Difference between revisions of "Android"

From YobiWiki
Jump to navigation Jump to search
 
(42 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
* [https://secure.wikimedia.org/wikipedia/en/wiki/Google_android Wikipedia]
 
* [https://secure.wikimedia.org/wikipedia/en/wiki/Google_android Wikipedia]
 
===App stores===
 
===App stores===
* [https://market.android.com/ Android Market]
+
* [https://play.google.com/store Google Play]
 
Alternate views on the official market:
 
Alternate views on the official market:
 
* [http://www.androlib.com/ AndroLib]
 
* [http://www.androlib.com/ AndroLib]
Line 22: Line 22:
   
 
===User manuals===
 
===User manuals===
* [http://www.google.com/support/mobile/bin/answer.py?hl=en&answer=182077 Android 2.3 Manual]
+
* [https://support.google.com/nexus Android for Nexus devices]
* [http://www.htc.com/uk/userguide.aspx?p_id=316 HTC Wildfire Manual]
+
<!--* [http://www.htc.com/uk/userguide.aspx?p_id=316 HTC Wildfire Manual]
 
* [http://www.samsung.com/us/Nexus_S_Owners_Guide/ Nexus S Manual]
 
* [http://www.samsung.com/us/Nexus_S_Owners_Guide/ Nexus S Manual]
Some internals info [http://wiki.freesmartphone.org/index.php/Hardware/Nexus_S/Interfaces here]
+
Some internals info [http://wiki.freesmartphone.org/index.php/Hardware/Nexus_S/Interfaces here]-->
   
 
==Short notes==
 
==Short notes==
===Tools===
+
===ADB===
  +
To reveal developer menu, tap 10x on "settings/about/build nr"
  +
<br>Then enable usb debug.
  +
<br>USB debugging is [http://nelenkov.blogspot.jp/2013/02/secure-usb-debugging-in-android-422.html pretty secured] since Jelly Bean but beware for older versions!
  +
  +
Since Android 5.0.1, it's required to use at least [https://skia.googlesource.com/skia/+archive/cd048d18e0b81338c1a04b9749a00444597df394/platform_tools/android/bin/linux.tar.gz adb v1.0.32].
  +
 
apt-get install android-tools-adb
 
apt-get install android-tools-adb
  +
  +
Note that from recovery, you can also use adb:
  +
* adb shell
  +
* adb sideload update.zip
  +
* adb push
  +
etc
  +
===Fastboot===
 
apt-get install android-tools-fastboot
 
apt-get install android-tools-fastboot
  +
 
====USB permissions on the host====
 
====USB permissions on the host====
 
Create /etc/udev/rules.d/99-android.rules for Nexus phones:
 
Create /etc/udev/rules.d/99-android.rules for Nexus phones:
Line 38: Line 52:
 
Then execute /etc/init.d/udev reload
 
Then execute /etc/init.d/udev reload
   
===Enter Fastboot mode===
+
====To enter Fastboot mode====
 
* Power off phone
 
* Power off phone
 
* Depends on the phone, e.g.:
 
* Depends on the phone, e.g.:
Line 45: Line 59:
 
** Nexus 5: keep volume-down pressed while pressing power on for 5 secs
 
** Nexus 5: keep volume-down pressed while pressing power on for 5 secs
 
** You've entered fastboot
 
** You've entered fastboot
  +
See https://source.android.com/source/running.html for other models
Alternatively, fastboot can be triggererd from adb: adb reboot-bootloader
 
  +
  +
Alternatively, fastboot can be triggererd from adb: adb reboot bootloader
   
 
===OEM unlock===
 
===OEM unlock===
  +
Necessary step before being able to flash partitions or boot on alternative recovery.
  +
 
'''''This will wipe ALL DATA!!!'''''
 
'''''This will wipe ALL DATA!!!'''''
 
fastboot oem unlock
 
fastboot oem unlock
Line 56: Line 74:
 
===Factory images for Nexus phones===
 
===Factory images for Nexus phones===
 
* https://developers.google.com/android/nexus/images
 
* https://developers.google.com/android/nexus/images
  +
Example for Nexus S: (requires OEM unlock)
 
  +
Typical usage: (requires OEM unlock)
wget https://dl.google.com/dl/android/aosp/soju-imm76d-factory-ca4ae9ee.tgz
 
tar xzf soju-imm76d-factory-ca4ae9ee.tgz
+
tar xzf CODENAME-VERSION-factory-CHECKSUM.tgz
cd soju-imm76d
+
cd CODENAME-VERSION
./flash-all.sh
 
Example for Nexus 4: (requires OEM unlock)
 
<br>cf https://support.google.com/nexus/4/answer/2936226?hl=en
 
<br>Factory Images "occam" for Nexus 4 -> Android 4.3 (JWR66Y)
 
wget https://dl.google.com/dl/android/aosp/occam-jwr66y-factory-74b1deab.tgz
 
tar xzf occam-jwr66y-factory-08d2b697.tgz
 
cf occam-jwr66y
 
 
./flash-all.sh
 
./flash-all.sh
  +
  +
To avoid erasing user data:
  +
<br>Very important if you want to keep your data!!! Edit flash-all.sh and replace
  +
fastboot -w update image-....zip
  +
by
  +
fastboot update image-....zip
   
 
===Recovery===
 
===Recovery===
  +
====TWRP====
  +
* https://twrp.me/Devices/
  +
====ClockworkMod====
 
* http://www.clockworkmod.com/rommanager
 
* http://www.clockworkmod.com/rommanager
  +
====Usage====
Example for Nexus S: (requires OEM unlock)
 
  +
Flashing an alternative recovery (requires OEM unlock):
wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.3-crespo.img
 
fastboot flash recovery recovery-clockwork-6.0.4.3-crespo.img
+
fastboot flash recovery recovery-clockwork-VERSION-CODENAME.img
Example for Nexus 4: (requires OEM unlock)
 
wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.7-mako.img
 
fastboot flash recovery recovery-clockwork-6.0.4.7-mako.img
 
Example for Nexus 5: (requires OEM unlock)
 
wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.5-hammerhead.img
 
fastboot flash recovery recovery-clockwork-6.0.4.5-hammerhead.img
 
(or Touch version e.g. recovery-clockwork-touch-6.0.4.5-hammerhead.img)
 
   
We can also launch this recovery without flashing it:
+
Booting (without flashing) an alternative recovery (requires OEM unlock):
fastboot boot recovery-clockwork-6.0.4.7-mako.img
+
fastboot boot recovery-clockwork-VERSION-CODENAME.img
  +
====Stock recovery====
 
  +
To show menu with Nexus stock recovery, it depends on the phone, e.g.:
===Stock recovery===
 
To show menu with stock recovery, it depends on the phone, e.g.:
 
 
* Nexus 4: hold "power" and press "volume-up"
 
* Nexus 4: hold "power" and press "volume-up"
 
* Nexus 5: press & release quickly volume-up & power a few times
 
* Nexus 5: press & release quickly volume-up & power a few times
   
 
===Rooting===
 
===Rooting===
  +
====SuperSU====
Requires Clockworkmod recovery
 
  +
Requires OEM unlock, see above fastboot oem unlock (! erase all) and see below BootUnlocker (for already rooted)
====[http://androidsu.com/superuser/ Using ChainsDD SuperUser]====
 
  +
<br>Requires e.g. TWRP recovery
wget http://downloads.noshufou.netdna-cdn.com/superuser/Superuser-3.1.3-arm-signed.zip
 
  +
<br>Requires e.g. [http://download.chainfire.eu/supersu ChainFire SuperSU] (you can check [http://forum.xda-developers.com/apps/supersu forum] for beta releases)
=> drop on /sdcard/ (or use adb sideload)
 
  +
adb reboot bootloader
=> recovery -> install from zip -> Superuser-3.1.3-arm-signed.zip
 
  +
fastboot boot recovery-xxx.img
====[http://download.chainfire.eu/supersu ChainFire SuperSU]====
 
  +
# In recovery, choose Advanced / Install zip / from sideload
wget http://download.chainfire.eu/345/SuperSU/UPDATE-SuperSU-v1.51.zip
 
  +
adb sideload UPDATE-SuperSU-v2.xx.zip
=> drop on /sdcard/ (or use adb sideload)
 
  +
# Reboot (and decline erasing recovery updater install-recovery.sh)
=> recovery
 
-> wipe cache
 
-> install from zip
 
-> from /sdcard: UPDATE-SuperSU-v1.51.zip
 
or -> from sideload: "adb sideload UPDATE-SuperSU-v1.51.zip"
 
-> reboot (and decline erasing recovery updater install-recovery.sh)
 
Details:
 
/system/app/Superuser.apk
 
/system/etc/init.d/99SuperSUDaemon
 
/system/etc/install-recovery.sh (lsattr: -----i--A----)
 
/system/bin/.ext/.su (rwsr-sr-x = 06755)
 
/system/xbin/daemonsu (rwsr-sr-x = 06755)
 
/system/xbin/su (rwsr-sr-x = 06755)
 
The 4 binaries may be locked by a "chattr +i" but this seems to break some OTA updates, so better to change manually OTA updates first.
 
<br>Version 1.51 still chattr +i /system/etc/install-recovery.sh but this breaks JWR66V to JWR66Y OTA update.
 
<br>'''Warning''' CWM proposes to erase "recovery updater", actually the file from SuperSU, so '''decline''' and say no!
 
   
====Rooting with SuperSU without recovery====
+
====Rooting Android M====
  +
Rooting method has changed quite a bit and is still uncertain as those lines are written, see e.g. http://forum.xda-developers.com/apps/supersu/wip-android-6-0-marshmellow-t3219344
[http://autoroot.chainfire.eu/ Chainfire's CF-Auto-Root] makes life really easy to install [https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en SuperSU]
 
<br>e.g. for Nexus 4: (requires OEM unlock)
 
wget http://download.chainfire.eu/297/CF-Root/CF-Auto-Root/CF-Auto-Root-mako-occam-nexus4.zip
 
unzip -j CF-Auto-Root-mako-occam-nexus4.zip image/CF-Auto-Root-mako-occam-nexus4.img
 
sudo fastboot boot CF-Auto-Root-mako-occam-nexus4.img
 
Consider buying the PRO license key too...
 
   
===Keep rooting over OTA===
+
====Rooting securely====
  +
Rooting can be done securely if:
Apparently SuperSU has some "survival mode" that you can turn on in the settings but I don't know what it does...
 
  +
* bootloader is locked again
<br>Once you have busybox installed (see below), you can set the su binary immutable to avoid an OTA update to kill its setuid bit:
 
  +
** problem is that unlocking would erase again the data
  +
** see below BootUnlocker which allows on rooted Nexus to toggle bootloader without deleting data
  +
* keep stock recovery
  +
* SuperSU is locked with a PIN
  +
** this requires the Pro version
  +
* SuperSU always require the PIN to authorize an app
  +
** or be very careful which ones you authorize permanently
  +
  +
====Rooting and OTA====
  +
By experience, it's always quite difficult to apply an OTA on a rooted phone, even after having attempted to unroot the phone.
  +
<br>So I prefer to apply a full factory image (being careful not to overwrite the data) and root it again.
  +
<br>If latest factory image isn't available yet, flash the latest available then apply the regular OTA before rooting.
  +
  +
====Prevent OTA====
  +
Normally rooting is enough to prevent OTA but to be sure, one can touch build.prop (so its sha1sum won't match anymore)
  +
adb shell
  +
su
 
mount -o remount,rw /system
 
mount -o remount,rw /system
  +
echo "# Remove me to allow OTA update" >> /system/build.prop
chattr +i /system/xbin/su
 
 
mount -o remount,ro /system
 
mount -o remount,ro /system
  +
====Attempt OTA====
There is also a "OTA Rootkeeper" application to do the same
 
  +
I don't recommend it as most attempts end in an infinite loop after the reboot.
<br>If you need to reflash a custom recovery to install a custom OTA update, see [http://pof.eslack.org/2012/07/30/fortifying-a-galaxy-nexus-with-stock-ish-image-and-root-access/ this article]
 
   
  +
When ready to really do OTA update:
'''Edit''' I'm not sure the chattr method works.
 
<br>OTA update JWR66Y-from-JWR66V failed because of /system/etc/install-recovery.sh being locked with chattr +i and used by SuperSU to launch daemonsu.
 
<br>To solve it I had to modify manually the patch and apply it through custom recovery:
 
<br>Avoid Clockworkmod recovery to be overwritten.
 
<br>Avoid su setuid bit to be overwritten.
 
* OTA update was left in /cache and failed being applied as explained above
 
* Unzip 6136cbe0fb21994b8bd463d137ac75b953ba8e9b.signed-occam-JWR66Y-from-JWR66V.6136cbe0.zip
 
* rm -rf recovery
 
* Edit META-INF/com/google/android/updater-script :
 
<source lang=diff>
 
--- updater-script.orig2013-08-27 17:40:36.500787411 +0200
 
+++ updater-script2013-08-27 17:40:10.912302554 +0200
 
@@ -1371,11 +1371,8 @@
 
6713bc8134b88289bf2fd5c17bf30d0d174d6eb0, 374184,
 
9d87d330c5490fec0fca02ba3d7ba17fa7d65e8c, package_extract_file("patch/system/vendor/lib/mediadrm/libwvdrmengine.so.p"));
 
set_progress(0.999987);
 
-delete("/system/recovery-from-boot.p",
 
- "/system/etc/install-recovery.sh");
 
+delete("/system/recovery-from-boot.p");
 
show_progress(0.100000, 10);
 
-ui_print("Unpacking new recovery...");
 
-package_extract_dir("recovery", "/system");
 
ui_print("Symlinks and permissions...");
 
set_perm_recursive(0, 0, 0755, 0644, "/system");
 
set_perm_recursive(0, 2000, 0755, 0755, "/system/bin");
 
@@ -1383,7 +1380,6 @@
 
set_perm(0, 0, 0755, "/system/bin/ping");
 
set_perm(0, 2000, 0750, "/system/bin/run-as");
 
set_perm(1014, 2000, 0550, "/system/etc/dhcpcd/dhcpcd-run-hooks");
 
-set_perm(0, 0, 0544, "/system/etc/install-recovery.sh");
 
set_perm_recursive(0, 0, 0755, 0555, "/system/etc/ppp");
 
set_perm(0, 2000, 0755, "/system/vendor");
 
set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/etc");
 
@@ -1407,6 +1403,9 @@
 
set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/pittpatt/models/recognition");
 
set_perm(0, 0, 0644, "/system/vendor/pittpatt/models/recognition/face.face.y0-y0-22-b-N.bin");
 
set_perm_recursive(0, 2000, 0755, 0755, "/system/xbin");
 
+set_perm(0, 0, 06755, "/system/xbin/su");
 
+set_perm(0, 0, 06755, "/system/xbin/daemonsu");
 
+set_perm(0, 0, 06755, "/system/bin/.ext/.su");
 
ui_print("Patching remaining system files...");
 
apply_patch("/system/build.prop", "-",
 
e336e937ec01a4e2fcb60d3659e296a30701ebf9, 2742,
 
</source>
 
   
  +
1. '''Unlock bootloader with BootUnlocker''', super critical step!!!
<br>OTA update KTU84L-from-KOT49H (4.4.3 from 4.4.2):
 
<br>Modify manually the patch and apply it through custom recovery:
 
<br>Avoid Clockworkmod recovery to be overwritten.
 
<br>Failed to preserve root, better to root it after update
 
* OTA was not pre-downloaded in /cache, so I had to take it from Google: [http://android.clients.google.com/packages/ota/google_mako/61a9ce8d2c4154837905e93a2e00540b7ebad8ff.signed-occam-KTU84L-from-KOT49H.61a9ce8d.zip Nexus 4], [http://android.clients.google.com/packages/ota/google_hammerhead/d173d546ab2347ead90cb0978657f11046300511.signed-hammerhead-KTU84M-from-KOT49H.d173d546.zip Nexus 5]
 
* Unzip 61a9ce8d2c4154837905e93a2e00540b7ebad8ff.signed-occam-KTU84L-from-KOT49H.61a9ce8d.zip
 
* rm -rf recovery
 
* Edit META-INF/com/google/android/updater-script :
 
<source lang=diff>
 
--- updater-script.orig 2014-06-19 17:56:21.000000000 +0200
 
+++ updater-script 2014-06-19 18:12:23.000000000 +0200
 
@@ -4408,13 +4408,10 @@
 
"-", 40e71cb1beb7b998d13ce16530d0e7bf03ed0732, 6518784,
 
04df7b014a4a6b01095f5728158510fe4d8ae4fc, package_extract_file("patch/boot.img.p"));
 
set_progress(1.032753);
 
-delete("/system/recovery-from-boot.p",
 
- "/system/etc/install-recovery.sh");
 
+delete("/system/recovery-from-boot.p");
 
show_progress(0.100000, 10);
 
ui_print("Unpacking new files...");
 
package_extract_dir("system", "/system");
 
-ui_print("Unpacking new recovery...");
 
-package_extract_dir("recovery", "/system");
 
ui_print("Symlinks and permissions...");
 
set_metadata_recursive("/system", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0644, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
 
set_metadata_recursive("/system/bin", "uid", 0, "gid", 2000, "dmode", 0755, "fmode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
 
@@ -4449,7 +4446,6 @@
 
set_metadata("/system/bin/wpa_supplicant", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:wpa_exec:s0");
 
set_metadata_recursive("/system/etc/dhcpcd", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0644, "capabilities", 0x0, "selabel", "u:object_r:dhcp_system_file:s0");
 
set_metadata("/system/etc/dhcpcd/dhcpcd-run-hooks", "uid", 1014, "gid", 2000, "mode", 0550, "capabilities", 0x0, "selabel", "u:object_r:dhcp_system_file:s0");
 
-set_metadata("/system/etc/install-recovery.sh", "uid", 0, "gid", 0, "mode", 0544, "capabilities", 0x0);
 
set_metadata_recursive("/system/etc/ppp", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0555, "capabilities", 0x0, "selabel", "u:object_r:ppp_system_file:s0");
 
set_metadata("/system/recovery-from-boot.p", "uid", 0, "gid", 0, "mode", 0644, "capabilities", 0x0);
 
set_metadata("/system/vendor", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
 
</source>
 
Then install SuperSU v2.00
 
   
  +
2. Make a backup of the proposed OTA patch, just in case
===ADB===
 
  +
adb shell
To reveal developer menu on Jelly Bean, tap 10x on "settings/about/build nr"
 
  +
ls -l /cache
<br>Then enable usb debug.
 
  +
adb pull /cache/update.zip
<br>USB debugging is [http://nelenkov.blogspot.jp/2013/02/secure-usb-debugging-in-android-422.html pretty secured] since Jelly Bean but beware for older versions!
 
  +
===adbd insecure===
 
  +
3. Restore build.prop:
  +
adb shell
  +
su
  +
mount -o remount,rw /system
  +
sed -i '/Remove me/d' /system/build.prop
  +
# or if you don't have sed/busybox:
  +
grep -v "Remove me" /system/build.prop > /sdcard/build.prop.tmp
  +
cat /sdcard/build.prop.tmp > /system/build.prop
  +
rm /sdcard/build.prop.tmp
  +
mount -o remount,ro /system
  +
  +
4. Restore /system/bin/install-recovery.sh
  +
<br>SuperSU may have hijacked /system/bin/install-recovery.sh. If so, we need to restore it. Unfortunately using "full unroot" won't help, see [https://www.reddit.com/r/Nexus5/comments/2zdc8b/ here] (and you'll get stuck unrooted!) so we'll restore it manually.
  +
adb shell
  +
su
  +
ls -l /system/bin/install-recovery*
  +
# should be fixed or not?
  +
mount -o remount,rw /system
  +
mv /system/bin/install-recovery_original.sh /system/bin/install-recovery.sh
  +
mount -o remount,ro /system
  +
  +
5. Install proposed OTA update from Android itself
  +
  +
5b. Check recovery logs
  +
<br>In case the automatic update failed, check the recovery logs:
  +
<br>At this point you should be already in stock recovery, if not, go to recovery
  +
<br>Keep power button pressed and press volume-up to get the menu
  +
<br>Go to "view recovery logs"
  +
  +
5c. Install proposed OTA update manually from a local copy on the PC
  +
adb reboot recovery
  +
Keep power button pressed and press volume-up to get the menu
  +
<br>Go to "apply update from ADB"
  +
adb sideload update.zip
  +
  +
6. Reboot and let the system updating its apps
  +
<br>If it seems to stand forever with the boot logo, you can have a look at the same time to the system logs:
  +
adb logcat
  +
Seeing looping logs with a repetition of
  +
>>>>>> START com.android.internal.os.ZygoteInit uid 0 <<<<<<
  +
is a bad sign, time for a full ROM recovery!
  +
  +
7. Root again, see [[#SuperSU]]
  +
  +
8. Prevent OTA updates:
  +
adb shell
  +
su
  +
mount -o remount,rw /system
  +
echo "# Remove me to allow OTA update" >> /system/build.prop
  +
mount -o remount,ro /system
  +
  +
9. Lock bootloader with BootUnlocker
  +
  +
See also my [https://code.google.com/p/boot-unlocker-gnex/issues/detail?id=30 feature request] for BootUnlocker
  +
  +
====Upgrade with factory image====
  +
That's my preferred method.
  +
  +
1. '''Unlock bootloader with BootUnlocker''', super critical step!!!
  +
  +
2. Flash a factory image
  +
<br>Get latest image at https://developers.google.com/android/nexus/images
  +
tar xzf ...tgz
  +
cd ...
  +
Or in one go:
  +
wget -O - ... | tar xz
  +
cd ...
  +
Very important if you want to keep your data!!! Edit flash-all.sh and replace
  +
fastboot -w update image-....zip
  +
by
  +
fastboot update image-....zip
  +
<br>Then reboot the phone to bootloader and launch that script:
  +
adb reboot bootloader
  +
./flash-all.sh
  +
Reboot
  +
  +
2b. Apply OTA
  +
If you didn't flash the latest version, apply OTA update
  +
  +
3. Root again, see [[#SuperSU]]
  +
  +
4. Prevent OTA updates:
  +
adb shell
  +
su
  +
mount -o remount,rw /system
  +
echo "# Remove me to allow OTA update" >> /system/build.prop
  +
mount -o remount,ro /system
  +
  +
5. Lock bootloader with BootUnlocker
  +
  +
===On rooted devices===
  +
====adbd insecure====
 
As USB debugging is now pretty secure, let's enable immediate root access:
 
As USB debugging is now pretty secure, let's enable immediate root access:
 
<br>Install [https://play.google.com/store/apps/details?id=eu.chainfire.adbd adbd insecure]
 
<br>Install [https://play.google.com/store/apps/details?id=eu.chainfire.adbd adbd insecure]
 
<br>Open app -> enable & enable at boot time
 
<br>Open app -> enable & enable at boot time
===adb & recovery===
+
====Busybox====
From recovery, you can also use adb:
 
* adb shell
 
* adb sideload update.zip
 
* adb push
 
etc
 
 
===Busybox===
 
 
From Google Play: https://play.google.com/store/apps/details?id=stericson.busybox&hl=en
 
From Google Play: https://play.google.com/store/apps/details?id=stericson.busybox&hl=en
 
<br>Local install:
 
<br>Local install:
Line 243: Line 259:
 
sleep 1
 
sleep 1
 
adb shell su -c "mount -o remount,ro /system"
 
adb shell su -c "mount -o remount,ro /system"
===Modifying stuffs in system partition with insecure adbd===
+
===Modifying stuffs in system partition with insecure adbd (=being root by default)===
 
adb shell mount -o remount,rw /system
 
adb shell mount -o remount,rw /system
 
adb push some_file /etc/some_file
 
adb push some_file /etc/some_file
 
sleep 1
 
sleep 1
 
adb shell mount -o remount,ro /system
 
adb shell mount -o remount,ro /system
  +
 
===Encrypt device===
 
===Encrypt device===
 
See [https://support.google.com/android/answer/1663755?hl=en official help]
 
See [https://support.google.com/android/answer/1663755?hl=en official help]
Line 257: Line 274:
 
Note that it will have to be done every time the screen PIN or pwd is changed.
 
Note that it will have to be done every time the screen PIN or pwd is changed.
 
<br>See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html
 
<br>See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html
==Nexus 4==
+
==Phone-specific notes==
  +
See [[Android phones]]
https://en.wikipedia.org/wiki/Nexus_4
 
===Hardware===
 
* Chipset: Qualcomm Snapdragon™ S4 Pro processor with 1.5GHz Quad-Core Krait CPUs
 
* Operating System: Android 4.2, Jelly Bean
 
* Network: 3G (WCDMA), HSPA+
 
* Display: 4.7-inch WXGA True HD IPS Plus (1280 x 768 pixels)
 
* Memory: 8GB / 16GB
 
* RAM: 2GB
 
* Camera: 8.0MP rear / 1.3MP HD front
 
* Battery: 2,100mAh Li-Polymer (embedded) / Talk time: 15.3 hours / Standby: 390 hours
 
* Size: 133.9 x 68.7 x 9.1mm
 
* Weight: 139g
 
* Other:
 
** NFC: Broadcom BCM2079x family: BCM20793 over I2C, cf /dev/bcm2079x-i2c
 
** SE: ST33 from STMicroelectronics
 
** [https://en.wikipedia.org/wiki/Qi_(inductive_power_standard) Wireless charging]
 
** [https://en.wikipedia.org/wiki/Miracast Miracast]
 
** [https://en.wikipedia.org/wiki/Bluetooth#Bluetooth_v4.0 BT 4.0]
 
** SlimPort for HDMI
 
===Versions===
 
====physical mark====
 
* FCC ID: ZNFE960 IC:2703C-E960
 
* MODEL LG-960 MADE IN KOREA
 
====under fastboot, stock====
 
* PRODUCT_NAME - mako
 
* VARIANT - mako 16GB
 
* HW VERSION - rev_11
 
* BOOTLOADER VERSION - MAKOZ10o
 
* BASEBAND VERSION - M9615A-CEFWMAZM-2.0.1700.48
 
* CARRIER INFO - None
 
* SERIAL NUMBER - xxxxxx
 
* SIGNING - production
 
* SECURE BOOT - enabled
 
* LOCK STATE - lock
 
====under 'About phone' from the settings, stock 4.2.2====
 
* Android 4.2.2
 
* Baseband M9615A-CEFWMAZM-2.0.1700.48
 
* Kernel 3.4.0-perf-g7ce11cd
 
* Build JDQ39
 
====under 'About phone' from the settings, 4.3====
 
* Android 4.3
 
* Baseband M9615A-CEFWMAZM-2.0.1700.84
 
* Kernel 3.4.0-perf-gf43c3d9
 
* Build JWR66V then JWR66Y
 
   
===My tunings===
+
==Applications==
  +
See [[Android Apps]]
* Original recovery
 
* Rooted with "SuperSU"
 
** "SuperSU" protected by PIN
 
** Rooting maintained over OTA updates (using chattr +i and "SuperSU" survival mode)
 
* OEM locked again
 
** "Bootunlocker" app to unlock without wiping
 
* Avast Mobile Security
 
** anti theft with anchor in system (so even factory reset doesn't help)
 
** application firewall (wifi/3g/roaming per app)
 
* USB debugging activated and paired with my PC
 
** "adbd insecure" installed
 
* "BusyBox Pro"
 
* "OpenVPN Install" & "OpenVPN Settings"
 
* "SSHDroidPro"
 
* Encrypted
 
** with better pwd at boot time, using "Cryptfs password" app
 
* Bluetooth & Belkin A2DP for car: no need to unlock my screen
 
** "Bluetooth Auto Connect" -> pairs when screen is turned on
 
** "Bluetooth connect and play" -> starts playing when paired
 
* "AdAway" installed via "F-Droid"
 
* "Nexus 4 Dot" as live wallpaper
 
* "Helium" to backup & sync apps via Google Drive
 
* With Android 4.4 install launcher of Nexus 5:
 
** [http://www.androidfilehost.com/?fid=23212708291676903 com.google.android.launcher-0.9.6.886092.apk]
 
   
  +
==Applications development==
==Nexus S==
 
  +
See [[Android SDK]]
Old notes [[Android_old|here]]
 
  +
==Using the embedded SE==
===Versions===
 
  +
See [[Android SE]]
====physical sticker behind battery====
 
  +
==Using TrustZone==
* Model: GT-I9023
 
  +
See [[Android TrustZone]]
* FCC ID: A3LGTI9023
 
* SSN: -I9023GSMH
 
* IMEI: xxxxxxx
 
* S/N: xxxxxxx
 
====under fastboot, after upgrade to 4.1.2====
 
* Bootloader version - I9020XXLC2
 
* Baseband version - I9020XXKI1
 
* Carrier info - EUR
 
   
  +
==using Software Card Emulation==
====under 'About phone' from the settings, after upgrade to 4.1.2====
 
* Android 4.1.2
+
See [[Android Software Card Emulation]]
* Baseband I9023XXKI1
 
* Kernel 3.0.31-g5894150 android-build@vpbs1 #1
 
* Build JZO54K
 
 
===Upgrading to 4.1.2===
 
OTA update is available and the phone proposed me to start upgrade process
 
<br>update zip is located in /cache
 
android# ls -l /cache
 
pc$ adb pull /cache/9U4MCfNt.zip .
 
====Preparation====
 
* Go to fastboot (vol-up + power)
 
* Go to recovery
 
* Backup & restore / Backup
 
* Mount USB
 
* Copy all /sdcard content to PC
 
* Reboot -> enter fastboot again
 
====Preparation bis====
 
* edit 9U4MCfNt.zip to remove recovery/ and edit META-INF/com/google/android/updater-script
 
** remove all commands about recovery
 
** add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
 
** radio image don't seem to be affected by update, nothing to do here
 
This time I tried differently:
 
* pc$ adb push 9U4MCfNt.zip /cache
 
* dd if=boot.img of=boot-fit.img bs=262144 count=28 #(with original boot.img from 4.1.1)
 
* fastboot flash boot boot-fit.img
 
====Upgrade====
 
This time I tried differently:
 
* Reboot and accept upgrade, it will reboot the phone and let Clockwork recovery applying the patch
 
* Despite the set_perm, recovery told me "Root access possibly lost. Fix? /system/bin/su" and I accepted, just in case...
 
* Backup & restore / Backup
 
* Mount USB
 
* Copy new backup to PC
 
* Reboot
 
====Rooting again====
 
* Extract new 4.1.2 boot.img (e.g. using clockworkmod backup or:)
 
* modify it & flash it back, see [[Android#adb_as_root|below]]
 
<pre>
 
android$ su
 
android# cat /dev/mtd/mtd2 > /sdcard/boot.img
 
adb pull /sdcard/boot.img .
 
abootimg -x boot.img
 
mkdir ramdisk
 
cd ramdisk
 
gzip -dc ../initrd.img | cpio -i
 
sed -i 's/ro.secure=1/ro.secure=0/' default.prop
 
find . -print|cpio -o -Hnewc|gzip > ../initrd.img2
 
cd ..
 
abootimg -u boot.img -r initrd.img2
 
dd if=boot.img of=boot-fit.img bs=262144 count=28
 
fastboot flash boot boot-fit.img
 
</pre>
 
===Installing Cyanogenmod===
 
See http://wiki.cyanogenmod.org/w/Install_CM_for_crespo and [http://download.cyanogenmod.com/?device=crespo repository for Crespo]
 
<br>Boot into cyanogenmod recovery
 
* Wipe data/factory reset
 
adb shell mount /data
 
adb push YOURROMZIP.zip /sdcard/
 
* Install zip from sdcard
 
* Choose zip from sdcard...
 
* Reboot
 
To install Google apps, see http://wiki.cyanogenmod.org/w/Gapps
 
 
==Rooting Samsung Galaxy Tab 10.1==
 
cf http://forum.xda-developers.com/showthread.php?t=1239185
 
<br>I used a WinXP within a virtualbox under Debian
 
<br>When flashing with Odin3 I had problems process being stuck at SetupConnection
 
<br>Trick was to unplug physically the USB cable, start Odin3, plug the cable, connect the USB device through virtualbox to WinXP
 
 
Once rooted, upgrade the Superuser application
 
<br>Once started, the app should detect su binary needs also to be updated. Follow instructions.
 
 
To enter clockwork recovery: power off / press vol down + power till 2 icons appear / press vol down to select left icon / press vol up / you should see recovery menu now
 
 
Installing new Market application:
 
<br>Some apk are lying around, here is how I use them
 
<br>First test their certificate as I don't want to get a malicious app:
 
$ adb install Vending_3.1.5.apk
 
Failure [INSTALL_FAILED_ALREADY_EXISTS]
 
<br>This is ok, but e.g. this one seems more worrisome, I wouldn't try it:
 
$ adb install Vending_3.1.6.apk
 
Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]
 
 
Make your backups!
 
<br>Replace manually /system/app/Vending.apk by the new version and reboot.
 
<br>If trouble you may try to clean the Dalvik cache from Clockwork recovery advanced menu
 
 
busybox mount -o remount,rw /system
 
mv /system/app/Vending.apk /sdcard/Vending_1.0.apk
 
mv /sdcard/Vending_3.1.5.apk /system/app/Vending.apk
 
chown 0.0 /system/app/Vending.apk
 
busybox mount -o remount,ro /system
 
==Rooting Samsung Galaxy Tab 3 7.0 3G/WiFi==
 
cf http://honai-android.blogspot.be/2013/11/how-to-root-galaxy-tab-3-70-sm-t211-on.html
 
<br>'''For model number SM-T211!'''
 
<br>Other methods reflash completely the device, I prefer the less intrusive method consisting in just installing CyanoGenMod Recovery and SuperSU
 
<br>I used a Win7 within a virtualbox under Debian
 
<br>I used
 
* [http://j.gs/26lF USB Drivers]
 
* [http://j.gs/35xV T211.CWM.v6.0.4.5.recovery.tar.zip]
 
* [http://j.gs/34gW Universal Root Package android-armeabi-universal-root-signed.zip]
 
* [http://www.androidfilehost.com/?fid=23060877490002273 Odin 3.07]
 
Steps:
 
* Enable USB Debugging Mode on the device by navigating to Settings >> Developer Options.
 
* Extract CWM and Odin 3.07 files
 
* Switch off the Galaxy Tab 3 7.0. Then boot the device into '''Download Mode''' by pressing and holding '''Volume Down, Home and Power''' buttons together until a construction Android robot icon with a warning triangle appears on screen. Now press the Volume Up button to enter Download Mode.
 
* Plug the tablet to let Windows discovering and configuring the device USB drivers
 
* Unplug the tablet
 
* Run Odin on the computer as an Administrator.
 
* Plug the tablet. Wait until Odin detects the device. When the device is connected successfully, the ID: COM box will turn to light blue with the COM port number. Additionally, the successful connected will be indicated by a message saying Added.
 
* In Odin, click the PDA button and select the recovery.tar.md5 file. Verify that F. Reset Time checkbox is selected. Also, ensure the Auto Reboot and Re-Partition options are NOT selected.
 
* Double-check and click Start button in Odin. The installation process will now begin.
 
* Once the installation process completes, you will see a PASS message with green background in the left-most box at the very top of the Odin. You can now unplug the USB cable to disconnect the device from the computer.
 
* Reboot the device into CWM '''Recovery mode''' by pressing and holding '''Volume Up, Home and Power''' buttons together.
 
* In CWM Recovery, select "install zip / install zip from sideload"
 
* Back on Debian:
 
adb sideload android-armeabi-universal-root-signed.zip
 
* Once the installation process completes, return to main recovery menu and select "reboot system now".
 
   
 
==Misc==
 
==Misc==
Line 485: Line 312:
 
* drop certs on /sdcard/
 
* drop certs on /sdcard/
 
* go to settings / personal: security / credential storage: install from storage & select both certs
 
* go to settings / personal: security / credential storage: install from storage & select both certs
===ADB===
 
* [https://developer.android.com/tools/help/adb.html Manual], covers adb, am, pm, etc
 
Installing an app in /system/app :
 
<source lang=bash>
 
adb push MyApp.apk /sdcard/
 
adb shell su -c "mount -o remount,rw /system"
 
adb shell su -c "cp /sdcard/MyApp.apk /system/app/"
 
sleep 1
 
adb shell su -c "mount -o remount,ro /system"
 
adb reboot
 
adb shell pm list packages -s # Should be there now
 
</source>
 
Removing an app from /system/app:
 
<source lang=bash>
 
adb shell su -c "mount -o remount,rw /system"
 
adb shell su -c "rm /system/app/MyApp.apk"
 
sleep 1
 
adb shell su -c "mount -o remount,ro /system"
 
adb reboot
 
</source>
 
 
In case of error such as:
 
* daemon not running. starting it now on port 5037 *
 
cannot bind 'local:5037'
 
ADB server didn't ACK
 
* failed to start daemon *
 
error: cannot connect to daemon
 
strace revealed that the error was in fact:
 
socket(PF_FILE, SOCK_STREAM, 0) = 3
 
connect(3, {sa_family=AF_FILE, path="/tmp/5037"}, 12) = -1 EACCES (Permission denied)
 
and there was indeed a named pipe /tmp/5037:
 
srwxr-xr-x 1 root root 0 Sep 4 23:26 5037
 
Removing it solved the issue.
 
 
 
===Test menu===
 
===Test menu===
 
Dial *#*#4636#*#* (== *#*#INFO#*#*)
 
Dial *#*#4636#*#* (== *#*#INFO#*#*)
Line 550: Line 343:
 
javaws androidscreencast.jnlp
 
javaws androidscreencast.jnlp
 
</source>
 
</source>
 
 
===USB tethering===
 
===USB tethering===
 
Plug phone & PC via USB
 
Plug phone & PC via USB
Line 593: Line 385:
 
<br>Not sure if it's a limitation of Android or Gphoto...
 
<br>Not sure if it's a limitation of Android or Gphoto...
   
  +
===Backuping via BackupPC===
==Applications==
 
See [[Android Apps]]
 
 
==Applications development==
 
See [[Android SDK]]
 
==Using the embedded SE==
 
See [[Android SE]]
 
==using Software Card Emulation==
 
See [[Android Software Card Emulation]]
 
 
==Backuping via BackupPC==
 
 
I'm a big fan of [[BackupPc]] and [http://www.tolaris.com/2011/06/13/backing-up-your-android-device-with-backuppc/ this guy] managed to link android & backuppc so let's give it a try.
 
I'm a big fan of [[BackupPc]] and [http://www.tolaris.com/2011/06/13/backing-up-your-android-device-with-backuppc/ this guy] managed to link android & backuppc so let's give it a try.
 
<br>Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
 
<br>Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
 
<br>Instructions here suppose your phone is rooted.
 
<br>Instructions here suppose your phone is rooted.
===IP===
+
====IP====
 
Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.
 
Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.
===SSH===
+
====SSH====
 
I'm using [http://wiki.yobi.be/wiki/Android_Apps#With_root_support SshDroidPro]
 
I'm using [http://wiki.yobi.be/wiki/Android_Apps#With_root_support SshDroidPro]
 
<br>Make sure backuppc key is properly installed in /data/data/berserker.android.apps.sshdroidpro/home/.ssh/authorized_keys
 
<br>Make sure backuppc key is properly installed in /data/data/berserker.android.apps.sshdroidpro/home/.ssh/authorized_keys
 
<br>Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.
 
<br>Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.
===rsync===
+
====rsync====
 
To get rsync binary, I found [https://market.android.com/details?id=eu.kowalczuk.rsync4android rsync backup for Android] which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
 
To get rsync binary, I found [https://market.android.com/details?id=eu.kowalczuk.rsync4android rsync backup for Android] which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
 
<br>The actual binary it downloads is available [https://sites.google.com/a/kowalczuk.eu/android/rsync here].
 
<br>The actual binary it downloads is available [https://sites.google.com/a/kowalczuk.eu/android/rsync here].
Line 628: Line 410:
 
</source>
 
</source>
   
===Wi-Fi===
+
====Wi-Fi====
 
Make sure Wi-Fi will stay on!
 
Make sure Wi-Fi will stay on!
 
<br>Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)
 
<br>Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)
   
===BackupPC config===
+
====BackupPC config====
 
My config: create new host in backuppc web interface with:
 
My config: create new host in backuppc web interface with:
 
XferMethod = rsync
 
XferMethod = rsync
Line 643: Line 425:
 
PingMaxMsec = 400
 
PingMaxMsec = 400
 
as anyway it's on local network
 
as anyway it's on local network
===Non-rooted device===
+
====Non-rooted device====
 
For non-rooted devices the setup is a bit different:
 
For non-rooted devices the setup is a bit different:
 
* SSH server will run on a non-privilegied port, e.g. port 2222
 
* SSH server will run on a non-privilegied port, e.g. port 2222

Latest revision as of 15:00, 26 April 2016

Links

App stores

Alternate views on the official market:

Alternate markets:

User manuals

Short notes

ADB

To reveal developer menu, tap 10x on "settings/about/build nr"
Then enable usb debug.
USB debugging is pretty secured since Jelly Bean but beware for older versions!

Since Android 5.0.1, it's required to use at least adb v1.0.32.

apt-get install android-tools-adb

Note that from recovery, you can also use adb:

  • adb shell
  • adb sideload update.zip
  • adb push

etc

Fastboot

apt-get install android-tools-fastboot

USB permissions on the host

Create /etc/udev/rules.d/99-android.rules for Nexus phones:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", MODE="0666", OWNER="<your_account>" # all Nexus

Then execute /etc/init.d/udev reload

To enter Fastboot mode

  • Power off phone
  • Depends on the phone, e.g.:
    • Nexus S: keep volume-up pressed while pressing power on for 5 secs
    • Nexus 4: keep volume-down pressed while pressing power on for 5 secs
    • Nexus 5: keep volume-down pressed while pressing power on for 5 secs
    • You've entered fastboot

See https://source.android.com/source/running.html for other models

Alternatively, fastboot can be triggererd from adb: adb reboot bootloader

OEM unlock

Necessary step before being able to flash partitions or boot on alternative recovery.

This will wipe ALL DATA!!!

fastboot oem unlock

OEM unlock for rooted devices

Once the device has been unlocked and rooted, it can be locked/unlocked again without wiping all the data, at least on some phone models.
Install BootUnlocker

Factory images for Nexus phones

Typical usage: (requires OEM unlock)

tar xzf CODENAME-VERSION-factory-CHECKSUM.tgz
cd CODENAME-VERSION
./flash-all.sh

To avoid erasing user data:
Very important if you want to keep your data!!! Edit flash-all.sh and replace

fastboot -w update image-....zip

by

fastboot update image-....zip

Recovery

TWRP

ClockworkMod

Usage

Flashing an alternative recovery (requires OEM unlock):

fastboot flash recovery recovery-clockwork-VERSION-CODENAME.img

Booting (without flashing) an alternative recovery (requires OEM unlock):

fastboot boot recovery-clockwork-VERSION-CODENAME.img

Stock recovery

To show menu with Nexus stock recovery, it depends on the phone, e.g.:

  • Nexus 4: hold "power" and press "volume-up"
  • Nexus 5: press & release quickly volume-up & power a few times

Rooting

SuperSU

Requires OEM unlock, see above fastboot oem unlock (! erase all) and see below BootUnlocker (for already rooted)
Requires e.g. TWRP recovery
Requires e.g. ChainFire SuperSU (you can check forum for beta releases)

adb reboot bootloader
fastboot boot recovery-xxx.img
# In recovery, choose Advanced / Install zip / from sideload
adb sideload UPDATE-SuperSU-v2.xx.zip
# Reboot (and decline erasing recovery updater install-recovery.sh)

Rooting Android M

Rooting method has changed quite a bit and is still uncertain as those lines are written, see e.g. http://forum.xda-developers.com/apps/supersu/wip-android-6-0-marshmellow-t3219344

Rooting securely

Rooting can be done securely if:

  • bootloader is locked again
    • problem is that unlocking would erase again the data
    • see below BootUnlocker which allows on rooted Nexus to toggle bootloader without deleting data
  • keep stock recovery
  • SuperSU is locked with a PIN
    • this requires the Pro version
  • SuperSU always require the PIN to authorize an app
    • or be very careful which ones you authorize permanently

Rooting and OTA

By experience, it's always quite difficult to apply an OTA on a rooted phone, even after having attempted to unroot the phone.
So I prefer to apply a full factory image (being careful not to overwrite the data) and root it again.
If latest factory image isn't available yet, flash the latest available then apply the regular OTA before rooting.

Prevent OTA

Normally rooting is enough to prevent OTA but to be sure, one can touch build.prop (so its sha1sum won't match anymore)

adb shell
su
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

Attempt OTA

I don't recommend it as most attempts end in an infinite loop after the reboot.

When ready to really do OTA update:

1. Unlock bootloader with BootUnlocker, super critical step!!!

2. Make a backup of the proposed OTA patch, just in case

adb shell
ls -l /cache
adb pull /cache/update.zip

3. Restore build.prop:

adb shell
su
mount -o remount,rw /system
sed -i '/Remove me/d' /system/build.prop
  # or if you don't have sed/busybox:
  grep -v "Remove me" /system/build.prop > /sdcard/build.prop.tmp
  cat /sdcard/build.prop.tmp > /system/build.prop
  rm /sdcard/build.prop.tmp
mount -o remount,ro /system

4. Restore /system/bin/install-recovery.sh
SuperSU may have hijacked /system/bin/install-recovery.sh. If so, we need to restore it. Unfortunately using "full unroot" won't help, see here (and you'll get stuck unrooted!) so we'll restore it manually.

adb shell
su
ls -l /system/bin/install-recovery*
# should be fixed or not?
mount -o remount,rw /system
mv /system/bin/install-recovery_original.sh /system/bin/install-recovery.sh
mount -o remount,ro /system

5. Install proposed OTA update from Android itself

5b. Check recovery logs
In case the automatic update failed, check the recovery logs:
At this point you should be already in stock recovery, if not, go to recovery
Keep power button pressed and press volume-up to get the menu
Go to "view recovery logs"

5c. Install proposed OTA update manually from a local copy on the PC

adb reboot recovery

Keep power button pressed and press volume-up to get the menu
Go to "apply update from ADB"

adb sideload update.zip

6. Reboot and let the system updating its apps
If it seems to stand forever with the boot logo, you can have a look at the same time to the system logs:

adb logcat

Seeing looping logs with a repetition of

>>>>>> START com.android.internal.os.ZygoteInit uid 0 <<<<<<

is a bad sign, time for a full ROM recovery!

7. Root again, see #SuperSU

8. Prevent OTA updates:

adb shell
su
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

9. Lock bootloader with BootUnlocker

See also my feature request for BootUnlocker

Upgrade with factory image

That's my preferred method.

1. Unlock bootloader with BootUnlocker, super critical step!!!

2. Flash a factory image
Get latest image at https://developers.google.com/android/nexus/images

tar xzf ...tgz
cd ...

Or in one go:

wget -O - ... | tar xz
cd ...

Very important if you want to keep your data!!! Edit flash-all.sh and replace

fastboot -w update image-....zip

by

fastboot update image-....zip


Then reboot the phone to bootloader and launch that script:

adb reboot bootloader
./flash-all.sh

Reboot

2b. Apply OTA If you didn't flash the latest version, apply OTA update

3. Root again, see #SuperSU

4. Prevent OTA updates:

adb shell
su
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

5. Lock bootloader with BootUnlocker

On rooted devices

adbd insecure

As USB debugging is now pretty secure, let's enable immediate root access:
Install adbd insecure
Open app -> enable & enable at boot time

Busybox

From Google Play: https://play.google.com/store/apps/details?id=stericson.busybox&hl=en
Local install:

adb install stericson.busybox-1.apk
=> Run busybox -> install -> smart install

Consider buying Busybox Pro...

Modifying stuffs in system partition using su

adb push some_file /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/some_file > /etc/some_file"
sleep 1
adb shell su -c "mount -o remount,ro /system"

Modifying stuffs in system partition with insecure adbd (=being root by default)

adb shell mount -o remount,rw /system
adb push some_file /etc/some_file
sleep 1
adb shell mount -o remount,ro /system

Encrypt device

See official help
Some reports say they had to repeat the process several times on Nexus 4 before encryption started. I didn't have that problem.

One major caveat is that this is the same password for disk encryption and screen unlock, cf this longstanding bugreport.
On a rooted device this can be achieved thanks to Cryptfs password or simply by doing:

vdc cryptfs changepw <new_password>

Note that it will have to be done every time the screen PIN or pwd is changed.
See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html

Phone-specific notes

See Android phones

Applications

See Android Apps

Applications development

See Android SDK

Using the embedded SE

See Android SE

Using TrustZone

See Android TrustZone

using Software Card Emulation

See Android Software Card Emulation

Misc

Security

http://wiki.secmobi.com/

Wi-Fi & client certs

To be able to authenticate to a Wi-Fi network using client certificates via TLS:
If needed, export certificate from IE in Pkcs#12 PFX, *with* private key, *with* all certs, *without* strong enc, *without* deletion of private key.
Rename .pfx file as .p12
(source: http://www.google.com/support/mobile/bin/answer.py?answer=168466&topic=27214#1086573)
Copy pkcs#12 certificate to root of USB storage.
File must end with .p12, not .pfx!
One single file with key+cert+cacerts is ok
Wi-Fi params: 802.1x EAP / TLS / phase2: None / CA cert: cf previous import / user cert: idem / Identity: DOMAIN\user... / Anonymous id: empty / password:...

Note that after each reboot, you'll have to select manually one of the protected networks to unlock the secure storage of personal certificates or open manually the certificates storage:
Settings > Location & Security > Use secure credentials
See also Keystore Unlocker

Importing certs

Since Android 3.0, no need for rooting anymore
If troubles, use PEM format, with file extension .crt

  • drop certs on /sdcard/
  • go to settings / personal: security / credential storage: install from storage & select both certs

Test menu

Dial *#*#4636#*#* (== *#*#INFO#*#*)

SMSC configuration

To configure the SMSC (SMS gateway) on Android is not straight forward.
Access a hidden settings menu by dialing *#*#4636#*#* (*#*#INFO#*#*) -> phone settings -> SMSC -> Refresh (to get current value)
To update that field, if it does not work in plain or between quotes, try encode it in PDU

  • First byte is length of SMSC info, so if it's e.g. +32475161616, it's 11 digits to code on 6 bytes, + 1 byte to code type of SMSC address => 7 bytes
  • Second byte is the type of SMSC address, 91 for international format
  • Next bytes are the SMSC digits, padded with "f" if odd, then nibble-swapped so in our example: 32475161616F => 2374151616F6
  • Full PDU-encoded SMSC is then: 07912374151616F6 -> Update

Screenshots

Run ddms (from Android SDK) -> Tools / Device / Screen capture

Screencast

Droid@Screen:
You'll need Android SDK too.
Make sure you're using the adb from SDK and not from e.g. Debian packages:

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
java -jar droidAtScreen-1.0.2.jar

androidscreencast:
Get jnlp file from project page

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
$ANDROID_HOME/platform-tools/adb start-server
javaws androidscreencast.jnlp

USB tethering

Plug phone & PC via USB
Activate USB tethering (Settings / Wireless & networks / Tethering / USB Tethering)
It works OOB on Debian, nothing to do

Mounting USB as MTP or PTP

New Nexus devices don't use USB mass storage anymore but MTP or PTP, mainly to be able to access data both from Android & PC at the same time.
There are two methods using fuse so make sure your user is member of fuse group:

sudo adduser <your_user> fuse

and make sure your user can access the USB device (cf above: /etc/udev/rules.d/...)

Using mtpfs

See this article

sudo apt-get install mtpfs mtp-tools
mkdir ~/MyAndroid
mtpfs ~/MyAndroid
...
fusermount -u ~/MyAndroid

Problem is that it's very slow to mount

Using go-mtpfs

See this article

sudo apt-get install golang fuse git-core libmtp-dev libfuse-dev
mkdir /tmp/go 
GOPATH=/tmp/go go get github.com/hanwen/go-mtpfs
sudo mv /tmp/go/bin/go-mtpfs /usr/local/bin/
mkdir ~/MyAndroid
go-mtpfs ~/MyAndroid &
...
fusermount -u ~/MyAndroid

Using gphotofs

This method requires the phone to share files over USB as Camera (PTP), *not* MTP.

sudo apt-get install gphotofs
mkdir ~/MyAndroid
gphotofs ~/MyAndroid
...
fusermount -u ~/MyAndroid

Problem is that it only shows DCIM & Pictures
Not sure if it's a limitation of Android or Gphoto...

Backuping via BackupPC

I'm a big fan of BackupPc and this guy managed to link android & backuppc so let's give it a try.
Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
Instructions here suppose your phone is rooted.

IP

Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.

SSH

I'm using SshDroidPro
Make sure backuppc key is properly installed in /data/data/berserker.android.apps.sshdroidpro/home/.ssh/authorized_keys
Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.

rsync

To get rsync binary, I found rsync backup for Android which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
The actual binary it downloads is available here.
But Android wget doesn't support https so you've to transfer it to your phone by another mean.
One way is to install the application I mentioned and let it download that binary.
Then, to install it at a more rooted-Android standard place:

cd /system/xbin
busybox mount -o remount,rw /system
cp /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/
chmod 755 /system/xbin/rsync
chown root.shell /system/xbin/rsync
busybox mount -o remount,ro /system

Wi-Fi

Make sure Wi-Fi will stay on!
Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)

BackupPC config

My config: create new host in backuppc web interface with:

   XferMethod = rsync
   RsyncShareName = [/data/, /efs/ (useful??), /system/, /mnt/asec/, /mnt/sdcard/]
   RsyncClientPath = /system/xbin/rsync
   BackupFilesExclude = /mnt/sdcard/ => [/oruxmaps/mapfiles, /clockworkmod/backup, /radio_dump_*, /videos]

Note that in the mentioned link he's using RsyncShareName = / and playing with BackupFilesOnly but for me it looks like BackupFilesOnly was not respected, so I preferred to have separate RsyncShareName
Some info on APP2SD here and here
I had errors "Ping too slow" so I increased

   PingMaxMsec = 400

as anyway it's on local network

Non-rooted device

For non-rooted devices the setup is a bit different:

  • SSH server will run on a non-privilegied port, e.g. port 2222
  • login will be done with sshdroid permissions, not root, so it cannot access rsync binary neither /data content
  • rsync needs to be available so we'll transfer it again, as sshdroid user:
scp -P2222 rsync galaxy:/data/data/berserker.android.apps.sshdroid/home/bin/

then make it executable

  • BackupPC config is e.g.:
   XferMethod = rsync
   RsyncShareName = [/mnt/sdcard/]
   RsyncClientPath = /data/data/berserker.android.apps.sshdroid/home/bin/rsync
   BackupFilesExclude = /mnt/sdcard/ => [/Movies]
   RsyncClientCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"
   RsyncClientRestoreCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"

Because we cannot directly backup /data content, what can be done is to use e.g. MyBackupPro to backup most of the data to the SD card, in a scheduled way.