From YobiWiki
Jump to: navigation, search



App stores

Alternate views on the official market:

Alternate markets:

User manuals

Some internals info here

Short notes

Android 5.0.1 on Nexus 4

OTA attempt

This now requires adb v1.0.32 not yet in Debian/Ubuntu

Update refused to install because it was now also checking /system/bin/ integrity

cd /system/bin
mount -o remount,rw /system
mount -o remount,ro /system

Then OTA installed properly but attempt to root it with SuperSU v2.40 resulted in boot loop.

FW flashing

Android 5.1 on Nexus 4

FW flashing


apt-get install android-tools-adb
apt-get install android-tools-fastboot

USB permissions on the host

Create /etc/udev/rules.d/99-android.rules for Nexus phones:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", MODE="0666", OWNER="<your_account>" # all Nexus

Then execute /etc/init.d/udev reload

Enter Fastboot mode

  • Power off phone
  • Depends on the phone, e.g.:
    • Nexus S: keep volume-up pressed while pressing power on for 5 secs
    • Nexus 4: keep volume-down pressed while pressing power on for 5 secs
    • Nexus 5: keep volume-down pressed while pressing power on for 5 secs
    • You've entered fastboot

See for other models

Alternatively, fastboot can be triggererd from adb: adb reboot-bootloader

OEM unlock

This will wipe ALL DATA!!!

fastboot oem unlock

OEM unlock for rooted devices

Once the device has been unlocked and rooted, it can be locked/unlocked again without wiping all the data, at least on some phone models.
Install BootUnlocker

Factory images for Nexus phones

Example for Nexus S: (requires OEM unlock)

tar xzf soju-imm76d-factory-ca4ae9ee.tgz
cd soju-imm76d

Example for Nexus 4: (requires OEM unlock)
Factory Images "occam" for Nexus 4 -> Android 4.3 (JWR66Y)

tar xzf occam-jwr66y-factory-08d2b697.tgz
cf occam-jwr66y


Example for Nexus S: (requires OEM unlock)

fastboot flash recovery recovery-clockwork-

Example for Nexus 4: (requires OEM unlock)

fastboot flash recovery recovery-clockwork-

Example for Nexus 5: (requires OEM unlock)

fastboot flash recovery recovery-clockwork-

(or Touch version e.g. recovery-clockwork-touch-

We can also launch this recovery without flashing it:

fastboot boot recovery-clockwork-

Stock recovery

To show menu with stock recovery, it depends on the phone, e.g.:

  • Nexus 4: hold "power" and press "volume-up"
  • Nexus 5: press & release quickly volume-up & power a few times


Requires OEM unlock, see above fastboot oem unlock (! erase all) and BootUnlocker (for already rooted)
Requires e.g. Clockworkmod recovery
Requires e.g. ChainFire SuperSU (you can check forum for beta releases)

adb reboot bootloader
fastboot boot recovery-clockwork-touch-
# Install zip / from sideload
adb sideload
# Reboot (and decline erasing recovery updater

Rooting and OTA

One way of doing:

  • Keep stock recovery
  • Keep bootloader locked (see BootUnlocker)
  • Prevent OTA updates by touching build.prop (so its sha1sum won't match anymore)
adb shell
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

When ready to really do OTA update:

1. Unlock bootloader with BootUnlocker, super critical step!!!

2. Make a backup of the proposed OTA patch, just in case

adb shell
ls -l /cache
adb pull /cache/

3. Restore build.prop:

adb shell
mount -o remount,rw /system
sed -i '/Remove me/d' /system/build.prop
  # or if you don't have sed/busybox:
  grep -v "Remove me" /system/build.prop > /sdcard/build.prop.tmp
  cat /sdcard/build.prop.tmp > /system/build.prop
  rm /sdcard/build.prop.tmp
mount -o remount,ro /system

4. Restore /system/bin/
SuperSU may have hijacked /system/bin/ If so, we need to restore it. Unfortunately using "full unroot" won't help, see here (and you'll get stuck unrooted!) so we'll restore it manually.

adb shell
ls -l /system/bin/install-recovery*
# should be fixed or not?
mount -o remount,rw /system
mv /system/bin/ /system/bin/
mount -o remount,ro /system

5. Install proposed OTA update from Android itself

5b. Check recovery logs
In case the automatic update failed, check the recovery logs:
At this point you should be already in stock recovery, if not, go to recovery
Keep power button pressed and press volume-up to get the menu
Go to "view recovery logs"

5c. Install proposed OTA update manually from a local copy on the PC

adb reboot recovery

Keep power button pressed and press volume-up to get the menu
Go to "apply update from ADB"

adb sideload

6. Reboot and let the system updating its apps
If it seems to stand forever with the boot logo, you can have a look at the same time to the system logs:

adb logcat

Seeing looping logs with a repetition of

>>>>>> START uid 0 <<<<<<

is a bad sign, time for a full ROM recovery!

6b. Flash a factory image
Get latest image at

tar xzf ...tgz
cd ...

Or in one go:

wget -O - ... | tar xz
cd ...

Very important if you want to keep your data!!! Edit and replace

fastboot -w update


fastboot update

because -w means wipe data!!
Then reboot the phone to bootloader and launch that script:

adb reboot bootloader

7. Root again, cf above and check for latest CWM recovery and latest SuperSU

adb reboot bootloader
fastboot boot recovery-clockwork-touch-
# Install zip / from sideload
adb sideload
# Reboot (and decline erasing recovery updater

7b. Install again busybox on the system from the app
Wait for the progress bar completion, then "Install"

8. Prevent OTA updates:

adb shell
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

9. Lock bootloader with BootUnlocker

See also my feature request for BootUnlocker


To reveal developer menu on Jelly Bean, tap 10x on "settings/about/build nr"
Then enable usb debug.
USB debugging is pretty secured since Jelly Bean but beware for older versions!

adbd insecure

As USB debugging is now pretty secure, let's enable immediate root access:
Install adbd insecure
Open app -> enable & enable at boot time

adb & recovery

From recovery, you can also use adb:

  • adb shell
  • adb sideload
  • adb push



From Google Play:
Local install:

adb install stericson.busybox-1.apk
=> Run busybox -> install -> smart install

Consider buying Busybox Pro...

Modifying stuffs in system partition using su

adb push some_file /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/some_file > /etc/some_file"
sleep 1
adb shell su -c "mount -o remount,ro /system"

Modifying stuffs in system partition with insecure adbd (=being root by default)

adb shell mount -o remount,rw /system
adb push some_file /etc/some_file
sleep 1
adb shell mount -o remount,ro /system

Encrypt device

See official help
Some reports say they had to repeat the process several times on Nexus 4 before encryption started. I didn't have that problem.

One major caveat is that this is the same password for disk encryption and screen unlock, cf this longstanding bugreport.
On a rooted device this can be achieved thanks to Cryptfs password or simply by doing:

vdc cryptfs changepw <new_password>

Note that it will have to be done every time the screen PIN or pwd is changed.
See also

Nexus 4


  • Chipset: Qualcomm Snapdragon™ S4 Pro processor with 1.5GHz Quad-Core Krait CPUs
  • Operating System: Android 4.2, Jelly Bean
  • Network: 3G (WCDMA), HSPA+
  • Display: 4.7-inch WXGA True HD IPS Plus (1280 x 768 pixels)
  • Memory: 8GB / 16GB
  • RAM: 2GB
  • Camera: 8.0MP rear / 1.3MP HD front
  • Battery: 2,100mAh Li-Polymer (embedded) / Talk time: 15.3 hours / Standby: 390 hours
  • Size: 133.9 x 68.7 x 9.1mm
  • Weight: 139g
  • Other:
    • NFC: Broadcom BCM2079x family: BCM20793 over I2C, cf /dev/bcm2079x-i2c
    • SE: ST33 from STMicroelectronics
    • Wireless charging
    • Miracast
    • BT 4.0
    • SlimPort for HDMI


physical mark

  • FCC ID: ZNFE960 IC:2703C-E960

under fastboot, stock

  • PRODUCT_NAME - mako
  • VARIANT - mako 16GB
  • HW VERSION - rev_11
  • BASEBAND VERSION - M9615A-CEFWMAZM-2.0.1700.48
  • SERIAL NUMBER - xxxxxx
  • SIGNING - production
  • SECURE BOOT - enabled
  • LOCK STATE - lock

under 'About phone' from the settings, stock 4.2.2

  • Android 4.2.2
  • Baseband M9615A-CEFWMAZM-2.0.1700.48
  • Kernel 3.4.0-perf-g7ce11cd
  • Build JDQ39

under 'About phone' from the settings, 4.3

  • Android 4.3
  • Baseband M9615A-CEFWMAZM-2.0.1700.84
  • Kernel 3.4.0-perf-gf43c3d9
  • Build JWR66V then JWR66Y

My tunings

  • Original recovery
  • Rooted with "SuperSU"
    • "SuperSU" protected by PIN
    • Rooting maintained over OTA updates (using chattr +i and "SuperSU" survival mode)
  • OEM locked again
    • "Bootunlocker" app to unlock without wiping
  • Avast Mobile Security
    • anti theft with anchor in system (so even factory reset doesn't help)
    • application firewall (wifi/3g/roaming per app)
  • USB debugging activated and paired with my PC
    • "adbd insecure" installed
  • "BusyBox Pro"
  • "OpenVPN Install" & "OpenVPN Settings"
  • "SSHDroidPro"
  • Encrypted
    • with better pwd at boot time, using "Cryptfs password" app
  • Bluetooth & Belkin A2DP for car: no need to unlock my screen
    • "Bluetooth Auto Connect" -> pairs when screen is turned on
    • "Bluetooth connect and play" -> starts playing when paired
  • "AdAway" installed via "F-Droid"
  • "Nexus 4 Dot" as live wallpaper
  • "Helium" to backup & sync apps via Google Drive
  • With Android 4.4 install launcher of Nexus 5:

Nexus S

Old notes here


physical sticker behind battery

  • Model: GT-I9023
  • FCC ID: A3LGTI9023
  • SSN: -I9023GSMH
  • IMEI: xxxxxxx
  • S/N: xxxxxxx

under fastboot, after upgrade to 4.1.2

  • Bootloader version - I9020XXLC2
  • Baseband version - I9020XXKI1
  • Carrier info - EUR

under 'About phone' from the settings, after upgrade to 4.1.2

  • Android 4.1.2
  • Baseband I9023XXKI1
  • Kernel 3.0.31-g5894150 android-build@vpbs1 #1
  • Build JZO54K

Upgrading to 4.1.2

OTA update is available and the phone proposed me to start upgrade process
update zip is located in /cache

android# ls -l /cache
pc$ adb pull /cache/ .


  • Go to fastboot (vol-up + power)
  • Go to recovery
  • Backup & restore / Backup
  • Mount USB
  • Copy all /sdcard content to PC
  • Reboot -> enter fastboot again

Preparation bis

  • edit to remove recovery/ and edit META-INF/com/google/android/updater-script
    • remove all commands about recovery
    • add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
    • radio image don't seem to be affected by update, nothing to do here

This time I tried differently:

  • pc$ adb push /cache
  • dd if=boot.img of=boot-fit.img bs=262144 count=28 #(with original boot.img from 4.1.1)
  • fastboot flash boot boot-fit.img


This time I tried differently:

  • Reboot and accept upgrade, it will reboot the phone and let Clockwork recovery applying the patch
  • Despite the set_perm, recovery told me "Root access possibly lost. Fix? /system/bin/su" and I accepted, just in case...
  • Backup & restore / Backup
  • Mount USB
  • Copy new backup to PC
  • Reboot

Rooting again

  • Extract new 4.1.2 boot.img (e.g. using clockworkmod backup or:)
  • modify it & flash it back, see below
android$ su
android# cat /dev/mtd/mtd2 > /sdcard/boot.img
adb pull /sdcard/boot.img .
abootimg -x boot.img
mkdir ramdisk
cd ramdisk
gzip -dc ../initrd.img | cpio -i
sed -i 's/' default.prop
find . -print|cpio -o -Hnewc|gzip > ../initrd.img2
cd ..
abootimg -u boot.img -r initrd.img2
dd if=boot.img of=boot-fit.img bs=262144 count=28
fastboot flash boot boot-fit.img

Installing Cyanogenmod

See and repository for Crespo
Boot into cyanogenmod recovery

  • Wipe data/factory reset
adb shell mount /data
adb push /sdcard/
  • Install zip from sdcard
  • Choose zip from sdcard...
  • Reboot

To install Google apps, see

Rooting Samsung Galaxy Tab 10.1

I used a WinXP within a virtualbox under Debian
When flashing with Odin3 I had problems process being stuck at SetupConnection
Trick was to unplug physically the USB cable, start Odin3, plug the cable, connect the USB device through virtualbox to WinXP

Once rooted, upgrade the Superuser application
Once started, the app should detect su binary needs also to be updated. Follow instructions.

To enter clockwork recovery: power off / press vol down + power till 2 icons appear / press vol down to select left icon / press vol up / you should see recovery menu now

Installing new Market application:
Some apk are lying around, here is how I use them
First test their certificate as I don't want to get a malicious app:

$ adb install Vending_3.1.5.apk 

This is ok, but e.g. this one seems more worrisome, I wouldn't try it:

$ adb install Vending_3.1.6.apk 

Make your backups!
Replace manually /system/app/Vending.apk by the new version and reboot.
If trouble you may try to clean the Dalvik cache from Clockwork recovery advanced menu

busybox  mount -o remount,rw /system
mv /system/app/Vending.apk /sdcard/Vending_1.0.apk
mv /sdcard/Vending_3.1.5.apk /system/app/Vending.apk
chown 0.0 /system/app/Vending.apk
busybox  mount -o remount,ro /system

Rooting Samsung Galaxy Tab 3 7.0 3G/WiFi

For model number SM-T211!
Other methods reflash completely the device, I prefer the less intrusive method consisting in just installing CyanoGenMod Recovery and SuperSU
I used a Win7 within a virtualbox under Debian
I used


  • Enable USB Debugging Mode on the device by navigating to Settings >> Developer Options.
  • Extract CWM and Odin 3.07 files
  • Switch off the Galaxy Tab 3 7.0. Then boot the device into Download Mode by pressing and holding Volume Down, Home and Power buttons together until a construction Android robot icon with a warning triangle appears on screen. Now press the Volume Up button to enter Download Mode.
  • Plug the tablet to let Windows discovering and configuring the device USB drivers
  • Unplug the tablet
  • Run Odin on the computer as an Administrator.
  • Plug the tablet. Wait until Odin detects the device. When the device is connected successfully, the ID: COM box will turn to light blue with the COM port number. Additionally, the successful connected will be indicated by a message saying Added.
  • In Odin, click the PDA button and select the recovery.tar.md5 file. Verify that F. Reset Time checkbox is selected. Also, ensure the Auto Reboot and Re-Partition options are NOT selected.
  • Double-check and click Start button in Odin. The installation process will now begin.
  • Once the installation process completes, you will see a PASS message with green background in the left-most box at the very top of the Odin. You can now unplug the USB cable to disconnect the device from the computer.
  • Reboot the device into CWM Recovery mode by pressing and holding Volume Up, Home and Power buttons together.
  • In CWM Recovery, select "install zip / install zip from sideload"
  • Back on Debian:
adb sideload
  • Once the installation process completes, return to main recovery menu and select "reboot system now".



Wi-Fi & client certs

To be able to authenticate to a Wi-Fi network using client certificates via TLS:
If needed, export certificate from IE in Pkcs#12 PFX, *with* private key, *with* all certs, *without* strong enc, *without* deletion of private key.
Rename .pfx file as .p12
Copy pkcs#12 certificate to root of USB storage.
File must end with .p12, not .pfx!
One single file with key+cert+cacerts is ok
Wi-Fi params: 802.1x EAP / TLS / phase2: None / CA cert: cf previous import / user cert: idem / Identity: DOMAIN\user... / Anonymous id: empty / password:...

Note that after each reboot, you'll have to select manually one of the protected networks to unlock the secure storage of personal certificates or open manually the certificates storage:
Settings > Location & Security > Use secure credentials
See also Keystore Unlocker

Importing certs

Since Android 3.0, no need for rooting anymore
If troubles, use PEM format, with file extension .crt

  • drop certs on /sdcard/
  • go to settings / personal: security / credential storage: install from storage & select both certs


  • Manual, covers adb, am, pm, etc

Installing an app in /system/app :

adb push MyApp.apk /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cp /sdcard/MyApp.apk /system/app/"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot
adb shell pm list packages -s # Should be there now

Removing an app from /system/app:

adb shell su -c "mount -o remount,rw /system"
adb shell su -c "rm /system/app/MyApp.apk"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot

In case of error such as:

* daemon not running. starting it now on port 5037 *
cannot bind 'local:5037'
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon

strace revealed that the error was in fact:

socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="/tmp/5037"}, 12) = -1 EACCES (Permission denied)

and there was indeed a named pipe /tmp/5037:

srwxr-xr-x 1 root       root             0 Sep  4 23:26 5037

Removing it solved the issue.

Test menu

Dial *#*#4636#*#* (== *#*#INFO#*#*)

SMSC configuration

To configure the SMSC (SMS gateway) on Android is not straight forward.
Access a hidden settings menu by dialing *#*#4636#*#* (*#*#INFO#*#*) -> phone settings -> SMSC -> Refresh (to get current value)
To update that field, if it does not work in plain or between quotes, try encode it in PDU

  • First byte is length of SMSC info, so if it's e.g. +32475161616, it's 11 digits to code on 6 bytes, + 1 byte to code type of SMSC address => 7 bytes
  • Second byte is the type of SMSC address, 91 for international format
  • Next bytes are the SMSC digits, padded with "f" if odd, then nibble-swapped so in our example: 32475161616F => 2374151616F6
  • Full PDU-encoded SMSC is then: 07912374151616F6 -> Update


Run ddms (from Android SDK) -> Tools / Device / Screen capture


You'll need Android SDK too.
Make sure you're using the adb from SDK and not from e.g. Debian packages:

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
java -jar droidAtScreen-1.0.2.jar

Get jnlp file from project page

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
$ANDROID_HOME/platform-tools/adb start-server
javaws androidscreencast.jnlp

Rooting, old notes

Using ChainsDD SuperUser

=> drop on /sdcard/ (or use adb sideload)
=> recovery -> install from zip ->

ChainFire SuperSU

=> drop on /sdcard/ (or use adb sideload)
=> recovery
   -> wipe cache
   -> install from zip 
         -> from /sdcard:
      or -> from sideload: "adb sideload"
   -> reboot (and decline erasing recovery updater


/system/etc/ (lsattr: -----i--A----)
/system/bin/.ext/.su (rwsr-sr-x = 06755)
/system/xbin/daemonsu (rwsr-sr-x = 06755)
/system/xbin/su (rwsr-sr-x = 06755)

The 4 binaries may be locked by a "chattr +i" but this seems to break some OTA updates, so better to change manually OTA updates first.
Version 1.51 still chattr +i /system/etc/ but this breaks JWR66V to JWR66Y OTA update.
Warning CWM proposes to erase "recovery updater", actually the file from SuperSU, so decline and say no!

Rooting with SuperSU without recovery

Chainfire's CF-Auto-Root makes life really easy to install SuperSU
e.g. for Nexus 4: (requires OEM unlock)

unzip -j image/CF-Auto-Root-mako-occam-nexus4.img
sudo fastboot boot CF-Auto-Root-mako-occam-nexus4.img

Consider buying the PRO license key too...

Keep rooting over OTA

Apparently SuperSU has some "survival mode" that you can turn on in the settings but I don't know what it does...
Once you have busybox installed (see below), you can set the su binary immutable to avoid an OTA update to kill its setuid bit:

mount -o remount,rw /system
chattr +i /system/xbin/su
mount -o remount,ro /system

There is also a "OTA Rootkeeper" application to do the same
If you need to reflash a custom recovery to install a custom OTA update, see this article

Edit I'm not sure the chattr method works.
OTA update JWR66Y-from-JWR66V failed because of /system/etc/ being locked with chattr +i and used by SuperSU to launch daemonsu.
To solve it I had to modify manually the patch and apply it through custom recovery:
Avoid Clockworkmod recovery to be overwritten.
Avoid su setuid bit to be overwritten.

  • OTA update was left in /cache and failed being applied as explained above
  • Unzip
  • rm -rf recovery
  • Edit META-INF/com/google/android/updater-script :
--- updater-script.orig2013-08-27 17:40:36.500787411 +0200
+++ updater-script2013-08-27 17:40:10.912302554 +0200
@@ -1371,11 +1371,8 @@
             6713bc8134b88289bf2fd5c17bf30d0d174d6eb0, 374184,
             9d87d330c5490fec0fca02ba3d7ba17fa7d65e8c, package_extract_file("patch/system/vendor/lib/mediadrm/"));
-       "/system/etc/");
 show_progress(0.100000, 10);
-ui_print("Unpacking new recovery...");
-package_extract_dir("recovery", "/system");
 ui_print("Symlinks and permissions...");
 set_perm_recursive(0, 0, 0755, 0644, "/system");
 set_perm_recursive(0, 2000, 0755, 0755, "/system/bin");
@@ -1383,7 +1380,6 @@
 set_perm(0, 0, 0755, "/system/bin/ping");
 set_perm(0, 2000, 0750, "/system/bin/run-as");
 set_perm(1014, 2000, 0550, "/system/etc/dhcpcd/dhcpcd-run-hooks");
-set_perm(0, 0, 0544, "/system/etc/");
 set_perm_recursive(0, 0, 0755, 0555, "/system/etc/ppp");
 set_perm(0, 2000, 0755, "/system/vendor");
 set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/etc");
@@ -1407,6 +1403,9 @@
 set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/pittpatt/models/recognition");
 set_perm(0, 0, 0644, "/system/vendor/pittpatt/models/recognition/face.face.y0-y0-22-b-N.bin");
 set_perm_recursive(0, 2000, 0755, 0755, "/system/xbin");
+set_perm(0, 0, 06755, "/system/xbin/su");
+set_perm(0, 0, 06755, "/system/xbin/daemonsu");
+set_perm(0, 0, 06755, "/system/bin/.ext/.su");
 ui_print("Patching remaining system files...");
 apply_patch("/system/build.prop", "-",
             e336e937ec01a4e2fcb60d3659e296a30701ebf9, 2742,

OTA update KTU84L-from-KOT49H (4.4.3 from 4.4.2):
Modify manually the patch and apply it through custom recovery:
Avoid Clockworkmod recovery to be overwritten.
Failed to preserve root, better to root it after update

  • OTA was not pre-downloaded in /cache, so I had to take it from Google: Nexus 4, Nexus 5
  • Unzip
  • rm -rf recovery
  • Edit META-INF/com/google/android/updater-script :
--- updater-script.orig	2014-06-19 17:56:21.000000000 +0200
+++ updater-script	2014-06-19 18:12:23.000000000 +0200
@@ -4408,13 +4408,10 @@
             "-", 40e71cb1beb7b998d13ce16530d0e7bf03ed0732, 6518784,
             04df7b014a4a6b01095f5728158510fe4d8ae4fc, package_extract_file("patch/boot.img.p"));
-       "/system/etc/");
 show_progress(0.100000, 10);
 ui_print("Unpacking new files...");
 package_extract_dir("system", "/system");
-ui_print("Unpacking new recovery...");
-package_extract_dir("recovery", "/system");
 ui_print("Symlinks and permissions...");
 set_metadata_recursive("/system", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0644, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
 set_metadata_recursive("/system/bin", "uid", 0, "gid", 2000, "dmode", 0755, "fmode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
@@ -4449,7 +4446,6 @@
 set_metadata("/system/bin/wpa_supplicant", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:wpa_exec:s0");
 set_metadata_recursive("/system/etc/dhcpcd", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0644, "capabilities", 0x0, "selabel", "u:object_r:dhcp_system_file:s0");
 set_metadata("/system/etc/dhcpcd/dhcpcd-run-hooks", "uid", 1014, "gid", 2000, "mode", 0550, "capabilities", 0x0, "selabel", "u:object_r:dhcp_system_file:s0");
-set_metadata("/system/etc/", "uid", 0, "gid", 0, "mode", 0544, "capabilities", 0x0);
 set_metadata_recursive("/system/etc/ppp", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0555, "capabilities", 0x0, "selabel", "u:object_r:ppp_system_file:s0");
 set_metadata("/system/recovery-from-boot.p", "uid", 0, "gid", 0, "mode", 0644, "capabilities", 0x0);
 set_metadata("/system/vendor", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");

Then install SuperSU v2.00

USB tethering

Plug phone & PC via USB
Activate USB tethering (Settings / Wireless & networks / Tethering / USB Tethering)
It works OOB on Debian, nothing to do

Mounting USB as MTP or PTP

New Nexus devices don't use USB mass storage anymore but MTP or PTP, mainly to be able to access data both from Android & PC at the same time.
There are two methods using fuse so make sure your user is member of fuse group:

sudo adduser <your_user> fuse

and make sure your user can access the USB device (cf above: /etc/udev/rules.d/...)

Using mtpfs

See this article

sudo apt-get install mtpfs mtp-tools
mkdir ~/MyAndroid
mtpfs ~/MyAndroid
fusermount -u ~/MyAndroid

Problem is that it's very slow to mount

Using go-mtpfs

See this article

sudo apt-get install golang fuse git-core libmtp-dev libfuse-dev
mkdir /tmp/go 
GOPATH=/tmp/go go get
sudo mv /tmp/go/bin/go-mtpfs /usr/local/bin/
mkdir ~/MyAndroid
go-mtpfs ~/MyAndroid &
fusermount -u ~/MyAndroid

Using gphotofs

This method requires the phone to share files over USB as Camera (PTP), *not* MTP.

sudo apt-get install gphotofs
mkdir ~/MyAndroid
gphotofs ~/MyAndroid
fusermount -u ~/MyAndroid

Problem is that it only shows DCIM & Pictures
Not sure if it's a limitation of Android or Gphoto...


See Android Apps

Applications development

See Android SDK

Using the embedded SE

See Android SE

using Software Card Emulation

See Android Software Card Emulation

Backuping via BackupPC

I'm a big fan of BackupPc and this guy managed to link android & backuppc so let's give it a try.
Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
Instructions here suppose your phone is rooted.


Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.


I'm using SshDroidPro
Make sure backuppc key is properly installed in /data/data/
Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.


To get rsync binary, I found rsync backup for Android which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
The actual binary it downloads is available here.
But Android wget doesn't support https so you've to transfer it to your phone by another mean.
One way is to install the application I mentioned and let it download that binary.
Then, to install it at a more rooted-Android standard place:

cd /system/xbin
busybox mount -o remount,rw /system
cp /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/
chmod 755 /system/xbin/rsync
chown /system/xbin/rsync
busybox mount -o remount,ro /system


Make sure Wi-Fi will stay on!
Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)

BackupPC config

My config: create new host in backuppc web interface with:

   XferMethod = rsync
   RsyncShareName = [/data/, /efs/ (useful??), /system/, /mnt/asec/, /mnt/sdcard/]
   RsyncClientPath = /system/xbin/rsync
   BackupFilesExclude = /mnt/sdcard/ => [/oruxmaps/mapfiles, /clockworkmod/backup, /radio_dump_*, /videos]

Note that in the mentioned link he's using RsyncShareName = / and playing with BackupFilesOnly but for me it looks like BackupFilesOnly was not respected, so I preferred to have separate RsyncShareName
Some info on APP2SD here and here
I had errors "Ping too slow" so I increased

   PingMaxMsec = 400

as anyway it's on local network

Non-rooted device

For non-rooted devices the setup is a bit different:

  • SSH server will run on a non-privilegied port, e.g. port 2222
  • login will be done with sshdroid permissions, not root, so it cannot access rsync binary neither /data content
  • rsync needs to be available so we'll transfer it again, as sshdroid user:
scp -P2222 rsync galaxy:/data/data/

then make it executable

  • BackupPC config is e.g.:
   XferMethod = rsync
   RsyncShareName = [/mnt/sdcard/]
   RsyncClientPath = /data/data/
   BackupFilesExclude = /mnt/sdcard/ => [/Movies]
   RsyncClientCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"
   RsyncClientRestoreCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"

Because we cannot directly backup /data content, what can be done is to use e.g. MyBackupPro to backup most of the data to the SD card, in a scheduled way.

Personal tools