This is a guide for advanced users to remove the effect of CONFIG_MODULE_SIG_FORCE on stock kernels. This can be used to load custom modules you built or in building TWRP where you want to use a stock kernel and leverage the vendor partition to make the image smaller and still have it work on different variants.
The prerequisite here is a raw kernel image. Modern AARCH64 devices generally just gzip the kernel, but other compression formats can be used as well as decompression code prepended to the compressed kernel which will have to be cut out and stitched back in once the modifications are made.
If you don't already have Ghidra installed, go ahead and install it as it will be the analysis tool used here.
The first step is to launch Ghidra and create new project, then drag your kernel binary into the active project.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
If the processor architecture is not filled in, it's probably missing the header, and you'll have to choose it from the list. If the file is unknown, you'll need to try different options until the disassembly looks correct. Then you can double-click the project file to open in Ghidra. Click analyze and let it process the binary until the hourglass at the bottom right disappears.
Our primary method for obtaining information and locating our target code is though strings.
Select Search - > For strings... and have it search the entire binary
Since Linux is open source, we start by finding which exact version we are dealing with. Filtering the strings dialog for "linux" yields the version string, in this case Linux version 4.19.95-perf.
Our target is to disable the effects of the CONFIG_MODULE_SIG_FORCE, so we need to find references of it in the kernel source tree. After reading through the code, we find our target function module_sig_check in module.c
https://elixir.bootlin.com/linux/v4.19.95/source/kernel/module.c#L2789
There are no strings referenced in this function, so we have to track/backtrack through called/calling functions to find one that is near the function we are looking for. In the called function mod_verify_sig we find a good candidate "%s: Module is not signed with expected PKCS#7 message"
module_signing.c - kernel/module_signing.c - Linux source code (v4.19.95) - Bootlin
Elixir Cross Referencer - Explore source code in your browser - Particularly useful for the Linux kernel and other low-level projects in C/C++ (bootloaders, C libraries...)
elixir.bootlin.com
Double-clicking in the strings dialog takes us to were that string is stored and also gives us an XREF that we can double-click to get to the code referencing it
If we scroll up to the start of the function we have landed in, we get another XREF(bottom of the highlighted section) that will land us right in the middle of module_sig_check
We have now landed in a very large function, much larger than module_sig_check. This is a result of compiler optimization. The compiler has merged several functions together and much of the code has been optimized out making it harder to follow.
My approach to patching this is to find the beginning of the first IF statement and have the code there jump directly to "info->sig_ok = true". The disassembly is directly linked to the decompiler, so you can click and select code in either window to see the corresponding code on the other side.
Our first target
Code:
if (flags == 0 &&
info->len > markerlen &&
memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
looks like this decompiled(partial):
Code:
if ((param_3 == 0) && ((char *)0x1c < param_1[3])) {
Highlighting the decompiled code, we find the first instruction to be here:
Code:
001224f0 96 01 00 35 cbnz w22,LAB_00122520
Doing the same for our second target
Code:
info->sig_ok = true;
which looks like this in the decompilation:
Code:
*(undefined *)((longlong)param_1 + 0x54) = 1;
leads us the corresponding instruction:
Code:
00122574 68 52 01 39 strb w8,[x19, #0x54]
But our true landing point is actually one instruction above it:
Code:
00122570 e8 03 00 32 mov w8,#0x1
This instruction sets the w8 register to 1 which is in turn used to set info->sig_ok. Skipping this would cause it to be set to whatever is on w8 at the time, which could be anything.
With both targets, we can start patching. Right-click the cbnz instruction at 001224f0 and select Patch Instruction. Once it's done processing, we set the first field to "b" for the branch instruction and the second to "0x00122570" for branch target followed by enter. Now we end up with
Code:
001224f0 20 00 00 14 b LAB_00122570
and the decompilation will reflect the change in code flow after giving it time to update.
Finally we can go to Export Program..., set the format to Binary and press OK to save the modified binary.
Related
Want to do something like this on your Windows OS?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Fear not, in this tutorial, you will learn on how to install a linux shell on your Windows OS!
To install a linux shell on Windows, there's a few solutions solutions that I usually prefer:
Msysgit
Cygwin
Powershell
In this tutorial, Msysgit is the program that will be installed as apart from giving you a linux shell, it gives you access to do git related things(clone a repo, fork repo) which is a very good plus
So, here's it, we'll install a linux shell on our Windows OS and have fun with it later on
Msysgit Installation:
1. Click here and download the latest version of msysgit(The latest version of the time of writing is 1.8.0 http://code.google.com/p/msysgit/downloads/detail?name=Git-1.8.0-preview20121022.exe&can=2&q=)
2. Open the installer and you will see something similar to this and click Next to continue
3. After that, you will be shown the gpl license as per shown below and click Next to continue
4. You will be prompted the location to install msysgit at. Click Next to continue
5. You will be prompted for additional settings, click Next to continue.
6. You will be prompted for the startup menu, click Next to continue.
7. You will be prompted for the path environment, select Use Git Bash only and click Next to continue.
8. You will be prompted for the line ending adjustment. Select Checkout as-is, commit Unix-style line endings and click Next to continue.
9. The installer will install the required files.
10. The installation has finished! Untick ReleaseNotes.rtf and click Finish to end the installation.
How to use:
1. Right click on an empty space at your desktop and click Git Bash.
2. Type your linux "hackish" commands!
The command that is used in the first screen shot is ls -la(directory listing with the file permissions of each file).
There's a lot of commands that you can play with, like echo, cat, uname, which, grep, sed, and many many more!
NOTE #1: For the best compatibility, cygwin would be preferred as it has a very complete set of linux commands built-in but Msysgit is less hassle to setup and it allows you to mingle around with Git once the setup is done which is a very good thing
NOTE #2: Msysgit is not preferred as a shell to create anything advanced like roms or kernels as the features that are available at mysysgit is rather limited(but it is enough for most users like us ).
There will be more tutorials which are related to Git and Linux will be made in the future, so read up fast and stay tuned for more contents! :fingers-crossed:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
about Go Language
Go, also called golang, is a programming language initially developed at Google in 2007 by Robert Griesemer, Rob Pike, and Ken Thompson.It is a statically-typed language with syntax loosely derived from that of C, adding automatic memory management, type safety, some dynamic-typing capabilities, additional built-in types such as variable-length arrays and key-value maps, and a large standard library. Beyond that broad category, Go is defined by:
-A syntax and environment adopting patterns more common in dynamic languages:
Concise variable declaration and initialization through type inference (x*:= 0 not int x = 0.
-Fast compilation times.
-Remote package management (go get).and online package documentation
-Distinctive approaches to particular problems.
-Built-in concurrency primitives: light-weight processes (goroutines), channels, and the select statement.
-An interface system in place of virtual inheritance, and type embedding instead of non-virtual inheritance.
-A toolchain that, by default, produces statically linked native binaries without external dependencies.
-A desire to keep the language specification simple enough to hold in a programmer's head,in part by omitting features common to similar languages:
no type inheritance
no method or operator overloading
no circular dependencies among packages
no pointer arithmetic
no assertions
no generic programming
about Go4Droid
Although Go is a Google project ,it has not option for building for Android !Also It has there is no way to use it on your Android device and do compiling(instead of cross-compiling) (beacuase it does not building for external host and target).All this reasons made me think about this project and finally I ported a complete set of Go compiler, Go linker, Go Packages and also net support !.
You can easily write go codes , compile them, run them and install them. There are lots of packages which let you write amazing programs.
prequisites
minimum :
- Root privilege
- ARMv7 (vfpv3) SoC.
- Android +1.6 (linux kernel +2.6)
- 80 MB free space in system partition
- CWM/TWRP installed
suggested :
- Root privilege
- ARMv7 (vfpv3) + NEON SoC.
- Android +4.2 (linux kernel +3.4)
-150 MB free space in system partition
- CWM/TWRP installed
installation
- Download zip file.
- Install CWM/TWRP.
- Ready !
usage
This thread is not supposed to be a GoLang tutorial , however I explain main options.
* Do not forget to get root before anything :
Code:
su
1- Use this command to run a .go file (file = helloworld.go):
Code:
go run helloworld.go
2- Use this command to compile a .go file and generate an executable :
Code:
go build helloworld.go
./helloworld
3- Use this command to compile & install a code file:
Code:
go install helloworld.go
helloworld
example
Code:
package main
import "fmt"
func main() {
fmt.Println("Hello, World")
}
download
Go4Droid v1
*intial release
help the project
Every single build takes +30 minutes on my Android device so it would be difficult to manage this project. You can help me by donating me a VPS/Dedicated server then I will be able to update and manage this project faster and better.
reserved
Well done man! I'm trying it now
Will report results soon
I 've spend +10 hours on this project for 0 people using it !
That's great, man. You beat Google to it!
This looks interesting, but without access to the UI or Android APIs, we're pretty limited, right?
raveur said:
That's great, man. You beat Google to it!
This looks interesting, but without access to the UI or Android APIs, we're pretty limited, right?
Click to expand...
Click to collapse
There is no Android JNI support yet (and unfortunately no plan to do it). However it has a great builtin API with net,archive,fs,os,image,... support.
Great project,
Thanks for that.
Still no NDK support for Go?
myfreeweb said:
Still no NDK support for Go?
Click to expand...
Click to collapse
Go has no Android JNI support thus there is no Go support in NDK .
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is for people who build AOSP or any roms from source for general public or for personal use. Koushik Dutta has given quite a good explanation here but some more things are needed to get it fully working. You should know what you are doing before you read ahead. I am not responsible if you mess up your device or any of your personal belongings
Click to expand...
Click to collapse
This guide will focus on Nexus 5 but the same procedure should work on Nexus 4, Nexus 7 (2012 & 2013) or any other device with little or no modifications.
Prerequisite:
Knowledge about building roms from source
knowledge about cherry-picking commits and resolving the conflicts
basic knowledge about device trees
A logical and working brain
Click to expand...
Click to collapse
Step 1: Add the required packages into your source:
You need to add the Superuser related repos from cyanogenmod into your rom source. This can be done using a local manifest. Make a local manifest by any name say su.xml and place it in .repo/local_manifests/su.xml. If the "local_manifests" folder doesn't exists in .repo then make one. Copy paste the following lines in su.xml
Code:
Step 2: Cherry-pick commits
There are many commits to refer. I would link some to you. You can cherry-pick, for example,this or this. You can refer any of such commits. Cherry-pick is to be done in packages/apps/Settings. There might be conflicts in Android.mk & proguard.flags. Just compare the files from the ones in the above linked commits and fix them.
Step 3 : Add some required flags to device make file
To make Superuser to go under Settings, the most important flag needed is this :
Code:
SUPERUSER_EMBEDDED := true
Without this, superuser won't get embedded into Settings.apk. You can add this flag in any ".mk" file. I have added it under device/lge/hammerhead/device.mk. Some build.prop lines are also needed to get root working. Also you need to make the Superuser and su binary packages to be built. All the lines needed are summarized as follows:
Code:
# SU Support
SUPERUSER_EMBEDDED := true
PRODUCT_PACKAGES += \
Superuser \
su
PRODUCT_PROPERTY_OVERRIDES += \
persist.sys.root_access=3
# Enable ADB authentication
PRODUCT_PROPERTY_OVERRIDES += \
ro.adb.secure=1
Add all of them on the same location device/lge/hammerhead/device.mk.
Step 4[MOST IMPORTANT] : Import init.superuser.rc in init.rc or similar file.
People do everything properly upto step 3 but they never get superuser to work properly. When you try opening any root app, ADB gives the following error :
Code:
D/su ( 2529): su invoked.
D/su ( 2529): starting daemon client 10019 10019
E/su ( 2529): connect failed with 2: No such file or directory
su daemon is started by init.superuser.rc. You need to import it in init.rc or in this case init.hammerhead.rc or any similar init file like this :
Code:
import init.hammerhead.usb.rc
import init.superuser.rc
on early-init
mount debugfs debugfs /sys/kernel/debug
chown system system /sys/kernel/debug/kgsl/proc
If you don't do this, system won't know that a file "init.superuser.rc" even exists. Hence, the daemon fails, failing root access eventually
DONE!!!! Just build the rom as you normally do and you have # Superuser under Settings. I hope it was clear enough. I have tried to add everything I recollect but if you find anything missing then please let me know. Thank you!!!! And enjoy coding
Reserved
One more
Wouldn't this be better to add to a general android hacking section as it could also apply to more devices?
Somcom3X said:
Wouldn't this be better to add to a general android hacking section as it could also apply to more devices?
Click to expand...
Click to collapse
Yeah that's right. I kept nexus 5 as example so i added it up here. You can report it to get to general section. I am not near the pc atm
Looks like it was moved
So you want to launch a simple website but don’t want to have to go through the dull process of setting up yet another hosting package.Or you dont have money to buy a hosting package as they are often expensive and limited if you dont have enough money. There is an easier solution. If you just want to launch a simple static website you can use GitHub Pages to host your site for free.
Lets get started.
GUIDE CONTENTS:
HTML:
***How to start.(Requirments,How to make a repository,
How to make a proper branch,
How to prepare your web,
How to upload.
***Using a custom domain.
***Some final thoughts
***Help users(help each other....))
Needed:
PHP:
***A github account
***Some basic git knowladge
***A domain
***Knowladge about forwarding
Thats it.
Step 1:
All webpages containt some basic stuff.Your webpage contains for example:
PHP:
***index.html (your main page)
***example.html (some other page)
***assets (a folder containing your assets)
***css (cascading style sheet){your website style}
***img(web images duh)
***js(some simple or not that simple javascript files)
So all this needs to be uploaded somewhere.You ask me where ?Well we are gonna host on github ,right? Then lets upload it there.
Go to your github account.And go to the repositories tab.Then click new.And name your repository whatever you want.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Step 1 is complete.Congratulations lets move on.
Step 2 is all about a little terminal play.
Step 2:
Now open up terminal (command prompt on Windows) and make sure that you have a copy of your GitHub repo on your computer. Once you got your local copy, move into the project folder using the cd command.
How are you going to that you can see in the following example.
PHP:
// Retrieve a copy of your GitHub repo.
git clone https://github.com/user/repository.git
// Move into that directory.
cd repository
Creating an Orphan Branch
Now you need to create a new orphan branch within your repo that will hold all of your website files.
This new branch should be called gh-pages.
PHP:
git checkout --orphan gh-pages
If you already had files in the master branch of your GitHub repo you now need to delete these from the new gh-pages branch. To do this you can use the following command:
PHP:
git rm -rf .
Adding Your Website Files
Now that your repo has been properly setup it’s time to add all of the HTML, CSS and JavaScript files that make up your website. Once you have added these to your repo you need to commit the changes. To do this you can use the following command.
PHP:
git commit -a -m "Adding pages"
Note: The -a flag is shorthand for git add .
Congratulations step 2 is now complete.
Step 3:
Pushing Your Changes to GitHub
Okay so you’ve got all your files where they need to be. The only thing left to do now is to push the new gh-pages branch up to GitHub. You do this using the git push command.
PHP:
git push origin gh-pages
That’s it! Your website should now be available at http://username.github.io/repository/.
Reserved
Reserved just in case we miss space
I was working in Android Studio and accidentally locked my Android Folder containing the Sdk, I re gave myself the permissions and unlocked it but when I try to reopen my android project it stays stuck on loading project.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I have tried restarting my computer(linux) and running ./studio.sh but it is still not loading.
I am also seeing in the terminal:
2021-03-19 12:48:57,346 [ 56749] WARN - Container.ComponentManagerImpl - Do not use constructor injection (requestorClass=com.android.tools.idea.apk.issues.SetupIssueReporter)
first, glad to see you use programming on linux, i encourage you continue using it and learn it
that "WARN", is normal when starting studio from command line.
check in ~/HOME/AndroidStudioProjects directory, (if you allowed android studio to install location for projects in ~/HOME/AndroidStudioProjects, and in ~/HOME directory check if you have "Android" directory, there is located Sdk tools.
check permissions for directories, just check this website , cd (open directory, terminal command) to ~/HOME/AndroidStudioProjects;
Code:
~/HOME/AndroidStudioProjects
, and check permissions via
Code:
ls -l
, or
Code:
cd AndroidStudioProjects
to get deeper into, to list project directories you have, and check their permissions, they need to have write, and read permissions for owner at least
And replace ~/HOME, with your name you use in linux, if command don't work, so not to get confused there
indestructible master said:
first, glad to see you use programming on linux, i encourage you continue using it and learn it
that "WARN", is normal when starting studio from command line.
check in ~/HOME/AndroidStudioProjects directory, (if you allowed android studio to install location for projects in ~/HOME/AndroidStudioProjects, and in ~/HOME directory check if you have "Android" directory, there is located Sdk tools.
check permissions for directories, just check this website , cd (open directory, terminal command) to ~/HOME/AndroidStudioProjects;
Code:
~/HOME/AndroidStudioProjects
, and check permissions via
Code:
ls -l
, or
Code:
cd AndroidStudioProjects
to get deeper into, to list project directories you have, and check their permissions, they need to have write, and read permissions for owner at least
And replace ~/HOME, with your name you use in linux, if command don't work, so not to get confused there
Click to expand...
Click to collapse
Thanks so much for you help and encouragement for programming with linux!
I checked the permissions of the folder and am seeing:
Code:
drwxrwxr-x
Which I think means that I have permissions for this folder.
yjay18 said:
I was working in Android Studio and accidentally locked my Android Folder containing the Sdk, I re gave myself the permissions and unlocked it but when I try to reopen my android project it stays stuck on loading project.
View attachment 5254367
I have tried restarting my computer(linux) and running ./studio.sh but it is still not loading.
I am also seeing in the terminal:
2021-03-19 12:48:57,346 [ 56749] WARN - Container.ComponentManagerImpl - Do not use constructor injection (requestorClass=com.android.tools.idea.apk.issues.SetupIssueReporter)
Click to expand...
Click to collapse
I keep reading a lot of posts when I first get into trouble. This is how I once reached this website ( https://kodlogs.net/329/android-studio-stuck-on-installing-apk ) and got the desired solution. You can read this post as well as visit here. I think it will be very useful for you