From YobiWiki
Jump to navigation Jump to search


App stores

Alternate views on the official market:

Alternate markets:

User manuals

Short notes


To reveal developer menu, tap 10x on "settings/about/build nr"
Then enable usb debug.
USB debugging is pretty secured since Jelly Bean but beware for older versions!

Since Android 5.0.1, it's required to use at least adb v1.0.32.

apt-get install android-tools-adb

Note that from recovery, you can also use adb:

  • adb shell
  • adb sideload
  • adb push



apt-get install android-tools-fastboot

USB permissions on the host

Create /etc/udev/rules.d/99-android.rules for Nexus phones:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", MODE="0666", OWNER="<your_account>" # all Nexus

Then execute /etc/init.d/udev reload

To enter Fastboot mode

  • Power off phone
  • Depends on the phone, e.g.:
    • Nexus S: keep volume-up pressed while pressing power on for 5 secs
    • Nexus 4: keep volume-down pressed while pressing power on for 5 secs
    • Nexus 5: keep volume-down pressed while pressing power on for 5 secs
    • You've entered fastboot

See for other models

Alternatively, fastboot can be triggererd from adb: adb reboot bootloader

OEM unlock

Necessary step before being able to flash partitions or boot on alternative recovery.

This will wipe ALL DATA!!!

fastboot oem unlock

OEM unlock for rooted devices

Once the device has been unlocked and rooted, it can be locked/unlocked again without wiping all the data, at least on some phone models.
Install BootUnlocker

Factory images for Nexus phones

Typical usage: (requires OEM unlock)


To avoid erasing user data:
Very important if you want to keep your data!!! Edit and replace

fastboot -w update


fastboot update





Flashing an alternative recovery (requires OEM unlock):

fastboot flash recovery recovery-clockwork-VERSION-CODENAME.img

Booting (without flashing) an alternative recovery (requires OEM unlock):

fastboot boot recovery-clockwork-VERSION-CODENAME.img

Stock recovery

To show menu with Nexus stock recovery, it depends on the phone, e.g.:

  • Nexus 4: hold "power" and press "volume-up"
  • Nexus 5: press & release quickly volume-up & power a few times



Requires OEM unlock, see above fastboot oem unlock (! erase all) and see below BootUnlocker (for already rooted)
Requires e.g. TWRP recovery
Requires e.g. ChainFire SuperSU (you can check forum for beta releases)

adb reboot bootloader
fastboot boot recovery-xxx.img
# In recovery, choose Advanced / Install zip / from sideload
adb sideload
# Reboot (and decline erasing recovery updater

Rooting Android M

Rooting method has changed quite a bit and is still uncertain as those lines are written, see e.g.

Rooting securely

Rooting can be done securely if:

  • bootloader is locked again
    • problem is that unlocking would erase again the data
    • see below BootUnlocker which allows on rooted Nexus to toggle bootloader without deleting data
  • keep stock recovery
  • SuperSU is locked with a PIN
    • this requires the Pro version
  • SuperSU always require the PIN to authorize an app
    • or be very careful which ones you authorize permanently

Rooting and OTA

By experience, it's always quite difficult to apply an OTA on a rooted phone, even after having attempted to unroot the phone.
So I prefer to apply a full factory image (being careful not to overwrite the data) and root it again.
If latest factory image isn't available yet, flash the latest available then apply the regular OTA before rooting.

Prevent OTA

Normally rooting is enough to prevent OTA but to be sure, one can touch build.prop (so its sha1sum won't match anymore)

adb shell
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

Attempt OTA

I don't recommend it as most attempts end in an infinite loop after the reboot.

When ready to really do OTA update:

1. Unlock bootloader with BootUnlocker, super critical step!!!

2. Make a backup of the proposed OTA patch, just in case

adb shell
ls -l /cache
adb pull /cache/

3. Restore build.prop:

adb shell
mount -o remount,rw /system
sed -i '/Remove me/d' /system/build.prop
  # or if you don't have sed/busybox:
  grep -v "Remove me" /system/build.prop > /sdcard/build.prop.tmp
  cat /sdcard/build.prop.tmp > /system/build.prop
  rm /sdcard/build.prop.tmp
mount -o remount,ro /system

4. Restore /system/bin/
SuperSU may have hijacked /system/bin/ If so, we need to restore it. Unfortunately using "full unroot" won't help, see here (and you'll get stuck unrooted!) so we'll restore it manually.

adb shell
ls -l /system/bin/install-recovery*
# should be fixed or not?
mount -o remount,rw /system
mv /system/bin/ /system/bin/
mount -o remount,ro /system

5. Install proposed OTA update from Android itself

5b. Check recovery logs
In case the automatic update failed, check the recovery logs:
At this point you should be already in stock recovery, if not, go to recovery
Keep power button pressed and press volume-up to get the menu
Go to "view recovery logs"

5c. Install proposed OTA update manually from a local copy on the PC

adb reboot recovery

Keep power button pressed and press volume-up to get the menu
Go to "apply update from ADB"

adb sideload

6. Reboot and let the system updating its apps
If it seems to stand forever with the boot logo, you can have a look at the same time to the system logs:

adb logcat

Seeing looping logs with a repetition of

>>>>>> START uid 0 <<<<<<

is a bad sign, time for a full ROM recovery!

7. Root again, see #SuperSU

8. Prevent OTA updates:

adb shell
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

9. Lock bootloader with BootUnlocker

See also my feature request for BootUnlocker

Upgrade with factory image

That's my preferred method.

1. Unlock bootloader with BootUnlocker, super critical step!!!

2. Flash a factory image
Get latest image at

tar xzf ...tgz
cd ...

Or in one go:

wget -O - ... | tar xz
cd ...

Very important if you want to keep your data!!! Edit and replace

fastboot -w update


fastboot update

Then reboot the phone to bootloader and launch that script:

adb reboot bootloader


2b. Apply OTA If you didn't flash the latest version, apply OTA update

3. Root again, see #SuperSU

4. Prevent OTA updates:

adb shell
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

5. Lock bootloader with BootUnlocker

On rooted devices

adbd insecure

As USB debugging is now pretty secure, let's enable immediate root access:
Install adbd insecure
Open app -> enable & enable at boot time


From Google Play:
Local install:

adb install stericson.busybox-1.apk
=> Run busybox -> install -> smart install

Consider buying Busybox Pro...

Modifying stuffs in system partition using su

adb push some_file /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/some_file > /etc/some_file"
sleep 1
adb shell su -c "mount -o remount,ro /system"

Modifying stuffs in system partition with insecure adbd (=being root by default)

adb shell mount -o remount,rw /system
adb push some_file /etc/some_file
sleep 1
adb shell mount -o remount,ro /system

Encrypt device

See official help
Some reports say they had to repeat the process several times on Nexus 4 before encryption started. I didn't have that problem.

One major caveat is that this is the same password for disk encryption and screen unlock, cf this longstanding bugreport.
On a rooted device this can be achieved thanks to Cryptfs password or simply by doing:

vdc cryptfs changepw <new_password>

Note that it will have to be done every time the screen PIN or pwd is changed.
See also

Phone-specific notes

See Android phones


See Android Apps

Applications development

See Android SDK

Using the embedded SE

See Android SE

Using TrustZone

See Android TrustZone

using Software Card Emulation

See Android Software Card Emulation



Wi-Fi & client certs

To be able to authenticate to a Wi-Fi network using client certificates via TLS:
If needed, export certificate from IE in Pkcs#12 PFX, *with* private key, *with* all certs, *without* strong enc, *without* deletion of private key.
Rename .pfx file as .p12
Copy pkcs#12 certificate to root of USB storage.
File must end with .p12, not .pfx!
One single file with key+cert+cacerts is ok
Wi-Fi params: 802.1x EAP / TLS / phase2: None / CA cert: cf previous import / user cert: idem / Identity: DOMAIN\user... / Anonymous id: empty / password:...

Note that after each reboot, you'll have to select manually one of the protected networks to unlock the secure storage of personal certificates or open manually the certificates storage:
Settings > Location & Security > Use secure credentials
See also Keystore Unlocker

Importing certs

Since Android 3.0, no need for rooting anymore
If troubles, use PEM format, with file extension .crt

  • drop certs on /sdcard/
  • go to settings / personal: security / credential storage: install from storage & select both certs

Test menu

Dial *#*#4636#*#* (== *#*#INFO#*#*)

SMSC configuration

To configure the SMSC (SMS gateway) on Android is not straight forward.
Access a hidden settings menu by dialing *#*#4636#*#* (*#*#INFO#*#*) -> phone settings -> SMSC -> Refresh (to get current value)
To update that field, if it does not work in plain or between quotes, try encode it in PDU

  • First byte is length of SMSC info, so if it's e.g. +32475161616, it's 11 digits to code on 6 bytes, + 1 byte to code type of SMSC address => 7 bytes
  • Second byte is the type of SMSC address, 91 for international format
  • Next bytes are the SMSC digits, padded with "f" if odd, then nibble-swapped so in our example: 32475161616F => 2374151616F6
  • Full PDU-encoded SMSC is then: 07912374151616F6 -> Update


Run ddms (from Android SDK) -> Tools / Device / Screen capture


You'll need Android SDK too.
Make sure you're using the adb from SDK and not from e.g. Debian packages:

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
java -jar droidAtScreen-1.0.2.jar

Get jnlp file from project page

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
$ANDROID_HOME/platform-tools/adb start-server
javaws androidscreencast.jnlp

USB tethering

Plug phone & PC via USB
Activate USB tethering (Settings / Wireless & networks / Tethering / USB Tethering)
It works OOB on Debian, nothing to do

Mounting USB as MTP or PTP

New Nexus devices don't use USB mass storage anymore but MTP or PTP, mainly to be able to access data both from Android & PC at the same time.
There are two methods using fuse so make sure your user is member of fuse group:

sudo adduser <your_user> fuse

and make sure your user can access the USB device (cf above: /etc/udev/rules.d/...)

Using mtpfs

See this article

sudo apt-get install mtpfs mtp-tools
mkdir ~/MyAndroid
mtpfs ~/MyAndroid
fusermount -u ~/MyAndroid

Problem is that it's very slow to mount

Using go-mtpfs

See this article

sudo apt-get install golang fuse git-core libmtp-dev libfuse-dev
mkdir /tmp/go 
GOPATH=/tmp/go go get
sudo mv /tmp/go/bin/go-mtpfs /usr/local/bin/
mkdir ~/MyAndroid
go-mtpfs ~/MyAndroid &
fusermount -u ~/MyAndroid

Using gphotofs

This method requires the phone to share files over USB as Camera (PTP), *not* MTP.

sudo apt-get install gphotofs
mkdir ~/MyAndroid
gphotofs ~/MyAndroid
fusermount -u ~/MyAndroid

Problem is that it only shows DCIM & Pictures
Not sure if it's a limitation of Android or Gphoto...

Backuping via BackupPC

I'm a big fan of BackupPc and this guy managed to link android & backuppc so let's give it a try.
Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
Instructions here suppose your phone is rooted.


Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.


I'm using SshDroidPro
Make sure backuppc key is properly installed in /data/data/
Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.


To get rsync binary, I found rsync backup for Android which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
The actual binary it downloads is available here.
But Android wget doesn't support https so you've to transfer it to your phone by another mean.
One way is to install the application I mentioned and let it download that binary.
Then, to install it at a more rooted-Android standard place:

cd /system/xbin
busybox mount -o remount,rw /system
cp /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/
chmod 755 /system/xbin/rsync
chown /system/xbin/rsync
busybox mount -o remount,ro /system


Make sure Wi-Fi will stay on!
Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)

BackupPC config

My config: create new host in backuppc web interface with:

   XferMethod = rsync
   RsyncShareName = [/data/, /efs/ (useful??), /system/, /mnt/asec/, /mnt/sdcard/]
   RsyncClientPath = /system/xbin/rsync
   BackupFilesExclude = /mnt/sdcard/ => [/oruxmaps/mapfiles, /clockworkmod/backup, /radio_dump_*, /videos]

Note that in the mentioned link he's using RsyncShareName = / and playing with BackupFilesOnly but for me it looks like BackupFilesOnly was not respected, so I preferred to have separate RsyncShareName
Some info on APP2SD here and here
I had errors "Ping too slow" so I increased

   PingMaxMsec = 400

as anyway it's on local network

Non-rooted device

For non-rooted devices the setup is a bit different:

  • SSH server will run on a non-privilegied port, e.g. port 2222
  • login will be done with sshdroid permissions, not root, so it cannot access rsync binary neither /data content
  • rsync needs to be available so we'll transfer it again, as sshdroid user:
scp -P2222 rsync galaxy:/data/data/

then make it executable

  • BackupPC config is e.g.:
   XferMethod = rsync
   RsyncShareName = [/mnt/sdcard/]
   RsyncClientPath = /data/data/
   BackupFilesExclude = /mnt/sdcard/ => [/Movies]
   RsyncClientCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"
   RsyncClientRestoreCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"

Because we cannot directly backup /data content, what can be done is to use e.g. MyBackupPro to backup most of the data to the SD card, in a scheduled way.