possible LG WebOS root with su - WebOS Software and Hacking General

ON further discussion with other users, this may only work from a remnant from the GetMeIn exploit, which I had attempted to use but it was unsuccessfully not able to map memory. Perhaps this in combination with GetMeIn may be of use to others.
- - - - - - - -
While awaiting the exciting new from retr0id RootMY.TV , I came across a very straightforward way to achieve root and escape chroot on a OLED55E6P with WebOS release 3.3.4 and firmware version 05.30.60.
I am still fiddling to find preferred method of establishing a permanent root remote shell, and will update later with that.
Curious if this works on your WebOS + Firmware versions?
This procedure opens a root shell over telnet outside of the chroot jail, that is connected to a TTY. Bash history is available across sessions, arrow keys and home/end keys function!
Code:
## Do normal procedure to install developer app, register at LG, enable keyserver, get key, save key, etc.
##Then:
ssh -i ~/.ssh/tv_webos -p 9922 [email protected]_IP "/bin/bash -i"
#Enter passphrase for key '~/.ssh/tv_webos':
#/bin/bash: can't access tty; job control turned off
#/media/developer $
su
#su: must be run from a terminal
#sad, but
/bin/busybox.suid su
Password: alpine
id
#uid=0(root) gid=0(root) groups=0(root),10(wheel),506(pulse-access),509(se),777(crashd)
/bin/busybox.nosuid chroot /proc/1/root
#/ # /bin/sh: can't access tty; job control turned off
##1st Time prepare directory, set root password###
mkdir -p /home/overlay/etc
mkdir -p /home/overlay/work
mount -t overlay overlay -o lowerdir=/etc:/media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service//binaries-armv71/opt/openssh/etc,upperdir=/home/overlay/etc,workdir=/home/overlay/work /etc
passwd
####
nohup telnetd -l /sbin/sulogin &
#### then from another terminal, run
telnet TV_IP
## dont break anything

Why didn't it work on my webOS 3.0 TV? It replyed 'incorrect password'.

Related

A Real Linux Android System

Before reading.
This article requires that your phone is Rooted and has Busybox installed.
HTC owners, S-off your phone as well.
Android is a great operating system for SmartPhones. Only problem with it (From a more technical users point of view) is the small useless bad excuse of a linux system running behind the UI. Some of the smaller issues can be fixed by installing Busybox that provides a better basic set of tools to work with, but it's not enough. What I would like is to be able to use almost any real linux cli application, daemon, library etc. Also some compilers would be great. I'm using an HTC desire which has more than enough power to do things like compiling (I know, I have done it.), and so has a lot of other SmartPhones. Why would one need this when there is cross compilers you can use on regular and faster machines? Well, because It's fun, why else. I did not spend all that money on a SmartPhones just to make a few phone calls and write a few text messages. My old Sony Ericsson did that quite well. I spend that money to get a phone with many possibilities that I could play with.
I tried to search the web for some helping instructions on how to port a real linux system to this phone. What I mostly got, was people who ported linux systems that would run as an extra OS on the phone, some even with an Xserver accessible via VNC. Sounds fun, but not what I was after. I did not want an extra OS using CPU and unnecessary RAM. I just wanted some extra tools, libs etc to work with and the regular linux user management. I managed to find an old article from someone using Debians armel version on an old G1 phone. I thought that if it worked on that phone, it would be possible to do so on mine. So I started playing around with that.
The way this works is by installing a bare minimum debian on an second partition. This will not boot anything up since it will just work as extra tools and lib using the already booted android linux system.. You will still only have one OS but more tools (Including the nice APT package system) to work with.
Now there is two ways of using debian on android.
The first way is to setup the Debian in an chroot environment. This has some flaws like I have not yet been able to make the chroot start second jobs, which means that you will be able to start applications and daemons running in the current shell session. But you will not be able to make them run in the background. But as an development environment it will still work great, as you will be able to use the Debian libs and compilers.
The second way (The way I was after) is to setup Debian using the UAFS kernel module. This is used to merge directories into one with different rules for each. For an example you would be able to merge /debian_root/etc and /system/etc into a shared /etc with RW on Debians etc and RO on Androids forcing any changes to be made in /debian_root/etc. Using this option you will use Debian to extend the Android Linux part. Android UI with Debian Shell.
This article is split into 3 parts. The first part is the setup of Debian. Must be done whether you want chroot or a merged system. In the second part we will cover the setup of the chroot environment.
The third part is the setup of the merged system. This will require one thing in order to work.
You will need a kernel with the uafs module which is not default in most android kernels. You will need to compile your own kernel. People using the Thalamus kernel, can download a kernel with this module kernel-2.6.37.2_AUFS.zip. A big thanks to Thalamus for providing this. Note that this kernel was a special request from me that he was kind enough to provide. It comes with absolutely no guaranties. Do not email spam him about errors you might encounter using it as this is not an official release.
Note that once you mount the Debian system, you will not be able to mount the SD Card when connecting it to your PC. You can download the App “Multi Mount SD-Card” from Market which will be able to mount your SD Card on your PC while mounted on your phone. This app should also speed up transfers on 2.6.37 kernels, or so I have heard.
Part 1: Building Debian
We are going to run debian from a file containing a ext2 filesystem. If your SD Card is big enough you might be able to create an extra partition and force it to mount as something else other than ext-sd, but in this article we are going to use a partitioned file.
Also, this will require that you have the tool “debootstrap” on your PC. This is found in Ubuntu and Debian, dont know about other Linux distro's or Operating systems. If you don't use Linux or an distro with debootstrap you can download a Ubuntu Live CD from the Ubuntu website. This can be run on CD, DVD and USB disks without installing it. For this article I have used Ubuntu 10.10.
Open a terminal on your Ubuntu/Debian/LiveCD PC and cd to the folder where you want to temp. store your debian. I will call this path “debian_dir”
The first thing we will do is to create the partitioned file.
I'm creating a file with 1.5GB of space. You can create the size you want.
Don't use 0 in the size, dd don't like that.
Code:
cd debian_dir
dd if=/dev/zero of=debian.img seek=1499999999 bs=1 count=1
mke2fs -F debian.img
mkdir debian
mount -o loop debian.img debian/
Now that we have created the file and mounted it, we should download and place debian inside of it. First we will install debootstrap.
Code:
apt-get install debootstrap
debootstrap --arch armel --foreign squeeze debian http://ftp.us.debian.org/debian
umount debian/
Debian Squeeze is Debian 6.0 which replaces the old Lenny.
Copy the debian.img file to your SD Card on your phone. I placed mine in the root of the SD Card.
Now open a terminal on your phone. You can download one from market. There are some free once, but the paid “Better Terminal” is the best to work with in my opinion.
Note: All shell work is done on the phone from now on.
First we need some temp. exports.
Type the fallowing:
Code:
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH
export HOME=/root
export TERM=linux
export DM=/data/local/debian
export DI=/sdcard/debian.img
Now we will create the Debian dir and then create a loop device which we will use to mount the Debian image to the Debian dir.
Code:
mkdir -d $DM
mknod /dev/loop0 b 7 0
mount -o loop,noatime $DI $DM
Now that we have debian mounted in our debian folder, we need to finalize the installation. Not all files as been installed yet. Don't forget to activate Mobile Network or Wifi.
chroot $DM /debootstrap/debootstrap –second-stage
We also need to insert the debian repository and a DNS (I use OpenDNS).
You can use whatever you want for the DNS, you routers IP for an example. It should have some default Ips configured.
Code:
echo “deb http://ftp.us.debian.org/debian squeeze main contrib non-free” > $DM/etc/apt/sources.list
echo “208.67.222.222” > $DM/etc/resolv.conf
Now change the root to the debian dir and set a root password and make sure that certain folders already exists.
Code:
chroot $DM /bin/bash
passwd root
mkdir root
exit
Now we need to make sure that certain variables exists and that the values is as they should be. So we will alter the /system/bin/sh that android uses as login shell.
Code:
cd /system/bin
mv sh sh0
Create a new /system/bin/sh file with the fallowing content.
This will ensure that these variables is created and/or changed every time you enter a new shell session. You can call another shell like bash or ash instead /system/xbin/sh, just make sure to use ash or sh at the top, since bash does not seam to understand [email protected]
Warning: It is very important that the /system/bin/sh file is made correct. Android will not boot if anything is wrong with this file. It should be exactly like the one I posted, and you cannot make it on your PC and push it to the phone. Don't know why, it works fine with other shell scripts, but not that one.
Enter an adb shell from your PC and use vi or nano (You can download nano here here) to copy and paste the content directly into the ADB Shell.
Note: ADB from the recovery will always work. It does not use /system/bin/sh
Code:
#!/system/xbin/sh
/system/xbin/sh --login [email protected]
Make sure that it has execute rights. Then type sh in the terminal to make sure that it works before you close your ADB Shell session.
Code:
chmod a+x /system/bin/sh
sh
sh0 will not be used, it's up to you wether you want to save it or not. Just make sure that /system/xbin/sh exists, otherwise
copy /system/bin/sh0 to /system/xbin/sh.
Now we need the profile file that is needed by this method. This file will make sure that we have all our variables and the data that they should contain.
Android does not keep very good track of these things. Place this data in the file /system/etc/profile
Code:
export TERM=linux
export TERMINFO=/etc/terminfo
export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/vendor/bin:/system/bin:/system/xbin
if [ "$EUID" == "0" ]; then
if [ -z "$HOME" ] || [ -z "$USER" ] || [ -z "$GROUPS" ]; then
export HOME=/root
export USER=root
export GROUPS=0
fi
else
# Make sure that this user id variable exists.
if [ -z $EUID ]; then
export EUID=$(echo $(id | cut -d "(" -f 1) | cut -d "=" -f 2)
fi
# If we have an /etc/passwd file available,
# we should also make sure to get name, group and home info from that file and
# store in the default linux variables.
if [ -f /etc/passwd ]; then
# Create the user info variables based on user id and /etc/passwd
export USER=$(grep "x:${EUID}:" /etc/passwd | cut -d : -f 1)
export GROUPS=$(grep "x:${EUID}:" /etc/passwd | cut -d : -f 4)
export HOME=$(grep "x:${EUID}:" /etc/passwd | cut -d : -f 6)
fi
fi
export ADID=$EUID
if [ "$PS1" ]; then
if [ "$BASH" ]; then
# The file bash.bashrc already sets the default PS1.
if [ ! -z $HOME ] && [ -f $HOME/.bashrc ]; then
. $HOME/.bashrc
elif [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
else
export PS1='\h:\W\$ '
fi
else
if [ "$EUID" == "0" ]; then
PS1='\w # '
else
PS1='\w $ '
fi
fi
else
PS1='\h:\W\$ '
fi
if [ -d /etc/profile.d ]; then
for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
unset i
fi
We will also need an /etc/bash.bashrc which is needed because /etc/profile not always gets executed.
Code:
if [ "$ADID" != "$EUID" ]; then
# Some times /etc/profile is not executed (For an example when using Androids su command).
# /etc/bash.bashrc however it used instead. So we just execute it manually in these cases.
# If you create a local bashrc ($HOME/.bashrc), remember to include this check.
# /etc/bash.bachrc is not used when a local file exists.
if [ -f /etc/profile ]; then
. /etc/profile
# Since /etc/profile links back to this file,
# we will make sure not to start an unending loop.
# the profile file should update this, but it's better to be on the safe side.
if [ "$ADID" != "$EUID" ]; then
export ADID=$EUID
fi
fi
fi
PS1='\h:\W\$ '
And last we have some user and group configurations in order to make Debian better work with Android. Open your Android terminal emulator and make sure it opens as user and not root. Now type "/system/xbin/id".
What we need here is the uid, gid and the ids of each accosiated groups along with the names of it all. In my terminal I have "uid=10048(app_48) gid=10048(app_48) groups=1015(sdcard_rw),3003(inet)".
What we will do it create this user along with the groups in our Debian inveroment. However, I use the uid name and gid name "bterm" instead of app_48, but still with the original IDs. The inet and sdcard_rw groups will be created as system groups. Do the same for your app user and group if you don't want any login possibilities with this user. I however have assigned home and password to this user.
This needs to be doen in chroot
Code:
chroot $DM /bin/bash
groupadd --system --gid 1015 sdcard_rw
groupadd --system --gid 3003 inet
groupadd --gid 10048 bterm
adduser --home /home/bterm --gid 10048 --uid 10048 bterm
gpasswd -a bterm sdcard_rw
gpasswd -a bterm inet
exit
Now your ready for the next step. Remember that the user you have created, is the user used by your terminal emulator when you are not logged on as root. This ID is only assigned to that specific app, if you install another terminal, it will get another ID.
Part 2 – Setting up a chroot environment
The best way of doing this is to make two small scripts and place them in /system/bin or /system/xbin. One script for doing the mount after phone boot. And one script for entering the chroot when open a new shell session.
Here is the mounting script that I call mkdebian.
This needs to be executed once every time the phone has rebooted. If your ROM supports init scripts, you can add it there for auto-mount on boot.
Code:
#!/system/bin/sh
export DM=/data/local/debian
export DI=/sdcard/debian.img
# Create the loop device and mount the debian image
mknod /dev/loop0 b 7 0
mount -o loop,noatime $DI $DM
# Let's make sure that we can access our sd card from within the chroot
if [ ! -d "$DM/mnt/sdcard" ]; then
mkdir $DM/mnt/sdcard
fi
mount --bind /mnt/sdcard $DM/mnt/sdcard
# Now we make sure that the chroot has access to all the device maps
if [ ! -d "$DM/dev" ]; then
mkdir $DM/dev
fi
mount --bind /dev $DM/dev
# We also need to make proc, sys etc available from within the chroot
chroot $DM mount -t proc proc /proc
chroot $DM mount -t sysfs sysfs /sys
# And last fix the mtab
chroot $DM rm -f /etc/mtab
chroot $DM ln -s /proc/mounts /etc/mtab
echo “Debian was mounted in $DM/”
Now for the script that I called “debian”.
This script will make you enter the chroot environment using one single command. Every time you exist the debian chroot, you can enter back using the command “debian”.
Code:
#!/system/bin/sh
chroot /data/local/debian/ /bin/bash
And that is it. Open a terminal, type debian and start using your debian environment. It might be a good idea to run aptitude update or apt-get update before you start using the package manager.
Part 3 – Settings up a merged Android/Debian environment
This is the fun part to play with. A merged Android/Debian environment without the usage of chroot. This only requires a script to be executed at boot, or after boot.
Remember that this will not work unless your kernel has the aufs module.
Code:
#!/system/xbin/sh
export DM=/data/local/debian
export DI=/mnt/sdcard/debian.img
# Now we mount the debian image to our debian folder.
mknod /dev/loop0 b 7 0
mount -o loop,noatime $DI $DM
# These two directories exists in both android and debian,
# so these are going to be merged together.
mount -t aufs -o dirs=$DM/etc=rw:/system/etc=ro aufs /system/etc
# For some reason, mounting /sbin with aufs does not work.
# So we make a little cheat with symbolic links instead.
mount -o remount,rw /
mv /sbin /sbin0
ln -s $DM/sbin /
rm -rf /sbin/adbd
rm -rf /sbin/ueventd
ln -s /sbin0/adbd /sbin/
ln -s /sbin0/ueventd /sbin/
# Let's get all the debian root directories out to the real root dir.
rm -rf /root
for x in tmp root lib bin boot home media opt selinux srv usr var
do
ln -s $DM/$x /
done
if [ -f /system/xbin/bash ]; then
mount --bind /bin/bash /system/xbin/bash
mount --bin /system/xbin/bash /system/xbin/sh
else
mount --bind /bin/bash /system/xbin/sh
fi
echo "Debian has been merged with Android..."
Run this at startup and start using all of debians possibilities (Don't run it yet).
The / dir is left with RW permissions. If this is set to RO then apt-get will not work. It writes tmp log files to this dir when running. It does not matter since all changes to this dir is restored to default on every boot.
Also dont forget to run apt-get update or aptitude update to update the package list.
You are now able to install and run almost anything (CLI Only) that runs on debian systems and other linux dists. Personally I'm currently running OpenSSH Server and Lighttpd with PHP. A perfect small transportable web server.
You can use either /etc/init.d/[your service] start
or
service [your service] start
to start daemons you have installed.
Now you can use the "mkdebian" command to merge your new Debian with Android.
Note: The command “su” from debian works differently than the android “su” command.
The debian command uses the regular linux management to provide access which means that it will ask for your root password that you created in the first part. The android command will just provide you with su rights without a password. Both commands provides su rights to both android and debian, so it is possible to remove the android command and create a new Android/Java based SU app for the Android UI that will require root password.
Note: There is a small problem with the Android "su" command. It does not recheck the /etc/profile.
That means that if you log on using the regular user, and then uses the "su" command, user variables does not get updated with su paths.
Using the Debian "su" command will work fine, just note that this command will promp for password. Also logging in using the root account
directly works fine.
Good luck
[Edit: 2011-03-09 11:06]
- Changed the /etc/profile script in Part 1
- Added /etc/bash.bashrc script in Part 1
- Changed User and Group setup and moved it from Part 3 to Part 1
- Fixed error in /system/bin/sh
All of this will fix some permission problems with Debian
[Edit: 2011-03-08 11:21]
- Fixed problems with user management by adding an /etc/profile and changing /system/bin/sh and the debian merge script. Using the "login" command is no longer needed.
[Edit: 2011-03-07 08:49]
- Fixed bug in Part 1 sh script.
[Edit: 2011-03-07 00:20]
- Added a new /system/bin/sh script to Part 1
- Added the way we create missing users and groups in Part 3
[Edit: 2011-03-06 19:36]
- Inserted a warning text in part 1 about avoiding problems when creating a new /system/bin/sh.
Applying Host name
If you want to set a custom hostname for your phone, you can create an init script (If your ROM supports it).
Code:
#!/system/bin/sh
# Get the hostname if it exists, or set it to localhost
if [ -f /system/etc/hostname ]; then
_HOSTNAME=$(cat /system/etc/hostname)
if [ -z $_HOSTNAME ]; then
_HOSTNAME=localhost
fi
else
_HOSTNAME=localhost
fi
# Update the Hostname
echo "$_HOSTNAME" > /proc/sys/kernel/hostname
# Update the hosts file
echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
# If the hostname is not localhost, we add one more line to the hosts file
if [ "$_HOSTNAME" != "localhost" ]; then
echo "127.0.0.1 $_HOSTNAME" >> /etc/hosts
fi
This will look in /system/etc/ for the regular linux hostname file. If it exists, it will take the hostname from that file and set as the global hostname.
If it does not exist, "localhost" is used instead. Also it creates the /system/etc/hosts file.
Add or Edit your hostname like this.
Code:
echo "myhostname" > /system/etc/hostname
Note: Remember to delete the hosts and hostname files in your debian /etc/ dir when using merged environment. Otherwise they will overwrite the once in /system/etc/ as debian has first priority.
Manipulating the Android Permissions
Androids permissions works by providing a User ID for each application. This user (Application) can then get a range of different permissions by being added to groups with the permissions required by the app. For an example an app that needs to write to the SD Card, should be a member of Androids sdcard_rw group which translates into 1015 in a Linux group id. Using the numeric values of the Android groups, we can assign these permissions to shell users, daemons etc.
An example:
I had problems with my Http Server because I wanted my www folder on my sdcard. But, the www-data user and group could not be allowed to write to the SD Card, which I needed it to do, because Android controls what permissions the SD Card should have, not even root can change that.
What I did was creating a system group that I named sdcard_rw (Same name as the android, just to better keep track of the groups) with the same Id as the Android sdcard_rw (1015). I then assigned that group to my www-data user (gpasswd -a www-data sdcard_rw) and now my lighttpd had Read/Write access to my sdcard.
You can use the same example for creating a regular SSH User by using the Android shell group or for any other type of user that needs some Android permissions to work properly.
[Edit: 2011-03-08 21:13]
- Added an permission example
Great...
I was just looking into this myself for the last few days.
strange how there isn't more of this being talked about.
at least I have been unable to find anything.
Omg this sounds awesome,
Will try this when u get home and will report back
Sent from my Nexus One using XDA App
I'm still trying to work out some problems with User Rights on SD Card. Can't get lighttpd to be allowed to create files in my SD Card www dir (Does not matter what user and group I set it to use). I can't even get the root account to be allowed to change permissions on SD Card files and folders. It's not the biggest problem, but will report back when I figure it out.
Nice! I've been constantly disappointed for the past year at how un-Linuxy Android is under the hood and unimpressed with the old chroot tricks. This looks much better and I'll try it soon.
I have added a new /system/bin/sh script that can be found in Part 1. This script will automatically look for bash and, if that exists, try to find bash.bashrc, .profile or .bashrc in /etc or the users home dir. If bash does not exist, it looks for sh instead. If you have both one of the Android specific compiled bash, then Debians bash is used when available as this is made to work in a real linux environment. Android bash does not seam to work that way. Also debians packages gets updates via APT.
Also I changed the way groups and users is created in Part 3. Manually inserting them to /etc/passwd, /etc/shadow and /etc/group did not seam to be enough. The users and groups where only half registered. For an example the command "login" gave me a lot of errors, and i had problems with user rights. By using adduser and addgroup in a chroot before the first merge, the user management seams to work as it should now.
I was playing with Debian on my phone just a few days ago too. I've found that same G1 article you mentioned, and installed Lenny in a chroot environment. Background daemons work fine for me, I've installed OpenSSH and I'm using ConnectBot connecting to 127.0.0.1 to get a terminal, so I don't have to chroot every time. I even have X with tightvnc server + android-vnc-viewer. Running the desktop Firefox on my phone is fun Although not very useful. I'm still thinking about what awesome things we could do with this that we couldn't otherwise.
Anyway, great howto.
Do you have any details on the Thalamus kernel? What phone is it for? Overclocked, audio hack, etc? Or is it just a vanilla kernel with the extra module?
What applications can we dream up?
The first thing that springs to mind is could this be used to create a low power server running bittorrent and the like?
Would a cheap device like the Vodafone 845 be under-powered for this?
Can you connect to a usb hub to allow multiple devices to be connected to it? I'm thinking usb network adapters, external storage, etc.
How much additional effort on top of this guide would be needed?
Just curious...
will not... - -!
Well I learned one thing. Don't make Shell scripts when you are tired. I started a shell loop on phone bootup with my /system/bin/sh fix (Which had been changed). When using the merged environment, you need (for now) to enter /bin/login when you open a new shell and login as user with the password you created in Part 3. This will make Debian take over the user management which among other things will make sure that the right variables etc. exists. I have tried to locate where android controls new shell sessions, but I cant seam to find it.
When you make Debian take over, you can use your Linux shell as any other. .bashrc, .profile, /etc/bash.bashrc, /etc/profile files, change default shell (bash, sh, ash) in /etc/passwd and so on.
#9 Well the kernel is the same that is found in the Oxygen 2.0.1, so it's an gingerbread rom (2.3.3). If it works only in Oxygen, I don't know but I don't think so.
#10 He he, Could not say. For now I'm just trying to make it work as I want it to work. After that I might start playing around with different things.
The "login" command is no longer needed. I finally found a way to successfully control user variables and management, making Android and Debian work together as one when merging the two.
This is amazing. Totally going to do this later tonight when I get home.
If you merge using AUFS instead of making a chroot, you should perhaps use the system user (Id: 1000, Group: 1000) as the regular user.
There are only two static users in Android, 0 and 1000.
Android just isn't made to work as an multi-user system. This is how the Java UI is made, and we really need to Linux part to be compatible with that part of the OS. Instead of multi-users, android uses it's apps as users. Each app works as one user with different id. So the 10048 I used as regular user is just the ID of mine "Better Terminal". Switching to another terminal app changed the EUID.
Use the root and only root to work with in the shell. And then delete Debians "su" command and stick with the one from android. Debians need all users that execute "su" to be written to the /etc/passwd.
All GNU tool and library, that's Great. thanks a lot.
I have added an example of how to apply Android rules to shell users, daemons etc. Some daemons will need this in order to function.
I have added this in Thread 2 below the hostname example.
I also changed the main Thread. Found a fix for the rest of the permission problems, including the Android "su" command issue.
I have tested this Android/Debian merge using several methods (ADB, SSH, different local terminals) and it worked on most. I had one problem with one local terminal app that did not execute /etc/profile and some Debian users in /etc/passwd that didn't either.
To fix this I changed /system/bin/sh from using "/system/xbin/sh --login [email protected]" to instead use "/system/xbin/sh --rcfile /system/etc/profile [email protected]". I then moved the Debians /bin/bash to /usr/bin/bash and made a similar script file in /bin/bash > "/usr/bin/bash --rcfile /etc/profile [email protected]". You can make the same for /bin/sh if you don't like using bash for your /etc/passwd users.
Remember to change the bash bind mount in the mkdebian script from /bin/bash to /usr/bin/bash
Use whatever method works on your phone.
This looks like a ton of fun, and could be very useful. I'd like to try this on my NookColor (N2Acard, CM7.1), probably using The Guardian Project's lilDebi image as a base. They go the chroot route with their installer, and I'm going to have to do some hacking on their scripts to make them work with the NookColor. I figure if I'm going to have to hack on it, I might as well put my efforts toward a more ideal solution.
Question: It doesn't look like the CM7.1 kernel supports aufs. That is,
Code:
cat /proc/filesystems
doesn't return aufs as one of the supported filesystems.
Aside from a lack of elegance, is there any reason we can't apply your /sbin workaround to "merging" the whole filesystem? [I recognize there's a certain amount of ignorance behind the question; I figure there's only one way to cure that: Ask.]
OR, how difficult might it be to take a complete CM7.1 kernel and add aufs support to it?
'preciate any help I can get!
mailman1175 said:
This looks like a ton of fun, and could be very useful. I'd like to try this on my NookColor (N2Acard, CM7.1), probably using The Guardian Project's lilDebi image as a base. They go the chroot route with their installer, and I'm going to have to do some hacking on their scripts to make them work with the NookColor. I figure if I'm going to have to hack on it, I might as well put my efforts toward a more ideal solution.
Question: It doesn't look like the CM7.1 kernel supports aufs. That is,
Code:
cat /proc/filesystems
doesn't return aufs as one of the supported filesystems.
Aside from a lack of elegance, is there any reason we can't apply your /sbin workaround to "merging" the whole filesystem? [I recognize there's a certain amount of ignorance behind the question; I figure there's only one way to cure that: Ask.]
OR, how difficult might it be to take a complete CM7.1 kernel and add aufs support to it?
'preciate any help I can get!
Click to expand...
Click to collapse
here's where you get aufs patches.
you'll have to build the kernel yourself to make it work.
to the OP:
using the aufs mount method instead of a chroot...
I have a small problem, I don't know if it shows up with your .img filesystem method, but with an sd-ext partition used intead of the .img file, apt-get fouls massively when trying to update/upgrade libc6.
it complains about the libc6*.so existing in two places at once, and requests the existing one be removed. If it's removed, then nothing in the Linux install works, because just about everything is compiled against libc. I can use busybox to manipulate files with the libc6 removed or hidden away, but can't seem to get past the error since dpkg and apt don't work without some version of libc installed.
Any hints/suggestions? I like your scripts a lot better than the chroot ones I cobbled together from everyone else's work last year for similar purposes before I got aufs working in a kernel.

[Guide] [Tweaks] Android Security Hardening

Lately I had been researching on how to further secure Android against Exploits, Malware, and Privacy issues. Some, if not most, of this guide is for the more paranoid users but I believe it is usefull information for everyone. I will try to keep it as easy to follow as possible.
Part 1 - ADB & Root:
What is ADB:
ADB (A.K.A the Android Debug Bridge) is a tool used by developers to allow access to an android device via a computer. The program consists of a server (ADBD) which lives on the phone/tablet and the client (ADB) which lives on the computer. This allows dev's to quickly access logs and install applications over a command shell.
The Threat:
While ADB is usefull if it is left on an attacker can use it to gain access to the device and dump logs, bypass the lock screen, root the device, steal credentails and more. One such attack is Kos' P2P-ADB. This framework allows an attack to bypass most (if not all) security if ADB is enabled on the device.
The Solution:
The easiest solution is to simply disable Degbuging. The setting is disabled by default but most custom roms have it enabled. To disable (on ICS/JB) it go to:
Code:
Settings ---> Developer Options ---> Android Debugging
Ensure Android debugging is unchecked.
For the more paranoid:
Adb actually relies on the ADBD binary. On most AOSP roms the binary is stored in /sbin/adbd if you change the permissions to 000 it can no longer execute and can't be used at all. One way to achieve this is by using this init.d script:
Code:
# Disable the adbd daemon
mount -o rw,remount -t rootfs rootfs /
chmod 000 /sbin/adbd
mount -o ro,remount -t rootfs rootfs /
mount -o ro,remount /system
Save the code to a file called 99secure and place it in /etc/init.d/ If your rom supports init.d the script will execute on boot and remove the adbd permissions so it can't run.
What is root/superuser:
The superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator, admin or supervisor. In some cases the actual name is not significant, rather an authorization flag in the user's profile determines if administrative functions can be performed.
Click to expand...
Click to collapse
The root user has full access to the system and can perform almost any task. Most custom ROMs ship with root enabled.
The problem:
Running with root enabled is inherently insecure. If a malicous app is allowed to run with root permisions it has full access to the system and can do what ever it wants (delete information, steal passwords, keylog, activate the camera, etc.)
The Solution:
If you are running a CyanogenMod Rom you can disable root by going to:
Code:
Settings ---> Developer Options ---> Root Access ---> Disabled
Alternatively you can change the permisions of the "su" binary to 000 with:
Code:
mount -o rw,remount /system
chmod 000 /system/xbin/su
mount -o ro,remount /system
Part 2 - Bluetooth:
Bluetooth is a great technology that allows close range (~30m) wireless comunication between devices such as headsets and speaker phones.
The Problem:
Bluetooth is a wide open whole for an attacker to gain access to your device. There are multiple exploits against bluetooth (such as bluejacking). While most aren't widely used bluetooth should be disabled when not in use.
The Solution:
Disable bluetooth via the settings app:
Code:
Settings ---> Bluetooth ---> Off
Alternatively you can disable the bluetooth service/daemon:
Code:
mount -o rw,remount /system
chmod 000 /system/bin/bluetoothd
mount -o ro,remount /system
and even the bluetooth device (this was done on a Galaxy Nexus running CM10 JB):
Code:
mount -o rw,remount /system
chmod 000 /dev/ttyO1
mount -o rw,remount /system
After that is done bluetooth can no longer be turned on by accident or a malicous attacker (provided they don't have root).
Part 3 - NFC:
What is NFC:
Near field communication (NFC) is a set of standards for smartphones and similar devices to establish radio communication with each other by touching them together or bringing them into close proximity, usually no more than a few centimetres. Present and anticipated applications include contactless transactions, data exchange, and simplified setup of more complex communications such as Wi-Fi.[1] Communication is also possible between an NFC device and an unpowered NFC chip, called a "tag".[2]
NFC standards cover communications protocols and data exchange formats, and are based on existing radio-frequency identification (RFID) standards including ISO/IEC 14443 and FeliCa.[3] The standards include ISO/IEC 18092[4] and those defined by the NFC Forum, which was founded in 2004 by Nokia, Philips and Sony, and now has more than 160 members. The Forum also promotes NFC and certifies device compliance.[5]
Click to expand...
Click to collapse
As per Wikipedia
The Problem:
This year at defcon NFC was shown to be vulnerable to attack (http://forum.xda-developers.com/showthread.php?t=1832186). Another example is the recent Samsung Exploit which can be executed by NFC tags as well.
The Solution:
NFC can be disabled by:
Code:
Settings --- > Wireless & Networks ---> NFC
Alternatively you can disable the NFC Device:
Code:
mount -o rw,remount /system
chmod 000 /dev/ttyO3
mount -o rw,remount /system
Part 4 - Network Attacks:
Just like a computer android is succeptable to attacks over the network. Bellow is a init.d script that will harden the TCP/IP stack:
Code:
# hardening TCP/IP stack for IPV4
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 #ICMP broadcast
sysctl -w net.ipv4.conf.all.accept_redirects=0 # ICMP redirects ipv4
sysctl -w net.ipv6.conf.all.accept_redirects=0 #ICMP redirects ipv6
sysctl -w net.ipv4.conf.all.send_redirects=0 # ICMP redirects
sysctl -w net.ipv4.conf.all.accept_source_route=0 #source routing disable
sysctl -w net.ipv4.conf.all.forwarding=0 #Forwarding traffic
sysctl -w net.ipv4.conf.all.rp_filter=1
sysctl -w net.ipv4.conf.all.log_martians=1 #filter martians
sysctl -w net.ipv4.tcp_max_syn_backlog=1280 # TCP syn half-opened
sysctl -w net.ipv4.ip_forward=0
sysctl -w net.ipv4.tcp_syncookies=1
Android also runs IPTables ( A firewall). You can change this by script or a nice GUI tool calledDroid Wall
Part 5 - Removing unneeded applications:
These commands will remove some applications that aren't needed and may have internet access. The bottom ones are kept for root only:
Code:
rm -f /system/xbin/irsii
rm -f /system/xbin/nano
rm -f /system/xbin/nc
rm -f /system/xbin/telnet
rm -f /system/xbin/telnetd
rm -f /system/xbin/opcontrol
chmod 740 /system/xbin/rsync
chmod 740 /system/xbin/strace
chmod 000 /system/bin/bluetoothd
chmod 750 /system/bin/iptables
chmod 750 /system/bin/ping]
There may be more you want to remove like ssh.
I personally removed "Packet Management" as well to prevent installing apps over USB:
Code:
# disable the Packet Management binary
chmod 000 /system/bin/pm
Part 6 - Removing APK's:
You can also remove unneeded APK's by:
Code:
mount -o rw,remount /system
rm -r /system/app/[apk name here]
mount -o ro,remount /system
I removed these apps:
Bluetooth.apk
NFC.apk
Development.apk
DrmProvider.apk (You may not want to do this if you use the playstore)
Email.apk ( I use K-9 instead)
Exchange.apk (I don't need it you may)
PackageInstaller.apk ( Used to install apps. Don't remove if you want to install apps).
Click to expand...
Click to collapse
What apps you can and can't remove
Part 7 - Misc:
Personally I don't use the playstore/Google Framework as it sends back WAY to much info for me to trust it. I also reccomend using Full Device Encryption and a secure Kernel such as FuguMod.
Alot of the information I got is from this Sans guide
I will be posting more as I look into other security options
Let me know if I missed anything and please hit thanks if I helped at all.
Bellow is the init.d script I am using (modified from the Sans guide) ** ONLY TESTED ON A GSM GALAXY NEXUS ***:
Code:
#!/system/bin/sh
# Customize some parameters and lockout the SO
# July 2011
mount -o rw,remount /system
# Disable Bluetooth
chmod 000 /dev/ttyO1
#Disable NFC
chmod 000 /dev/ttyO3
# hardening TCP/IP stack for IPV4/IPV6
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 #ICMP broadcast
sysctl -w net.ipv4.conf.all.accept_redirects=0 # ICMP redirects ipv4
sysctl -w net.ipv6.conf.all.accept_redirects=0 #ICMP redirects ipv6
sysctl -w net.ipv4.conf.all.send_redirects=0 # ICMP redirects
sysctl -w net.ipv4.conf.all.accept_source_route=0 #source routing disable
sysctl -w net.ipv4.conf.all.forwarding=0 #Forwarding traffic
sysctl -w net.ipv4.conf.all.rp_filter=1
sysctl -w net.ipv4.conf.all.log_martians=1 #filter martians
sysctl -w net.ipv4.tcp_max_syn_backlog=1280 # TCP syn half-opened
sysctl -w net.ipv4.ip_forward=0
sysctl -w net.ipv4.tcp_syncookies=1
# Removing/ disabling unnecessary binaries. Some of them have access to Internet
rm -f /system/xbin/irsii
rm -f /system/xbin/nano
rm -f /system/xbin/nc
rm -f /system/xbin/telnet
rm -f /system/xbin/telnetd
rm -f /system/xbin/opcontrol
chmod 740 /system/xbin/rsync
chmod 740 /system/xbin/strace
chmod 000 /system/bin/bluetoothd
chmod 750 /system/bin/iptables
chmod 750 /system/bin/ping
## This is the last step of the hardening
# do a backup before
# disable the Packet Management binary
chmod 000 /system/bin/pm
# Disable the adbd daemon
mount -o rw,remount -t rootfs rootfs /
chmod 000 /sbin/adbd
mount -o ro,remount -t rootfs rootfs /
mount -o ro,remount /system
Hardening android
How can I harden android to block certain web site or filtering the prono sites?
Have you made any further progress with locking down your phone. I switched from iPhone to android and I can't help but feel that the iPhone was more secure. Alot of my concern is that on Android I notice that even with a pin lock sometimes apps run on top of it and if you have a lock screen it sometimes seems to circumvent pin codes all together. Is the security of the phone now based on how secure the lock screen is?
As for your mods, It seems like most, if not all, of these mods require root access. Are you suggesting it is more secure to root your device and perform these mods than to leave it stock?
Also, how vulnerable is it to have a phone with an unlocked bootloader and a custom recovery? Doesn't that make it easier for someone with physical access to compromise your phone? I understand you can enable encryption which only encrypts the data partition but what about if the phone is already started up? Is there a way to harden it from physical attack other than disabling ADB?
Thank you
Josh
inaxsesable said:
Have you made any further progress with locking down your phone. I switched from iPhone to android and I can't help but feel that the iPhone was more secure. Alot of my concern is that on Android I notice that even with a pin lock sometimes apps run on top of it and if you have a lock screen it sometimes seems to circumvent pin codes all together. Is the security of the phone now based on how secure the lock screen is?
As for your mods, It seems like most, if not all, of these mods require root access. Are you suggesting it is more secure to root your device and perform these mods than to leave it stock?
Also, how vulnerable is it to have a phone with an unlocked bootloader and a custom recovery? Doesn't that make it easier for someone with physical access to compromise your phone? I understand you can enable encryption which only encrypts the data partition but what about if the phone is already started up? Is there a way to harden it from physical attack other than disabling ADB?
Thank you
Josh
Click to expand...
Click to collapse
Check out my other threads for more information and tweaks like secdroid. As far as iOS goes its pitiful for security I work in computer forensics and the iPhone is the easiest phone to pull data off of. If you want security and or encryption stick android. iOS encryption is defeated by simply turning the phone on ( it loads the keys automatically from hardware). If you need more help please pm as I can reply quicker there!
Sent from my Nexus 4 using xda premium
Check out Secdroid. The thread is still here somewhere or go straight to Google Play...
Sent from my Nexus 10 using xda app-developers app
Tor has a comprehensive how-to
Tor has a comprehensive how-to @ their blog called "mission-impossible-hardening-android-security-and-privacy"

Terminal emulator size after upgrade Android 4.3

Hi,
I'm having an issue with all terminal emulators (Android Terminal Emulator, ConnectBot, ...) after upgrading my Nexus 10 from Android 4.2.2 to 4.3.
The terminal is not recognizing the actual size of the screen and it is fixed to 80 columns and 20 rows. I can temporarily fix it typing "stty cols 180 rows 35", but those values depend on the screen rotation, font size, etc.
This is really weird, and I wasn't having this issue before the upgrade.
Anyone else has this problem or know how to solve it?
Thanks!
Ok, i've been doing some tests.
It seems to be a 'su' bug, it is not receiving the SIGWINCH signal.
If I type without su:
trap 'echo sigwinch' SIGWINCH
It is executed every time I rotate the tablet or popup the keyboard.
But, under su, the same command is not working.
It may be a permission issue.
Any ideas?
I can confirm having the same issue with my Nexus 10 and android 4.3. As soon as I run su - from the terminal (Android Terminal Emulator) the lines start wrapping at 80 characters.
Hi,
i've been working on this trying to find a solution.
Here is what I saw:
Every time I enter su or enter chroot (i have a chrooted debian), the tty number is changed to another one. That isn't the usual tty behavior!
So, if the normal user is in /dev/pts/0 , root could be in /dev/pts/1 and chroot in /dev/pts/2.
If I rotate the screen /dev/pts/0 cols and rows are changed even if I am as root, I can verify that by typing:
stty -F /dev/pts/0 -a
But, if I am at /dev/pts/1 i'm not receiving that SIGWINCH signal. In common linux distributions, that is not happening as pts number doesn't change.
Here is my (not so perfect) solution for the chrooted debian:
Write a fix_stty.sh script as root:
#!/bin/bash
sttypath=/bin
tty0=$(ls --sort time /dev/pts/ | head -n 1 | awk '{print $1}')
stty0=$($sttypath/stty -F /dev/pts/$tty0 -a | head -n1)
rows=$(echo $stty0 | sed -e 's:.*rows\ \([0-9]\+\).*:\1:g')
cols=$(echo $stty0 | sed -e 's:.*columns\ \([0-9]\+\).*:\1:g')
$sttypath/stty rows $rows cols $cols
Save it in /usr/local/bin
Make it executable:
chmod +rx /usr/local/bin/fix_stty.sh
Add to ~/.bashrc this line:
trap '/usr/local/bin/fix_stty.sh' DEBUG
Or if you use non-root users:
trap 'sudo /usr/local/bin/fix_stty.sh' DEBUG
And add to sudoers file:
%sudo ALL = (ALL) NOPASSWD: /usr/local/bin/fix_stty.sh
Logout and login again, and it will fix the rows and columns before each command.
----
For su, outside the chrooted linux write a script fix_stty.sh:
sttypath=/system/xbin
tty0=$(/system/xbin/busybox ls -t /dev/pts | head -n1)
stty0=$($sttypath/stty -F /dev/pts/$tty0 -a | head -n1)
rows=$(echo $stty0 | sed -e 's:.*rows\ \([0-9]\+\).*:\1:g')
cols=$(echo $stty0 | sed -e 's:.*columns\ \([0-9]\+\).*:\1:g')
$sttypath/stty rows $rows cols $cols
Save it to /system/xbin
(You should remount /system as rw: mount --remount -orw /system)
Then, make it exec:
chmod 755 /system/xbin/fix_stty.sh
And, finally you should type at each su login:
trap '/system/xbin/fin_stty.sh' SIGINT
(i don't know why DEBUG isn't here)
So you have to press Ctrl+C to fix it.
----
Alternatively, you can write an infinite loop or a simple daemon to fix it, but i don't like daemons on my tablet.
If anyone has a better solutions, please post it.
Hi all. I've been mulling over this problem as well. I believe the issue is because in 4.3, SuperSU now uses a "proxy", where commands are sent form the process which called su to daemonsu, which is launched at system startup. Chainfire explains a bit more in his G+ posts the reasons for doing this, but I think the key here is that root processes are now launched on a different tty, because they are launched by a different process (namely, daemonsu). Starting a root shell (whether system shell or ubuntu/debian chroot) now results in the creation of three pts devices, as opposed to the usual one. However, other shells not launched locally are fine. For example, starting the SSH server in my chroot and logging in via SSH is always fine.
I'm still trying to figure out a permanent solution to this problem. I still don't have a full understanding of the problem as I'm still trying to wrap my head around how Linux handles terminals and TTYs. I do have a few ideas floating around my head, though:
Change daemonsu and su to support full termios/line-discipline/whatever-we-need through the "pts bridge" that he is using
Create TTY(pts) pairs on demand, and have a modified Terminal Emulator connect to those directly when we want a shell
Have a background-ed process in the original terminal catch SIGWINCH and pass it to the root terminal
Still quite a bit a figure out though. I may just go through Terminal Emulator's source code to see how it work to get a better picture too. But that's gonna take time. I've also created a little native utility which creates two pts pseudo-TTYs and shuffles data between them. I'm still experimenting. Will post more as I learn more.
Just to let you all know that I've got a system working for myself: http://blog.tan-ce.com/android-root-shell/
The way I'm doing it uses a daemon, much like the su daemons ChainFire and Koush are using. The benefit of doing it this way is that I'm not confined by the application container, which is good for security when used by applications, but is annoying when you are using the terminal itself. I remember having to do hacks with adb servers to get around those.
But if you don't want a daemon, you can still set one up manually, just look at the last section of the README on how to use pts-wrap and pts-exec.
I gave this a try.
First, I've noticed that pts-wrap and pts-exec symbolic links were missing.
And I don't think the line '/system/etc/install-recovery-2.sh' in pts-daemon-start file is needed at all.
I'm using ChainFire SuperSU and pts-shell is not working as expected or catching SIGWINCH signals. I just don't see any difference with the standard shell. Maybe I misunderstood how it works.
alf_tux said:
I gave this a try.
First, I've noticed that pts-wrap and pts-exec symbolic links were missing.
And I don't think the line '/system/etc/install-recovery-2.sh' in pts-daemon-start file is needed at all.
Click to expand...
Click to collapse
My mistake, I forgot to create the symlinks for those two.
install-recovery-2.sh is an idea I took from CharinFire's SuperSU. Basically, it seems as if people are using install-recovery.sh to install startup scripts, and having the script try to call install-recovery-2.sh allows you to chain recovery scripts. For example, if you install this on a system with SuperSU, it will be installed as install-recovery-2.sh. If the system doesn't already have an install-recovery.sh, it'll install itself as install-recovery.sh.
Anyway, I've fixed and uploaded a new zip.
alf_tux said:
I'm using ChainFire SuperSU and pts-shell is not working as expected or catching SIGWINCH signals. I just don't see any difference with the standard shell. Maybe I misunderstood how it works.
Click to expand...
Click to collapse
Are you running pts-shell from a regular (non-root) shell, or from a root shell? It should be run from a non-root shell. (It will give you a root shell once it runs.) Only pts-passwd and pts-daemon is meant to be run as root.
tan-ce said:
Are you running pts-shell from a regular (non-root) shell, or from a root shell? It should be run from a non-root shell. (It will give you a root shell once it runs.) Only pts-passwd and pts-daemon is meant to be run as root.
Click to expand...
Click to collapse
Yes, here is my the terminal output:
[email protected]:/ $ ps | grep pts
root 136 1 760 180 ffffffff 00000000 S /system/xbin/pts-daemon
[email protected]:/ $ pts-shell /system/bin/sh
(pts-shell) /system/bin/sh
Could not connect to socket: Permission denied
255|[email protected]:/ $ su pts-shell /system/bin/sh
[email protected]:/ #
As you see, I can only run pts-shell as root.
alf_tux said:
Yes, here is my the terminal output:
[email protected]:/ $ ps | grep pts
root 136 1 760 180 ffffffff 00000000 S /system/xbin/pts-daemon
[email protected]:/ $ pts-shell /system/bin/sh
(pts-shell) /system/bin/sh
Could not connect to socket: Permission denied
255|[email protected]:/ $ su pts-shell /system/bin/sh
[email protected]:/ #
As you see, I can only run pts-shell as root.
Click to expand...
Click to collapse
Sorry, I realized that the correct command should be:
[email protected]:/ $ su -c pts-shell /system/bin/sh
(pts-shell) /system/bin/sh
(pts-shell) Enter your password:
[email protected]:/ #
Anyway I can only run this as root.
Oh yeah, I found the bug. Sorry, my bad. I've fixed it and uploaded a new copy of the update ZIP, but you don't have to upgrade if you don't want to. Running
Code:
# chmod 0701 /data/pts
should be sufficient to fix the problem. Then you should be able to run pts-shell from a regular (non-root) shell.
tan-ce said:
Oh yeah, I found the bug. Sorry, my bad. I've fixed it and uploaded a new copy of the update ZIP, but you don't have to upgrade if you don't want to. Running
Code:
# chmod 0701 /data/pts
should be sufficient to fix the problem. Then you should be able to run pts-shell from a regular (non-root) shell.
Click to expand...
Click to collapse
I don't think that was the the bug:
[email protected]:/ $ su
[email protected]:/ # ls -l /data/pts
-rw------- root root 61 2013-08-28 19:09 passwd
srw-rw-rw- root root 2013-08-28 18:59 pts
[email protected]:/ # chmod 0701 /data/pts
[email protected]:/ # ls -l /data/pts
-rw------- root root 61 2013-08-28 19:09 passwd
srw-rw-rw- root root 2013-08-28 18:59 pts
[email protected]:/ # ^D
[email protected]:/ $ pts-shell /system/bin/sh
(pts-shell) /system/bin/sh
Could not connect to socket: Connection refused
255|[email protected]:/ $
I have also tried:
chmod 0701 /data/pts/pts
And
chmod 0701 /data/pts/*
I'm getting the same connection refused. Maybe you can send me a debug version, I can run it just to find what is going on.
alf_tux said:
I'm getting the same connection refused. Maybe you can send me a debug version, I can run it just to find what is going on.
Click to expand...
Click to collapse
That's strange. Could you show me the output of ls -la? (The "a" is needed to see the permissions for /data and /data/pts itself)
After that, perhaps you could try "chmod 0711 /data/pts"
There isn't a debug version. The error message comes from the part of the code which tries to open a unix socket located at /data/pts/pts. For this to work, /data and /data/pts must have the execute bit set, and /data/pts/pts needs to have the readable and writable bit set for you. Otherwise you'll get a "permission denied".
Perhaps it might be easier for me to just move the socket to /dev like what koush does for Superuser... it's possible the permissions on my /data is non-standard.
On a side note, I'm also currently trying to contribute to koush's Superuser project to fix terminal handling. With any luck, I (or someone else?) will succeed and we won't really need my pts-multi tools anymore.
tan-ce said:
That's strange. Could you show me the output of ls -la? (The "a" is needed to see the permissions for /data and /data/pts itself)
After that, perhaps you could try "chmod 0711 /data/pts"
There isn't a debug version. The error message comes from the part of the code which tries to open a unix socket located at /data/pts/pts. For this to work, /data and /data/pts must have the execute bit set, and /data/pts/pts needs to have the readable and writable bit set for you. Otherwise you'll get a "permission denied".
Perhaps it might be easier for me to just move the socket to /dev like what koush does for Superuser... it's possible the permissions on my /data is non-standard.
On a side note, I'm also currently trying to contribute to koush's Superuser project to fix terminal handling. With any luck, I (or someone else?) will succeed and we won't really need my pts-multi tools anymore.
Click to expand...
Click to collapse
Yes, I agree that fixing su would be better.
I don't have my tablet right know, i don't remember well /data /data/pts and /data/pts/pts read and exec bits. I will see better whan I have my tablet with me.
Here is the output:
/data:
drwxrwx--x system system 2013-08-28 18:59 data
/data/pts:
drwxr-xr-x root root 2013-08-28 19:06 pts
[email protected]:/ $ ls -la /data/pts
-rwxrwxrwx root root 61 2013-08-28 19:09 passwd
srwxrwxrwx root root 2013-08-28 18:59 pts
[email protected]:/ $ pts-shell /system/bin/sh
(pts-shell) /system/bin/sh
Could not connect to socket: Connection refused
255|[email protected]:/ $
I suppose it isn't a permission problem.
alf_tux said:
I suppose it isn't a permission problem.
Click to expand...
Click to collapse
You're probably right, my Nexus 10 could be a bit different because of the semi-botched update I went through. Well, good news on two fronts: First, I updated pts-multi (latest update zip here) to use /dev/pts-daemon as the socket instead of /data... It works on mine, and I think it should work on yours, because Superuser puts its socket there too.
Second, I finished some modifications to the su binary in Superuser (source code here), and I've submitted a pull request to Koush. He says he'll do a code review of my changes, and we'll see how it goes.
tan-ce said:
You're probably right, my Nexus 10 could be a bit different because of the semi-botched update I went through. Well, good news on two fronts: First, I updated pts-multi (latest update zip here) to use /dev/pts-daemon as the socket instead of /data... It works on mine, and I think it should work on yours, because Superuser puts its socket there too.
Second, I finished some modifications to the su binary in Superuser (source code here), and I've submitted a pull request to Koush. He says he'll do a code review of my changes, and we'll see how it goes.
Click to expand...
Click to collapse
T/hanks! I tried your new update and I think it's working!
Can you add a passwordless option? Or if password is blank just don't ask for it
alf_tux said:
T/hanks! I tried your new update and I think it's working!
Can you add a passwordless option? Or if password is blank just don't ask for it
Click to expand...
Click to collapse
Ok, but I took the easiest way out... If you set the environment variable PTS_AUTH, pts-shell will read the password from there instead of prompting you for it. So, if you're writing a script to spawn a root shell, do:
Code:
#!/system/bin/sh
export PTS_AUTH="your password here"
pts-shell /system/bin/sh
The latest update zip is here.
Thanks a lot tan-ce!!
It's working just as I expected!
Glad to hear it.

[GUIDE] Native Debian on Samsung Galaxy i7500

Hello fellow phone enthusiasts,
there are some sources on the internet describing how to run Debian on the Samsung Galaxy i7500 (Samsung's first Android device). Unfortunately, none of these sources can act as a complete guide, so I thought I could try to fill this void. This guide is far from complete and will hopefully grow over time. Anyway, I hope this is helpful for some people that are trying to do the same.
Note that this post should have gone into the development section, but I'm not senior enough to post there. Also the URLs in this guide are messed up for the same reason. Each messed up URL is marked with "(FIX this url)". I will fix these things as soon as possible, if there is any interest in this guide.
Best regards,
Frank
0. WARNING
This guide is for experienced users only. You might brick your phone while following this guide. I will not take responsibilty for any harm that may happen to you, your phone or those around you when following this guide. Please read and understand the complete guide before doing the first step. You have been warned.
Make a nandroid backup (can be done in the recovery image). Really, do it. Even if you think there's no valuable data, you must do a nandroid backub, because you will need to have the boot.img to boot back into android after debian has been installed. You must also copy your nandroid backup onto your PC.
1. Credits
A few years ago, there has been quite an active development community for the Galaxy i7500. Unfortunately, these forums have now pretty much died and I was not an active member of that community, because I was using it as my primary device back then and had no interest in hacking it.
Anyway, a HUGE THANK YOU goes to the fine fellas from drakaz.com and the GAOSP. You guys are awesome!
The actual hard technical work for this guide has been done by the authors of the following guides. I'm simply trying to understand what they did and write a step-by-step guide using their expertise:
(FIX this url)https :// code . google . com/p/linux-on-android/wiki/BasicSteps
(FIX this url)https :// wiki . debian . org/ChrootOnAndroid
(FIX this url)http :// www . bananenfisch . net/?p=1056
(FIX this url)https :// sven . killig . de/android/console.html
2. Overview
The goal of this guide is to have a running Debian Squeeze (Debian 6) running natively on a Samsung Galaxy i7500. Debian will not be run in a chroot environment on top of android, but instead the phone will directly boot into debian when powering it on. Debian will be installed on a SD card, so that we could still boot into Android, should we really mess things up at some point. It will not be true dual boot though (i.e. you have to reflash the boot section from a PC to boot into Android).
2.1 Primary goals
In the end, I'd like have the following functionality:
WLAN
Bluetooth
X Window / Graphical User Interface
All this is possible with below description now.
But this means we will loose the ability to make phone calls, send text messages, use GPS, connect to the internet through 3G or anything else you would normally expect from a smartphone. It's very likely possible to also have this functionality included, but I simply don't need it for my project. If someone else is willing to investigate this, I would be interested in the results though.
2.2 Prerequisites
Things you'll need include:
good Linux knowlegde
1 rooted Samsung Galaxy i7500 (I recommend to flash GAOSP)
1 micro SD card (I'm using an 8 GiB class 4 card)
1 computer running Linux with the following software installed (I'm using Debian & Fedora, but any distribution that has debootstrap should work)
debootstrap
git
fastboot (I suggest to use the version that comes with your distro, but you can also try the one from the Android SDK)
GCC cross-compiler for ARM in order to compile the kernel (Debian and Fedora come with compiler versions, that didn't work for me, so I'm using version 7 of the Android NDK, i. e. GCC version 4.4.3)
3. Installing Debian
Note that I had already GAOSP2 beta 3 installed on the i7500. I don't know if any of these steps are possible without installing GAOSP first.
3.1 Prepare partitions on SD card
The Samsung Galaxy i7500 has an "internal SD card" which will be preserved for use with Android, the recovery image, a.s.o. The external SD card will be used for debian. ALL data on the external card will be lost after below steps.
Put the SD card into an SD card reader or boot the i7500 into recovery mode (press "vol-" and "call" buttons when switching on the phone). Note that using GAOSP directly didn't work for me, because for some reason only the first partition was shown on the PC.
Code:
cfdisk /dev/sdX
(replace X with the correct letter for your SD card, and then create the one big enough partition for your needs, I created one 4GiB primary partition leaving me 4GiB for playing around later)
Code:
sudo mke2fs /dev/sdX1
3.2 Build debian filesystem structure
Create a directory for the newly created debian partition (I assume it' s called "debian") and run the following commands
Code:
sudo mount /dev/sdX1 ./debian/
Code:
sudo debootstrap --verbose --arch armel --foreign squeeze ./debian/ (FIX this url) http :// ftp . de . debian . org/debian
Code:
sudo umount ./debian/
3.3 Finalize the debian installation
The following is based on the steps as described here (FIX this url) wiki. debian.org/ChrootOnAndroid and www . bananenfisch .net/?p=1056.
Boot phone into GAOSP
Open terminal
Code:
su
Code:
cd /data/local
Code:
mkdir debian
Code:
mount /dev/block/mmcblk1p1 /data/local/debian
Finalize bootstrap:
Code:
chroot /data/local/debian /debootstrap/debootstrap --second-stage
Mount special file systems and chroot into Debian:
Code:
for f in dev dev/pts proc sys ; do mount -o bind /$f /data/local/debian /$f ; done
Code:
chroot /data/local/debian /bin/bash
Finalise the installation:
Code:
echo "deb (FIX this url) http :// ftp . de . debian . org/debian/ squeeze main non-free contrib" > /etc/apt/sources.list
Code:
apt-get update
Code:
rm -f /etc/mtab
Code:
ln -s /proc/mounts /etc/mtab
Code:
passwd root
Code:
echo i7500 > /etc/hostname
Code:
apt-get install openssh-server
Code:
apt-get clean && apt-get autoclean
The ssh-sever can be started whenever you like through
Code:
/etc/init.d/ssh start
Afterwards you can log in from your PC using "ssh [email protected]" into the chroot environment.
3.4 Configure locale
We need to set the locale for the system (otherwise there will always be warning messages, e.g. when installing new software):
Code:
apt-get install locales console-data keyboard-configuration
You might want to tweak a few more settings (especially if your locale is not en_US). You can use:
Code:
echo export LANG=en_US.UTF-8 >> /root/.bashrc
Code:
export LC_ALL="en_US.utf8"
Code:
dpkg-reconfigure locales
Code:
dpkg-reconfigure console-data
Code:
dpkg-reconfigure keyboard-configuration
3.5 Installing additional software
You can now start installing additional software that you might need (I suggest you log into your phone through ssh as described above). You'll be needing an editor to edit configuration files (I choose vim). For setting up WiFi the package "wpasupplicant" is needed.
Code:
apt-get install vim less wpasupplicant
3.6 Chroot into debian
If you at a later time want to chroot into your debian environment, I recommend to store the following commands in a shell script (I stored it in /data/local/debian.sh) which you can then run as root.
Code:
#!/bin/sh
mount /dev/block/mmcblk1p1 /data/local/debian
for f in dev dev/pts proc sys ; do mount -o bind /$f /data/local/debian/$f ; done
chroot /data/local/debian /bin/bash
4. Create boot image
4.1 Build kernel
Perform the following steps on your PC:
Download the Galaxo kernel sources: git clone (FIX this url) https :// github . com/drakaz/GalaxoKernel.git
Apply the patch described on (FIX this url) https :// code . google . com/p/linux-on-android/wiki/BasicSteps (themddi_toshiba_smd.c patch doesn't work, do the change manually)
Apply patch as described here: (FIX this url) http :// sven . killig . de/android/console.html
copy attached config.txt file to .config
I will eventually create a branch on github containing the patches and default config. But for now, you'll have to do the patching yourself.
Code:
make ARCH=arm CROSS_COMPILE=/path/to/android-ndk-r7/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/arm-linux-androideabi- oldconfig
Code:
make ARCH=arm CROSS_COMPILE=/path/to/android-ndk-r7/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/arm-linux-androideabi-
Code:
make ARCH=arm CROSS_COMPILE=/path/to/android/android-ndk-r7/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/arm-linux-androideabi- modules
4.2 Install modules
The modules need to be installed on the SD card partition, so you need to boot your phone into recovery and mount the SD card. Then execute the following command.
Code:
sudo make ARCH=arm CROSS_COMPILE=/path/to/android-ndk-r7/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/arm-linux-androideabi- INSTALL_MOD_PATH=/path/to/sdcard modules_install
In order for the WLAN kernel module to work the following files need to be copied from the GAOSP ROM to the /etc/ folder on the phone:
rtecdc.bin
nvram.txt
4.3 Minimal boot file system
A boot file system (a.k.a. initramfs) is needed to start the debian boot process. Create a folder called minimal_initramfs with the follwoing content:
Code:
minimal_initramfs/
|-- dev/
|-- init*
|-- mnt/
| `-- root/
|-- proc/
|-- sbin/
| `-- busybox*
`-- sys/
A binary of busybox can be downloaded from the busybox website (use busybox-armv4tl). The file "init" is actually a shell script with the following content:
Code:
#!/sbin/busybox sh
# initramfs pre-boot init script
# Something (what?) needs a few cycles here
/sbin/busybox sleep 1
# Populate /dev
/sbin/busybox mknod /dev/mmcblk1p1 b 179 9
# Mount the root filesystem, second partition on micro SDcard
/sbin/busybox mount -t ext2 -o noatime,nodiratime /dev/mmcblk1p1 /mnt/root
# Transfer root to SDcard
exec /sbin/busybox switch_root /mnt/root /sbin/init
The directory structure must then be compressed. To do this run the following sequence of commands when in the minimal_initramfs directory:
Code:
find . | cpio --quiet -H newc -o | gzip > ../minimal.cpio.gz
4.4 Creating the image
For creating the image you need the tool mkbootimg which you can find in android_bootimg_tools.tar.gz. Run the following command to create the boot image from the initramfs and the kernel you created above:
Code:
./mkbootimg --kernel /path/to/Galaxo-kernel/arch/arm/boot/zImage --ramdisk /path/to/minimal.cpio.gz --cmdline "fbcon=font:VGA8x8" --pagesize 2048 --base 10000000 -o debian_boot.img
5. Configuring network
5.1 Setting up the interface
Your /etc/network/interfaces file on the phone should look like this:
Code:
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
wpa-driver wext
wpa-conf /etc/wpa_supplicant.conf
5.2 Setting up wireless encryption
For network configuration we'll be using wpa_supplicant which we already installed in one of the above steps. On the phone create the file /etc/wpa_supplicant.conf with the following content. Please enter the correct values for ssid, psk and key_mgmt for your network:
Code:
network={
ssid="YourSSID"
psk="YourSecretPassword"
key_mgmt=WPA-PSK
priority=11
}
5.3 Loading drivers
In order for the WLAN kernel module to be loaded add the following line to /etc/modules:
Code:
bcm4325 firmware_path=/etc/rtecdc.bin nvram_path=/etc/nvram.txt
6. Flashing the boot image and booting into Debian
Now it's finally time to finally flash the previously created boot image. At this time, be sure that you only have your Galaxy connected to your PC. Otherwise you might brick any other connected phone. On the PC run
Code:
sudo fastboot flash boot debian_boot.img
Then boot the Galaxy into fastboot mode by pressing "call" when powering on the phone.
When the process is finished the phone will boot into Debian and automatically connect to your wireless network (if the set-up was correct). You can now connect to the phone through ssh and enjoy your new pocket server.
If you may ever want to boot into android again, you just need to flash the original boot.img that you created with nandroid:
Code:
sudo fastboot flash boot boot.img
7. Bluetooth
7.1 Compile brcm_patchram_plus
For getting bluetooth operational it is necessary to use Broadcom's brcm_patchram_plus software. As it is not available as a Debian Squeeze package, we need to compile it ourselves. So we need to install the following packages on the phone:
Code:
apt-get install git gcc make libbluetooth-dev
Then it's possible to download the sources:
Code:
git clone (FIX this url)https :// github . com / MarkMendelsohn / brcm_patchram.git
And compile the tool using:
Code:
make
7.2 Activating bluetooth
In order for bluetooth to work the following files need to be copied from the GAOSP ROM to the same folder on the phone that you compiled the brcm_patchram_plus in:
BCM4325D1_004.002.004.0153.0156.hcd
After that it's possible to execute the followig commands:
Code:
echo 0 > /sys/class/rfkill/rfkill0/state
echo 1 > /sys/class/rfkill/rfkill0/state
./brcm_patchram_plus -d --enable_hci --baudrate 3000000 --use_baudrate_for_download --patchram BCM4325D1_004.002.004.0153.0156.hcd /dev/ttyHS0
The last command will never terminate and you will get a lot of output due to the (-d) switch. After starting a new console, you will be able to scan for bluetooth devices using:
Code:
hcitool -i hci0 scan
7.3 Connecting a keyboard
I'm using a Rapoo E6100 keyboard and the following procedure worked fine for me. It should be similar with other keyboards.
Code:
apt-get install python-bluez python-gobject python-dbus bluez-compat
Code:
cd /usr/share/doc/bluez/examples
Press pairing button on keyboard then
Code:
./simple-agent hci0 6C:xx:xx:xx:xx:xx
(use the bluetooth address of your keyboard, according to the scan in the previous chapter)
The script will ask for a PIN. I entered 0000 on both the keyboard and phone and the keyboard was registered.
Code:
./test-device trusted 6C:xx:xx:xx:xx:xx yes
(again use the bluetooth address of your keyboard)
Code:
hidd --connect 6C:xx:xx:xx:xx:xx
Now you should be good to use your keyboard.
7.4 Automate patchram
Right now, the KB is not automatically connected on boot, because the patchram command from above needs to be executed on every boot. Hence the following commands should be added to /etc/rc.local (before the exit 0):
Code:
#Activate bluetooth
echo 0 > /sys/class/rfkill/rfkill0/state
echo 1 > /sys/class/rfkill/rfkill0/state
/path/to/brcm_patchram_plus --enable_hci --baudrate 3000000 --use_baudrate_for_download --patchram /path/to/BCM4325D1_004.002.004.0153.0156.hcd /dev/ttyHS0 &
8. Setting the clock
I was having trouble with my clock forgetting the day and time after each reboot. It was a flaw in my kernel config. In the current version of attached config file this is fixed. Anyway, I'm also running NTP to have the clock more accurate.
Code:
apt-get install ntpdate
NTP already come nicely pre-configured (thanks, Debian maintainers!). After that the timezone can be selected using
Code:
dpkg-reconfigure tzdata
9. GUI (X.org)
X.org works almost out-of-the-box since we already pathed the kernel as described in chapter 4 above. Based on the description from (FIX this url)https :// code . google . com/p/linux-on-android/wiki/BasicSteps only two minor changes have been made:
The framebuffer device is at /dev/fb0 instead of /dev/graphcics/fb0
I use evdev instead of tslib, because it provided better results for me (thanks to pabs from #debian-mobile for pointing me there)
9.1 Install X.org
All we need to do is download the software
Code:
apt-get install xorg xserver-xorg-video-fbdev xserver-xorg-input-evdev
9.2 Configuring X.org
Now create /etc/X11/xorg.conf:
Code:
Section "InputDevice"
Identifier "Touchscreen"
Driver "evdev"
Option "Device" "/dev/input/event2"
EndSection
Section "Device"
Identifier "Configured Video Device"
Driver "fbdev"
Option "fbdev" "/dev/fb0"
EndSection
Section "Monitor"
Identifier "Configured Monitor"
Option "DPMS" "false"
EndSection
Section "Screen"
Identifier "Default Screen"
Monitor "Configured Monitor"
Device "Configured Video Device"
EndSection
Section "ServerLayout"
Identifier "Default"
Screen "Default Screen"
InputDevice "Touchscreen" "CorePointer"
EndSection
Section "ServerFlags"
Option "DefaultServerLayout" "Default"
EndSection
9.3 Testing X.org
For testing X.org I've installed icewm and created the following /root/.xsession
Code:
#!/bin/sh
xterm&
exec icewm
Then just type in startx from the console and you have X. Of course you will have to change this to whatever you need or maybe even make X start on boot.
9.4 Boot into Browser
For my target system I want the phone to directly boot into a browser. This can easily be achieved by using the nodm package:
Code:
apt-get install nodm
and midori as browser:
Code:
apt-get install midori
We'll also need a user account. I called my user "default". But naturally you can of course choose whatever you like.
Code:
adduser default
Then nodm has to be configured in /etc/default/nodm:
Code:
# nodm configuration
# Set NODM_ENABLED to something different than 'false' to enable nodm
NODM_ENABLED=true
# User to autologin for
NODM_USER=default
# xinit program
NODM_XINIT=/usr/bin/xinit
# First vt to try when looking for free VTs
NODM_FIRST_VT=7
# X session
NODM_XSESSION=/etc/X11/Xsession
# Options for the X server
NODM_X_OPTIONS='vt7 -nolisten tcp'
# If an X session will run for less than this time in seconds, nodm will wait an
# increasing bit of time before restarting the session.
NODM_MIN_SESSION_TIME=60
And we have to create ~/.xsession for our user:
Code:
#!/bin/bash
midori -e Fullscreen &
exec icewm
A few tweaks in the icewm config (~/.icewm/preferences) will make the window manager look more nicely:
Code:
WorkspaceNames=" 1 "
TaskBarShowCPUStatus=0
TaskBarDoubleHeight=0
TaskBarShowWorkspaces=0
TaskBarShowMailboxStatus=0
TaskBarShowNetStatus=0
TimeFormat="%H:%M"
TaskBarShowWindowListMenu=1
TaskBarShowShowDesktopButton=0
10. Power management
The kernel is already configured with many different frequency govenors. Also the default govenor is set to "ondemand" but for some reason the when looking at /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor it's using the "performance" govenor. This can be solved by simply installing cpufreq-utils:
Code:
apt-get install cpufrequtils
The default settings are already using "ondemand", which seems to be a good choice. Anyway, further optimisations can be done in /etc/default/cpufrequtils if needed.
The phone still gets a little too warm for my taste (I think warmer than in android). Maybe there's something that could fix this, but I'm not an expert.
11. Known shortcomings
The whole set-up is in a really, REALLY early alpha stage
If any of the hardware buttons is touched in text mode the phone crashes (does not happen when in X.org)
The screen will time-out after some time, I have no idea how to wake it up again
Did I mention this is in an alpha stage?
12. Future improvements
Switching to a newer kernel version: The latest version of GAOSP runs on kernel version 2.6.35, while this guide is using 2.6.27. I have experimented with 2.6.29, but I had trouble getting a working frame buffer.
Switching to the latest version of debian (wheezy).
History
History:
2013-12-27:
Initial version
2013-12-30:
Minimized the the init script by removing mounts for /dev, /proc, and /sys. These are not necessary and mounting /dev prevents Debian's udev from working correctly.
2014-01-19:
Added description for bluetooth.
2014-01-25:
Added description for graphical user interface (X.org).
2014-01-25:
Boot into X/Browser and power management
2014-01-26:
Updated clock settings
Video proof
Hi all,
to get a better understanding what this is all about please watch the attached video. Please excuse the poor quality and the fingerprints on the screen.
As you can see the framebuffer output has a few quirks, but hopefully this will work out as soon as X is working.
BR,
Frank
All goals achieved
Okay, I think I now have achieved all goals. I can connect to WiFi and bluetooth. And there is a graphical user interface. Now the tweaking can start (first thing that comes to mind is powersaving). I really created this guide for myself, but I'd be happy to know if anyone else has interest in this topic.
Nice, I am interested. One question!
frank47 said:
Okay, I think I now have achieved all goals. I can connect to WiFi and bluetooth. And there is a graphical user interface. Now the tweaking can start (first thing that comes to mind is powersaving). I really created this guide for myself, but I'd be happy to know if anyone else has interest in this topic.
Click to expand...
Click to collapse
Nice, I am interested. One question!
I would like to use this device to get some data from the sensors. I have tested some apps in Android GAOSP to read the sensors in the i7500, but instead of using android apps, it could be very interesting to have a debian.
Have you tried to do it? Do you think it is possible? Is it too tricky to get a stable debian running an app to send sensors' data to another debian? I could help if you see it is interesting.
What is your opinion? Thank you...
Hi PabloGN,
there are a lot of entries in /proc and /sys. I think it's likely to be possible te access the sensors. For now, I have only looked at the battery status. Don't know if you'd consider that a sensor. Anyway, you would probably have to re-write your software to use those devices instead of using already existing Java libs for android. Hard to tell,*if it's worth the effort.
BR,
Frank
PabloGN said:
I would like to use this device to get some data from the sensors.
Click to expand...
Click to collapse
This is the list of input devices on my the i7500:
Code:
[email protected]:~# cat /proc/bus/input/devices
I: Bus=0000 Vendor=0000 Product=0000 Version=0000
N: Name="I7500_headset"
P: Phys=
S: Sysfs=/devices/virtual/input/input0
U: Uniq=
H: Handlers=kbd event0
B: EV=3
B: KEY=4 0 0 0 0 0 0 0
I: Bus=0000 Vendor=0000 Product=0000 Version=0000
N: Name="I7500_keypad"
P: Phys=
S: Sysfs=/devices/virtual/input/input1
U: Uniq=
H: Handlers=kbd event1
B: EV=3
B: KEY=800180 100000 0 41000800 1c1ec0 0 0 0
I: Bus=0000 Vendor=0000 Product=0000 Version=0033
N: Name="melfas-tsi-touchscreen"
P: Phys=
S: Sysfs=/devices/virtual/input/input2
U: Uniq=
H: Handlers=event2
B: EV=b
B: KEY=400 0 0 0 0 0 0 0 0 0 0
B: ABS=11000003
I: Bus=0000 Vendor=0000 Product=0000 Version=0000
N: Name="compass"
P: Phys=
S: Sysfs=/devices/virtual/input/input3
U: Uniq=
H: Handlers=event3
B: EV=9
B: ABS=20305ff
I: Bus=0000 Vendor=0000 Product=0000 Version=0000
N: Name="proximity_i2c"
P: Phys=
S: Sysfs=/devices/virtual/input/input4
U: Uniq=
H: Handlers=event4
B: EV=1
So, it should at least be possible to read the compass and proximity sensor data form /dev/input/event3 and /dev/input/event4. Maybe there's more and I just haven't compiled it into the kernel or it's accessed in some other way. Sorry, the sensors are not part of my use case so far.
I'm only using /dev/input/event2 (touchscreen) in my xorg.conf as an input device. Works like a charm.
Good luck with your endeavour. If you want me to test something or send you the output of some command, just ask here or by PM.

need help about rooting

i can't root Samsung galaxy a02 -- SM-A022F/DS Build No: A022FXXU2BUI3 , android 11 , i dont know what to do for rooting and i dont have firmware file (bootloader unlocked)
To get the superuser access ( AKA root ) to be able to control various aspects of Android OS means you need to perform a certain modification that will root your phone's Android. An unlocked bootloader isn't needed to root Android.
Here is what you have to do to root your device's Android:
Replace Android's Toybox binary - what is a restricted version by default - by unrestricted Toybox v0.8.5.
This e.g. can get achieved by means of a Windows command script making use of ADB coomands.
jwoegerbauer said:
To get the superuser access ( AKA root ) to be able to control various aspects of Android OS means you need to perform a certain modification that will root your phone's Android. An unlocked bootloader isn't needed to root Android.
Here is what you have to do to root your device's Android:
Replace Android's Toybox binary - what is a restricted version by default - by unrestricted Toybox v0.8.5.
This e.g. can get achieved by means of a Windows command script making use of ADB coomands.
Click to expand...
Click to collapse
hi , i dont know what is toybox or i dont know really what to do can you tell me step by step please? i have ADB already
dleaderp said:
hi , i dont know what is toybox or i dont know really what to do
Click to expand...
Click to collapse
Typically people do a Google search like "Android Toybox" ...
To save you this search: Toybox is a suite of Linux commands ported to Android.
The commands supported are
Code:
acpi arch ascii base64 basename blkid blockdev bunzip2 bzcat cal cat
catv chattr chgrp chmod chown chroot chrt chvt cksum clear cmp comm
count cp cpio crc32 cut date devmem df dirname dmesg dnsdomainname
dos2unix du echo egrep eject env expand factor fallocate false fgrep
file find flock fmt free freeramdisk fsfreeze fstype fsync ftpget
ftpput getconf grep groups gunzip halt head help hexedit hostname
hwclock i2cdetect i2cdump i2cget i2cset iconv id ifconfig inotifyd
insmod install ionice iorenice iotop kill killall killall5 link ln
logger login logname losetup ls lsattr lsmod lspci lsusb makedevs
mcookie md5sum microcom mix mkdir mkfifo mknod mkpasswd mkswap mktemp
modinfo mount mountpoint mv nbd-client nc netcat netstat nice nl nohup
nproc nsenter od oneit partprobe passwd paste patch pgrep pidof ping
ping6 pivot_root pkill pmap poweroff printenv printf prlimit ps pwd
pwdx readahead readlink realpath reboot renice reset rev rfkill rm
rmdir rmmod sed seq setfattr setsid sha1sum shred sleep sntp sort
split stat strings su swapoff swapon switch_root sync sysctl tac tail
tar taskset tee test time timeout top touch true truncate tty tunctl
ulimit umount uname uniq unix2dos unlink unshare uptime usleep uudecode
uuencode uuidgen vconfig vmstat w watch wc which who whoami xargs
xxd yes zcat
As you might see su is the ROOT functionality.
dleaderp said:
can you tell me step by step please? i have ADB already
Click to expand...
Click to collapse
Actually I'm working on a Windows command script that makes use of ADB what does the job. I'll publish it here when finished:
[TOOL][ADB]][Windows] A 100% Safe Non-systemless Root Tool - No Soft-bricked Adroid Guaranteed
Grant Root Privileges to Regular Users Using Devices With Android 6 and up by Simply Upgrading Android's Multi-command Applet Toybox.
forum.xda-developers.com
jwoegerbauer said:
Actually I'm working on a Windows command script that makes use of ADB what does the job. I'll publish it here when finished:
Click to expand...
Click to collapse
happy to hear that xd
i got a last question, i think my phone's storage is shrunked after i used firmware is it possible ? if yes how can i fix it. it was 32 gb now its 8gb
i fixed i used another firmware i'll be wait for your ADB

Categories

Resources