awareness.
I understand your position on open source and maintaining control. One idea if you haven't already considered it is releasing the code with a restrictive license that forbids any forks. But either way, I'm enjoying being to properly use X11 on my tablet.
BTW, have you tried any native Wayland compositors? I don't really understand the Wayland ecosystem that well. I gave Sway a brief try, but it didn't seem to work. I've only been using XWayland.
@Hentacler Thanks for your reply! Very keen to get this working, but having a few issues. I'm unsure how to configure the user.lua file - I'm using your latest apk.
I have a non-rooted device, and am running archlinux under termux. Works fine with xsdl. I have installed xorg-server-wayland for X11. I'd appreciate any advice you have.
@robsmith11 Are you able to share how you got this working on Arch? Thanks!!!!
tillum said:
@Hentacler Thanks for your reply! Very keen to get this working, but having a few issues. I'm unsure how to configure the user.lua file - I'm using your latest apk.
I have a non-rooted device, and am running archlinux under termux. Works fine with xsdl. I have installed xorg-server-wayland for X11. I'd appreciate any advice you have.
@robsmith11 Are you able to share how you got this working on Arch? Thanks!!!!
Click to expand...
Click to collapse
I am not sure it is possible to use sparkle without root...
Sparkle makes it's directory accessible for everyone (chmod 777). Before Android 8 or 9 this was enough and xwayland from termux was able to connect to sparkle. Here is how people used to start it:
export XDG_RUNTIME_DIR=/data/data/com.sion.sparkle/files
Xwayland
But newer versions of Android brought more restrictions and termux can no longer connect to sparkle. These new restrictions are implemented using SELinux if you know what it is. Applications now have different security contexts.
But that is not all. Newest versions of android brought even more terrible meaningless restrictions effectively "killing" applications like termux and many others.
In short, from now one applications are not allowed to execute code (binary) that comes from "untrusted" sources. Termux used to download a lot of such code from it's own repositories. And now it can't. We can't even unpack binaries from assets.
So I can only help with rooted devices.
P.S. Please forgive me, but I am leaving this website. Making people solve recaptcha every time they want to post something is unacceptable level of contempt.
My mail: [email protected]
Thanks for that, will have a play. I could always just root my device. Weird about recaptcha, not having this issue. Currently through termux I have access to the whole sdcard, and am able to download packages (and distros) in it - will have a play and see what else is possible.
@tillum
I basically just followed the instructions on the first post for using Sparkle without busybox. I didn't need to modify the Lua scripts.
I'm guessing SELinux may be a problem without root. I'll try setting it up without root when I have a chance later.