temp root exploit for LG V50 ThinQ with android 10 firmware
including temporal magisk setup from the exploit
The exploit uses CVE-2020-0041 originally designed for Pixel 3 running kernel 4.9.
I have adapted the Pixel 3 specific exploit for kernel 4.14 that is used with LG phones running Android 10 with March security patch level.
This work has been done upon request of @Inerent who contributed not only with very fine donations, but also did all the testing on his LG phone, as I do not own any LG phone myself.
As an addon I have implemented setup of magisk v20.4 from temp root exploit included su permission asking notification support, that has been also a hell of work to get working.
SUPPORTED TARGETS
You can find currently running fw version with 'getprop ro.vendor.lge.factoryversion' command run in an adb shell.
LMV500NAT-00-V20m-LAO-COM-MAR-10-2020+0 - LG V50 ThinQ with V500N20m fw, 2020-03-01 security patch level
LMV500NAT-00-V20f-LAO-COM-JAN-31-2020+0 - LG V50 ThinQ with V500N20f fw, 2020-01-01 security patch level
LMV500NAT-00-V20b-LAO-COM-DEC-23-2019+0 - LG V50 ThinQ with V500N20b fw, 2019-12-01 security patch level
LMV500AT-00-V20g-LAO-COM-MAR-10-2020+0
LMV500AT-00-V20a-LAO-COM-JAN-24-2020+0
LMV500AT-00-V20e-LAO-COM-JAN-23-2020+0
LMV450AT-00-V20a-LAO-COM-JAN-15-2020-ARB00+2 - LG V50 ThinQ Sprint fw, 2020-01-01 security patch level
Please note, it is unlikely that any other fw version than those listed above would work.
The only (unlikely) case when the exploit could work with different fw version (or different phone model) would be that they would use binary identical kernel image in the firmware.
USAGE HOWTO
be sure to run supported firmware version on your phone (you may need to downgrade, involving factory reset)
enable developer mode options and in there adb debugging (eventually install adb drivers)
download the v50g8-mroot3.zip with the exploit attached in this post and unzip it
use 'adb push v50g8-mroot3 /data/local/tmp' and get temp root with following commands in 'adb shell':
Code:
cd /data/local/tmp
chmod 755 ./v50g8-mroot3
./v50g8-mroot3
If it worked, you should see something like this:
Code:
[+] Mapped 200000
[+] selinux_enforcing before exploit: 1
...
[+] Launching privileged shell
root_by_cve-2020-0041:/data/local/tmp # getenforce
Permissive
root_by_cve-2020-0041:/data/local/tmp # id
uid=0(root) gid=0(root) groups=0(root) context=kernel
root_by_cve-2020-0041:/data/local/tmp #
In case you get 'target is not supported', you may list supported targets with
Code:
./v50g8-mroot3 -T
and try to force one close to yours using '-t num' option.
Please see the 2nd post for magisk setup from temp root details.
Please be careful what you use the temp root for.
Changing something in partitions protected by dm-verity (or Android Verified Boot 2.0), like for example /system, /vendor or kernel boot partition, can result with a not anymore booting phone.
In such case you would need a way to emergency flash stock firmware to recover.
This is why it is called 'temp root' - you get a root shell only temporarily, it is lost with reboot and it does not allow to make permanent changes in crucial partitions until bootloader unlock is achieved.
Some partitions might still be possible to modify - for example in case of sony xperia phones it was possible to do permanent debloat via changes in /oem partition and such debloat would survive even factory reset. Similarly some modem configs have been present in /oem allowing to setup IMS for different operators/regions or tune other modem related stuff.
SOURCES
Exploit sources for all releases are available at my github here.
CREDITS
Big thanks to Blue Frost Security for the excellent writeup and the exploit itself.
DONATIONS
If you like my work, you can donate using the Donate to Me button with several methods there.
Already donated:
@Catalin Oprea ($710)
Luis Rosado ($30)
Kirn Gill ($6) LG V60 user
Android Maisters ($30)
Matthew Hinkle ($40)
Daniel Novo ($22)
Tony Romeo ($56)
Yurii Boiko ($20)
VL48 ($33)
Savcho Savchev ($30)
Josue W ($15)
Reyna Cruz ($15)
Tyler Thompson ($3)
Tam Van Phan ($8,4)
MR D CRANSON ($25)
Gilberto Lozada ($15)
Keith Young ($45)
Zee Bee ($11)
Kevin Borges ($50) root bounty at gofundme.com
Catalin Oprea (+$50) root bounty at gofundme.com
Luke Miller ($50) root bounty at gofundme.com
@AngryManMLS ($20)
@Shtiff1 ($20)
Thank you very much to all who donated or are about to donate.
DOWNLOAD
MAGISK SETUP FROM TEMP ROOT WITH LOCKED BOOTLOADER
To enjoy the temporal root with apps asking for root permission, you can now start magisk v20.4 from the root shell provided by the exploit.
download the v50g8-mroot3.zip with the exploit attached in the first post
download Magisk-v20.4.zip from magisk releases page on github here
use 'adb push v50g8-mroot3.zip Magisk-v20.4.zip /data/local/tmp' to copy the zips to the phone
unzip and prepare magisk setup with following commands in 'adb shell'
Code:
cd /data/local/tmp
unzip v50g8-mroot3.zip
chmod 755 v50g8-mroot3 magisk-setup.sh magisk-start.sh
./magisk-setup.sh
get temp root and start magisk up with following commands in 'adb shell':
Code:
cd /data/local/tmp
./v50g8-mroot3
./magisk-start.sh -1
./magisk-start.sh -2
./magisk-start.sh -3
just this point should be done after each reboot to get magisk running again.
NOTE: please be sure to enter each command separately, line after line - do not paste all in a single block and do not put them in a script.
There are reasons this is divided in 3 stages. With this approach I got the best stability, while putting ./v50g8-mroot3 together with -1 and/or -2 stuff in a single script run resulted with a reboot most of the time.
Phases 2 and 3 need to be split for functional reasons to start magisk with working su permission asking notification.
If it worked, you should see something like this:
Code:
flashlmdd:/ $ cd /data/local/tmp
flashlmdd:/data/local/tmp $ ./v50g8-mroot3
[+] factoryversion = LMV500NAT-00-V20m-LAO-COM-MAR-10-2020+0
[+] Mapped 200000
[+] selinux_enforcing before exploit: 1
[+] pipe file: 0xffffffd07822fa00
[+] file epitem at ffffffd102da6d00
[+] Reallocating content of 'write8_inode' with controlled data...............[DONE]
[+] Overwriting 0xffffffd07822fa20 with 0xffffffd102da6d50...[DONE]
[+] Write done, should have arbitrary read now.
[+] file operations: ffffff9dee01ebf8
[+] kernel base: ffffff9dece80000
[+] Reallocating content of 'write8_selinux' with controlled data..[DONE]
[+] Overwriting 0xffffff9def290000 with 0x0...[DONE]
[+] init_cred: ffffff9def02fcd0
[+] memstart_addr: 0xfffffff040000000
[+] First level entry: ae7f6003 -> next table at ffffffd06e7f6000
[+] Second level entry: ae419003 -> next table at ffffffd06e419000
[+] sysctl_table_root = ffffff9def05c710
[+] Reallocating content of 'write8_sysctl' with controlled data.......[DONE]
[+] Overwriting 0xffffffd1316fc268 with 0xffffffd0ba748000...[DONE]
[+] Injected sysctl node!
[+] Node write8_inode, pid 7109, kaddr ffffffd0c1193700
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Node write8_selinux, pid 6726, kaddr ffffffd08bfeb400
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Node write8_sysctl, pid 6772, kaddr ffffffd0afc0d000
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Cleaned up sendmsg threads
[+] epitem.next = ffffffd07822fa20
[+] epitem.prev = ffffffd07822fad8
[+] Launching privileged shell
root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -1
+ FRESH=false
+ '[' -1 '=' --fresh ']'
+ '[' ! -e /data/adb/magisk/busybox ']'
+ ./magiskpolicy --live --magisk 'allow dumpstate * * *'
Load policy from: /sys/fs/selinux/policy
root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -2
+ FRESH=false
+ '[' -2 '=' --fresh ']'
+ '[' ! -e /data/adb/magisk/busybox ']'
+ STAGE=2
+ '[' 2 '=' 2 ']'
+ mount -t tmpfs -o 'mode=755' none /sbin
+ chcon u:object_r:rootfs:s0 /sbin
+ chmod 755 /sbin
+ cp -a magisk/boot_patch.sh /sbin
+ cp -a magisk/magiskboot /sbin
+ cp -a magisk/magiskinit64 /sbin
+ cp -a magisk/busybox /sbin
+ cp -a magisk/util_functions.sh /sbin
+ cd /sbin
+ chmod 755 boot_patch.sh busybox magiskboot magiskinit64 util_functions.sh
+ mkdir r
+ mount -o bind / r
+ cp -a r/sbin/. /sbin
+ umount r
+ rmdir r
+ mv magiskinit64 magiskinit
+ ./magiskinit -x magisk magisk
+ ln -s /sbin/magiskinit /sbin/magiskpolicy
+ ln -s /sbin/magiskinit /sbin/supolicy
+ false
+ chcon -R u:object_r:magisk_file:s0 /data/adb/magisk
+ rm -f magiskboot util_functions.sh boot_patch.sh
+ ln -s /sbin/magisk /sbin/su
+ ln -s /sbin/magisk /sbin/resetprop
+ ln -s /sbin/magisk /sbin/magiskhide
+ mkdir /sbin/.magisk
+ chmod 755 /sbin/.magisk
+ >/sbin/.magisk/config
+ echo 'KEEPVERITY=true'
+ >>/sbin/.magisk/config
+ echo 'KEEPFORCEENCRYPT=true'
+ chmod 000 /sbin/.magisk/config
+ mkdir -p /sbin/.magisk/busybox
+ chmod 755 /sbin/.magisk/busybox
+ mv busybox /sbin/.magisk/busybox
+ mkdir -p /sbin/.magisk/mirror
+ chmod 000 /sbin/.magisk/mirror
+ mkdir -p /sbin/.magisk/block
+ chmod 000 /sbin/.magisk/block
+ mkdir -p /sbin/.magisk/modules
+ chmod 755 /sbin/.magisk/modules
+ mkdir -p /data/adb/modules
+ chmod 755 /data/adb/modules
+ mkdir -p /data/adb/post-fs-data.d
+ chmod 755 /data/adb/post-fs-data.d
+ mkdir -p /data/adb/service.d
+ chmod 755 /data/adb/service.d
+ chcon -R -h u:object_r:rootfs:s0 /sbin/.magisk
+ chcon u:object_r:magisk_file:s0 /sbin/.magisk/busybox/busybox
+ /sbin/magisk --daemon
client: launching new main daemon process
+ pidof magiskd
+ MP=14148
+ '[' -z 14148 ']'
+ >/sbin/.magisk/escalate
+ echo 14148
+ '[' -e /sbin/.magisk/escalate ']'
+ sleep 1
+ '[' -e /sbin/.magisk/escalate ']'
root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -3
+ FRESH=false
+ '[' -3 '=' --fresh ']'
+ '[' ! -e /data/adb/magisk/busybox ']'
+ STAGE=3
+ '[' 3 '=' 2 ']'
+ >/sbin/.magisk/magiskd
+ echo -e '#!/system/bin/sh\n/sbin/magisk --daemon'
+ chmod 755 /sbin/.magisk/magiskd
+ chcon u:object_r:dumpstate_exec:s0 /sbin/.magisk/magiskd
+ getprop init.svc.dumpstate
+ SVC=''
+ timeout=10
+ '[' 10 -gt 0 ']'
+ stop dumpstate
+ killall -9 magiskd
+ stop dumpstate
+ mount -o bind /sbin/.magisk/magiskd /system/bin/dumpstate
+ start dumpstate
+ timeout=10
+ '[' 10 -le 0 ']'
+ pidof magiskd
+ MP=14165
+ '[' -n 14165 ']'
+ break
+ stop dumpstate
+ sleep 1
+ umount /system/bin/dumpstate
+ rm -f /sbin/.magisk/magiskd
+ '[' '' '=' running ']'
+ rm -f /dev/.magisk_unblock
+ /sbin/magisk --post-fs-data
+ timeout=10
+ '[' -e /dev/.magisk_unblock -o 10 -le 0 ']'
+ sleep 1
+ timeout=9
+ '[' -e /dev/.magisk_unblock -o 9 -le 0 ']'
+ /sbin/magisk --service
+ sleep 1
+ /sbin/magisk --boot-complete
+ chmod 751 /sbin
root_by_cve-2020-0041:/data/local/tmp # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc),3011(uhid) context=u:r:magisk:s0
root_by_cve-2020-0041:/data/local/tmp # uname -a
Linux localhost 4.14.117-perf #1 SMP PREEMPT Tue Mar 10 18:44:38 KST 2020 aarch64
root_by_cve-2020-0041:/data/local/tmp # getenforce
Permissive
Now you can exit the temp root shell and use 'su' to get a root shell controlled by magisk manager or allow other apps that need root as asking for root permission now works.
You can even re-enable selinux like this from 'adb shell':
Code:
su -c 'setenforce 1'
The magisk setup from exploit including working permission asking has been fully developed by me, it uses some novel techniques to overcome the limitations caused by magisk run from a temp root instead of being integrated in boot process as a service.
TIPS FOR BETTER STABILITY OF THE EXPLOIT
The exploit works based on use after free, that means it depends on state of memory heap and how it changes during exploit time.
That means there is some portion of unpredictability and a chance that something else is overwritten than hoped for by shaping the heap.
So to get best results, one should stop anything that could run in background, like:
set airplain mode, turn off wifi and bluetooth so there is no data connection at all
set "Stay awake" to ON while charging (i.e. using adb shell) in developer options
disable auto updates of system and apps
debloat your system so useless apps do not run in background
reboot your phone having all the above
wait two minutes after boot up with phone unlocked, screen on connected to PC via usb cable having 'adb shell' already active (checking with 'uptime' command)
start the exploit
after getting root shell and succesfuly starting magisk, do not forget to properly exit the temp root shell by use of 'exit' command two times, so the 'adb shell' with the exploit is ended with the rest of clean up
CHANGELOG
2020-05-11 : Initial release (V500N20m-testJ) supporting V500N20m all Korean variants
2020-05-16 : multiple targets supported (v50g8-root)
2020-05-20 : v50g8-dump tool to dump kernel space memory available in G8 thread
2020-05-24 : implemented support for magisk start from the exploit (v50g8-mroot), added support for V50 Sprint with 2020-01-01 security patch level
2020-06-10 : fixed problem when V50 rebooted/crashed soon after obtaining temp root shell, released as v50g8-mroot2
2020-06-23 : hopefully stability improved even more with V50 allowing stable magisk start from temp root, released as v50g8-mroot3
Ok guys, OK!!!!
Here is a guide made for noobs for Root (download, extract and copy root file inside platform tools folder) and Backup in it, using Adb Platform Tools
Root and Backup V50 Korea
1. Download LG V50 Root (extract it and copy inside platform tools folder), Platform Tools ADB and LG USB Drivers 4.4.2 and install it
https://forum.xda-developers.com/v5...g-v50-temp-root-exploit-via-cve-2020-t4098077
https://www.mediafire.com/file/mu78ydkoalgfzyd/platform_tools_adb.zip/file
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
2. Connect USB then Enable Developer Options and USB Debugging and enable Stay Awake Screen
3. Turn off wifi, data, bluetooth restart phone, unlock screen and let it 1 minute to load all processes
4. Run Power shell command from inside platform tools folder (SHIFT+right mouse and open power shell here) and type cmd and hit enter
5. Run command - adb devices - a pupup should appear on your phone - tap Allow and Remember it on your phone!
6. Run one by one the following commands
adb push V500N20m-testJ /data/local/tmp
adb shell
cd /data/local/tmp
chmod 755 ./V500N20m-testJ
./V500N20m-testJ
7. When rooted you will have this lines in terminal
[*] Launching privileged shell
root_by_cve-2020-0041:/data/local/tmp #
If root is not achieved or phone restarts by itself repeat from step 3
Backup Important non KDZ Stuff like IMEI
1. Download this file backupselected.sh and move it inside your adb program This is already pushed to Platform Tools folder so ignore it
https://www.mediafire.com/file/gh00t76n4ctc061/backupselected.sh/file
2. Run this command from cmd
adb push backupselected.sh /data/local/tmp
3. Obtain Temp Root and from root shell run these
chmod -R 777 /data/local/tmp
./backupselected.sh
4. Backup will be saved in Download folder on your phone
Usefull Commands - Maybe @j4nn can help us with more usefull commands
rm *.* - delete all files
rm -rf (folder name) - delete that folder
adb push (folder or file name) /data/local/tmp - copy that folder or file name to that /data/local/tmp address
cd /data/local/tmp - then - pm install (appname) - installs it
Thank you. Can't wait for the G8 root guide!
Excellent someday we will have the Bootloader unlocked and for being to install the R
ags
j4nn said:
temp root exploit for LG V50 ThinQ with android 10 firmware
...................................................................Mod Edit: Removed bulk of unnecessarily quoted OP.........................................................
Thank you very much to all who donated or are about to donate.
DOWNLOAD
Click to expand...
Click to collapse
Mod Edit: Please DO NOT quote the entire OP. Either use HIDE tags or trim the quote as I did. Thank you.
Awesome patiently waiting for spring g8 to be compatable.
Received 150 USD to my paypal from Kevin Borges with following comment:
KanBorges said:
Thank you so much for your work. This is all the money in the bounty I set up on Gofundme. com. My username in XDA is @KanBorges . Again, thank you! Hopefully you can get twrp/magisk soon.
Click to expand...
Click to collapse
Thank you and all other contributors for the donations.
I've updated the first post (not only the donations list but added some more clarifications too).
Please note, as discussed since beginning with @Inerent, only the temp root exploit has been supposed to be implemented by me.
There is however available an engineering booloader, that may eventually allow to unlock bootloader after flashing from temp root.
This needs to be tested first and can involve some risks to brick the phone.
I do not own any LG phone (and do not even want one), so I am not doing that, sorry.
But I've already checked few things regarding the engineering bootloader and I can conclude, that it could be compatible in the sense that it most likely would not brick the device.
The reason I see that comparing stock firmware ABL image and the eng bootloader (aka ABL) seems that both use the same signing root certificate and they both have identical OU info in the signature certificate:
Code:
OU=07 0001 SHA256,
OU=06 0000 MODEL_ID,
OU=05 00000000 SW_SIZE,
OU=04 0031 OEM_ID,
OU=03 0000000000000001 DEBUG,
OU=02 000A50E100310000 HW_ID,
OU=01 000000000000001C SW_ID
If it would work with android 10 is another question though.
Please find attached source for split utility, to get some parts of the image likely to start with a signature certificate.
Those parts then can be converted to text form representation of the certificate via following command for example:
Code:
openssl x509 -in LUN4_abl_a_COM3.img-001238 -inform der -text -noout > LUN4_abl_a_COM3.img-001238.txt
Yes, Jann, thats true. But thx for helping us with some advices. I hope we are a big community (also users are coming from LG v30 and V40) and will figure this out, or rise another bounty if not.
Thx for helping us!
$20 donation sent to @j4nn from me. Thanks for the hard work.
@AngryManMLS, thank you for the donation. Updated the first post.
LG G8
Inerent said:
It seems this lg g820UM is the code for all USA carriers and Canada and should work for all like for koreans
If you do March root it will be compatible with February or January? If yes then pick March firmware.
Firmwares here.:
https://lg-firmwares.com/lg-lmg820um-firmwares/
Click to expand...
Click to collapse
Please note, if the exploit works with March firmware, it does not make it compatible with any other older firmwares, even if they are vulnerable.
The kernel build (binary image) is different there, i.e. it would need different offsets in the exploit to succeed.
The reason for selecting March security patch level with LG V50, i.e. the V500N20m firmware version, has been in order to exploit the newest still exploitable firmware.
The bug has been fixed in LG kernel since April security patch level, so using March fw allows you to use the latest still vulnerable and the most up to date fw for the temp root.
For other targets like the G8 might be useful to select other fw version if there are multiple variants that would use identical kernel binary image, possibly even not having a downloadable fw release for a variant, while existing for another variant (this may be a case if phone variants have identical or nearly the same hw).
j4nn said:
For other targets like the G8 might be useful to select other fw version if there are multiple variants that would use identical kernel binary image, possibly even not having a downloadable fw release for a variant, while existing for another variant (this may be a case if phone variants have identical or nearly the same hw).
Click to expand...
Click to collapse
The difficult thing is that the G8 variants are all over the place with which firmware/security patch they are on. My T-Mobile variant (G820TM) is on January 2020 meanwhile say the Verizon variant (G820UM) is on February 2020. So it's a mess which pretty much tells me each variant will need to have it's own exploit made for it.
Edit: Just found out the G820UM just got the April security update. KDZ isn't out yet for that.
j4nn said:
Please note, if the exploit works with March firmware, it does not make it compatible with any other older firmwares, even if they are vulnerable.
The kernel build (binary image) is different there, i.e. it would need different offsets in the exploit to succeed.
The reason for selecting March security patch level with LG V50, i.e. the V500N20m firmware version, has been in order to exploit the newest still exploitable firmware.
The bug has been fixed in LG kernel since April security patch level, so using March fw allows you to use the latest still vulnerable and the most up to date fw for the temp root.
For other targets like the G8 might be useful to select other fw version if there are multiple variants that would use identical kernel binary image, possibly even not having a downloadable fw release for a variant, while existing for another variant (this may be a case if phone variants have identical or nearly the same hw).
Click to expand...
Click to collapse
Hello, I've been talking to inherent on telegram; I think he sent you some of my outputs / logs. I'm sorry I haven't been able to donate as I'm unfortunately not old enough to do so. I've got a Sprint g8 which is stuck on the Android 10 beta on November patch. If you adapt this for other g820um variants, will it likely work with my patch or not?
@AngryManMLS, most likely April security fixed the bug making it not exploitable anymore.
Yes, each kernel build/image would need specific support in the exploit.
@antintin, I need the binary image of kernel used in the firmware that is running the phone we would target with the temp root exploit in order to develop support for it.
Is your Android 10 beta on November patch firmware downloadable anywhere?
Or can you flash any other firmware?
Can you say which G8 model/carrier would have identical hardware to your Sprint G8, while having a downloadable fw?
j4nn said:
@AngryManMLS, most likely April security fixed the bug making it not exploitable anymore.
Yes, each kernel build/image would need specific support in the exploit.
@antintin, I need the binary image of kernel used in the firmware that is running the phone we would target with the temp root exploit in order to develop support for it.
Is your Android 10 beta on November patch firmware downloadable anywhere?
Or can you flash any other firmware?
Can you say which G8 model/carrier would have identical hardware to your Sprint G8, while having a downloadable fw?
Click to expand...
Click to collapse
Well I'm not entirely certain, maybe I can ask vl48. I think any g820um should be fine though. I doubt there is any beta kdz available to download, however. I unfortunately can only go on the final pie version or November patch beta 10 on my Sprint. My updates are broken :
After the temp root, can we flash Magisk patched boot img to /dev/block/bootdevice/by-name/boot_a or something like that? Does it still work after a reboot
@quantan, most likely not, due to dm-verity/AVB 2.0 - it is a temp root...
Magisk (with possibly limited functionality) may be eventually started from the exploit, but it seems not to work yet...
Would be good to at least have android 10 on the Australian V50 but we can't even get that.
Will never buy lg again.
snake65 said:
Would be good to at least have android 10 on the Australian V50 but we can't even get that.
Will never buy lg again.
Click to expand...
Click to collapse
That is not LG fault, is your carrier one. Wait patiently, pretty soon all our problems are resolved.
snake65 said:
Would be good to at least have android 10 on the Australian V50 but we can't even get that.
Will never buy lg again.
Click to expand...
Click to collapse
I have to agree with you on this one. Right now, LG is getting it's lunch eaten by many Chinese OEMs and their bleeding cash in the smartphone business. LG latest "FLAGSHIP", the V60, is a d*** joke when comparing it's 60Hz screen refresh rate to any new smartphone. It's selling for $809.99 new on Tmob and their already selling for less than $700 on Ebay. By end of summer, $390?
I too "Will never buy LG again!".
BTW, I have an Essential PH-1, admittedly old hardware but I'm already running Android 11 DP4 as a daily with very few problems. The V50 won't see 11 for what....... 18 months?
Related
HOW TO MAKE A OPENVPN CONNECTION
(you must use latest kernel - since 2010-08-18 it is integrated (tun module must be integrated in kernel mdules)
-> system/lib/modules/tun.ko)
kernel: htc-msm-linux-20100818_135751-package.tar or newer needed (because there the tun module is included)
1.) install of "openvpn" binary.
we do this manually
a) download openvpn.zip and copy the file: "openvpn" to directory "/sdcard/openvpn"
b) then set the execute writes via:
chmod +x /system/bin/openvpn
2.) some special settings - i do it via a start script -> /sdcard/conf/froyo.user.conf
(see there for the custom_shells part ...)
Code:
# custom shell commands, these commands run last
custom_shells{
#openvpn (ifconfig and route is needed)
mkdir /system/xbin/bb
ln -s /bin/busybox /system/xbin/ifconfig
ln -s /bin/busybox /system/xbin/bb/ifconfig
ln -s /system/bin/route /system/xbin/route
ln -s /system/bin/route /system/xbin/bb/route
#modprobe
modprobe tun
}
3.) copy your openvpn config files to directory /sdcard/openvpn
( my config file looks like: (for the client))
Code:
dev tap
dev-node /dev/tun
proto tcp-client
tls-client
#your server ip + port
remote 123.123.123.123 443
tls-auth /sdcard/openvpn/srv3.xxx.com_ta.key 1
ca /sdcard/openvpn/srv3.xxx.com_ca.crt
cert /sdcard/openvpn/srv3.xxx.com_rlt3.crt
key /sdcard/openvpn/srv3.xxx.com_rlt3.key
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
pull
redirect-gateway
comp-lzo
verb 3
status /sdcard/openvpn/srv3.xxx.com_rlt3_status.log
log-append /sdcard/openvpn/srv3.xxx.com_rlt3.log
only for your info (my server config)
Code:
port 443
dev tap0
proto tcp-server
mode server
tls-server
tls-auth /etc/openvpn/srv3.xxx.com_ta.key 0
ca /etc/openvpn/srv3.xxx.com_ca.crt
cert /etc/openvpn/srv3.xxx.com.crt
key /etc/openvpn/srv3.xxx.com.key
dh /etc/openvpn/srv3.xxx.com_dh1024.pem
crl-verify /etc/openvpn/srv3.xxx.com_crl.pem
client-config-dir client-config
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
keepalive 10 60
ping-timer-rem
persist-key
persist-tun
push "ping 10"
push "ping-restart 60"
push "ping-timer-rem"
mute 50
comp-lzo
status-version 2
status /var/log/openvpn/srv3.xxx.com_openvpn-status.log
log /var/log/openvpn/srv3.xxx.com_openvpn.log
verb 3
ifconfig 192.168.23.1 255.255.255.0
ifconfig-pool 192.168.23.2 192.168.23.9
push "route 192.168.23.0 255.255.255.0"
push "dhcp-option DNS 192.168.23.1"
push "dhcp-option DOMAIN vpn.xxx.com"
#Turn this on, if you want that all traffic goes over VPN
#push "route-gateway 192.168.23.1"
#push "redirect-gateway"
client-to-client
#using multiple cn's (no limited to single access via one cert files)
duplicate-cn
4.) install of "openvpn settings" from market place
then start app: "openvpn settings"
then configure there:
-> Load tun kernel adapter -> OFF
-> TUN modules settings: (not needed)
-> load module using -> modprobe (not needed)
-> path to tun module -> tun (not needed)
-> Path to configuration -> /sdcard/openvpn
-> Path to openvpn binary -> /sdcard/openvpn/openvpn
5.) Then you should see your config file and you can click it to start.
That's it
EDIT on 23.08.2010 + 30.08.2010
good article!
pride2 said:
good article!
Click to expand...
Click to collapse
maybe it should not iunder HTC HD, but anyhow ... if someone need it, he will find it -> search function is your friend
pride2 said:
good article!
Click to expand...
Click to collapse
Yeah it is a quite good article...
But there is one thing I don't understand... Or two...
Firstly... Why we have to link "route" and "ifconfig" twice?
Secondly... Why we have to link "/system/xbin/route" to "/system/xbin/route"?
In my opinion this will cause something like a loop which makes the command not executable... Could that be right?
Many regards
Crusoe86 said:
Yeah it is a quite good article...
But there is one thing I don't understand... Or two...
Firstly... Why we have to link "route" and "ifconfig" twice?
Secondly... Why we have to link "/system/xbin/route" to "/system/xbin/route"?
In my opinion this will cause something like a loop which makes the command not executable... Could that be right?
Many regards
Click to expand...
Click to collapse
the route is used by hardcoded path "/system/xbin/bb" from static "openvpn"
so, i was not sure if it is system/xbin or /system/xbin/bb, so i prefer to make both lnk's.
but addtional - i madea mistake, it is changed on first posting.
the mistakes are:
1.) openvpn-installer doesn't install conrrectly -> so, i did it manually
now.work
2.) ln was wrong: now the correct lnk's are:
ln -s /bin/busybox /system/xbin/ifconfig
ln -s /bin/busybox /system/xbin/bb/ifconfig
ln -s /system/bin/route /system/xbin/route
ln -s /system/bin/route /system/xbin/bb/route
cu camel
I have the leaked 2.2 stock Froyo on my Incredible.
I get this after it authenticates:
FATAL: Cannot allocate TUN/TAP dev dynamically
Any ideas? I'm guessing it doesn't have the tun driver.
PokerMunkee said:
I have the leaked 2.2 stock Froyo on my Incredible.
I get this after it authenticates:
FATAL: Cannot allocate TUN/TAP dev dynamically
Any ideas? I'm guessing it doesn't have the tun driver.
Click to expand...
Click to collapse
EDIT:
please check my first posting (updated ...)
also as i can see - often the problem is to install the openvpn as executable, and also to "modprobe tun".
therefoore you can also add to your /sdcard/conf/froyo.user.conf like me:
(see there for the custom_shells part ...)
# custom shell commands, these commands run last
custom_shells{
#openvpn (ifconfig and route is needed)
mkdir /system/xbin/bb
ln -s /bin/busybox /system/xbin/ifconfig
ln -s /bin/busybox /system/xbin/bb/ifconfig
ln -s /system/bin/route /system/xbin/route
ln -s /system/bin/route /system/xbin/bb/route
#modprobe
modprobe tun
#map the executable openvpn file to /system/xbin or bin
mount --bind /sdcard/openvpn/openvpn /system/xbin/openvpn
}
############
sure maybe some links are not needed - not sure what you have set ..
and of course - you can make it more cleaner as me ... but it is working fine enough for me.
cu camel
For SHW-M110s development/discussion. (Korean Anycall SGS ONLY yes for any who don't know, we are officially part of the I9000 forum.
Koe1974 suggested this thread and will I think act as a co-OP on this discussion. Look for front page updates, links, whatever from him 3 posts down, (below the lost guy from China) in the future too.
Version 4 released
Version 4.0r1 released to fix Odin flashing problem
link to kernel
with tegrak_voodoo sound (v2) module, tegrak ext4 module, root (superuser.apk) and busybox 1.17.1 optional, safe mount option overides by default, auto detect lag fixed partitions (improves upgradeability and interchageability) [/B][/size] Compatible with previously z4modded ext2 setups. All ROM versions, SK05 through TA13 tested and released (link is below).
안녕하세요 to any of the Korean developers who find this. Please update us in English about what you are doing. Your English is probably MUCH better than my korean, and I live in Korea.. There are some people in China, Iran, Philippines, etc using this device who might be helped.
-------------------------------------------------------------------------------------------------------------------------
Ext4 (tegrak modules) z4build rooted voodoo sounds kernel link
A stock z4moded kernel with added ext4 support ( presently by "stealing" tegrak kernel modules.) and many tweaks to make it actually work.
This is now working with z4control to get an easy to apply ext4 lag fix!
------------------------------------------------------------------------------------------------------------------------------------
Bug discussion here please, usage discussion (how do get the file into odin?) .. maybe the general thread is better.
For now, our rooting guide is linked from my sig also, although the above linked kernel can also be made to provide root with no effort.
This type of initramfs modification can be done by unpacking a stock kernel making customizations and then applying z4build to it. But I used a z4modded kernel and then applied customizations and repacked. I did this because I set up to repack by hand anyway before knowing I wanted to use z4mod and even then, when I thought I needed to pack into a tegrak kernel (which z4build can't do). It turned out to cause complications, but also taught me a good bit about the process and about z4mod, and probably helped me find bugs.
Some other related useful links for Reference:
kernel extraction (commented by me specifically for tegrak lzma compressed initramfs and z4build split initramfs)
http://forum.xda-developers.com/wiki/index.php?title=Extract_initramfs_from_zImage
kernel repacking
http://forum.xda-developers.com/showthread.php?t=789712
It needs the initramfs to be cpio'd already something like this:
Code:
cd $initram
find ./ | cpio -H newc -o > $repackdir/newramfs.cpio
It also needs the editor.sh script modified to point to the cross-compiler.
By default it can only pack you initramfs into an image which previously had an uncompressed initramfs. This can be modified though easily.
kernel compiling
This old thread probably isn't too useful now..
http://forum.xda-developers.com/showthread.php?t=740740&page=2
We have much better info 3 posts down by koe1974.
Kernel sources here:
http://opensource.samsung.com/
search SHW-M110S.
The first froyo update has a nice readme with a link to the compiler (I don't have the link right this moment)
Not sure if we need to figure/find .configs, or if the ones included are ok to start. Just need to compile one once and see.
I got my compiler toolchain here:
http://www.codesourcery.com/sgpp/li...1-188-arm-none-eabi-i686-pc-linux-gnu.tar.bz2
I thought it's the one recommended is the original froyo source from samsung, but Koe says they point to 2009 version, so I don't know now.
............
I flashed the korean voodoo sk22 kernel just to boot it into recovery. It has CW mod recovery. Might be useful. (BTW I don't recommend flashing unfamiliar kernels haphazardly, ex: this one injected a file into my ROM that interefered with z4mod until I realized it ) Mine BTW injects only one empty directory (/etc/init.d) and nothing else. Remove the kernel and all other changes dissappear. (z4control adds a tad more, but very little, most of its additions self destruct after use.)
Post reserved.
Post Removed, as requested.
Sent from my GT-I9000 using XDA App
Links:
Korea's equivalent to XDA
Lilinser's GitHub - kernel repack, deodexer, etc.
Project-Voodoo - initramfs (SK05)
Just for hobbies - Voodoo for SL28
Tegrak Kernel
SHW-M110S intramfs Requires further research.
Older M110S from someone at MIT working on the M110S potential resource
bml7 & initramfs possible resource
more initramfs
initramfs SK05 Tested .. OK
How-Tos:
Basic How-To Build Environment with built kernel test
First this diff is from a z4modded stock SL28 image to the custom kernel image. It's not against stock. So it includes tegrak files and scripts I changed. Also note the -N option. It pretends like files that don't exist do.. Any binary files that "differ" are actually added from tegrak.
Code:
diff -rbpN z4mod_sl28/initramfs/init.rc z4grak-construction-sl28/initramfs/init.rc
*** z4mod_sl28/initramfs/init.rc 2011-01-13 02:20:12.000000000 -0500
--- z4grak-construction-sl28/initramfs/init.rc 2011-01-11 07:43:34.000000000 -0500
*************** loglevel 3
*** 58,63 ****
--- 58,72 ----
mount j4fs /dev/block/stl6 /mnt/.lfs
insmod /lib/modules/param.ko
+ #ext4 modules by woo
+ insmod /tegrak/lib/modules/mbcache.ko
+ insmod /tegrak/lib/modules/jbd2.ko
+ insmod /tegrak/lib/modules/ext4.ko
+
+ # tegrak system lagfix by woo
+ #
+ insmod /tegrak/lib/modules/tegrak_module.ko
+
# Backwards Compat - XXX: Going away in G*
symlink /mnt/sdcard /sdcard
*************** service vt /system/bin/vtserver
*** 728,734 ****
#user system
#group system
-
service dumpstate /system/bin/dumpstate -s
socket dumpstate stream 0660 shell log
disabled
--- 737,742 ----
*************** service dumpstate /system/bin/dumpstate
*** 739,747 ****
# oneshot
-
# Added by z4mod
service z4postinit /init
oneshot
--- 747,761 ----
# oneshot
# Added by z4mod
service z4postinit /init
oneshot
+ #install root ingore the mount type, it doesn't matter
+ # syntax looks a little strange to me.. we'll see if it works
+ mount rfs /dev/block/stl9 /system rw remount
+ cat /sbin/su > /system/bin/su
+ chown root /system/bin/su
+ chmod 4755 /system/bin/su
+ mount rfs /dev/block/stl9 /system ro remount
\ No newline at end of file
diff -rbpN z4mod_sl28/initramfs/lpm.rc z4grak-construction-sl28/initramfs/lpm.rc
*** z4mod_sl28/initramfs/lpm.rc 2011-01-13 02:20:12.000000000 -0500
--- z4grak-construction-sl28/initramfs/lpm.rc 2011-01-11 06:37:28.000000000 -0500
*************** on init
*** 16,21 ****
--- 16,26 ----
insmod /lib/modules/param.ko
insmod /lib/modules/vibrator.ko
+ #ext4 modules by woo
+ insmod /tegrak/lib/modules/mbcache.ko
+ insmod /tegrak/lib/modules/jbd2.ko
+ insmod /tegrak/lib/modules/ext4.ko
+
mount rfs /dev/block/stl9 /system check=no
mount rfs /dev/block/mmcblk0p2 /data nosuid nodev check=no
Binary files z4mod_sl28/initramfs/sbin/sslvpn and z4grak-construction-sl28/initramfs/sbin/sslvpn differ
Binary files z4mod_sl28/initramfs/tegrak/bin/mkfs.ext4 and z4grak-construction-sl28/initramfs/tegrak/bin/mkfs.ext4 differ
Binary files z4mod_sl28/initramfs/tegrak/bin/tune2fs and z4grak-construction-sl28/initramfs/tegrak/bin/tune2fs differ
Binary files z4mod_sl28/initramfs/tegrak/lib/modules/ext4.ko and z4grak-construction-sl28/initramfs/tegrak/lib/modules/ext4.ko differ
Binary files z4mod_sl28/initramfs/tegrak/lib/modules/jbd2.ko and z4grak-construction-sl28/initramfs/tegrak/lib/modules/jbd2.ko differ
Binary files z4mod_sl28/initramfs/tegrak/lib/modules/mbcache.ko and z4grak-construction-sl28/initramfs/tegrak/lib/modules/mbcache.ko differ
Binary files z4mod_sl28/initramfs/tegrak/lib/modules/tegrak_module.ko and z4grak-construction-sl28/initramfs/tegrak/lib/modules/tegrak_module.ko differ
I'm a bit confused about sslvpn It's in my SL28 , it's not in my z4moded SL28. everything else diff as expected. Maybe I just lost it, maybe z4mod removed it. It's a small unimportant mystery.
BTW it looks like what I believe are the recovery keys have changed from SK22 to SL28, so maybe using the wrong kernel breaks something.
and my slightly modified version of the extraction script with commented lines to deal with lzma.
it's much faster (well.. why not), and it handles direcories a little better. It need a "/" somewhere in the file name though so use "./zImage".
Code:
#!/bin/bash
#MUCH faster than dd bs=1 skip=blah
#
# syntas is fastdd file skip <length_in_bytes_optional>
# skip is NOT optional and should be set to 0 read from begining.
#
fastdd () {
#dd with a skip is crazy slower cause it forces bs=1
#credit goes to somebody on the internet.
local bs=1024
local file=$1
local skip=$2
local count=$3
(
dd bs=1 skip=$skip count=0 2>/dev/null
if [[ "$count" != "" ]]; then
dd bs=$bs count=$(($count / $bs))
dd bs=$(($count % $bs)) count=1
else
dd bs=1024 2> /dev/null
fi
) < "$file"
}
zImage=$1
basedir=${1%/*}
echo working directory $basedir
mkdir $basedir/initramfs
outdir=$basedir/initramfs/
#========================================================
# find start of gziped kernel object in the zImage file:
#========================================================
pos=`grep -P -a -b -m 1 --only-matching $'\x1F\x8B\x08' $zImage | cut -f 1 -d :`
echo "-I- Extracting kernel image from $zImage (start = $pos)"
echo
echo "*** Start of compressed kernel image:" $pos
#========================================================================
# the cpio archive might be gzipped too, so two gunzips could be needed:
#========================================================================
fastdd $zImage $pos | gunzip > /tmp/kernel.img
pos=`grep -P -a -b -m 1 --only-matching $'\x1F\x8B\x08' /tmp/kernel.img | cut -f 1 -d :`
#
# Use next one for tegrak secuere 11 SL28
# It's an lzma header
# It's found by looking for 5D 00 in the exact same place as cpio (070701) is found in stock.
# The long string of FF's is the real give away since 5D 00 is too vague.
# pos=`grep -P -a -b -m 1 --only-matching '\x{5D}\x{00}\x..\x{FF}\x{FF}\x{FF}\x{FF}\x{FF}\x{FF}' /tmp/kernel.img| cut -f 1 -d :`
echo
echo "*** gzip position in kernel.img :" $pos "(start of gzipped cpio)"
#===========================================================================
# find start and end of the "cpio" initramfs image inside the kernel object:
# ASCII cpio header starts with '070701'
# The end of the cpio archive is marked with an empty file named TRAILER!!!
#===========================================================================
if [ ! $pos = "" ]; then
echo "-I- Extracting compressed cpio image from kernel image (start = $pos)"
# use either one of the next two lines for gzip
# dd if=/tmp/kernel.img bs=1 skip=$pos | gunzip > /tmp/cpio.img
fastdd /tmp/kernel.img $pos |gunzip > /tmp/cpio.img
# comment above and uncomment one of next two lines for lzma, if decompressing tegrak image.
# dd if=/tmp/kernel.img bs=1 skip=$pos | unlzma > /tmp/cpio.img
# fastdd /tmp/kernel.img $pos | unlzma > /tmp/cpio.img
start=`grep -a -b -m 1 --only-matching '070701' /tmp/cpio.img | head -1 | cut -f 1 -d :`
end=`grep -a -b -m 1 --only-matching 'TRAILER!!!' /tmp/cpio.img | head -1 | cut -f 1 -d :`
inputfile=/tmp/cpio.img
else
echo "-I- Already uncompressed cpio.img, not decompressing"
start=`grep -a -b -m 1 --only-matching '070701' /tmp/kernel.img | head -1 | cut -f 1 -d :`
echo start $start
end=`grep -a -b -m 1 --only-matching 'TRAILER!!!' /tmp/kernel.img | head -1 | cut -f 1 -d :`
echo end $end
inputfile=/tmp/kernel.img
fi
end=$((end + 10))
count=$((end - start))
if (($count < 0)); then
echo "-E- Couldn't match start/end of the initramfs image."
exit
fi
echo "-I- Extracting initramfs image from $inputfile (start = $start, end = $end)"
echo inputfile: $inputfile
echo start $start
echo count $count
echo outdir $outdir
# dd if=$inputfile bs=1 skip=$start count=$count > $outdir/initramfs.cpio
fastdd $inputfile $start $count > $basedir/initramfs.cpio
cd $basedir
basedir=`pwd`
cd $outdir; cpio -v -i --no-absolute-filenames < $basedir/initramfs.cpio
cp /tmp/kernel.img $basedir/
More to come.
I like the way this is going, appagom, please put [MOD] in the title.
GL on the new thread, if you hope to have Koreans stumbled upon the thread it might be good to add more phrases like:
루팅
갤럭시s
안드로이드
프로요
업그레이드
업데이트
I never really fully utilized it myself. I hope you get more done here or I'll just take the move personally. Actually, now that you guys were moving into compiling and building I thought this would come. Also, you should look to get some Soju out of this with some donate links or something, even if you aren't looking to take in any cash perhaps you could use it as a seed pot for bounties.
Most importantly, I need to know what "the lost guy from China" said...ㅋㅋㅋ
@Koe, don't waste your time on Gingerbread, get us Honeycomb
Compile a Kernel in 13 Lucky Steps
If you are not familiar with Linux, you might have a hard time following this. Just as I am writing how to do get setup to compile a kernel and compile Android apps, others have written how to setup VirtualBox, Ubuntu, AndroidSDK, etc. Please see documentation provided by Oracle, Google, Ubuntu, etc. before you ask for help about VirtualBox, Ubuntu and the SDK. Thanks.
This is written for people who have used Linux but have not compiled much. Or for the brave at heart who are looking for a nice weekend project. This will tell/guide you through getting a system setup that will not destroy your existing OS.
My host OS is Ubuntu 10.10 64-bit. I wanted had to make an Ubuntu 10.04 32-bit 64-bit system for development because I didn't want to deal with 64-bit vs. 32-bit issues but since Gingerbread requires a 64-bit compiler, I had to. Might as well just use my host system, but since we're here let's keep going!
So you're about to begin. Let's just get one thing straight. No! This will not result in a kernel you can flash. “Then why do this?, you ask. Ask yourself that!
1. Install VirtualBox and the Oracle VM VirtualBox Extension Pack (Currently 4.0.0 r69151)
http://www.virtualbox.org/wiki/Downloads
2. Download an Ubuntu ISO (I suggest Ubuntu Desktop 10.04 64-bit)
http://www.ubuntu.com/desktop/get-ubuntu/download
3. Create a new VM in VirtualBox (You may/have to modify the settings)
Operating System: Linux
Version: Ubuntu64
Extended Features: IO APIC
Processors: 2
RAM: 2048MB
Video Mem: 128MB
HDD: 32GB
Enable PAE/NX
Shared Drive: (I use a shared folder, more detail later)
Click to expand...
Click to collapse
4. Install VirtualBox Guest Additions
5. Install Ubuntu and Update Ubuntu
TIP: Mount your Shared Folder with fstab (Optional but helpful)
If you chose to use a shared folder you can auto-mount it via /etc/fstab.
NOTE: I use a shared folder named andDEV and I mount it on my desktop (~/Desktop). Below is what I add to my /etc/fstab (You may/have to change it)
Code:
andDev /home/koe/Desktop/andDev vboxsf uid=1000,gid=1000 0 0
Click to expand...
Click to collapse
6. Enable multiverse and partner "Software Sources"
7. Install additional software: NOTE: I would also recommend installing preload, but it is not required.
Code:
sudo apt-get install qt3-dev-tools texinfo git-core gnupg flex bison gperf libsdl-dev libesd0-dev libwxgtk2.6-dev build-essential zip curl libncurses5-dev zlib1g-dev sun-java6-jdk eclipse ia32-libs
8. Get and Setup the AndroidSDK (Everything you need to know is there or just Google for help)
http://developer.android.com/sdk/index.html
NOTE: Ubuntu 10.04 does not have Java 5 in it's repositories. Follow this link to setup to Java 5
9. Get and Setup ADT Plugin for Eclipse (Everything you need to know is there or just Google for help)
http://developer.android.com/sdk/eclipse-adt.html#installing
TIP: At this point you might want to try Google's “Hello, Android” tutorial.
Click to expand...
Click to collapse
10. Download and Install the Sourcery G++ Lite for ARM EABI Toolchain (Currently arm-2010.09)
http://www.codesourcery.com/sgpp/lite/arm/portal/subscription3053
Look for and click the link for Recommended Release
Look for and click the link for IA32 GNU/Linux TAR
Extract the archive. You will have a folder named arm-2010.09
Make a directory in your home directory named CodeSourcery
Ex. mkdir ~/CodeSourcery
copy the entire arm-2010.09 folder into CodeSourcery
Click to expand...
Click to collapse
11. Update your $PATH
You should be familiar with this because you had to do it to setup the AndroidSDK
Append the following to your PATH in .bashrc
Code:
~/CodeSourcery/arm-2010.09/bin
12 Download and Prepare the Samsung Source Code (Currently SHW-M110S_Opensource_Froyo_update2.zip)
http://opensource.samsung.com/
Click Mobile - Mobile Phones
Look for and download SHW-M110S_Opensource_Froyo_update2.zip
Extract the archive. Inside the new folder are two more archives.
Extract SHW-M110S_Kernel.tar.gz Inside there is a new folder Kernel
You can copy this to a more convenient location. I copy it to my desktop.
In the Kernel folder is a file named Makefile. Open it with your editor of choice.
Go to line 184. You will see ...
CROSS_COMPILE ?= /opt/toolchains/arm-2009q3/bin/arm-none-linux-gnueabi-
You have to change it to something like below, but see the koe? That is my username so you have to change it to your username.
CROSS_COMPILE ?= /home/koe/CodeSourcery/arm-2010.09/bin/arm-none-eabi-
Save Makefile.
Click to expand...
Click to collapse
13. Compile a Kernel
NOTES:
1. Do not try to compile the code in your Shared Folder. It will fail.
2. When issuing these commands you will see lots of output during this part, most of which is not useful to you at this point.
3. The amount of time it takes for the final make command to run will depend on your computer.
Click to expand...
Click to collapse
Open a terminal window and move into the Kernel directory. Issue the following commands.
Code:
$ make shw-m110s_defconfig
$ make menuconfig
When the config editor opens do the following:
DOWN ARROW to Userspace binary formats and press ENTER
DOWN ARROW to Kernel support for a.out and ECOFF binaries and press SPACE
RIGHT ARROW to Exit and press ENTER
RIGHT ARROW to Exit and press ENTER
Press ENTER again and it will exit back to the command line
NOTE: If you have a powerful computer and you want to speed up the build time, make can be run as, make -j# The # represents how much it will try to do at once. $ make does 1 operation, make -j3 tries to do 3. I have a 2.66 Ghz dual-core CPU and I allow the VirtualBox guest OS access to both cores, so I use make -j3 The compile finishes in about 12 minutes and allows me to still use my host OS. For now, you might just want to run make without the -j option to get a full understanding of how long it takes. Later you can test with values.
Click to expand...
Click to collapse
WARNING: Time is relative. This will take some time ... go make a sandwich or maybe even watch a movie.
Code:
$ make
When you see $ again check the last couple of lines of output. You want to see …
OBJCOPY arch/arm/boot/zImage
Kernel: arch/arm/boot/zImage is ready
Click to expand...
Click to collapse
Congratulation! You just built a kernel for the m110s!
good write up.. Glad to see you hit the same a.out snag as me. Just makes me think it's not configured right and so I have low hopes. Will be fun to see what happens when you put an initramfs in it. I'd just unpack the stock one and try that first.
As for z4control.. I'm pretty interested in getting this working as something like this was the real reason I started messing with this. It seems there may be some issue with the z4mod's init wrapper not doing things it should but anyway.. just now seeing issues. flashed one kernel where I added some debug output added.. trying to understand it (not understanding it yet). I'm optimistic that I can track it down. edit:... definitely making progress, not quite there yet but getting closer.
appagom said:
good write up.. Glad to see you hit the same a.out snag as me. Just makes me think it's not configured right and so I have low hopes. Will be fun to see what happens when you put an initramfs in it. I'd just unpack the stock one and try that first.
Click to expand...
Click to collapse
Strictly to see if it would build completely and to get more info on how to do it, I did do an initramfs & kernel test build.
used the update2 kernel source
used the initramfs linked above (SHW-M110S intramfs Requires further research.)
ran find ./ | cpio -H newc -o > ~/Desktop/newramfs.cpio
added the cpio via menuconfig with no compression
It did build successfully and I ended up with a 7mb zImage vs. a 2.5mb.
There is no way in hell I am going to flash it because I do not know which initramfs (maybe from sk05) it is or what it contains but it did complete.
Now isn't this a kick in the nuts!
Since I got the toolchain all set I decided to focus on the Android source code. Following these directions .. http://source.android.com/source/download.html I got to "Building the code"
Code:
[email protected]:~/Desktop/myAnd$ source build/envsetup.sh
including device/htc/passion/vendorsetup.sh
including device/samsung/crespo/vendorsetup.sh
[email protected]:~/Desktop/myAnd$ lunch
You're building on Linux
Lunch menu... pick a combo:
1. full-eng
2. full_x86-eng
3. simulator
4. full_passion-userdebug
5. full_crespo-userdebug
Which would you like? [full-eng] 1
============================================
PLATFORM_VERSION_CODENAME=AOSP
PLATFORM_VERSION=AOSP
TARGET_PRODUCT=full
TARGET_BUILD_VARIANT=eng
TARGET_SIMULATOR=false
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm
TARGET_ARCH_VARIANT=armv5te
HOST_ARCH=x86
HOST_OS=linux
HOST_BUILD_TYPE=release
BUILD_ID=OPENMASTER
============================================
[email protected]:~/Desktop/myAnd$ make
============================================
PLATFORM_VERSION_CODENAME=AOSP
PLATFORM_VERSION=AOSP
TARGET_PRODUCT=full
TARGET_BUILD_VARIANT=eng
TARGET_SIMULATOR=false
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm
TARGET_ARCH_VARIANT=armv5te
HOST_ARCH=x86
HOST_OS=linux
HOST_BUILD_TYPE=release
BUILD_ID=OPENMASTER
============================================
Checking build tools versions...
build/core/main.mk:76: ************************************************************
build/core/main.mk:77: You are attempting to build on a 32-bit system.
build/core/main.mk:78: Only 64-bit build environments are supported beyond froyo/2.2.
build/core/main.mk:79: ************************************************************
build/core/main.mk:80: *** stop. Stop.
Well, 32-bit will do for now seeing how ::cough:: I'm not the one building gingerbread.
I guess my next how-to is going to be how to go out and buy a PC and setup a 64-bit development environment.
Well, 32-bit will do fro now see how ::cough:: I'm not the one building gingerbread.
I guess my next how-to is going to be how to go out and buy a PC and setup a 64-bit development environment.
Click to expand...
Click to collapse
Could try the gnu cross compiler I suppose maybe it's clever enough to work around it. Your computer really isn't 64 bit though? You could just install a 64 bit VM assuming it is.
koe1974 said:
added the cpio via menuconfig with no compression
Click to expand...
Click to collapse
Ok, that procedure is easier than it used to be, or than what I read it used to be. I'm not afraid to add one and flash it. Just busy with making one I like right now though.. then again.. sounds like a 10 minute interruption.. so.. we'll see... oh and I don't remember what was stopping xconfig from working, but something annoying.. it's quite a bit nicer than menuconfig. I need to learn how that works though.. cause really you should add modules from the compilation itself right.. so you cant have the initramfs already before you compile, unless make opens it and add the modules and re-cpio's it. Anyway.. I'll shoot first, ask later.
edit: just flashed.. it gave about 1 tenth of a blue bar and froze. Ok, that was fun, back to fixing and ext4 kernel up.
appagom said:
Could try the gnu cross compiler I suppose maybe it's clever enough to work around it. Your computer really isn't 64 bit though? You could just install a 64 bit VM assuming it is.
Click to expand...
Click to collapse
The VM I setup was 32bit, but it's 64bit now. I will just modify the How-To for a 64bit system.
4 bugs related z4control issues solved(ok 2 were probably the same as well as a fifth, so really 3)..
one, it's failing to create a directory it needs (/system/etc/init.d), reported, work around create by hand.
2) It's rfs formatting wrapper script which checked for voodoo, failed. Strange bug in sh actually.. workaround in script found and reported
bugs 3 and 4 details unimportant, were related to the mystery of where sslvpn went. z4build was splitting the initramfs by tacking it some of it brute force on to the end of the zImage. The init script found it again and unpacked the files before continuing. Oddly, it seems an uneeded because I fit the only big displaced file in just fine without splitting and I didn't even use heavy compression. Anyway, needed or not it caused two files to go missing, this one, and a small text file that reported the version of z4mod. this file prevented z4control from working.
I will not fix this tonight, but I mostly understand it (altough not in exact detail of precisely understanding some of the odd symptoms, but I think dealing with this will likely solve it all) My diffs could never find the version file, cuase I never unpacked it to know it even existed in the first place. Waaaah.. bug tracking is tiring. We should have this all running very shortly.
update: my first attempt at fixing the repacking bug.. resulted (I already feared this but hoped it would just go away) in a kernel that seems totaly complete, but where it seems something in the init wrapper isn't working... getting closer to finding it.
update: LAST BUG FIXED
The last bug(which I previously assumed was part of the repack bug) was actually aslo part of z4build, now documented here:
http://forum.xda-developers.com/showpost.php?p=10638535&postcount=1062
I'm pretty sure that one should really get it all going now. there are no lines of code left to break. I've tested almost every line now. I'll get a new kernel out, but will need to wait for an updated z4control. z4ziggy seems busy right now maybe (no complaint obviously).
I can fix this last bug in my roll out of the kernel. The other remaining ones can be worked around pretty easily, but not pretty for user instructions, better to wait probably.
SK05 Rebuild test (PASS)
We have doubts about if the shw-m110s_defconfig is what is used by samsung so I decided to try to make a working kernel from an initramfs and froyo_update source code.
General idea of what I did...
sk05 source code froyo_update (from samsung)
sk05 initramfs (link in post 4 "initramfs SK05 Tested .. OK")
cd initramfs_dir
find . -print0 | cpio -o0 -H newc | gzip -9 -f > some/path/initramfs.cpio.gz
cd kernel source code root directory
modify Makefile ln. 184
make aries_android_rfs_defconfig
make menuconfig
disable a.out
add path to initramfs archive
compression gzip
make
tar --format=ustar SK05rebuilt.tar zImage
Click to expand...
Click to collapse
Results in a zImage the same size (4.6mb) as samsung's, and it boots.
awesome..
I GOT IT
That was big fat B to solve. Debugging self destructing scripts that run in a startup environment with different mounts and different PATH variable is no fun and requires some imagination. I had to work around 2 more bugs in z4build but now I have user transparent workarounds to all of them.. plug and play. Unfortunately I have about 30 minutes more free time today so I probably wont post it today. I should clean up some comments and such in it first probably. We'll see.
appagom said:
awesome..
I GOT IT
Click to expand...
Click to collapse
Very nice!
Sent from my SHW-M110S using XDA App
the "awesome" comment was referring to you. Should be able to take the grak of z4grak with some compiling , but I'm happy with it in too.. doesn't matter.
Anyway.. I updated the kernel page (from the link on OP). The new kernel is there, but I pushed it out very fast. Didn't flash last repack myself yet after changing comments.. but I only changed comments. (I am running the posted copy now) It needs testing since my system has gotten a been used and non-pristine. Get z4control, you can use it to flash it if you want. the rest is all push button I hope.
Oh and default settings are less safe than Tegrak, not much if any better than ext2 actually. I think.. can't confirm right now. I recommend modifying etc/fstab to data=ordered,barrier=1 personally.. but that's what I like about z4.. you can decide for yourself.
Sent from my SHW-M110S using XDA App
Memory Tweak - get more free RAM to use for apps and less lag.
// This was first intended for other ROM chefs, so they can include this tweak in their ROMs. I'm aware that there are apps which can do this. But it's the idea to have it included automatically, so you don't have to annoy your users
However, this is also for normal users. Those just flash the CWM Package thunderteaser made here. Thanks for this.
I made a script which boosts the RAM Management significantly.
You can use this in any ROM - those values have been created from my mind and were being tested for several days in heavy use.
IMHO, it's the perfect combination of RAM Management.
HOW TO IMPLEMENT IT INTO YOUR ROM
Just make a new bash script and place the following code into it.
NOTE: bash files created on Windows don't work. Create them with a UNIX like Linux (Ubuntu, Fedora, whatever) or Mac OS X.
Place the script in /system/etc/init.d so it gets automatically executed at every startup. You have to make this because init.rc (in root dir /) gets executed first and will also set the RAM Management (minfree) on his own.
UPDATE - 20.03.2011
Supercurio said, there is support for init.d in his Voodoo injected kernel for JV1 Gingerbread.
This means, the script is fully working and the Gingerbread JV1 memory leaks are fixed when using those values.
This also means, my current ROM v10.0 Beta 3 already has the Memory Hack integrated.
Code:
#!/system/bin/sh
# DarkyROM 2011 - Joël Staub (darkyy)
# This will stabilize the memory leaks in Gingerbread and other ROMs.
# Adjusting Memory Settings
# The values in MB: 10, 16, 24, 68, 76, 92
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "Modifying minfree parameters"
echo "2560,4096,6144,17408,19456,23552" > /sys/module/lowmemorykiller/parameters/minfree
else
echo "minfree not found"
fi
Permissions
You may want to adjust the permissions of the script when it's on your phone.
You can do it with ADB.
First, connect to your phone.
Code:
adb shell
Get root access.
Code:
su
Set the permissions.
Code:
chmod 777 /system/etc/init.d/ramtweak
Code:
chown root:root /system/etc/init.d/ramtweak
When you're a ROM chef, you can include those permissions either with update(r)-script or with a bash file.
Thanks to zacharias.maladroit for the hint with the permissions.
- darkyy.
Darkyy said:
Ignore the # You're not allowed to use this script without giving proper credits. - EVERYONE IS WELCOME TO IMPLEMENT THIS INTO HIS / HER ROM - I don't need credits.
Click to expand...
Click to collapse
If you don't mean it, take it out
Ok this looks awesome but for the most part of the members can u make a proper tutorial ? I really don't understand how to implement your hack, how to create a bash script init.d ?
sorry for my noobiness
And when you say in every ROM, did you also mean every custom kernel ?
chambo622 said:
If you don't mean it, take it out
Click to expand...
Click to collapse
I will, sorry for this crap
I'm a bit too tired...
touness69 said:
Ok this looks awesome but for the most part of the members can u make a proper tutorial ? I really don't understand how to implement your hack, how to create a bash script init.d ?
sorry for my noobiness
And when you say in every ROM, did you also mean every custom kernel ?
Click to expand...
Click to collapse
You just make a new file on your COMPUTER.
Or it would even work on your SGS (but I'm writing now for the Computer).
Example:
Let's say, you're on Windows - create a NEW text file and remove the .txt extension (you need to have this option activated in the explorer settings).
You can leave it to no extension or just make it end on .sh
You got a file called randomname.sh now.
Now to make it easy, just copy this file to the C: drive in NO subfolder.
Now just ADB push this file to your SGS into:
Code:
adb push /randomname.sh /system/etc/init.d
Or just copy the .sh file to your SGS via USB Storage mount and copy it to the directory with Root Explorer or Super Manager.
Yes, this should work with every kernel (Android 2.2.1) here.
Thanks for doing this testing to find good settings. Forgive me if I'm misinformed, but is there anything particularly innovative about new minfree settings? I do appreciate your testing and finding ones that work well for you.
have a good rest, Darkyy !
thanks for this script
so you noticed improved interactivity with "apps and less lag" ?
gotta try this with CM7
FYI:
the defaults of the CM7 kernel are:
Code:
cat /sys/module/lowmemorykiller/parameters/minfree
2048,3072,4096,6144,7168,8192
edit2:
make sure that you get the right permissions for the file on the phone afterwards
say:
Code:
chmod 750 /system/etc/init.d/99rambooster
chown root:shell /system/etc/init.d/99rambooster
thanks for explanation ! I have done what you say and rebooted my phone after that. I renamed the file to init.d after placing it into the /system/etc/ directory and setted the défault permissions for this file rwxrwxrwx (or something like that)
But how I find if I have the hack succesfuly installed ?
chambo622 said:
Thanks for doing this testing to find good settings. Forgive me if I'm misinformed, but is there anything particularly innovative about new minfree settings? I do appreciate your testing and finding ones that work well for you.
Click to expand...
Click to collapse
Not innovative - this is nothing new.
It's just that many ROM devs aren't aware of this and I thought I could share my script.
zacharias.maladroit said:
have a good rest, Darkyy !
thanks for this script
so you noticed improved interactivity with "apps and less lag" ?
gotta try this with CM7
FYI:
the defaults of the CM7 kernel are:
Code:
cat /sys/module/lowmemorykiller/parameters/minfree
2048,3072,4096,6144,7168,8192
edit2:
make sure that you get the right permissions for the file on the phone afterwards
say:
Code:
chmod 750 /system/etc/init.d/99rambooster
chown root:shell /system/etc/init.d/99rambooster
Click to expand...
Click to collapse
Strange permissions...
This would be rwx r-x --- [Owner, Group, Other]
EDIT:
Ouch, CM7 really has 2048,3072,4096,6144,7168,8192?
That's really not the best value... looks close like JV1 RAM Management at first glance...
I'm gonna check that later.
Darkyy said:
Not innovative - this is nothing new.
It's just that many ROM devs aren't aware of this and I thought I could share my script.
Strange permissions...
This would be rwx r-x --- [Owner, Group, Other]
EDIT:
Ouch, CM7 really has 2048,3072,4096,6144,7168,8192?
That's really not the best value... looks close like JV1 RAM Management at first glance...
I'm gonna check that later.
Click to expand...
Click to collapse
yes,
and those are really the permissions
ls -l
-rwxr-x--- 1 root shell 365 Aug 1 2008 00banner
-rwxr-x--- 1 root shell 27 Aug 1 2008 01sysctl
-rwxr-x--- 1 root shell 229 Aug 1 2008 03firstboot
-rwxr-x--- 1 root shell 201 Aug 1 2008 04modules
-rwxr-x--- 1 root shell 1452 Aug 1 2008 05mountsd
-rwxr-x--- 1 root shell 272 Aug 1 2008 06mountdl
-rwxr-x--- 1 root shell 925 Aug 1 2008 20userinit
-rwxr-x--- 1 root shell 2533 Mar 19 02:20 89system_tweak
-rwxr-x--- 1 root shell 2848 Aug 1 2008 90screenstate_scaling
Click to expand...
Click to collapse
good thing you came up with these improved values,
I'm gonna include these in the next revision of my script / kernel
thanks again
Thanks Darkyy! Once again, you kicketh ass!
I am gonna give this a try.
Nice, some info on min free settings:
http://www.androidcentral.com/fine-tuning-minfree-settings-improving-androids-multi-tasking
while we're at it:
you could include lots of stuff from the
tweak script for the Galaxy Spica
in your next revision of ROM
I'm using some of those
and planning to continually add more after having tested them
DocRambone said:
Nice, some info on min free settings:
http://www.androidcentral.com/fine-tuning-minfree-settings-improving-androids-multi-tasking
Click to expand...
Click to collapse
Thanks Doc, will add it tomorrow in the OP.
zacharias.maladroit said:
while we're at it:
you could include lots of stuff from the
tweak script for the Galaxy Spica
in your next revision of ROM
I'm using some of those
and planning to continually add more after having tested them
Click to expand...
Click to collapse
Nice, but most things are specially for the low-end device Spica.
I'll sure look into it
Thank you
Gah this is such a retarded suggestion. Darky your SGS ROM is really nice and I'm currently running it, but please think about things like this before you post them.
The SGS has, comparatively, RAM out the wazoo. Why do we want more of it sitting idle and unused? RAM is there to be used, not sit there looking unused and pretty like a virgin at an eastern european slave auction in a free -m command. Twatting about with this setting on behalf of the Android Low Memory Killer is essentially like telling the ROM you have less RAM than you actually do since it will always endeavour to keep that much RAM -free- as in -unused- by the GUI itself as well as Android apps.
Darkyy said:
Memory Tweak - get more free RAM to use for apps and less lag.
I made a script which boosts the RAM Management significantly.
You can use this in any ROM - those values have been created from my mind and were being tested for several days in heavy use.
IMHO, it's the perfect combination of RAM Management.
HOW TO IMPLEMENT IT INTO YOUR ROM
Just make a new bash script and place the following code into it.
Place the script in /system/etc/init.d so it gets automatically executed at every startup. You have to make this because init.rc (in root dir /) gets executed first and will also set the RAM Management (minfree) on his own.
This doesn't work on JV1 now because we don't have the kernel sources to implement init.d support.
Code:
#!/system/bin/sh
# DarkyROM 2011 - Joël Staub (darkyy)
# This will stabilize the memory leaks in Gingerbread and other ROMs.
# Adjusting Memory Settings
# Old Hack (you can ignore this, it's just another method of doing it)
#if [ -e /sdcard/darky_tweak/init.rc ]; then
# echo "Copying init.rc to /"
# cp /sdcard/darky_tweak/init.rc /
# else
# echo "No init.rc found"
#fi
# New Method [15.03.2011]
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "Modifying minfree parameters"
echo "2560,4096,6144,17408,19456,23552" > /sys/module/lowmemorykiller/parameters/minfree
else
echo "minfree not found"
fi
- darkyy.
Click to expand...
Click to collapse
How to do it. any video to show us. ??
touness69 said:
thanks for explanation ! I have done what you say and rebooted my phone after that. I renamed the file to init.d after placing it into the /system/etc/ directory and setted the défault permissions for this file rwxrwxrwx (or something like that)
But how I find if I have the hack succesfuly installed ?
Click to expand...
Click to collapse
He said to place it inside init.d not call it init.d. Are you honestly this illiterate?
shaldi said:
How to do it. any video to show us. ??
Click to expand...
Click to collapse
How to create a text file and place it where he says to place it? Are you honestly this illiterate?
Darkyy said:
You just make a new file on your COMPUTER.
Or it would even work on your SGS (but I'm writing now for the Computer).
Example:
Let's say, you're on Windows - create a NEW text file and remove the .txt extension (you need to have this option activated in the explorer settings).
You can leave it to no extension or just make it end on .sh
You got a file called randomname.sh now.
Now to make it easy, just copy this file to the C: drive in NO subfolder.
Now just ADB push this file to your SGS into:
Code:
adb push /randomname.sh /system/etc/init.d
Or just copy the .sh file to your SGS via USB Storage mount and copy it to the directory with Root Explorer or Super Manager.
Yes, this should work with every kernel (Android 2.2.1) here.
Click to expand...
Click to collapse
Darkyy, so I just copy the codes, paste in notepad then save as [anygivenname.sh] then paste into system/ect/init.d using root explorer and reboot my galaxy s?
Darky is this included in your rom? if not is it going to be?
bernard134 said:
Darkyy, so I just copy the codes, paste in notepad then save as [anygivenname.sh] then paste into system/ect/init.d using root explorer and reboot my galaxy s?
Click to expand...
Click to collapse
guys
seriously: read what comes after the 1st ,2nd and 3rd post - or the first 1-3 (or 5 sites) if it's a larger topic
you'll see that you need to change the permissions & owner
you do that via logging in via adb, becoming root (su)
and navigating to /system/etc/init.d/
or do it explicitly from the folder where you are - like I posted
0) prepare file on windows / linux / mac
Code:
#!/system/bin/sh
# DarkyROM 2011 - Joël Staub (darkyy)
# This will stabilize the memory leaks in Gingerbread and other ROMs.
# Adjusting Memory Settings
# Old Hack (you can ignore this, it's just another method of doing it)
#if [ -e /sdcard/darky_tweak/init.rc ]; then
# echo "Copying init.rc to /"
# cp /sdcard/darky_tweak/init.rc /
# else
# echo "No init.rc found"
#fi
# New Method [15.03.2011]
if [ -e /sys/module/lowmemorykiller/parameters/minfree ]; then
echo "Modifying minfree parameters"
echo "2560,4096,6144,17408,19456,23552" > /sys/module/lowmemorykiller/parameters/minfree
else
echo "minfree not found"
fi
e.g. save as:
99rambooster
1) dl & install Android SDK
http://www.talkandroid.com/android-sdk-install-guide/
2) connect phone
navigate to tools folder (or from Linux: launch from terminal via command)
3) put it on the phone
Code:
adb push 99rambooster /sdcard/
4) log in to phone & become root
Code:
adb shell
(now in phone)
Code:
su
5) copy it to init.d folder [you eventually need to remount /system rw]
Code:
cp /sdcard/99rambooster /system/etc/init.d/
6) adjust permissions:
Code:
chmod 750 /system/etc/init.d/99rambooster
chown root:shell /system/etc/init.d/99rambooster
Hi guys i have a problem creating the bootmenu
I am following this post but when i'm going to 3rd line:
C:/> adb shell
$ su
# cp -R /sdcard/bootmenu /data/bootmenu
# cd /data/bootmenu
# chmod 755 *
# ./install.sh
# rm -R /data/bootmenu
i get the following message: cd: can't cd to /data/bootmenu
could you tell me please what i'm doing wrong???
Post the output of
# ls -l /data/bootmenu
Maybe it does not exist OR it is a file (it will be a file if /sdcard/bootmenu was one)
But in any case: It's much easier to install 2nd-init directly from the android market: The currently included version 0.45 works good enough to install the CM7 port (afterwards you'll have 0.51 anyway as the port includes it's own version)
pabx said:
Post the output of
# ls -l /data/bootmenu
Maybe it does not exist OR it is a file (it will be a file if /sdcard/bootmenu was one)
But in any case: It's much easier to install 2nd-init directly from the android market: The currently included version 0.45 works good enough to install the CM7 port (afterwards you'll have 0.51 anyway as the port includes it's own version)
Click to expand...
Click to collapse
Ok thanks! I saw today new version of this that include 0.5.1
Well I've been working on getting the Kali Linux toolkit to run on Android without a chroot and I did it, just gotta mount all the subfiletree's or whatever to where they belong in Androids root dir ,"/" (NOT "/root") and set up the paths in the enviroment a it seems to be working.
I spent way more time researching and planning out exactly how I was going to exicute this, it still has some kinks as some of the filesystems clash or have files of the same name but with slightly moified content, I guess I gotta dig through all those and patch em up so it all flows together, I just ran on the presumtion that it was all compiled for arm and I think it all runs on the android kernel when you chroot into an img file. I basically just mounted the kali.img file and instead of chrooting into that I went backwords and moved everything into Androids root.
Im working on a script with sanity checks and error collection and all that, I am still learning bash, linux, kernel, android, all like a summer cram session so please forgive me if I dont know or it takes time to share something I think is even slightly worthy for ya'll.
Anyways for those interested here is a bit of the tail end of what all this research has become, I think metasploit uses ruby, so if msf is working I guess that is too... here it is
Code:
localhost etc # ls
CHANGELOG-CM.txt gps.conf ppp
CHANGES.txt hosts recovery-resource.dat
NOTICE.html.gz init.d security
apns-conf.xml init.goldfish.sh snd_soc_msm
audio_effects.conf init.qcom.efs.sync.sh ssh
audio_policy.conf init.qcom.mdm_links.sh system_fonts.xml
bash init.qcom.modem_links.sh terminfo
bluetooth init.qcom.post_boot.sh thermald-8064.conf
boot_fixup init.qcom.thermal_conf.sh thermald-8930.conf
build-manifest.xml media_codecs.xml thermald-8960.conf
dbus.conf media_profiles.xml thermald.conf
dhcpcd mkshrc vold.fstab
event-log-tags nano wifi
fallback_fonts.xml nfcee_access.xml
firmware permissions
localhost / # mount --rbind $subset/etc /etc
localhost / # which apt-get
/usr/bin/apt-get
localhost / # which mfsconsole
localhost / # which msfconsole
/usr/bin/msfconsole
localhost / # msfconsole
IIIIII dTb.dTb _.---._
II 4' v 'B .'"".'/|\`.""'.
II 6. .P : .' / | \ `. :
II 'T;. .;P' '.' / | \ `.'
II 'T; ;P' `. / | \ .'
IIIIII 'YvP' `-.__|__.-'
I love shells --egypt
Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro's wizard -- type 'go_pro' to launch it now.
=[ metasploit v4.7.0-2013071701 [core:4.7 api:1.0]
+ -- --=[ 1131 exploits - 638 auxiliary - 180 post
+ -- --=[ 309 payloads - 30 encoders - 8 nops
stty: standard input: Bad file number
msf > exit
localhost / # ls
acct init.trace.rc
bin init.usb.rc
cache initlogo.rle
charger lib
config lpm.rc
d media
data mnt
default.prop opt
dev persist
efs proc
etc res
extSdCard root
firmware run
fstab.qcom sbin
init sdcard
init.cm.rc srv
init.goldfish.rc storage
init.qcom.class_core.sh sys
init.qcom.class_main.sh system
init.qcom.early_boot.sh tmp
init.qcom.lpm_boot.sh tombstones
init.qcom.rc ueventd.goldfish.rc
init.qcom.sh ueventd.qcom.rc
init.qcom.syspart_fixup.sh ueventd.rc
init.qcom.usb.rc usbdisk0
init.qcom.usb.sh usr
init.rc var
init.recovery.qcom.rc vendor
init.target.rc
localhost / # exit
exit
[email protected]:/ #
EDIT: Please note that to get this working I had to "su -c bash" so that some of the mount commands would work properly, this is why is says "localhost / #" and not "[email protected]:/ #", its bash and thats the same interpreter the normal chroot throws you into. This is bash from Androids / directory.
My kind of thinker. I'll have to look into this!
Sent from my SPH-L710 using xda app-developers app
Haven't gotten time to try out your mod yet but thought I'd let you know I did get Kali Linux installed on my GS3 and metasploit runs relatively well ssh'ing through terminal!
Sent from my SPH-L710 using xda app-developers app