Related
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This thread was created to make it possible to run and use Android on our devices.
What is Google Android?
Android is a software stack for mobile devices that includes an operating system, middleware and key applications.
Androids Architecture
We need all the help we could get to make this work
Other threads on Google Android
Google Android for Kaiser!!
Linux and Android for Vogue
Other helpful Links
Android on OMAP thanks to mswiss
http://it029000.massey.ac.nz/vogue/
This is the version that still has root access to the OS which makes it possible to edited the rom with-in the rom, thats if we get it ported first of course.
Also I dont have the tools right now to take apart the .nbh and rip it apart so if any can please do. The link is below.
DREAIMG.NBH
This popped up a week ago its the Orange France RUU update for the french G1
Could a kitchen be made out of this??
RUU_DREAM
VIA:imfloflo
This thread will remain open for any advancement of android getting ported onto the wing.
PLEASE REPORT ALL ISSUES TO THE ORIGINAL THREAD!!!
Visit darkstar62's thread (click here) for he has really gotten far with ported linux onto the wing.
darkstar62 said:
I've developed a kernel and base linux system suitable for installation on the HTC Herald / T-Mobile Wing series of phones. This image is for installation of a root filesystem directly to an SD storage card (no need for a root FS image). Several things don't work so far -- this is early development. But it's enough to play with. My hope is that we can use development on this as a jumping point for getting Google Android to run on the wing.
UPDATE (2/10/09):
I've added a Resources section to collect the useful information and links that have been posted here and in the other thread. I've also updated the known issues section for Android to reflect what I've discovered so far.
UPDATE (2/9/09):
I've got an updated kernel config and images for starting Android now! Android will now pull up the boot animation and begin startup. It still does not complete startup, but at least we know we've got the right stuff in the kernel now!
I've added instructions at the bottom for installing these and using them with an already set up linux system (per the first set of instructions).
UPDATE (2/7/09):
Here's some extra files you can grab if you're interested in development: (The patches don't apply cleanly yet against the linwizard kernel)
Kernel .config file I've used (against the linwizard 2.6.25 kernel): http://dl.getdropbox.com/u/198699/linux_wing/wing_config
Android diffs (between SDK android kernel and kernel.org 2.6.27 kernel): http://dl.getdropbox.com/u/198699/linux_wing/android-2.6.27.patch
Contents
Part 1: Linux Base System Installation Instructions
Part 2: Android Installation Instructions
Resources
Part 1: Linux Base System Installation Instructions:
The below instructions assume you have access to Linux and can read/write to your SD storage card.
To start out with, here's what you'll need:
Haret + default.txt + kernel (.zip, 1.4mb)
Root filesystem contents (.tar.gz, 13.1mb)
1. Repartition your SD card.
For this, you'll need to use something like Partition Magic or some other suitable partitioner (in Linux, you can use gparted to resize your Windows partition.) I recommend the following layout:
Partition 1: Primary, FAT16 or FAT32 containing your original Windows files (any size of your choosing)
Partition 2: Primary, Linux Swap, 128mb
Partition 3: Primary, EXT3, >=64mbMy linux partition is 650mb with a 1.2gb Windows partition and 128mb swap -- adjust to preference.2. Format the swap and linux partitions.
In linux, run the following: (I assume your SD card is /dev/sdb -- adjust if different)
Code:
# sudo mkswap /dev/sdb2
# sudo mkfs.ext3 /dev/sdb3
I'm assuming the layout in step 1 as well.
3. Mount the new Linux partition.
Run the following:
Code:
# sudo mount /dev/sdb3 /mnt
4. Copy the base linux system into the new Linux partition.
Save the root filesystem .tar.gz file from above to somewhere (I'll assume $HOME). Then run:
Code:
# cd /mnt
# sudo tar -xzvf $HOME/rootfs.tar.gz
# cd ..
5. Unmount the linux partition.
Run the following command:
Code:
# sudo umount /mnt
6. Mount the windows partition and copy the Haret executable + kernel.
I'll again assume you saved the "haret+kernel.zip" file to $HOME. Run the following:
Code:
# sudo mount /dev/sdb1 /mnt
# cd /mnt
# mkdir linux
# cd linux
# sudo unzip $HOME/haret+kernel.zip
# cd /
# sudo umount /mnt
At this stage, your Linux base system and kernel should be installed. All that's left is to remove your SD card and re-insert it into your phone, start up HaRET and enjoy.
7. Log in
Once you're booted into Linux, you can log in with:
Username: root
Password: wing
Plug in a USB cord to log in on your laptop. If your laptop runs linux, you'll need to make sure that the usb0 network interface has the right address:
Code:
# sudo ifconfig usb0 10.100.0.2 up
The phone's address will be 10.100.0.1. You should be able to SSH or telnet in to the phone and mess around. Run "startx" to bring up X and such.
What's Working
Minimal X server capable of landscape and portrait video modes (KDrive, using the framebuffer (omapfb))
Touch screen support + calibration software (TSC2046 driver + tslib)
Console keyboard (some characters are difficult / impossible to type due to the limited key layout and driver)
USB gadget support for connecting with my laptop (I can SSH / telnet into the phone, or ssh/telnet from the phone into my laptop)
Full access to the SD card (even the Windows FAT side -- mmci-omap driver)
Known Issues
Bluetooth -- haven't been able to get a working driver, or anything to even recognize that it exists
WLAN -- same as bluetooth
GPRS / Phone -- same. There appears to be a GSM device, but I haven't been able to do anything with it.
Most of the extra buttons don't fire any events
LEDs for the most part don't work
Battery and power stats aren't available, as well as power management
No control of the backlight or display power
Sound not functional -- don't have any drivers / software compiled for sound, so I don't know if this would work or not
No real time clock (RTC) functionality
Part 2: Android Installation Instructions:
For these instructions, the recommended procedure is to copy the files you'll need to the Windows side of your SD card and install using the Linux boot system. Make sure you follow the instructions for getting a Linxu base system installed first before following this.
First off, grab the following files (Required)
Android patched kernel for the wing (same as the below kernel, but with android patches): http://dl.getdropbox.com/u/198699/android/zImage2
Android root filesystem, compiled for the wing: http://dl.getdropbox.com/u/198699/android/root.tar.gz
Android /system partition, compiled for the wing: http://dl.getdropbox.com/u/198699/android/system.tar.gz
Script for starting Android: http://dl.getdropbox.com/u/198699/android/start_android
You can also grab the kernel config file if you're interested in building the kernel (I'll have the android patch set available soon) (Optional):
Kernel .config file for the modified kernel: http://dl.getdropbox.com/u/198699/android/kernel_config
1. Copy all files to your wing
From Windows Mobile, download the 4 required files above and place them on your storage card:
root.tar.gz -- Place in /Storage Card/
system.tar.gz -- Place in /Storage Card/
zImage2 -- Place in /Storage Card/linux (overwrite the file that's already there, or re-name the original first)
start_android -- Place in /Storage Card/
2. Install Android
Run HaRET.exe to start Linux. It should boot the new kernel (you most likely won't notice a difference). Once in Linux, run the following commands (you can do it directly with the wing keyboard, or you may elect to use SSH (see instructions above) -- SSH is easer in my opinion):
Code:
# cd ../..
# mkdir android
# cd android
# tar -xzf ../mnt/windows/root.tar.gz
# tar -xzf ../mnt/windows/system.tar.gz
# cp ../mnt/windows/start_android ../bin
# chmod 775 ../bin/start_android
If using the Wing's keyboard, you'll need to use the following key mapping:
'/' --> 'Tab'
'-' --> 'Alt + x'
'_' --> 'Alt + c' (I think -- it's Alt + one of the letter keys)
Numbers -> 'Alt + <top row>'
3. Start Android
At this point, android is now installed and ready to run. Simply execute the following command to start Android:
Code:
# start_android
After a few seconds, you should see the Android startup animation appear.Known Issues
The omapfb driver currently in use does not support page flipping, preventing the Android GUI from being displayed
Resources
WMStorage -- turn your wing into a USB SD card reader (Kudos to Kuff!): http://forum.xda-developers.com/showpost.php?p=3263023&postcount=5
Wing Service Manual (kudos to drmidnight!): http://forum.xda-developers.com/showpost.php?p=3291171&postcount=132
Google Andriod for Herald and Tmobile Wing -- the thread that started it all: http://forum.xda-developers.com/showthread.php?t=398830
Enjoy
Click to expand...
Click to collapse
Thanks
EDIT: Added darkstar62's most current update (2/10/09)
EDIT: Added Wing Linux 0.3 pre3 instructions. Thanks to darkstar62
Current Status
Bluetooth -- haven't been able to get a working driver, or anything to even recognize that it exists
WLAN -- same as bluetooth
GPRS / Phone -- same. There appears to be a GSM device, but I haven't been able to do anything with it.
Most of the extra buttons don't fire any events
LEDs for the most part don't work
Battery and power stats aren't available, as well as power management
No control of the backlight or display power
Sound not functional -- don't have any drivers / software compiled for sound, so I don't know if this would work or not
No real time clock (RTC) functionality
Can anyone take photos of these stages.
I would love to post them here.
Thanks
Good idea. Wondered when someone will come up with it....BUT the main problem will be to port the GSM over...think until now they didn´t succede - did they?
Good luck
i think the first thing we should look at is porting linux over to the wing
then go from there
BUT another thing that i don´t understand...correct me...
WE can only run Android like a VM on a PC.
First XDA boots WM6 and then starts an image from android...so it is more like an application running under WM??
And will there be a time where we can delete WM???
thx
we can delete WM when we have a full set of drivers for android
And linux- i've never understood people's compulsion for linux. Sure it's opensource and therefore free, but that does not automatically make it better.
fzzyrn said:
we can delete WM when we have a full set of drivers for android
And linux- i've never understood people's compulsion for linux. Sure it's opensource and therefore free, but that does not automatically make it better.
Click to expand...
Click to collapse
True true free doesnt make it better but atleast it gives us varieties...instead of just WM we could linux(android) also.
papamopps said:
Good idea. Wondered when someone will come up with it....BUT the main problem will be to port the GSM over...think until now they didn´t succede - did they?
Good luck
Click to expand...
Click to collapse
yeah i think its in that stage for now but imagine if we could make a very Clean rom and cook android into it and make it start at startup we could have it running and a decent speed
I think we can have android running as soon as we complete the "linux kernel" part of the dev roadmap along with the runtime. At this point, android would be "running" but not functioning
alright cool, you guys go work on the linux kernel and ill go.... drink this soda
fzzyrn said:
I think we can have android running as soon as we complete the "linux kernel" part of the dev roadmap along with the runtime. At this point, android would be "running" but not functioning
Click to expand...
Click to collapse
how could we get this started? im willing to try anything right now
you would probably need a coder. I haven't read much about android, but you could probably port over WM6 drivers (depending on programming language?)
fzzyrn said:
you would probably need a coder. I haven't read much about android, but you could probably port over WM6 drivers (depending on programming language?)
Click to expand...
Click to collapse
I don't think that that will work. I think that you need to start with the basic linux drivers and see if you can port them to mobile.
And yes, you would need a coder for that. And sorry to say, that isn't me. But, it t-mobile gets the diamond/whatever they're going to call it, I think that I will be first in line.
N3xt2N0N3 said:
yeah i think its in that stage for now but imagine if we could make a very Clean rom and cook android into it and make it start at startup we could have it running and a decent speed
Click to expand...
Click to collapse
Perfect reason for an Just2Clean variant! lol
WM6 are hardly running on our 200 MHz OMAPs and you want to put another OS on top of it? Laughing out loud.
CommZ said:
WM6 are hardly running on our 200 MHz OMAPs and you want to put another OS on top of it? Laughing out loud.
Click to expand...
Click to collapse
are you serious? hardly running? its sometimes (quite often to be honest) faster than qualcomm 400mhz... (most of users are still believers of MHZ GOD... ).
I know how fast my machine is. It is often annoyingly slow.
these days, frequency doesn't matter as much as FSB does!
But anyway, you would definitely have to write your own drivers, which makes android porting more the responsibility of the manufacturer than of the end user
BETA TESTERS NEEDED!!
DESCRIPTION: adb_bak2computer.sh
- tool (set of scripts) to backup d2vzw (SCH-I535) partitions directly to a users computer.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
PROGRESS:
- Beta5 - Now in two flavors, Mac and Linux!!
- Fully functioning tarballs are attached to the OP (as always)
TO-DO/KNOWN BUGS
- Re-wrote the code so it actually works on Linux now. (See the _Linux tar)
- All known bugs fixed. Unless someone points one out.
- To Do: Add functionality to wrap backups into a flashable zip (it'll be a big zip, but its one file to keep track of instead of blobs or sets of img files) This should be the first restore option I explore.
- To Do: Automate a standard backup (include: System, Boot, Data)
- To Do: Automate a set of backups that are compatible with TWRP. Why TWRP, cause I like it, and the differential backups that CWM does will be problematic for this tool. (I may need some help on this one.)
WARNING USE AT YOUR OWN RISK
I am not responsible if this tool destroys your soul, or your phone, or it makes a rainbow rhinoceros shoot out your bum.
NOTE: We all know the risks of doing stuff like this by now right? But the warning is still par for the course I guess. Is there a standard warning file I could link to, and make it all fancy and legal? Kinda like creative commons license only creative warning instead? Moving on...
PREREQUISITES
YOUR DEVICE MUST BE ROOTED
Linux or Mac operating system (maybe Cygwin might work, but I haven't tested it)
If you are on Linux you must have xterm installed (gnome-terminal or konsole alone won't work)
Must have the android SDK installed, and "platform-tools" must be in your $PATH
Process Viewer, "pv", must be installed
NOTE: To check if you have Process Viewer installed run pv --version in your terminal, if its not there download from here and install.
INSTRUCTIONS:
Download the appropriate tar for your OS
Extract it to a folder named "adb_bak2computer" in your $HOME directory.
Chmod everything so its all executable (chmod -Rf 777 ~/adb_bak2computer ).
Make sure your SGS3 is plugged into your machine via USB, and that you have USB debugging enabled.
If you are on CM10 or some other AOSP based ROM check the preference that keeps the screen on while plugged in.
If you are on a TouchWiz ROM use something like Wake Lock - PowerManager and force a full wakelock so your device doesn't go to sleep and or lock out adb debugging.
Run adb_bak2computer.sh from the terminal.
Pick a number
ALL CREDIT GOES TO:
das7982 - for ODIN guide here:
http://forum.xda-developers.com/showpost.php?p=28876440&postcount=1
scandiun - for "nandroid" backup directly to computer guide here:
http://forum.xda-developers.com/showpost.php?p=29862574&postcount=1
(and whomever they credited in their guides as well)
Feel free to fork, download, mod, make it all pretty, whatever you want. Its all open for sharing.
REPOS:
http://github.com/ALQI/adb_bak2computer-Mac
http://github.com/ALQI/adb_bak2computer-Linux
PM me if you want to help me with this tool, or just want to have a nice cup a tea.
Ta,
ALQI
REFERENCE THREADS:
El Grande Partition Table Reference -- E.V.A
Unlock Bootloaders -- AdamOutler
Android Kitchen -- dsixda
Look's kinda cool. Can't wait till this is finished!
Why not just use "rsync for android" from the market?
Sent from my Galaxy Note 10.1 using Tapatalk 2
blulite said:
Why not just use "rsync for android" from the market?
Sent from my Galaxy Note 10.1 using Tapatalk 2
Click to expand...
Click to collapse
That's for file based backups, which is great and I love rsync and ssh, but its not what I'm looking for. I want full on partition images going directly from my phone to my laptop (hopefully at USB2.0 speeds). So far the only way that I have seen that can do this is with scandiun's guide here:
http://forum.xda-developers.com/showpost.php?p=29862574&postcount=1
It works. I've tried scandiun's original directions and it does produce viable iamges. What I want to do is automate/simplify that process.
So far, I haven't had a chance to figure out how to get adb to play nice with spawning subprocesses in bash scripts.
like :
Code:
#!/bin/bash
function1(){
echo "function is running"
adb forward tcp:5555 tcp:5555
adb shell /system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox dd bs=4096 if=/dev/block/mmcblk0p17
}
function2(){
echo "function2 has to finish execution before either function can exit"
adb forward tcp:5555 tcp:5555; cd ./Cache_Test; nc 127.0.0.1 5555 | pv -i 0.5 > ./mmcblk0p17_cache.img
wait
echo "function2 is done"
}
function0(){
(function1)&
(function2)&
wait
exit
}
function0
wait
exit
This code doesn't work though. And I'm pretty sure its because adb needs actual separate terminals (not subprocesses) to run the two instances of adb forward.
This means I need a portable way to spawn new terminals. I've tried xterm -e [command] and that kinda works on linux but not on mac and I doubt it would on cygwin/windows. I may have to re-write this in python, but I'd rather use bash cause not everyone has python installed or is comfortable using it. Also, I'm lazy and I don't want to have to re-write what seems to be perfectly viable code.
Ta,
ALQI
FYI - I thought the cache partition would be a small safe partition to play around with, but its like 800MB on my device. I'll pick another for my next test/example.
Eureka (I think)
Ok, so I have a set of scripts now that can do what I need. That is execute in new terminal windows and play nice with adb.
This script (which can be .sh file), calls the other two .command files and actually backs up my cache partition.
Code:
#!/bin/bash
cd ./adb_bak2computer
open ./cache_bak1.command
sleep 2
open ./cache_bak2.command
wait
echo "cache should be backed up."
Here's the first command file:
Code:
#!/bin/bash
cache_bak1(){
echo "cache_bak1 is running"
adb forward tcp:5555 tcp:5555
sleep 2
echo "/system/xbin/busybox nc -l -p 5555 -e /system/xbin/busybox dd bs=4096 if=/dev/block/mmcblk0p17" | adb shell
wait
}
cache_bak1
Here's the second one:
Code:
#!/bin/bash
cache_bak2(){
cd ./adb_bak2computer
echo "cache_bak2 is running"
adb forward tcp:5555 tcp:5555
sleep 2
nc 127.0.0.1 5555 | pv -i 0.5 > ./mmcblk0p17_cache.img
wait $!
echo "cache_bak2 is done"
}
cache_bak2
For some reason I to pipe in an echo of the command I wanted to run in "adb shell".
Also, depending on your terminal settings, the windows for the two command files will stay open even when they are done. To fix that, just make sure your preferred terminal emulator is set to close when a process is complete.
I'd still like to get subprocesses (from post #4) to work but its stating to look like adb no likey.
I'll try and have the rest of the code for all the paritions up within the next few days, I still have some things to figure out though. I can use a menu to seperate the dd instances or loop/wait for the pid's of each instance to quit before moving on to the next partition, I'm on the fence as to whether I want everything to run consecutively or to give users the option to pick each partition they want to back up. Maybe I can do both, but that will take longer for me to finish.
Please excuse the crap typing as I'm doing this all in my "spare" time, which means I should be sleeping.
Ta,
ALQI
Why not just make scripts pull each partition? Adb can simply pull them......
Sent from my SCH-I535 using xda app-developers app
tonu42 said:
Why not just make scripts pull each partition? Adb can simply pull them......
Sent from my SCH-I535 using xda app-developers app
Click to expand...
Click to collapse
IIRC, adb pull is for files only. It can't pull full partition images.
I'm getting full partition images that can be (hopefully) used for Odin restoration and maybe nandroid or cwm restore.
Thanks for the input.
Ta,
ALQI
Sent from my SCH-I535 using xda app-developers app
ALPHA Version
OP is updated with fully functional alpha release of the tool.
Ta,
ALQI
Going to have to check this out over the weekend when I can sit down and read first.
Thank you for providing us with an alternative backup solution.
Sent from my SCH-I535 using Tapatalk 2
ok, so backing up the data block is HUGENORMOUSBIG
maybe mmcblk0p15 is including the internal sdcard because of that /data sub folder link to the sdcard?
I dunno for now, I'm going on 45mins and 6Gigs. I'll have to take a look in teh morning
Just wanted to let people know that this is not abandoned.
I only have one last hurdle. And that's getting an img file for /data without backing up /data/media (which is essentialy your internal sdcard). I can't really do a block dump cause mmcblk0p15 (am I even close there) is all userdata including /data/media.
Any ideas would be helpful? (Hint Hint)
Ta,
ALQI
Sent from my SCH-I535 using xda app-developers app
update ready to roll for Beta testers
alquimista said:
Just wanted to let people know that this is not abandoned.
I only have one last hurdle. And that's getting an img file for /data without backing up /data/media (which is essentialy your internal sdcard). I can't really do a block dump cause mmcblk0p15 (am I even close there) is all userdata including /data/media.
Any ideas would be helpful? (Hint Hint)
Ta,
ALQI
Sent from my SCH-I535 using xda app-developers app
Click to expand...
Click to collapse
I got /data backup working (yay me).
OP updated!!
alquimista said:
- Thread title updated with your American way of noting the date
Click to expand...
Click to collapse
My American way of noting the date is an ISO standard... YYYY-MM-DD
OP updated with new beta2 version of the tool.
Github commited as well.
ALL mmc blocks are set for backup now, check in the "CRAZY BACKUP OPTIONS" menu for the crazy backup options.
Next up:
Fix the echo [command] | adb shell scripts not exiting without CTRL+C
Option to have the basic backups turned into an "update".zip
Ta,
ALQI
Beta3
OP Updated with Beta3
Android side adb hang bug is fixed. Yay me.
GitHub updated as well.
Ta,
ALQI
HAAAAALLP!!!
I'm struggling a bit with creating a flashable zip with the files I get using my tool.
Basically I can pick whatever partition I want, but lets just say I want a standard backup and I've run my tool pulling the following:
Code:
boot.emmc.img
cache.ext4.img
data.ext4.tar
recovery.emmc.img
system.ext4.img
Actually, ican name them whatever I want and use whatever I want, so lets simplify that even greater and just go with:
Code:
boot.img
data.tar
system.img
The updater-binary and accompanying updater-script is pretty straight forward for the boot.img and system.img, the script would have something like:
Code:
write_raw_image PACKAGE:system.img SYSTEM:
write_raw_image PACKAGE:boot.img BOOT:
That's a bit of an over simplification depending on the updater-binary I wind up using, but its the right idea (some of the wording might change a bit but the "write_raw_image" part is whats important).
But what do I do with data.tar? Can I unpack that tar directly to "DATA:"? Something like:
Code:
package_extract_dir PACKAGE:data DATA:
I don't know if the updater-binary supports this with a tar??
I could unpack the tar file before creating the zip, but then I have to set all the permissions, which should have been preserved in the tar. Or can I just write a little script to go inside the zip that will essentially "tar -xf /tmp/data.tar /data" and unpack the tarball while in recovery?
I dunno, any ideas??
This would be alot easier if I could workout a way to dd a data.img without including the internal sdcard.
Ta,
ALQI
Beta4
OP Updated with Beta4
Github as well
Added funtionality to backup internal and external SDCards.
Ta,
ALQI
Important: Mac only
I just realized that this code probably won't work on Linux.
I'm on a Mac for most of my work, so I've been making all this on a Mac (OS X Lion 10.7). The "open" command probably won't work on linux or Cygwin.
I just need to add a quick check for for the OS and then use "xterm" instead of "open" for the .command files.
Actually, since I'm doing alot of cleanup and such, I will probably remove file extensions for most of the scripts.
Anyway, sorry for any confusion. I haven't been awake for most of this. But its definately a great big FAIL on my part. Well at least until I fix it.
Ta,
ALQI
BETA5 - Now works on Linux!!
OP Updated (as well as new repos) for new linux version.
Had to seperate out a version for linux cause Macs are dumb and can't open new terminal windows without the "open" command.
Tars are attached to the OP!!
Hello friends! I'm a year long follower of the LinuxOnAndroid project. I have always wanted to install ubuntu on my sdcard instead of using image files. I waited a long time for an instruction to crop up somewhere on the internet about how to do this, and in the meantime, learnt a lot of things. Then I decided to experiment with the idea a few days ago and also managed to get satisfying results. There was a significant performance boost compared to using a linux image.
While writing this tutorial, I have assumed that you are already quite familiar with the LOA project and that you have already managed to run a linux distro on your android device.
Please note that while this tutorial aims to be applicable for all distros released under the LOA project, I have only run Ubuntu 12.04 small, Ubuntu 13.10 small and Debian small images. I have never had any experience with the other distros. But I'm pretty confident that the instructions can be applied to other distros without any problem. If you encounter any problem while applying the instructions for your device and distro, I'm willing to help you as much as I can.
Warning: I've never bricked my android devices while rooting, modding or hacking them and I hope you will be as lucky. But please remember that I will not be held responsible for any damage or losses suffered by you or your devices while following the instructions given in this tutorial. You will do so at your own risk.
Let's begin.
First of all, Things You'll Need:
Root access on your android device
Busybox
An sdcard of optimum storage capacity. You decide what's optimum for your case. I have a 16GB card with a 4GB partition for ubuntu small image.
Init.d script support for auto-mounting second sdcard partition on boot. You can skip this if you want to mount the second partition only when booting up linux.
Attached zip containing bootscript.sh and 03ubuntu files.
Step 1: Partitioning the sdcard
WARNING: This will erase all data on your sdcard!
Use MiniTool Partition Wizard for windows, gParted for linux or aParted for Android to create the two partitions on your sdcard. I reccomend that you do the partitioning on your PC. Note that you cannot partition your sdcard by connecting your device to your PC my USB. You need to use a card reader. If you have a USB modem with built in card reader, you can use that too.
The first partition will be used by your android device for mass storage. Make it FAT32 or exFAT or vFAT. Note that if you make the first partition exFAT, custom recoveries like CWM will not mount it. This can cause problems, for example, when you are trying to restore a nandroid backup from your sdcard.
As for the format for the second partition (let's call it the linux partition), it depends on what linux filesystems your device supports. You can't use (ex/v)FAT(32). You can only use linux filesystem for installing a linux OS.
If you are using aParted to partition the sdcard, not every format will work. My tablet supports mkfs.ext2 and make_ext4fs but
Code:
mke2fs -t ext3/4
doesn't work. So I used aParted to format the second partition as ext2 and ran
Code:
make_ext4fs /dev/block/mmcblk0p2
in terminal emulator. So my linux partition is ext4. You need to unmount your sdcard to use aParted.
NOTE: Before creating your second partition, make sure your device is able to mount the format that you want to use. Run the
Code:
cat /proc/filesystems
or
mount
command in terminal emulator to check for supported filesystems.
STEP 2: Mounting the sdcard partitions
WARNING: If you are using the Link2SD app or any other app2sd app, you might be prompted to create mount scripts for the second partition. DO NOT CREATE THE MOUNT SCRIPTS. Our linux partition is not meant for app2sd.
In this tutorial, we will be mounting the linux partition automatically on startup. For this, you'll need init.d script support on your device. You can use Uni-Init to check/enable init.d easily. If your device does not support init.d and you've failed to enabled it, you could go for more advanced methods like unpacking your boot image and editing init.rc to mount the linux partition. You could also try the Script Manager app. You can also choose to mount the linux partition only when you boot up linux. Let me know if you'd like instructions for this.
Assuming that you already have init.d support, let us proceed.
Download the attached 03ubuntu script and using a root explorer copy it to /system/etc/init.d/here. I use ES File Explorer. Set file permissions to rwx-rwx-rwx or 777(? I'm not very familiar with numerical permissions). rwx-r-xr-x might also work. You can also use terminal to copy, set file permissions, etc. It's up to you.
EDIT: WARNING! Depending on your device, your MicroSD card might me mmcblk1. You can check using the mount command or from the aParted app. It is mmcblk1 on one of my friends' phone. If this is the case you must edit the 03ubuntu script to replace mmcblk0p2 by mmcblk1p2
The 03ubuntu script mounts the linux partition as ext4 at /mnt/ubuntu. The mount options in the script are meant for the maximum performance but may reduce reliability. I haven't had any problems yet. If your linux partition is not ext4, edit the script accordingly. Some of the mount options used in the script are meant for ext4 filesystems only. Google "best/optimum ext(whatever your linux partition is) mount options" to learn more. My linux partition is mounted with noatime option but becomes relatime sometimes after shutting down linux. Somebody please tell me why this happens.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
After placing the script in the init.d directory, reboot your phone.
After rebooting, open the /mnt folder. If you see a folder named ubuntu, congratulations, the init.d script worked. But is the linux partition mounted? You can check by opening the /mnt/ubuntu folder. If you see a lost+found or LOST.DIR folder, the partition is very likely to be mounted. Confirm it by running
Code:
mount
in the terminal. Look for the line
Code:
/dev/block/mmcblk0p2 /mnt/ubuntu ext4 rw,noatime,user_xattr,barrier=0,data=writeback 0 0
If you see that line, we're ready to move to the next step.
STEP 3: Copying the files from linux image to linux partition
Now, we install your linux distro on the sdcard. Place the image (a fresh one or the one that you've been using) in your sdcard and run the following commands. Note: You might need to make changes to the commands according to your image location and format.
Code:
su
mkdir /data/local/mnt
mknod /dev/block/loop255 b 7 255
losetup /dev/block/loop255 /mnt/sdcard/ubuntu.img
mount -t ext2 /dev/block/loop255 /data/local/mnt
cp -dpR /data/local/mnt/* /mnt/ubuntu
## wait till copy is complete ##
umount /data/local/mnt
exit
So that was it. You have your favorite linux distro installed on your sdcard now.
But before you go ahead and press that BOOT LINUX button, we still have some things left to do to make it possible to boot from sdcard.
STEP 4: Editing the bootscript.sh and init.sh files
Actually, I did the bootscript editing part for you. I made all (and only) the changes that are required to boot from the sdcard. The modified bootscript is based on the latest (v8) version. Things like sdcard and external sdcard mounts and binds are unchanged. I added comments in the script with my name to mark places where I made the changes. You can look through it if you like.
So now copy the modified bootscript.sh file inside /data/data/com.zpwebsites.linuxonandroid/files/here and set file permissions to rw-------.
After that, comes init.sh. Although the bootscript is common for all distros, it may not be the case for init.sh. You'll find it in /mnt/ubuntu/root/init.sh.
Copy it to your sdcard and keep a copy somewhere safe. Open the script in a text editor (I use Jota+ text editor) and find the following lines and remove them.
Code:
if [ $# -ne 0 ]; then
cfgfile=/root/cfg/$1.config
if [ -f $cfgfile ]; then
echo "Using config file $cfgfile"
else
echo "Config file not found, using defaults!($cfgfile)"
fi
fi
The original permissions for the init.sh file are rwx-rwx-rx
After that, place the modified init.sh file back inside /mnt/ubuntu/root/here and don't forget to set correct file permissions.
STEP 5: Final steps and booting linux
Everything is in place and now you can boot up your linux, or can you? Nope. The Complete Linux Installer app won't let you boot if it does not find an image file.
For this, create an empty file inside /mnt/ubuntu/here and name it ubuntu.img.
In the app, enter the location of linux image as /mnt/ubuntu/ubuntu.img and tap on the awesome boot button.
Voila! You've now successfully installed linux to your sdcard and managed to boot it up too! Well done, my son.
Aaaand...Just a reminder: Don't Update Script if you want to continue booting from thee linux partition.
If you have been successful in achieving the goal of this tut, please leave a feedback with your device name and any modifications that you had to make, if any, to the whole process. That will be of great help to others.
EDIT: RISK OF DOUBLE BOOTING!
In case of booting from linux image, when you (accidentally) tap on the boot widget or the boot button while linux is already running, the app would display a confirmation dialog to chroot into the mounted image. This may not happen when you are booting from the second sdcard partition.
To prevent errors when you accidentally tap on the boot widget/button, add the following code into the bootscript right after the error_exit() function at the beginning of the script.
Code:
echo "Boot up Linux? Make sure it is safe to boot before proceeding!"
read answer
if [ $answer != muchfunny ]; then
error_exit "Aborted"
fi
Replace "muchfunny" with y or yes or any word of your choice.
When you try to boot, you'll have to enter this word to proceed. If you type in the wrong word, it won't boot. This way, you will have a chance to prevent errors when you accidentally tap on the boot widget while linux is already running.
Any user of LOA, not just those who are booting from linux partition, can benefit from this. You could replace "muchfunny" with a secret code to prevent anyone from messing with your linux installation. So it's like implementing password protection.
I'm using this on my tablet.
hello david,
Looks nice and clear, haven't had the chance to try yet but will post my results when i do.
Just wanted to say big thanks for the write up.
Sent from my Nexus 7 using Tapatalk 2
joesnose said:
Looks nice and clear, haven't had the chance to try yet but will post my results when i do.
Click to expand...
Click to collapse
When you do a factory reset in CWM (probably also in other recoveries), the second sdcard partition is wiped.
So it's best to store the backups in the internal sd and remove the sdcard before performing a reset.
If you don't already know, and if you have not run "apt-get clean", you can back up any packages that you downloaded on ubuntu (if you're using it) by keeping a copy of the contents of the archives folder in /var/cache/apt/. In case your linux installation gets corrupted or the partition gets wiped, you can restore the backed-up packages later. So you won't have to download them again.
I have used this thread to install Archlinux using LinuxonAndroid on a Samsung Epic 4G's SD card. I have some issues to sort out with using VNC to access the Archlinux installation but the commandline environment on the Epic 4G works fine.
If you're trying to use this with Ubuntu, there are several issues. First, the image hosted by the LoA project for Ubuntu 13.10 doesn't work for this application: you'll get errors when you try to mount the image for installation to the SD partition. Second, you might try the 13.04 image: it will mount and install but the repositories are all gone because 13.04 is no longer supported.
If you're trying to install this in order to use a specific program (in my case, I'm wanting to use this device as a Prosody server), it's probably best to see which available distro hosted by LoA has up-to-date packages for that program and use that to guide your decision. Based on this logic, I chose Archlinux.
If you aren't using Ubuntu, the bootscript.sh file included with this post becomes problematic as it is littered with Ubuntu-specific calls. It isn't overly difficult to edit: open it in Notepad+ (or similar) and read through it, changing $mnt and $ubuntu to whatever you've named your partition mount folder as. In my case, my mount folder is /archlinux/ and the fake image file (used to spoof the LoA app as detailed in OP's post) is /archlinux/archlinux.img, so this meant simply replacing $mnt and $ubuntu with $archlinux. There are a few instances of $ubuntu that I didn't mess with--in the comments, David has mentioned that they refer to the "usermounts feature" and that he left these alone because he didn't understand it. Are these the usermounts that are defined in the LoA app? I don't know and I haven't tried defining a mount yet (such as partition 1 on the SD card). In short, bootscript.sh will need to be edited to account for a non-Ubuntu installation.
(If you're using Archlinux, LoA hosts a modified bootscript.sh that contains a Archlinux-specific change to mounting /dev/pts, whatever that is. I used this as a base script to work with, then added and deleted the areas that David has edited in his bootscript.sh.)
Accounting for the differences, Archlinux works at the terminal on the device. However, if you try to connect to the automatically configured VNC server, things start to get weird for a Linux noob (which I am). For starters, there isn't a desktop environment defined so when you first connect, you're gonna see a blank gray screen and a cursor. Right-clicking brings up a menu. Almost none of the apps on the menu work, because they aren't installed. I think what you're looking at is the openbox window environment. What you need is a terminal to install something that works better but here's the catch: the terminal isn't installed/working, either (in VNC, not at the device). What I did here might have been a mistake compounding an error: I used the terminal on the device (which is logged in as root) to install a desktop environment using Archlinux's package manager, pacman. Then, I edited the (hidden by default) /home/$yourinstallhere/.vnc/xstartup.sh to boot the installed desktop environment; add a line with the command appropriate to your chosen DE: e.g. gnome-session; startxfce4; startlxde. You can comment out most anything else as those lines are loading the openbox environment and a terminal session. Alternatively, leave those in place as a backup environment and place your DE load command after those, so if your DE doesn't load, you still have the nearly useless gray screen to look at.
Okay, so that got a DE going (after the xstartup script was executed again and possibly the Linux install rebooted). Now what? Well, as mentioned before, terminal still doesn't work. It will open but there isn't a prompt and no keyboard input is shown. Without terminal, Linux is crippled, DE or no DE. This is where I am currently. I can still manage the Archlinux installation from the device's terminal as root but access from VNC is effectively unusable. I don't know why: is it because the DE packages (including a terminal emulator) were installed by root and therefore the VNC user doesn't have the permissions to access them?
In any event, I would like to thank David for posting this thread. The LoA project has little to no documentation or discussion so this has been very helpful to me. Please let me know if you have any ideas regarding VNC access of the installation.
Edit: Additional installation-specific information:
My Epic 4G is running the Cyanogenmod 10.1 stable release. The init.d mount script for the second partition will not automatically run at boot, despite CM supporting init.d and having installed the Universal init.d app. However, the script can be manually executed from within the Universal app and that will mount the partition. I tried adding a 50-second sleep to the script to see if it was just bogging down but that had no effect so I gave that idea up. The test script that the Universal app uses to test if the device has init.d support also doesn't work, which indicates that the Epic 4G CM port may be at fault here.
Using Archlinux's systemctl to manage services from the root terminal on the device is not working as expected. For instance, if I try to restart the vncserver service (systemctl restart vncserver) the terminal returns, "Running in chroot, ignoring request."
Edit #2:
Installed xterm from the device terminal and now I can access xterm from VNC /facepalm (why does the xstartup script call something that isn't installed by default?).
When my device's screen powers off, the VNC session drops because the server apparently kills itself. I have Android set to keep wifi on during sleep. How do I keep VNC active while the device's screen is off?
I seem to have succeeded with having my Epic 4G run an XMPP server (Prosody) within Archlinux on Android. I don't want to take this thread too far off-topic but there were some aspects to my project that would be useful to know for someone installing LoA.
http://sourceforge.net/p/linuxonand...do-users-and-groups-work-under-linuxonandroid
https://android.googlesource.com/pl...r/include/private/android_filesystem_config.h
This is pretty key knowledge to know if you're going to install anything that's going to need to gain control over the Android hardware (e.g., opening sockets). Root at the terminal is probably in all of these groups but the default user (ubuntu or whatever you named your installation) might not be; if your software installs its own user, it definitely won't have these group memberships so you'll have to add them. In my case, Prosody creates its own user and group and refuses to run as root, so I had to give the Prosody user membership in the 3003 group so it could open listening ports (I also had to modify all of the files that should have belonged to Prosody with chown because root took ownership by default). I figured this was something to keep in mind, if you're a fellow Linux noob.
http://forum.xda-developers.com/showthread.php?t=1585009&page=24
Speaking of the "everything as root" problem, I came across this that purports to make the default ubuntu user more typical of what you'd encounter in a Linux distro. I haven't tried it yet but I may need to in the future, if I expand the services offered by my Epic 4G. I still haven't figured out why the VNC server drops when the screen is turned off, though; I probably need to switch servers. The default is xVNC and I have been using Win7 x64 TightVNC Viewer to access it.
Hello there! Thanks for your posts! After encountering problems while trying to get LAMP to run on Ubuntu 12.04 and 13.10, I had given up LoA, until today. I've been using Linux Deploy instead for the past few months. Everything works fine on it. Have you tried it?
Anyway, I've decided to install LoA Debian as image from now. I think dedicating a 4 GB partition to a Linux installation is costly when you have just 14.7 GB of available storage.
Hello David,
I gave up on Linux on Android because I couldn't get it to stay connected to wifi with the screen off. I went back to using an XMPP server on my OpenWRT router instead.
Thank you for the suggestion regarding Linux Deploy. If I have some time, I will try it.
Does your LAMP stack manage to stay constantly connected with the screen off?
hammmy said:
Hello David,
I gave up on Linux on Android because I couldn't get it to stay connected to wifi with the screen off. I went back to using an XMPP server on my OpenWRT router instead.
Thank you for the suggestion regarding Linux Deploy. If I have some time, I will try it.
Does your LAMP stack manage to stay constantly connected with the screen off?
Click to expand...
Click to collapse
Linux Deploy has options to keep screen on and to keep wifi on while the app is running. I'm not sure if this will help with accessing LAMP when the screen is off. BTW, I found other problems with LoA Debian. So I'm back to Linux Deploy Debian. I'll test LAMP with screen off and let you know how it goes.
Instead of running the web servers through a linux installation, I suggest you try the various web server apps available for Android, if you haven't already, that is. I use Palapa Web Server which is free and has a nice interface.
Unfortunately I was unable to get Apache to work. Anyways, like I said, the Android web server apps might best serve your needs.
davidheis said:
Instead of running the web servers through a linux installation, I suggest you try the various web server apps available for Android, if you haven't already, that is. I use Palapa Web Server which is free and has a nice interface.
Click to expand...
Click to collapse
This is a good suggestion but unfortunately the XMPP server apps that I've tried didn't work out. I don't recall exactly why as it's been awhile since I tested them. They are bare-bones and lack configuration options.
hammmy said:
This is a good suggestion but unfortunately the XMPP server apps that I've tried didn't work out. I don't recall exactly why as it's been awhile since I tested them. They are bare-bones and lack configuration options.
Click to expand...
Click to collapse
Oh, okay. I highly recommend Linux Deploy as the distros are downloaded directly from the official sources. Installing to a second partition is very easy too. And it also allows running of custom scripts during startup of your distro. So if you manage to have XMPP working, you won't have to open a terminal to start the service (which is necessary for apache - have to run "service apache2 start").
Let me know if you have any success with Linux Deploy. I may be working with XMPP in the near future, so having a 'take anywhere' server might prove very useful.
Hello David can you make a brief guide on how to install Kali on sdcards second partition. I'm stuck I don't know how to install the linux.IMG on the ext2 partition, I partitioned my SD card using minitool the problem is when I hit install on Linux deploy the IMG will be installed on the SD card but on the fat32 partition not the ext2, which is the path to ext2 ? I can't find it using file explorer maybe you can help me
EDIT: i need to mount the new ext2 partition right? which is the easiest way to do it?
hi... can you provide me a method to access the filesystem (eg. var, etc....) because in the old ubuntu version is no longer supported. i got 404 not found when try to get update(apt-get update). only one solution is modify etc/resource.list file....but ubuntu cant access the filesystem via termimal
Cifs mount on start? I've added it to fstab and mount -a works fine, but it seems that fstab is not being run on start-up? I tried adding the same line I used in fstab to the custom mount points but it does not like it "skip"' it's probably simple syntax, the mount cmd seems to change dep. on where you run it, anyone know the right way to get a cifs mount on start in ld? thanks..
this is what works in fstab/mount -a
//192.168.1.65/media/Cifs /Public/Video cifs username=user,password=pw,iocharset=utf8,file_mode=0777,dir_mode=0777,noperm 0 0
Well hello everyone.
I am going to try this now cause Linux deploy failed for me and it also messed up my external sd card (cause my xperia e3 doesn't have that Much internal).
Then i tried complete linux installer normal installation method but that also didn't worked so now i am going to try this.
I know this thread is very old but that's my only chance left for installing Ubuntu in phone
If anyone can provide any advice or any guidance i will be grateful to him
Thanks In Advance
Hi,
I have developed a tool to exploit the dirtycow vulnerability and get TEMPORAL ROOT
It bypass the selinux in lollipop 32bits system only, we are working now in a 64bits and Marshmallow version and will be soon, have a lot of work to do it universal.
Im bringing 2 tools, one apk (no computer required) and one rar for adb and linux.
With this tool we will access to those partitions and start the attack there, but in the actual state if you have locked your bootloader a good choice is to have root even temporal one.
·APK
Required: SDCARD
The apk exploits this vuln in the vold context so, is necessary to have a sdcard and mount or extract it, when the app requires, one time per session.
This tool has some utilities for flash boot and system partition, also for backup and 2 methods of root:
·Attack init process (lollipop 32 bits only)
·Attack app_process.(all devices, not really good)
·Get root
Uninstall any supersu manager before root.
The way to use this app is first click in check perms(optional) and you will see if you have permissions to /init file.
If you have permisisons and lollipop 32 you can use the first method to get root.
Also in check permissions you will see if you have rights to backup/flash boot and system partition.
The process takes until 2 minutes to finish so wait please and watch the log window.
# ISSUES #
If you get reboot after get root you can:
-Clean init (restore init process sometimes crash the device, but is safe)
-Install selinux permissive (Set permanent the new selinux policy, not tested)
The first option is safe you just can get a reboot.
The second option is just tested in 3 devices(oppo,xperia,Moto E), so test it with a recovery system working, can break some selinux rule..
·ADB
The adb rar contains some utilities to get root via run-as and init and is only working in Lollipop 32bits.
To execute it:
-Pass rar:"nox"
-Extract the rar in /data/local/tmp/
Code:
chmod 755 /data/local/tmp/exploit.sh
cd /data/local/tmp/
./exploit.sh
This process take some time 1-2 minutes but you will see the progress in the console, please wait,
After will ask to turn off bluetooth do even sometimes is not required, it can accelerate the process.
It will ask to install selinux permissive, if you don't have reboot problems, don't install it, otherwise be sure you have a recovery system working and a stock rom ready to flash, this feature is stable but need more testing.
if all is ok you will see this:
Code:
#Type run-as -s1 to get a shell"
#Type run-as -s2 to execute su daemon"
The run-as -s1 give you a shell with init context but some restrictions because selinux autotransfer domain to run-as
The run-as -s2 will execute su dameon and a su init context with no restrictions.
# ISSUES #
If you get reboot after get root you can:
·mount system partition with flag abort:
Code:
mount -o remount,abort /system
You won't able to mount system in write mode.
This app is in BETA BETA state for now, just 7/9 devices passed not bad at all
I'll add more devices in the list soon
List of rooted devices:
Moto G 5.1 lollipop
Xperia 5.1 lollipop
Oppo 5.1 lollipop
Emulator 5.1 lollipop
XT1528 (MOTO E Verizon prepaid) 5.0.2 lollipop(reboot issues)
Asus Zenfone Go ZB452KG Lollipop(5.1.1)
Smartfren Andromax A / Haier a16c3h (Lollipop 5.1 Firmware 12.2)
Version:0.4
Adb:http://www.mediafire.com/file/r3i900n7jb2zfoo/EXPLOIT_ADB.rar
Apk:http://www.mediafire.com/file/38tyscsaxms00sa/croowt%282%29.apk
Implemented selinux pemissive after reboot.(adb,apk)
Enforce mode working.(adb,apk)
Version: 0.3
Fixed bug creating bl instruction.
Version: 0.2
-Fix bug in apk for some devices
Version: 0.1
-More compatible adb with lollipop 32 bits
-Fixed bug in the shellcode.
-64 bits version of run-as-dirtycow.
Todo:
-Working in Marshmallow 32 bits.
-Apk some fix.
Thanks to n0x for his great help debugging the shellcode issue in Moto G
Great work!
Waiting for 64 bit
I will gladly test with my v10 I've been able to get a temp root shell with dcow. Happy holidays!
Sweet ! Has anyone tested on Note 4? N910A on 5.1.1
I'm currently on 6.0.1 MM so I'm waiting for that release.
Anyone know if this will work with the November Security patch of 2016?
Sent from my SAMSUNG-SM-N910A using Tapatalk
Really cool. I am having a problem trying to connect my device over adb wifi and now this!!! I have a locked head unit and i can't install any apps (all installations blocked and developer mode, usb debug all hidden. ) any way for me to install this onto my phone and attack my device via bluetooth or something? Or autorun once connected to usb? It's a long shot but hey its Christmas!!
Merry Christmas by the way
Can we have access to the run-as-dirtycow source code?
Thanks.
Exploit process
For the developers that are testing this exploit or want to know how it works deeply:
First we dirtycow some privileged process, for example run-as has suid 0 given by selinux capabilities not by the bit setuid.
When we have overwritten run-as, this binary can read /init path, so we copy to other place with our run-as "trojan".
In our run-as we need to put some code to read files, my run-as-dirtycow does:
run-as /init
Will print this file to the stdout(console), if we redirect this output to a file:
run-as /init > /data/local/tmp/init.dmp
We copy /init file through our dirtycowed run-as that has root privileges, and is permitted by Selinux.
We patch init.dmp to create our init.patch with a shellcode to load new policy.
We will use run-as to dirtycow again our init.dmp but patched with a shellcode.
So our run-as trojan also will have the dirtycow exploit and when we exec this binary with the right arguments also will dirtycow any file with read permissions to root.
run-as /init /data/local/tmp/init.patch
Once finish and when the new policy is loaded exec run-as trojan wiht the special parameter -s1 or -s2 give to you a shell root or install su in the device TEMPORAL, no modifies any partition but mount a ext4 partition in /system/xbin with the su binary.
Well this is the process to do it in adb shell, in the apk i am using fsck_msdos to do all this chain of steps.
I like to get some different init from lollipop 32 bits and Marshmallow 32bits to adjust the patcher to Marshmallow.
jucaroba said:
Can we have access to the run-as-dirtycow source code?
Thanks.
Click to expand...
Click to collapse
Is very simple just have the dirtycow exploit original and some code to copy files read and puts.
Anyways soon ill post here, has no many secrets lol, just copy file or execute sh, the main problem now is the patcher, to make it working in Marshamallow and 64bits, i don't have any device with 64bits, yes one xperiaZ that i can install a custom rom with Marshmallow.
But i think the first is to check if the patcher is working in lollipop32 bits well, even ive tested 2 devices and reversed some other inits is not enough to be completely sure that all is ok.
kryz said:
Is very simple just have the dirtycow exploit original and some code to copy files read and puts.
Anyways soon ill post here, has no many secrets lol, just copy file or execute sh, the main problem now is the patcher, to make it working in Marshamallow and 64bits, i don't have any device with 64bits, yes one xperiaZ that i can install a custom rom with Marshmallow.
But i think the first is to check if the patcher is working in lollipop32 bits well, even ive tested 2 devices and reversed some other inits is not enough to be completely sure that all is ok.
Click to expand...
Click to collapse
Thanks for your answer.
I'm trying to use your exploit to be able to read my /data/misc/vold/expand_*.key file. My wife has a Moto G 2014 mobile with official (non rooted) Android 6 Marshmallow. The bootloader is locked. She has deleted accidentally all the pictures in her SD card, that is configured as adopted card (not portable). I have made a cloned copy of the SD in my linux laptop with dd command, but I can not mount the partitions in the SD because I have to know the encryption key.
I can not unlock the bootloader, because the phone will be reseted to factory and the encryption key will be deleted. And I can not read the key file without being root, because of the permissions of the file. I have tried your run-as-dirtycow trojan in the phone, and I can read files I have no permissions for, such as /init.rc. The only missing piece now is that I don't know the exact name of the key file. I only know that it is of the form "expand_*.key". Can your trojan run-as-dirtycow be modified to be able to read the files with this pattern name in a given directory?
Thanks in advance.
kryz said:
Is very simple just have the dirtycow exploit original and some code to copy files read and puts.
Anyways soon ill post here, has no many secrets lol, just copy file or execute sh, the main problem now is the patcher, to make it working in Marshamallow and 64bits, i don't have any device with 64bits, yes one xperiaZ that i can install a custom rom with Marshmallow.
But i think the first is to check if the patcher is working in lollipop32 bits well, even ive tested 2 devices and reversed some other inits is not enough to be completely sure that all is ok.
Click to expand...
Click to collapse
I'm trying to root my boost max+ running 5.1.I tried the check perm option but couldn't remount sdcard,it just froze.Upon reboot it hang at starting apps.Had to remove sdcard to get phone to boot properly.
Sent from my N9521 using Tapatalk
tnomtlaw said:
I'm trying to root my boost max+ running 5.1.I tried the check perm option but couldn't remount sdcard,it just froze.Upon reboot it hang at starting apps.Had to remove sdcard to get phone to boot properly.
Sent from my N9521 using Tapatalk
Click to expand...
Click to collapse
When you mount the sdcard is normal that doesn't mount again, the process hijack fsck_msdos, you have to come back to the application, wait and watch the window log.
It depends on mount will get 1-5 seconds to see the information.
If you see that init is OK, you can proceed with the get root.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
jucaroba said:
Thanks for your answer.
I'm trying to use your exploit to be able to read my /data/misc/vold/expand_*.key file. My wife has a Moto G 2014 mobile with official (non rooted) Android 6 Marshmallow. The bootloader is locked. She has deleted accidentally all the pictures in her SD card, that is configured as adopted card (not portable). I have made a cloned copy of the SD in my linux laptop with dd command, but I can not mount the partitions in the SD because I have to know the encryption key.
I can not unlock the bootloader, because the phone will be reseted to factory and the encryption key will be deleted. And I can not read the key file without being root, because of the permissions of the file. I have tried your run-as-dirtycow trojan in the phone, and I can read files I have no permissions for, such as /init.rc. The only missing piece now is that I don't know the exact name of the key file. I only know that it is of the form "expand_*.key". Can your trojan run-as-dirtycow be modified to be able to read the files with this pattern name in a given directory?
Thanks in advance.
Click to expand...
Click to collapse
The run-as context can't see /data or even /data/misc folders, anyways i will implement the list of directories in the next update.
kryz said:
The run-as context can see /data or even /data/misc folders, anyways i will implement the list of directories in the next update.
Click to expand...
Click to collapse
Yes, I know it can see those folders, I only need to know the name of the file I am interested in.
If you implement the "list of directories" functionality it will be fantastic. Thanks for it.
I will also be very grateful to see the full source code of the trojan.
Waiting eagerly for both things.
Thanks in advance.
jucaroba said:
Yes, I know it can see those folders, I only need to know the name of the file I am interested in.
If you implement the "list of directories" functionality it will be fantastic. Thanks for it.
I will also be very grateful to see the full source code of the trojan.
Waiting eagerly for both things.
Thanks in advance.
Click to expand...
Click to collapse
Sorry wrong type i wanted to say that run-as context can not see those folders.
I mean ive implemented all ready that function "-d" and run-as can not list those folders:
run-as -d /system/etc
Attached run-as-dirtycow.c
kryz said:
Sorry wrong type i wanted to say that run-as context can not see those folders.
I mean ive implemented all ready that function and run-as can not list those folders.
Click to expand...
Click to collapse
Mmmm, so the only way to be able to read a file in /data/misc/vold/ is to be root?
If that is the case, then I suppose I have to wait til your exploit can be used to root a Marshmallow phone.
Am I correct?
Thanks.
jucaroba said:
Mmmm, so the only way to be able to read a file in /data/misc/vold/ is to be root?
If that is the case, then I suppose I have to wait til your exploit can be used to root a Marshmallow phone.
Am I correct?
Thanks.
Click to expand...
Click to collapse
I think so, i don't have that folder in my devices, but i was trying to read on /data folder and no success in one of its sub folders.
Btw what cpu is your device 32 o 64 bits?
Can you post your init file?
kryz said:
I think so, i don't have that folder in my devices, but i was trying to read on /data folder and no success in one of its sub folders.
Btw what cpu is your device 32 o 64 bits?
Can you post your init file?
Click to expand...
Click to collapse
My CPU is 32 bits. It is a Moto G 2014.
I suppose you don't have the /data/misc/vold folder because you are not looking at a Marshmallow system.
What file are you interested in? The /init.rc file?
jucaroba said:
My CPU is 32 bits. It is a Moto G 2014.
I suppose you don't have the /data/misc/vold folder because you are not looking at a Marshmallow system.
What file are you interested in? The /init.rc file?
Click to expand...
Click to collapse
I'm interested in /init file and 32 bits is great
kryz said:
I'm interested in /init file and 32 bits is great
Click to expand...
Click to collapse
No /init file in Marshmallow. At least not in that path.
---------- Post added at 02:19 AM ---------- Previous post was at 01:48 AM ----------
kryz said:
I'm interested in /init file and 32 bits is great
Click to expand...
Click to collapse
Sorry, the file exist, but I can not read it. I can not copy it with your trojan run-as (run-as-dirtycow) either.
Hi kryz,
Please find the /init from 32bit 6.0.1
It is from Xperia Z2 with custom rooted rom (Mx ROM v8.6.0)
How can i copy /init from my boot locked, unrooted, stock 6.0.1 64bit X Performance?
Hoo roo,
Am currently trying to install a custom version of BusyBox to get Linux Deploy working. The installation script is slightly buggy, but you can workaround it by changing the .sh script slightly and creating the folder /system/xbin.
However, having a bit of trouble. Using su in Termux and mounting / as rw, then attempting to mkdir /system/xbin softlocks my Boox Max 3. This appears to be as a result of android 9 doing system-as-root.
I'm following the instructions mentioned in this Github issue.
Am so close to getting working Arch Linux on my eink tablet, can anyone point me in the right direction? Thank you in advance
If you want to tamper Android's system partition then
Phone's bootloader must be unlocked
AVB must be disabled
before.
Also: Android's /system partition is of fixed size. Have you checked there is enough free space to hold the BusyBox suite, too?
Why not install your BusyBox suite in /system/bin, what will overwrite Android's default ToyBox suite thus you won't have 2 more or less equal suites present in Android?
jwoegerbauer said:
If you want to tamper Android's system partition then
Phone's bootloader must be unlocked
AVB must be disabled
before.
Also: Android's /system partition is of fixed size. Have you checked there is enough free space to hold the BusyBox suite, too?
Click to expand...
Click to collapse
Thank you so much for responding jwogerbauer, using TWRP so bootloader is unlocked, and dm-verity is disabled as well. There's also most definitely enough space on /system, can't even make the folder though.
Linux Deploy needs this specific version of BusyBox installed, which is strange. The developer is a bit slack and more of a shell scripting sort of guy, so there's a heap of small hack arounds.
Was thinking there might be something possible with symlinks or something, but no idea where to start
snug.gy said:
Hoo roo,
Am currently trying to install a custom version of BusyBox to get Linux Deploy working. The installation script is slightly buggy, but you can workaround it by changing the .sh script slightly and creating the folder /system/xbin.
However, having a bit of trouble. Using su in Termux and mounting / as rw, then attempting to mkdir /system/xbin softlocks my Boox Max 3. This appears to be as a result of android 9 doing system-as-root.
I'm following the instructions mentioned in this Github issue.
Am so close to getting working Arch Linux on my eink tablet, can anyone point me in the right direction? Thank you in advance
Click to expand...
Click to collapse
How can I create xbin on android 11 please? Its rooted and unlocked thank you
Why trying to install BusyBox? Android since version 6 already comes with ToyBox - Android's official BusyBox equivalent.
xXx yYy said:
Why trying to install BusyBox? Android since version 6 already comes with ToyBox - Android's official BusyBox equivalent.
Click to expand...
Click to collapse
I have instructions to install other things that I'm following and that requires for me to put things into that specific ×bin to then give commands on terminal emulator and working with linux I think it def is for busy box @xXx yYy thanks
Joy28 said:
I have instructions to install other things that I'm following and that requires for me to put things into that specific ×bin to then give commands on terminal emulator and working with linux I think it def is for busy box @xXx yYy thanks
Click to expand...
Click to collapse
So what should I do how do I get it on there? Thx
Joy28 said:
So what should I do how do I get it on there? Thx
Click to expand...
Click to collapse
@xXx yYy
Since now almost 2 years you ( and other member ) are struggling with this problem: looks you ( both ) never correctly read the related posts here.
Same question got asked here, too
Creating /system/xbin on Android 9
Hoo roo, Am currently trying to install a custom version of BusyBox to get Linux Deploy working. The installation script is slightly buggy, but you can workaround it by changing the .sh script slightly and creating the folder /system/xbin...
forum.xda-developers.com
Note:
BusyBox binary ( current version is 1.36_0 released 3 weeks ago ) is compiled to be run on Android 8 and lower. For Android 8 and higher you've to use BusyBox as Magisk module.
My recommdation: Install Brutal BusyBox as Magisk module. Watch this video:
BTW:
Folder /system/xbin holds “Extra” binaries generated by some of 3rd-party-packages that aren’t essential to the system’s operation. To get these binaries working Android's path variable must get adjusted, too.
Folder /system/ sbin typically hold binaries essential to the system administrator, it contains only ueventd and adbd.
FYI:
TWRP times ago has started replacing Busybox with Toybox
xXx yYy said:
Since now almost 2 years you ( and other member ) are struggling with this problem: looks you ( both ) never correctly read the related posts here.
Same question got asked here, too
Creating /system/xbin on Android 9
Hoo roo, Am currently trying to install a custom version of BusyBox to get Linux Deploy working. The installation script is slightly buggy, but you can workaround it by changing the .sh script slightly and creating the folder /system/xbin...
forum.xda-developers.com
Note:
BusyBox binary ( current version is 1.36_0 released 3 weeks ago ) is compiled to be run on Android 8 and lower. For Android 8 and higher you've to use BusyBox as Magisk module.
My recommdation: Install Brutal BusyBox as Magisk module. Watch this video:
BTW:
Folder /system/xbin holds “Extra” binaries generated by some of 3rd-party-packages that aren’t essential to the system’s operation. To get these binaries working Android's path variable must get adjusted, too.
Folder /system/ sbin typically hold binaries essential to the system administrator, it contains only ueventd and adbd.
FYI:
TWRP times ago has started replacing Busybox with Toybox
Click to expand...
Click to collapse
I dont have an sbin either please in really simple terms can you please tell me how to install xbin??? Please I'm going crazy over here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
No i need this bad please can you point me in the right direction
just install busybox from Magisk
https://github.com/Magisk-Modules-Repo/busybox-ndk
aIecxs said:
just install busybox from Magisk
https://github.com/Magisk-Modules-Repo/busybox-ndk
Click to expand...
Click to collapse
Thanks but I don't think that is the extent of it... I need to put linux file into xbin
I am using Linux Deploy app on systemless-root without any hassle
Please see pm
I don't reply pm. keep it in the threads.
what's the point, if you're rooted with Magisk, just install UPDATE-Busybox.Installer.v1.34.1-ALL-signed.zip from Magisk modules, reboot, and find "compatible BusyBox in path /system/xbin" (or /system/bin if no mount point exist)
Linux Deploy doesn't care about install location of busybox as long as it is in path.