Difference between revisions of "Android"

From YobiWiki
Jump to navigation Jump to search
 
(183 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
* [https://secure.wikimedia.org/wikipedia/en/wiki/Google_android Wikipedia]
 
* [https://secure.wikimedia.org/wikipedia/en/wiki/Google_android Wikipedia]
 
===App stores===
 
===App stores===
* [https://market.android.com/ Android Market]
+
* [https://play.google.com/store Google Play]
 
Alternate views on the official market:
 
Alternate views on the official market:
 
* [http://www.androlib.com/ AndroLib]
 
* [http://www.androlib.com/ AndroLib]
Line 22: Line 22:
   
 
===User manuals===
 
===User manuals===
* [http://www.google.com/support/mobile/bin/answer.py?hl=en&answer=182077 Android 2.3 Manual]
+
* [https://support.google.com/nexus Android for Nexus devices]
* [http://www.htc.com/uk/userguide.aspx?p_id=316 HTC Wildfire Manual]
+
<!--* [http://www.htc.com/uk/userguide.aspx?p_id=316 HTC Wildfire Manual]
 
* [http://www.samsung.com/us/Nexus_S_Owners_Guide/ Nexus S Manual]
 
* [http://www.samsung.com/us/Nexus_S_Owners_Guide/ Nexus S Manual]
  +
Some internals info [http://wiki.freesmartphone.org/index.php/Hardware/Nexus_S/Interfaces here]-->
==Nexus S==
 
===Versions===
 
====physical sticker behind battery====
 
* Model: GT-I9023
 
* FCC ID: A3LGTI9023
 
* SSN: -I9023GSMH
 
* IMEI: xxxxxxx
 
* S/N: xxxxxxx
 
====under fastboot, stock====
 
* Product name - HERRING
 
* HW Version - rev 52
 
* Bootloader version - I9020XXKA3
 
* Baseband version - I9020XXKB3
 
* Carrier info - EUR
 
* Serial number - xxxxxxx
 
====under fastboot, after upgrade to 2.3.4====
 
* Baseband version - I9020XXKD1
 
* Carrier info - EUR
 
====under 'About phone' from the settings, stock 2.3.3====
 
* Android 2.3.3
 
* Baseband I9023XXKB3
 
* Kernel 2.6.35.7-g1d030a7
 
* Build GRI54
 
====under 'About phone' from the settings, after upgrade to 2.3.4====
 
* Android 2.3.4
 
* Baseband I9023XXKD1
 
* Kernel 2.6.35.7-ge382d80 android-build@apa28 #1
 
* Build GRJ22
 
   
  +
==Short notes==
===USB permissions on the host===
 
  +
===ADB===
On the host, example how to solve permissions:
 
  +
To reveal developer menu, tap 10x on "settings/about/build nr"
<br>Create /etc/udev/rules.d/99-android.rules for Nexus phones:
 
  +
<br>Then enable usb debug.
<pre>
 
  +
<br>USB debugging is [http://nelenkov.blogspot.jp/2013/02/secure-usb-debugging-in-android-422.html pretty secured] since Jelly Bean but beware for older versions!
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bb4", ATTRS{idProduct}=="0fff", MODE="0666", OWNER="<your_account>" # Nexus One Fastboot
 
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4e11", MODE="0666", OWNER="<your_account>" # Nexus One Normal
 
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4e12", MODE="0666", OWNER="<your_account>" # Nexus One Debug/Recovery
 
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4e20", MODE="0666", OWNER="<your_account>" # Nexus S Fastboot
 
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4e21", MODE="0666", OWNER="<your_account>" # Nexus S Normal
 
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4e22", MODE="0666", OWNER="<your_account>" # Nexus S Debug/Recovery
 
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4e23", MODE="0666", OWNER="<your_account>" # ???
 
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4e24", MODE="0666", OWNER="<your_account>" # Nexus S USB tethering
 
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bb4", ATTRS{idProduct}=="0c8b", MODE="0666", OWNER="<your_account>" # HTC Normal
 
</pre>
 
Then execute /etc/init.d/udev reload
 
   
  +
Since Android 5.0.1, it's required to use at least [https://skia.googlesource.com/skia/+archive/cd048d18e0b81338c1a04b9749a00444597df394/platform_tools/android/bin/linux.tar.gz adb v1.0.32].
===Restoring factory ROM (2.3.3)===
 
Warning, it will destroy everything, make your backups first!!
 
* Get firmware [http://www.samfirmware.com/WEBPROTECT-i9023.htm here] for a European Nexus S i9023, mine needs the I9023XXKB3 one.
 
* Rename tar.md5 as tar
 
* Get Odin sw from [http://www.samfirmware.com/WEBPROTECT-programandroid.htm here], choose i9023
 
** e.g. I9003_Odin3_v1.82.rar & SAMSUNG_USB.rar
 
* Run Odin (works in a virtualbox if needed), load the 4 files:
 
** bootloader: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/Bootloader_I9023XXKA3.tar
 
** PDA: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar
 
** Phone: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/MODEM_I9023XXKB3_REV_00_CL912571_SIGNED.tar
 
** CSC: I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/DGS_I9023_EUR.tar
 
* Turn phone off
 
* Plug USB
 
* Just before battery icon showing, enter download mode by pressing middle of volume up / volume down button for long, you'll get a big yellow warning triangle
 
* If using virtualbox, bring USB device (Samsung serial) to virtualbox
 
* Now Odin should show a yellow rectangle with COM0
 
* Press "start" in Odin
 
Sources:
 
* http://forum.frandroid.com/topic/52144-tuto-flash-via-odin/ (fr)
 
* http://forum.frandroid.com/topic/51710-astuce-probleme-de-reconnaissance-par-odin-sous-mode-download/ (fr)
 
* http://www.samfirmware.com/I9023%20Flasghuide%20English.pdf
 
   
  +
apt-get install android-tools-adb
===Restoring (most of) factory ROM (2.3.3) with fastboot===
 
Ok previous section was about restoring *everything* as genuine but it requires Windows and most of the time all you screwed up was the boot image, the recovery image or the system image so here is how to restore them or part of them provided that you can still enter fastboot:
 
<pre>
 
fastboot oem unlock # if needed
 
fastboot flash recovery recovery.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar
 
fastboot flash system system.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar
 
fastboot flash boot boot.img # from Samsung PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar
 
</pre>
 
Warning: I got /sdcard content erased, maybe because I tried to enter the native recovery, but anyway, make backups first before trying anything you risk regretting!!!
 
   
  +
Note that from recovery, you can also use adb:
E.g. to make a backup with clockwordmod:
 
  +
* adb shell
* Put phone into fastboot mode
 
  +
* adb sideload update.zip
* Enter recovery
 
  +
* adb push
* Choose backup & restore / backup
 
* Choose mount / mount USB storage
 
* From host: copy clockwordmod/backup/*
 
 
===Entering fastboot mode===
 
* Power off phone
 
* Press Volume up and power button together for long
 
* You've entered fastboot
 
* Alternatively, fastboot can be triggererd from adb: adb reboot-bootloader
 
For getting fastboot on the host, see further below
 
===Rooting 2.3.3===
 
* copy su-2.3.6.1-ef-signed.zip (from http://forum.xda-developers.com/showthread.php?t=682828) on USB storage
 
* enter fastboot mode (see above)
 
* host: fastboot oem unlock
 
* fastboot flash recovery 3025-i9023.img
 
!! Don't touch boot image or try CW 3.0.0.0, one of them caused the phone to not start android anymore, I had to perform the full factory restore with Odin !!
 
* enter recovery mode from fastboot
 
** You can make a backup now
 
** install zip from sdcard -> choose -> su-2.3.6.1-ef-signed.zip
 
** reboot
 
Sources:
 
* http://forum.xda-developers.com/showthread.php?t=988686
 
* http://nexusshacks.com/nexus-s-hacks/how-to-root-nexus-s/
 
===Upgrading to 2.3.4===
 
A new version was [http://www.frandroid.com/69196/la-version-dandroid-2-3-4-est-disponible-pour-le-nexus-s announced (fr)] two days ago.
 
<br>Official way is apparently to type "*#*#2432546#*#*" while using Wi-Fi but all I got was a "checkin succeeded" notification. Anyway patched won't apply cleanly on my rooted phone so better to do it manually.
 
<br>For GRI54, update.zip is available [http://android.clients.google.com/packages/ota/google_crespo/486786a7fd97.signed-soju-GRJ22-from-GRI54.486786a7.zip here].
 
<br>I tried to apply it but there are several caveats given the previous hacks:
 
* boot.img: to be able to patch it I've to restore the original boot.img, loosing temporarily the ro.secure=0 setting (cf "adb as root" paragraph). And failing to patch it would probably mean non-bootable as we would have missed replacing the kernel!
 
* radio.img: hash checksum failed, it seems to indicate that expected radio.img is not the one I have.
 
* recovery.img: we want to keep the clockworkmod one, so we just skip it for now
 
To apply those change this means:
 
* fastboot flash boot boot.img (from PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar)
 
* edit update.zip to remove radio.img, recovery/ and edit META-INF/com/google/android/updater-script
 
** remove all commands about radio & recovery patch
 
** add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
 
** if that line is not added, patched phone will not be rooted anymore, which can be easily fixed by applying the su..zip again
 
* upload update.zip to /sdcard and apply zip via clockworkmod recovery, it'll skip signature verification by default
 
Ok now we got a system & boot images upgraded to 2.3.4
 
<br>We can again modify boot.img to restore ro.secure=0:
 
* Extract patched 2.3.4 boot.img (cf below, or use clockworkmod), modify it & flash it back
 
 
I also wanted to patch the stock recovery image, just to get a 2.3.4 stock recovery in case of.
 
* Install the 2 files from update.zip#recovery/ into /system and chmod 755 /system/etc/install-recovery-sh
 
* Restore the stock 2.3.3 recovery.img from PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar: adb push recovery.img /sdcard/
 
* If you've flash_image on the phone you can try: flash_image recovery /sdcard/recovery.img
 
* Else:
 
<pre>
 
fastboot erase recovery
 
fastboot flash recovery recovery.img
 
</pre>
 
* Reboot the phone & start Android
 
* It should be done, recovery should have been patched, you can remove the 2 files we've put in /system and extract the patched recovery image manually (cp /dev/mtd/mtd3 /sdcard/recovery.img). Hash changed so I assume it's properly patched
 
* Restore clockworkmod recovery image
 
 
'''What's new?'''
 
<br>I didn't mention it but with 2.3.3 I had two problems I was still busy trying to solve: GPS never fixing, zero satellite! And no way to see I get copy-protected applications (and that's not because of rooting the phone, on a stock phone it failed too).
 
<br>Now GPS fixed quite fast with 2.3.4 and I could for the first time see & download copy-protected apps \o/ (even when the phone was rooted again).
 
 
'''UPDATE'''
 
<br>[http://android.clients.google.com/packages/ota/google_crespo/da8206299fe6.signed-soju-ota-121341.da820629.zip here] is the full ROM update, apparently with a new radio which should be ok for all phones...
 
<br>Seen in [http://forum.xda-developers.com/showthread.php?t=1056062 this thread].
 
===Upgrading to 2.3.6===
 
I saw there was also newer versions of ClockworkMod, probably better than the preview release I was still using.
 
<br>Latest ClockworkMod recoveries are [http://download.clockworkmod.com/recoveries/ here].
 
<br>For Nexus S, look for "crespo" img
 
* Go to fastboot (vol-up + power)
 
* Go to recovery
 
* Backup & restore / Backup
 
* Mount USB
 
* Copy all /sdcard content to PC
 
* Reboot -> enter fastboot again
 
* On PC: fastboot flash recovery recovery-clockwork-5.0.2.0-crespo.img
 
 
For GRJ22, upgrade.zip is available [http://android.clients.google.com/packages/data/ota/google_crespo/7d11404284c0.signed-soju-GRK39F-from-GRJ22.7d114042.zip here]
 
* fastboot flash boot boot.img (from stock GRJ22)
 
* edit update.zip to remove recovery/ and edit META-INF/com/google/android/updater-script
 
** remove all commands about recovery
 
** add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
 
** because I've mangled cacerts.bks to add CACert stuff, I had also to remove stuffs about cacerts.bks in the script, then make a separate zip where I first restore the previous stock cacerts.bks from GRJ22 then apply the patch. And finally mangle the new cacerts.bks again.
 
* In updater-script, check also which radio version it's able to patch. Look for line similar to this one:
 
apply_patch("MTD:radio:12583040:2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958:12583040:213c2022516ba651f62064e4379487af1e8499a2",
 
"-", 213c2022516ba651f62064e4379487af1e8499a2, 12583040,
 
2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958, package_extract_file("radio.img.p"));
 
Here it expects a radio.img from GRJ22 with SHA1 = 2ea138c96cc213b2662a4ae1ddee2d5c6bbcc958, ok
 
<br>In case you don't have the right radio img in place, or don want to patch it, remove radio.img from the zip and all commands about radio in updater-script.
 
* upload update.zip to /sdcard and "apply update from sdcard" via clockworkmod recovery, it'll skip signature verification by default
 
* Backup & Restore / Backup
 
* Mount USB
 
* Copy new backup to PC
 
Ok now we got a system & boot images upgraded to 2.3.4
 
<br>We can again modify boot.img to restore ro.secure=0:
 
* Extract patched 2.3.6 boot.img (cf below, or use clockworkmod), modify it & flash it back
 
 
===Extracting manually images from phone===
 
On root shell on the phone:
 
<pre>
 
# cat /proc/mtd
 
dev: size erasesize name
 
mtd0: 00200000 00040000 "bootloader"
 
mtd1: 00140000 00040000 "misc"
 
mtd2: 00800000 00040000 "boot"
 
mtd3: 00800000 00040000 "recovery"
 
mtd4: 1d580000 00040000 "cache"
 
mtd5: 00d80000 00040000 "radio"
 
mtd6: 006c0000 00040000 "efs"
 
# cat /dev/mtd/mtd5 > /sdcard/radio.img
 
</pre>
 
 
etc
 
etc
  +
===Fastboot===
  +
apt-get install android-tools-fastboot
   
  +
====USB permissions on the host====
==Android 2.3==
 
  +
Create /etc/udev/rules.d/99-android.rules for Nexus phones:
===Getting fastboot & Android sources===
 
There are several binaries around but I wanted to build my own.
 
Maybe not the shortest way... I downloaded all android sources...
 
<br> cf http://source.android.com/source/downloading.html
 
<br> Some missing deps on my 64-but debian when I tried to compile everything: gperf, libc6-dev-i386, lib32ncurses5-dev ia32-libs g++-multilib lib32z1-dev lib32readline6-dev
 
 
<pre>
 
<pre>
  +
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", MODE="0666", OWNER="<your_account>" # all Nexus
. build/envsetup.sh
 
lunch crespo-eng
 
make -j2
 
 
</pre>
 
</pre>
  +
Then execute /etc/init.d/udev reload
Maybe we can just compile adb & fastboot:
 
<pre>
 
make adb
 
make fastboot
 
</pre>
 
cf http://www.cduce.org/~abate/build-android-adb-debian-sid-amd64
 
   
===Getting adb & Android SDK===
+
====To enter Fastboot mode====
  +
* Power off phone
Get it from http://developer.android.com/sdk/index.html
 
  +
* Depends on the phone, e.g.:
<br>Run tools/android -> in installed packages make sure to have "Android SDK Tools", latest revision and "Android SDK Platform-tools", latest revision
 
  +
** Nexus S: keep volume-up pressed while pressing power on for 5 secs
<br>It brings also adb but not fastboot
 
  +
** Nexus 4: keep volume-down pressed while pressing power on for 5 secs
<br>If you want to update SDK: tools/android update sdk
 
  +
** Nexus 5: keep volume-down pressed while pressing power on for 5 secs
  +
** You've entered fastboot
  +
See https://source.android.com/source/running.html for other models
   
  +
Alternatively, fastboot can be triggererd from adb: adb reboot bootloader
===adb===
 
You need to activate USB debugging:
 
* Settings > Applications > Development > USB debugging
 
   
  +
===OEM unlock===
Some examples:
 
  +
Necessary step before being able to flash partitions or boot on alternative recovery.
* adb devices
 
* adb shell
 
* adb logcat
 
===adb as root===
 
Once the phone is rooted, you can, from a shell with e.g. adb shell invoke "su" & get root.
 
<br>But to get immediately into root, the file /default.prop needs to contain ro.secure=0
 
<br>But that file is restored from boot.img at each boot so you need to modify that one
 
<br>See http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images#Alternative_Method
 
<br>but there is also abootimg in debian:
 
* Taking the boot.img from Samsung (see above in I9023_EUR_GRI54_XXKB3/I9023_EUR_GRI54_XXKB3/PDA_SOJU_GRI54_TMO_EUR_MR1_SIGNED.tar).
 
<pre>
 
abootimg -x boot.img
 
mkdir ramdisk
 
cd ramdisk
 
gzip -dc ../initrd.img | cpio -i
 
sed -i default.prop 's/ro.secure=1/ro.secure=0/'
 
find . -print|cpio -o -Hnewc|gzip > ../initrd.img2
 
cd ..
 
abootimg -u boot.img -r initrd.img2
 
fastboot flash boot boot.img
 
</pre>
 
For the last command, the phone needs of course to be in fastboot mode
 
<br>Reboot phone
 
<br>I had to re-enable USB debugging but now adb shell brings me immediately a root shell :)
 
<br>Note that link mentioned above proposes an alternative way to flash the boot partition, directly from adb shell as root
 
   
  +
'''''This will wipe ALL DATA!!!'''''
Without this setup, it's a bit cumbersome to automate root commands from host, it looks like
 
  +
fastboot oem unlock
adb shell su -c "netcfg usb0 dhcp"
 
  +
===OEM unlock for rooted devices===
and the SuperUser app prompts you for confirmation on the phone for each new command
 
  +
Once the device has been unlocked and rooted, it can be locked/unlocked again without wiping all the data, at least on some phone models.
  +
<br>Install [https://play.google.com/store/apps/details?id=net.segv11.bootunlocker&hl=en BootUnlocker]
   
  +
===Factory images for Nexus phones===
Got a failure when trying to flash back a 8Mb boot.img?
 
  +
* https://developers.google.com/android/nexus/images
<br>From example above I started from a boot.img smaller than the full boot partition but if you create a new boot.img or start from an image of the full partition taken manually or with clockworkmod, boot.img will be 8Mb-large (8388608) and fastboot fails with "FAILED exceed blocks 0x00000020 > 0x0000001e".
 
<br>I'm not really sure about what size the file should be but as it's filled with zeroes till reaching 8Mb, I decided to cut it:
 
<br>0x00000020 => 0x0000001e means for me 8388608 / 0x20 * 0x1e = 7864320, so I did:
 
dd if=boot.img of=boot2.img bs=262144 count=30
 
fastboot flash boot boot2.img
 
And it worked!
 
   
  +
Typical usage: (requires OEM unlock)
===Images structure===
 
  +
tar xzf CODENAME-VERSION-factory-CHECKSUM.tgz
You may want to explore .img content (from backups, stock ROMs etc).
 
  +
cd CODENAME-VERSION
<br>Actually all .img are not the same
 
  +
./flash-all.sh
====bootloader.img====
 
/dev/mtd/mtd0
 
<br>Unknown format
 
====radio.img====
 
/dev/mtd/mtd5
 
<br>Unknown format, for baseband
 
====recovery.img====
 
/dev/mtd/mtd3
 
<br>Unknown format
 
====boot.img====
 
/dev/mtd/mtd2
 
<br>See [http://forum.xda-developers.com/showthread.php?t=443994 here] for details on the structure, and abootimg on Debian
 
   
  +
To avoid erasing user data:
====system.img====
 
  +
<br>Very important if you want to keep your data!!! Edit flash-all.sh and replace
Yaffs2 image, can be unpacked with [https://code.google.com/p/unyaffs/ unyaffs]
 
  +
fastboot -w update image-....zip
<br>Note that unyaffs failed unpacking stock system.img 2.3.3 & userdata.img but works fine on clockworkmod backups
 
  +
by
====data.img====
 
  +
fastboot update image-....zip
Yaffs2 image, can be unpacked with [https://code.google.com/p/unyaffs/ unyaffs]
 
====cache.img====
 
/dev/mtd/mtd4
 
<br>Yaffs2 image, can be unpacked with [https://code.google.com/p/unyaffs/ unyaffs]
 
====misc====
 
/dev/mtd/mtd1
 
<br>Not backuped by clockworkmod
 
====efs====
 
/dev/mtd/mtd6
 
<br>Yaffs2 image, can be unpacked with [https://code.google.com/p/unyaffs/ unyaffs]
 
<br>Not backuped by clockworkmod
 
<br>Contains stuffs linked to baseband & bluetooth
 
   
===Screenshots===
+
===Recovery===
  +
====TWRP====
Run ddms (from SDK) -> Tools / Device / Screen capture
 
  +
* https://twrp.me/Devices/
===USB tethering===
 
  +
====ClockworkMod====
Plug phone & PC via USB
 
  +
* http://www.clockworkmod.com/rommanager
<br>Activate USB tethering (Settings / Wireless & networks / Tethering / USB Tethering)
 
  +
====Usage====
<br>It works OOB on Debian, nothing to do
 
  +
Flashing an alternative recovery (requires OEM unlock):
===Getting busybox===
 
  +
fastboot flash recovery recovery-clockwork-VERSION-CODENAME.img
Need rooted phone, see above
 
<br>Google's stripped busybox, called toolbox, is far from enough once you get a shell on the phone
 
* Get [https://market.android.com/details?id=com.jrummy.busybox.installer Busybox Installer] from Market
 
Examples to use busybox versions instead of toolbox versions when the command exists twice:
 
<pre>
 
# busybox mount -o remount,rw /system
 
# /system/xbin/mount -o remount,rw /system
 
</pre>
 
   
  +
Booting (without flashing) an alternative recovery (requires OEM unlock):
===Wi-Fi & client certs===
 
  +
fastboot boot recovery-clockwork-VERSION-CODENAME.img
To be able to authenticate to a Wi-Fi network using client certificates via TLS:
 
  +
====Stock recovery====
<br>If needed, export certificate from IE in Pkcs#12 PFX, *with* private key, *with* all certs, *without* strong enc, *without* deletion of private key.
 
  +
To show menu with Nexus stock recovery, it depends on the phone, e.g.:
<br>Rename .pfx file as .p12
 
  +
* Nexus 4: hold "power" and press "volume-up"
<br>(source: http://www.google.com/support/mobile/bin/answer.py?answer=168466&topic=27214#1086573)
 
  +
* Nexus 5: press & release quickly volume-up & power a few times
<br>Copy pkcs#12 certificate to root of USB storage.
 
<br>File must end with .p12, not .pfx!
 
<br>One single file with key+cert+cacerts is ok
 
<br>Wi-Fi params: 802.1x EAP / TLS / phase2: None / CA cert: cf previous import / user cert: idem / Identity: DOMAIN\user... / Anonymous id: empty / password:...
 
   
  +
===Rooting===
Note that after each reboot, you'll have to select manually one of the protected networks to unlock the secure storage of personal certificates or open manually the certificates storage:
 
  +
====SuperSU====
<br>Settings > Location & Security > Use secure credentials
 
  +
Requires OEM unlock, see above fastboot oem unlock (! erase all) and see below BootUnlocker (for already rooted)
<br>See also [https://market.android.com/details?id=ru.chunky.AutoKeystore Keystore Unlocker]
 
  +
<br>Requires e.g. TWRP recovery
  +
<br>Requires e.g. [http://download.chainfire.eu/supersu ChainFire SuperSU] (you can check [http://forum.xda-developers.com/apps/supersu forum] for beta releases)
  +
adb reboot bootloader
  +
fastboot boot recovery-xxx.img
  +
# In recovery, choose Advanced / Install zip / from sideload
  +
adb sideload UPDATE-SuperSU-v2.xx.zip
  +
# Reboot (and decline erasing recovery updater install-recovery.sh)
   
===Importing certs===
+
====Rooting Android M====
  +
Rooting method has changed quite a bit and is still uncertain as those lines are written, see e.g. http://forum.xda-developers.com/apps/supersu/wip-android-6-0-marshmellow-t3219344
I could only manage it via a webserver & crafted headers:
 
<pre>
 
<?php
 
header("Content-Type: application/x-x509-ca-cert");
 
?>
 
-----BEGIN CERTIFICATE-----
 
...
 
-----END CERTIFICATE-----
 
</pre>
 
   
  +
====Rooting securely====
You may try this free service: http://www.realmb.com/droidCert/ which seems to do the same.
 
  +
Rooting can be done securely if:
<br>But even if imported they seem not to be used e.g. for IMAP TLS.
 
  +
* bootloader is locked again
  +
** problem is that unlocking would erase again the data
  +
** see below BootUnlocker which allows on rooted Nexus to toggle bootloader without deleting data
  +
* keep stock recovery
  +
* SuperSU is locked with a PIN
  +
** this requires the Pro version
  +
* SuperSU always require the PIN to authorize an app
  +
** or be very careful which ones you authorize permanently
   
===Importing CA certs in /system===
+
====Rooting and OTA====
  +
By experience, it's always quite difficult to apply an OTA on a rooted phone, even after having attempted to unroot the phone.
Source: [https://wiki.cacert.org/ImportRootCert#Android_Phones CACert wiki].
 
  +
<br>So I prefer to apply a full factory image (being careful not to overwrite the data) and root it again.
<br>You don't need the full Android SDK, just adb binary.
 
  +
<br>If latest factory image isn't available yet, flash the latest available then apply the regular OTA before rooting.
<br>I'm not sure if it's really the proper way but to get recognized the BouncyCastle lib which was already on my system (apt-get install libbcprov-java) I did
 
sudo ln -s /usr/share/java/bcprov.jar /usr/lib/jvm/java-6-sun/jre/lib/ext/
 
<br>Adding CACert certificates:
 
<pre>
 
adb pull /system/etc/security/cacerts.bks
 
wget http://www.cacert.org/certs/root.crt
 
wget http://www.cacert.org/certs/class3.crt
 
keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass changeit -importcert -trustcacerts -alias CACERT -file root.crt
 
keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass changeit -importcert -trustcacerts -alias CACERT3 -file class3.crt
 
adb shell busybox mount -o remount,rw /system
 
adb push cacerts.bks /system/etc/security
 
adb shell busybox mount -o remount,ro /system
 
</pre>
 
* reboot phone
 
* try https://www.cacert.org, should work without warning
 
Now my IMAP TLS which is using a CACert-signed certificate works with strict TLS setting on the phone, cool!
 
   
  +
====Prevent OTA====
'''WARNING''' this has broken proper upgrades and I had to mangle the update.zip to restore first the original cacert.bks file then get it patched.
 
  +
Normally rooting is enough to prevent OTA but to be sure, one can touch build.prop (so its sha1sum won't match anymore)
<br>Before I patched it again, my imap server gave me a lot of "couriertls: read: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number" errors before I realized it was because I didn't' have the CACert certificates anymore...
 
  +
adb shell
  +
su
  +
mount -o remount,rw /system
  +
echo "# Remove me to allow OTA update" >> /system/build.prop
  +
mount -o remount,ro /system
  +
====Attempt OTA====
  +
I don't recommend it as most attempts end in an infinite loop after the reboot.
   
  +
When ready to really do OTA update:
==Applications==
 
Here is a list of potentially useful applications
 
===Only for root===
 
Those apps require to run on a rooted phone
 
* [http://market.android.com/details?id=com.bigtincan.android.adfree AdFree] : blacklist ad providers via /etc/hosts
 
* [http://market.android.com/details?id=com.jrummy.busybox.installer Busybox Installer] : for some decent shell tools
 
* [http://market.android.com/details?id=com.aac.cachemate.demo Cachemate for Root Users Free] for cleaning apps caches
 
* [http://market.android.com/details?id=com.googlecode.droidwall.free DroidWall] : Firewall, iptables frontend
 
* [http://market.android.com/details?id=ru.chunky.AutoKeystore Keystore Unlocker] : Automatically unlock keystore on reboot
 
* [http://market.android.com/details?id=ch.racic.android.marketenabler MarketEnabler] : Change provider ID towards Android Market, useful to download apps only available via some providers
 
* [http://market.android.com/details?id=com.rerware.android.MyBackupRoot MyBackup Root] : full backup
 
* [http://market.android.com/details?id=de.schaeuffelhut.android.openvpn.installer OpenVPN Installer] : requires also kernel module, not yet tried
 
* [http://market.android.com/details?id=com.overlook.android.fing Overlook Fing] : Network portscanner
 
* [http://market.android.com/details?id=com.geeksoft.screenshot screenshot] : Take screenshots by shaking the phone
 
* [http://market.android.com/details?id=com.noshufou.android.su.elite Superuser Elite] : the application which got installed when you rooted your phone but you may want to benefit from Market updates
 
* [http://market.android.com/details?id=com.noshufou.android.su.fixer Superuser Update Fixer] : if you've problems updating your Superuser package. Trying it doesn't hurt and make sure your local Superuser signatures are ok.
 
* [http://market.android.com/details?id=com.hasbox.tproxy Transparent Proxy] : transparent TCP redirector to a proxy, needs still a functional DNS
 
* [http://market.android.com/details?id=com.webkey Webkey] for a remote access from any browser
 
* [http://market.android.com/details?id=com.koushikdutta.rommanager ROM Manager] : For custom Recovery & ROMs, apparently not up to date for Nexus S yet
 
   
  +
1. '''Unlock bootloader with BootUnlocker''', super critical step!!!
===With root support===
 
Those apps benefit from running on a rooted phone
 
* [http://market.android.com/details?id=com.speedsoftware.rootexplorer Root Explorer], nice file explorer with file editor etc
 
* [http://market.android.com/details?id=com.ghostsq.commander Ghost Commander]
 
** Nostalgic of Norton Commander? Using Midnight Commander? It's for you!
 
** Root support: access system files, remount system as RW, etc
 
** There is also an addon for SMB support
 
* [http://market.android.com/details?id=berserker.android.apps.sshdroid SSHDroid], ssh server
 
** First time: ssh-copy-id root@192.168.1.4 (default owd is admin) then go to options to start automatically, disable pwd auth and enable shared keys auth. Displaying authorized keys from GUI fails but auth works properly.
 
   
  +
2. Make a backup of the proposed OTA patch, just in case
===NFC-related===
 
  +
adb shell
* [http://market.android.com/details?id=com.idstronghold.CCReaderMkt Electronic Pickpocket RFID] : demo how to read data from credit cards
 
  +
ls -l /cache
* [http://market.android.com/details?id=com.codebutler.farebot FareBot] : Recognize a number of public transportation tags
 
  +
adb pull /cache/update.zip
* [http://market.android.com/details?id=at.mroland.android.apps.nfctaginfo NFC TagInfo] : toolkit to discover RFID tags
 
* [http://market.android.com/details?id=com.nxp.taginfolite NXP Taginfo] : toolkit to discover RFID tags
 
* [http://market.android.com/details?id=com.nxp.nfc.tagwriter NXP TagWriter] : Toolkit to read/write/format NFC-compliant tags
 
* [http://market.android.com/details?id=at.mroland.android.apps.smsfixfornfc SMS-fix for NFC] : Fix a bug in reading SMS from NFC
 
   
  +
3. Restore build.prop:
===Belgium-related===
 
  +
adb shell
====Brussels====
 
  +
su
* [http://market.android.com/details?id=com.appli.MetroBrussels MetroBrussels] : simple Brussels metro static map
 
  +
mount -o remount,rw /system
* [http://market.android.com/details?id=be.stib STIB mobile] : STIB/MIVB Brussels public transports
 
  +
sed -i '/Remove me/d' /system/build.prop
* [http://market.android.com/details?id=com.cousinHub.BD Comic Strips in Brussels] : Find comics frescos in Brussels (free app only shows half of them)
 
  +
# or if you don't have sed/busybox:
* [http://market.android.com/details?id=be.emich.villo VilloHelper!] : Brussels bikes stations
 
  +
grep -v "Remove me" /system/build.prop > /sdcard/build.prop.tmp
====Belgian Transportations====
 
  +
cat /sdcard/build.prop.tmp > /system/build.prop
* [http://market.android.com/details?id=com.malfario.liveboard BE Live trein info] : SNCB/NMBS Belgian railways
 
  +
rm /sdcard/build.prop.tmp
* [http://market.android.com/details?id=com.profete162.WebcamWallonnes BeTraffic] : Railways webcams
 
  +
mount -o remount,ro /system
* [http://market.android.com/details?id=com.glob.plugins.gomobilebe Glob - Go Mobile Belgium Plug-ins] : info-traffic plugin for Glob
 
* [http://market.android.com/details?id=tof.cv.mpp BETrains] : SNCB/NMBS Belgian railways
 
* [http://market.android.com/details?id=be.irail.liveboards IrailLiveboards] : SNCB/NMBS Belgian railways
 
* [http://market.android.com/details?id=de.hafas.android.sncbnmbs Train Info] : SNCB/NMBS Belgian railways
 
* [http://market.android.com/details?id=com.cybernited.android.trafficdroid Touring Mobilis] : info-traffic
 
====Belgian Media & Culture====
 
* [http://market.android.com/details?id=com.daingo.news.belgium Belgium News] : Several newspapers
 
* [http://market.android.com/details?id=be.appsolution.ecolo Ecolo] : politics
 
* [http://market.android.com/details?id=com.keoli.android.tvShows Keoli TV] : television programs
 
* [http://market.android.com/details?id=com.inthepocket.kinepolis Kinepolis] : Movies theatres
 
* [http://market.android.com/details?id=be.appsolution.lesoir Le Soir] : French newspaper
 
* [http://market.android.com/details?id=be.belgacom.belgacomtv.mymovies MyMovies] : Belgacom TV on-demand catalogue
 
* [http://market.android.com/details?id=com.mobileweb.radiobe Radio.be] : Several radio stations
 
* [http://market.android.com/details?id=be.rtbf RTBF]
 
* [http://market.android.com/details?id=be.belgacom.mobile.belgacomtvphonefr TV Partout] : BelgacomTV on mobile
 
* [http://market.android.com/details?id=com.cousinHub.meteo Weather Belgium] : Official weather forecasts
 
   
  +
4. Restore /system/bin/install-recovery.sh
====Belgian telephony====
 
  +
<br>SuperSU may have hijacked /system/bin/install-recovery.sh. If so, we need to restore it. Unfortunately using "full unroot" won't help, see [https://www.reddit.com/r/Nexus5/comments/2zdc8b/ here] (and you'll get stuck unrooted!) so we'll restore it manually.
* [http://market.android.com/details?id=com.halcyon.EDA1313.ui 12-12] : public phone directory
 
  +
adb shell
* [http://market.android.com/details?id=be.belgacom.mobile1307 1307] : public phone directory
 
  +
su
* [http://market.android.com/details?id=com.truvo.yellowandwhitepages.belgium goldenpages.be] : yellow and white pages phone directory
 
  +
ls -l /system/bin/install-recovery*
* [https://market.android.com/details?id=be.mt.mv VikingTalk], low-price VoIP, cf http://vikingtalk.com
 
  +
# should be fixed or not?
  +
mount -o remount,rw /system
  +
mv /system/bin/install-recovery_original.sh /system/bin/install-recovery.sh
  +
mount -o remount,ro /system
   
  +
5. Install proposed OTA update from Android itself
====Belgian misc====
 
* [http://market.android.com/details?id=vnd.be.belgacom Belgacom Apps Guide] : Provides a list of nice Belgian apps, that's how I discovered some of those on this list
 
* [http://market.android.com/details?id=info.xtweb.BrutNetBE Brut-Net BE] : Compute net wage from gross pay
 
* [http://market.android.com/details?id=com.agilys.myshopi myShopi] : Shopping list
 
* [http://market.android.com/details?id=eu.zomtec.android.delivery Parcels] : Delivery tracking, supports many providers including Belgian ones
 
* [http://market.android.com/details?id=be.bnome.pharmamob PharmaMob] : Localize closest all-night drugstore
 
* [http://market.android.com/details?id=be.pingping ping.ping] : payment application
 
* [http://market.android.com/details?id=fr.pb.trackingbydroid Suivi par Droïd] : Delivery tracking, supports many providers including Belgian ones
 
* [http://market.android.com/details?id=be.bnome.redbox Redbox] : postal offices & boxes locations in Belgium & France
 
   
  +
5b. Check recovery logs
===Network===
 
  +
<br>In case the automatic update failed, check the recovery logs:
* [http://market.android.com/details?id=com.curvefish.widgets.network2g3gonoff 2G-3G OnOff] : widget to add a shortcut to the settings to enable/disable data
 
  +
<br>At this point you should be already in stock recovery, if not, go to recovery
* [http://market.android.com/details?id=net.rgruet.android.g3watchdog 3G Watchdog] : Monitor data consumption
 
  +
<br>Keep power button pressed and press volume-up to get the menu
* [http://market.android.com/details?id=com.google.code.apndroid APNdroid] : Control data connections over 3G
 
  +
<br>Go to "view recovery logs"
* [http://market.android.com/details?id=com.magicandroidapps.bettertermpro Better Terminal Emulator Pro] : SSH client
 
* [http://market.android.com/details?id=org.connectbot ConnectBot] : SSH client
 
* [http://market.android.com/details?id=com.magicandroidapps.iperf iPerf] : iperf client to measure connection throughput
 
* [http://market.android.com/details?id=com.fongal.quickteth Quickteth] : for an easy shortcut to USB tethering (add widget to desktop)
 
* [http://market.android.com/details?id=org.zwanoo.android.speedtest Speed Test] : Measure connection throughput
 
* [http://market.android.com/details?id=com.farproc.wifi.analyzer Wifi Analyzer] : Display surrounding Wi-Fi networks per channel
 
   
  +
5c. Install proposed OTA update manually from a local copy on the PC
===IM / Chat / Email===
 
  +
adb reboot recovery
* [http://market.android.com/details?id=org.thialfihar.android.apg APG] : GPG/PGP
 
  +
Keep power button pressed and press volume-up to get the menu
* [http://market.android.com/details?id=net.mzet.jabiru Jabiru] : Jabber client
 
  +
<br>Go to "apply update from ADB"
* [http://market.android.com/details?id=ocs.android Office Talk Free] : Office Communicator client
 
  +
adb sideload update.zip
* [http://market.android.com/details?id=com.skype.raider Skype]
 
* [http://market.android.com/details?id=com.wetcarrot.stopskype Stop Skype] : App to stop Skype properly
 
* [http://market.android.com/details?id=com.nitrodesk.droid20.nitroid TouchDown (Android 2.0)] : Outlook client
 
   
  +
6. Reboot and let the system updating its apps
===Browsers & web clients===
 
  +
<br>If it seems to stand forever with the boot logo, you can have a look at the same time to the system logs:
* [http://market.android.com/details?id=dcampillo.dilbertdroid DilbertDroid] : Dilbert comics
 
  +
adb logcat
* [http://market.android.com/details?id=com.acrea.doodle.android Doodle]
 
  +
Seeing looping logs with a repetition of
* [http://market.android.com/details?id=com.ebay.mobile eBay]
 
  +
>>>>>> START com.android.internal.os.ZygoteInit uid 0 <<<<<<
* [http://market.android.com/details?id=org.mozilla.firefox Firefox]
 
  +
is a bad sign, time for a full ROM recovery!
* [http://market.android.com/details?id=com.imdb.mobile IMDb]
 
* [http://market.android.com/details?id=com.layar Layar] : Augmented reality
 
* [http://market.android.com/details?id=com.linkedin.android LinkedIn]
 
* [http://market.android.com/details?id=gov.nasa NASA]
 
* [http://market.android.com/details?id=com.shazam.android Shazam] : Recognize acoustically songs
 
* [http://market.android.com/details?id=com.opera.mini.android Opera Mini] : works with Opera servers delivering compressed pages
 
* [http://market.android.com/details?id=uk.co.exelentia.wikipedia Wiki Encyclopedia] : Wikipedia
 
* [http://market.android.com/details?id=net.bytten.xkcdviewer xkcdViewer] : comics
 
   
  +
7. Root again, see [[#SuperSU]]
===Google===
 
* [http://market.android.com/details?id=com.google.android.googlequicksearchbox Google Search]
 
* [http://market.android.com/details?id=com.google.android.gm Gmail]
 
* [http://market.android.com/details?id=com.google.android.apps.unveil Goggles] : Search Google by taking a picture
 
* [http://market.android.com/details?id=com.google.android.apps.plus Google+]
 
* [http://market.android.com/details?id=com.google.android.apps.books Google Books] : Currently only for US
 
* [http://market.android.com/details?id=com.google.android.apps.docs Google Docs]
 
* [http://market.android.com/details?id=com.google.earth Google Earth]
 
* [http://market.android.com/details?id=com.google.android.apps.maps Google Maps]
 
* [http://market.android.com/details?id=com.google.android.stardroid Google Sky Map]
 
* [http://market.android.com/details?id=com.google.android.apps.translate Google Translate]
 
* [http://market.android.com/details?id=com.google.android.maps.mytracks My Tracks]
 
* [http://market.android.com/details?id=com.google.android.street Street View in Google Maps]
 
* [http://market.android.com/details?id=com.google.android.youtube Youtube]
 
** On Nexus S I had a problem Market told me it was installed even if not showing up. With a file explorer go to /system/app and click on Youtube.apk to re-install it. Source: [http://www.google.com/support/forum/p/youtube/thread?tid=25c05e1b76c531b0&hl=en here]
 
===References===
 
* [http://market.android.com/details?id=com.mathpad.mobile.android.wt.unit ConvertPad - Unit Converter]
 
* [http://market.android.com/details?id=it.android.demi.elettronica ElectroDroid] : Misc refs for electronicians
 
* [http://market.android.com/details?id=com.nxp.android.app NXP] : NXP products catalogue
 
* [http://market.android.com/details?id=com.nxp.android.rf NXP RF Calc] : RF calculator for electronicians
 
* [http://market.android.com/details?id=la.droid.periodic Periodic Droid] : Periodic table
 
   
  +
8. Prevent OTA updates:
===Sensors===
 
  +
adb shell
* [http://market.android.com/details?id=bz.ktk.bubble Bubble] : Water level using the phone sensors
 
  +
su
* [http://market.android.com/details?id=com.curlygorillas.metaldetektor Metal detector]
 
  +
mount -o remount,rw /system
* [http://market.android.com/details?id=com.linxmap.sensorsmonitor Sensors Monitor]
 
  +
echo "# Remove me to allow OTA update" >> /system/build.prop
* [http://market.android.com/details?id=org.hermit.tricorder Tricorder]
 
  +
mount -o remount,ro /system
* [http://market.android.com/details?id=zausan.zdevicetest Z-DeviceTest]
 
   
  +
9. Lock bootloader with BootUnlocker
===Tools===
 
* [http://market.android.com/details?id=com.aldiko.android Aldiko] : epub ebooks reader
 
* [http://market.android.com/details?id=com.amazon.kindle Amazon Kindle] : Amazon ebooks reader
 
* [http://market.android.com/details?id=com.google.zxing.client.android Barcode Scanner]
 
* [http://market.android.com/details?id=com.intsig.camscanner CamScanner] : Remove distorsions & clean contrast of sheets or boards pictures
 
* [http://market.android.com/details?id=com.socialnmobile.dictapps.notepad.color.note ColorNote] : à la Post-It, useful also as "send-to" alternative
 
* [http://market.android.com/details?id=org.ab.x48 Droid48] : HP48 emulator
 
* [http://market.android.com/details?id=com.zaphrox.android.flashlight.maclight Flashlight zaphrox]
 
* [http://market.android.com/details?id=com.thomasokken.free42 Free32] : HP42S emulator
 
* [http://market.android.com/details?id=org.cohortor.gstrings gStrings Free] : Guitar tuner
 
* [http://market.android.com/details?id=si.modula.android.instantheartrate Instant Heart Rate] : heart rate monitor via flash light & cam
 
* [http://market.android.com/details?id=de.vrallev.premium PPT ODP Remote Premium] : Remote control of Powerpoint with a java client on PC-side, doesn't work very well on linux/openoffice
 
* [http://market.android.com/details?id=la.droid.qr QR Droid] : Read and create 2D barcodes
 
* [http://market.android.com/details?id=uk.co.nickfines.RealCalc RealCalc] : Scientific pocket calculator
 
* [http://market.android.com/details?id=org.gardon.ScrabbleResolveur Scrabble Resolveur] : Scrabble helper, French version
 
   
  +
See also my [https://code.google.com/p/boot-unlocker-gnex/issues/detail?id=30 feature request] for BootUnlocker
===System tools===
 
* [http://market.android.com/details?id=com.adobe.flashplayer Adobe Flash Player]
 
* [http://market.android.com/details?id=com.adobe.reader Adobe Reader]
 
* [http://market.android.com/details?id=org.jtb.alogcat aLogcat] : Local access to intern log, similar to "adb logcat" from SDK
 
* [http://market.android.com/details?id=com.electricsheep.asi Android System Info]
 
* [http://market.android.com/details?id=com.levelup.beautifulwidgets Beautiful Widgets] : e.g. to get a clock similar to the HTC one
 
* [http://market.android.com/details?id=com.levelup.bw.forecast Beautiful Widgets Animations Addon]
 
* [http://market.android.com/details?id=com.levelup.foxyring FoxyRing] : Tune ringer volume according to ambient noise
 
* [http://market.android.com/details?id=de.mrfloppycoding.galleryexcluder Gallery Excluder] : Exclude some sdcard directories from Gallery
 
* [http://market.android.com/details?id=com.gau.go.launcherex GO Launcher EX] : Alternative dashboard
 
* [http://market.android.com/details?id=com.gau.golauncherex.notification GO Launcher EX Notification] : Gmail notifications for Go Launcher
 
* [http://market.android.com/details?id=org.pocketworkstation.pckeyboard Hacker's Keyboard] : Full keyboard, especially useful for SSH sessions
 
* [http://market.android.com/details?id=com.lifevibes.musicfx MusicFX] : Unlock DSP features
 
* [http://market.android.com/details?id=com.jofrepalau.pkeye PKeye] : Dump list of intern root CAs
 
* [http://market.android.com/details?id=com.mattlary.shareMyApps ShareMyApps] : Build list of apps, to be shared
 
* [http://market.android.com/details?id=com.tf.thinkdroid.amlite ThinkFree Office(LITE)] : Office suite
 
* [http://market.android.com/details?id=fr.wdscript.yaffsexplorer Yaffs Explorer] : Explorer for yaffs archives
 
   
  +
====Upgrade with factory image====
===GPS===
 
  +
That's my preferred method.
* [http://market.android.com/details?id=net.monthorin.rttraffic16 Glob - Traffic and Radars]
 
* [http://market.android.com/details?id=com.eclipsim.gpsstatus2 GPS Status]
 
* [http://market.android.com/details?id=com.chartcross.gpstest GPS Test]
 
* [http://market.android.com/details?id=com.androidlab.gpsfix GpsFix]
 
* [http://market.android.com/details?id=menion.android.locus.addon.ar Locus - addon AR] : Augmented reality addon for Locus
 
* [http://market.android.com/details?id=menion.android.locus.addon.contacts Locus - addon Contacts]
 
* [http://market.android.com/details?id=menion.android.locus.pro Locus Pro]
 
* [http://market.android.com/details?id=com.orux.oruxmaps OruxMaps]
 
   
  +
1. '''Unlock bootloader with BootUnlocker''', super critical step!!!
===Dictionaries===
 
* [http://market.android.com/details?id=org.alexis.littre Dictionnaire Littré]
 
* [http://market.android.com/details?id=fr.nghs.android.dictionnaires Offline dictionaries]
 
* Van Dale French-Dutch
 
* Van Dale English-Dutch
 
* Van Dale Dutch Pocket
 
* Van Dale German-Dutch
 
* QuickDic German Dictionary
 
   
  +
2. Flash a factory image
===[https://secure.wikimedia.org/wikipedia/en/wiki/List_of_Open_Source_Android_Applications Open Source applications]===
 
  +
<br>Get latest image at https://developers.google.com/android/nexus/images
  +
tar xzf ...tgz
  +
cd ...
  +
Or in one go:
  +
wget -O - ... | tar xz
  +
cd ...
  +
Very important if you want to keep your data!!! Edit flash-all.sh and replace
  +
fastboot -w update image-....zip
  +
by
  +
fastboot update image-....zip
  +
<br>Then reboot the phone to bootloader and launch that script:
  +
adb reboot bootloader
  +
./flash-all.sh
  +
Reboot
   
  +
2b. Apply OTA
==GPS with offline maps==
 
  +
If you didn't flash the latest version, apply OTA update
===Commercial===
 
* Copilot Live (59€ for Europe)
 
* Tomtom planned for next HTC phones, with free map of the country of purchase
 
   
  +
3. Root again, see [[#SuperSU]]
===Free===
 
From [http://www.taranfx.com/android-offline-google-maps this post]:
 
<br>Create your own maps with [http://mobac.dnsalias.org/ Mobile Atlas Creator] (Java-based) & use them e.g. with RMaps, AndNav, Maverick, TrekBuddy,... (bitmaps so ok only for small areas such as cities)
 
* Get e.g. RMaps from Android Market
 
* Get [http://sourceforge.net/projects/trekbuddyatlasc/files/ latest release] of Mobile Atlas Creator & unzip it
 
* Get latest [http://www.zentus.com/sqlitejdbc/ SqliteJDBC] library and copy it inside th eMobile Atlas Creator directory
 
* Run it (start.sh)
 
* Choose your source, e.g. OpenStreetMaps, Google Maps,...
 
* Select area: Right click to Drag, Scroll to zoom In/Out, Left click to select downloadable area
 
* Select one or more zoom levels, e.g. from 12 to 18 for all levels of details of a city
 
* Do “add selection” with a name of your choice
 
* Select “BigPlanet SQLite” from “Atlas Settings” (for RMaps, otherwise Maverick Atlas Format for Maverick etc)
 
* "Create Atlas"
 
* Download the .sqlitedb map into the phone SDcard/rmaps/maps
 
* Disconnect the phone
 
* Open RMaps and Menu > More > Settings > User defined maps > BigPlanet_maps.sqlitedb > Enabled Maps
 
* Return to main maps screen and then Menu > Maps > BigPlanet_maps.sqlitedb.
 
===Free Navit - OSM===
 
*Install Navit from [http://wiki.navit-project.org/index.php/Navit_on_Android here]
 
*Install preprocessed OSM map from [http://wiki.navit-project.org/index.php/OpenStreetMap here] and put it as /sdcard/navitmap.bin
 
==Applications development==
 
===Getting Android SDK===
 
Instructions below are for linux, if you're running Windows please check the provided resource links for variants of the instructions.
 
<br>Make sure you've Java Development Kit installed
 
apt-get install sun-java6-jdk
 
For Windows get it [http://www.oracle.com/technetwork/java/javase/downloads/index.html here] e.g. jdk-6u29-windows-x64.exe '''Warning''' at the moment JDK7 created some errors in the compilation process, better to use JDK6.
 
   
  +
4. Prevent OTA updates:
As explained above, get Android SDK from [http://developer.android.com/sdk/index.html here], following [http://developer.android.com/sdk/installing.html those instructions]
 
  +
adb shell
<br>Run tools/android (or for Windows run SDK Manager) -> in installed packages make sure to have:
 
  +
su
* "Android SDK Tools", latest revision
 
  +
mount -o remount,rw /system
* "Android SDK Platform-tools", latest revision
 
  +
echo "# Remove me to allow OTA update" >> /system/build.prop
* a platform SDK, e.g. "Android 2.3.3"/"SDK Platform"
 
  +
mount -o remount,ro /system
* (Windows only) Extras / Google USB Driver (SDK Manager must be run as Admin on Win7) then follow instructions [https://developer.android.com/sdk/win-usb.html#Win7 here]
 
<br>As we will develop from the command-line, no need for the Eclipse plugin
 
<br>If you want to update SDK
 
* tools/android update sdk
 
* Then restart tools/android
 
   
  +
5. Lock bootloader with BootUnlocker
====Offline installation under Windows====
 
If you are behind a proxy, you can configure SDK Manager (Tools/Options).
 
<br>If you've no Internet connection at all, you need to download components on another computer.
 
<br>To know where are the packages let's spy SDK Manager & its logs (small icon at bottom right)
 
<br>Here is what I got with the versions of the moment:
 
* https://dl-ssl.google.com/android/repository/repository.xml
 
** https://dl-ssl.google.com/android/repository/platform-tools_r08-windows.zip
 
*** Extract content to C:\Program Files (x86)\Android\android-sdk\platform-tools
 
** https://dl-ssl.google.com/android/repository/tools_r14-windows.zip
 
*** Normally you already got it via SDK install, but standalone file may be helpful where you don't need full SDK...
 
* https://dl-ssl.google.com/android/repository/repository-5.xml
 
** https://dl-ssl.google.com/android/repository/android-2.3.3_r02-linux.zip (yes I know, it says linux but it's cross-platform)
 
*** Extract content of android-2.3.3_r02 to C:\Program Files (x86)\Android\android-sdk\platforms\android-10
 
* https://dl-ssl.google.com/android/repository/addon.xml
 
** https://dl-ssl.google.com/android/repository/usb_driver_r04-windows.zip
 
*** Extract content of usb_driver_r04-windows to C:\Program Files (x86)\Android\android-sdk\extras\google\usb_driver
 
   
===Setting environment===
+
===On rooted devices===
  +
====adbd insecure====
<br>We first define a number of things:
 
  +
As USB debugging is now pretty secure, let's enable immediate root access:
<source lang=bash>
 
  +
<br>Install [https://play.google.com/store/apps/details?id=eu.chainfire.adbd adbd insecure]
JAVA_HOME=/usr/lib/jvm/java-6-sun-1.6.0.26/
 
  +
<br>Open app -> enable & enable at boot time
ANDROID_HOME=/path/to/your/android-sdk-linux_x86/
 
  +
====Busybox====
PACKAGE=com.foo.mytest1
 
  +
From Google Play: https://play.google.com/store/apps/details?id=stericson.busybox&hl=en
PACKAGE_SLASH=${PACKAGE//.//}
 
  +
<br>Local install:
DEV_HOME=$(pwd)/mytest
 
  +
adb install stericson.busybox-1.apk
</source>
 
  +
=> Run busybox -> install -> smart install
We need also to define the target. To know what are the available targets:
 
  +
Consider buying Busybox Pro...
$ANDROID_HOME/tools/android list target
 
Available Android targets:
 
----------
 
id: 1 or "android-10"
 
Name: Android 2.3.3
 
Type: Platform
 
API level: 10
 
Revision: 2
 
Skins: QVGA, WVGA854, HVGA, WQVGA432, WVGA800 (default), WQVGA400
 
ABIs : armeabi
 
So here we'll define:
 
<source lang=bash>
 
TARGET=android-10
 
</source>
 
Under Windows it'll look like
 
<source lang=dos>
 
set JAVA_HOME="C:\Program Files\Java\jdk1.6.0_29"
 
set ANDROID_HOME="C:\Program Files (x86)\Android\android-sdk\"
 
set PACKAGE=com.foo.mytest1
 
set PACKAGE_SLASH=com/foo/mytest1
 
set PACKAGE_BACKSLASH=com\foo\mytest1
 
set DEV_HOME=C:\path\to\mytest
 
set TARGET=android-10
 
</source>
 
Note that I needed here to use absolute path for DEV_HOME otherwise I get errors with dx.exe
 
   
===Preparing and using emulator===
+
===Modifying stuffs in system partition using su===
  +
adb push some_file /sdcard/
Here is how to create a basic emulator instance:
 
  +
adb shell su -c "mount -o remount,rw /system"
<source lang=bash>
 
  +
adb shell su -c "cat /sdcard/some_file > /etc/some_file"
$ANDROID_HOME/tools/android --verbose create avd --name MyNexusS --target $TARGET --sdcard 1024M
 
  +
sleep 1
</source>
 
  +
adb shell su -c "mount -o remount,ro /system"
Later, to launch it just do:
 
  +
===Modifying stuffs in system partition with insecure adbd (=being root by default)===
<source lang=bash>
 
  +
adb shell mount -o remount,rw /system
$ANDROID_HOME/tools/emulator -wipe-data -avd MyNexusS &
 
  +
adb push some_file /etc/some_file
</source>
 
  +
sleep 1
If needed to delete it:
 
  +
adb shell mount -o remount,ro /system
<source lang=bash>
 
$ANDROID_HOME/tools/android --verbose delete avd --name MyNexusS
 
</source>
 
===Android application in command-line===
 
See http://geosoft.no/development/android.html
 
<br>Preparing the working directory (based on the environment variables defined above):
 
<source lang=bash>
 
rm -rf $DEV_HOME
 
mkdir -p $DEV_HOME/src/$PACKAGE_SLASH/
 
mkdir -p $DEV_HOME/res/drawable/
 
mkdir -p $DEV_HOME/res/layout/
 
mkdir -p $DEV_HOME/res/values/
 
mkdir -p $DEV_HOME/obj/
 
mkdir -p $DEV_HOME/lib/
 
mkdir -p $DEV_HOME/bin/
 
mkdir -p $DEV_HOME/docs/
 
</source>
 
Create a dummy keystore:
 
<source lang=bash>
 
$JAVA_HOME/bin/keytool -genkeypair \
 
-validity 10000 \
 
-dname "CN=company name,
 
OU=organisational unit,
 
O=organisation,
 
L=location,
 
S=state,
 
C=country code" \
 
-keystore $DEV_HOME/AndroidTest.keystore \
 
-storepass password \
 
-keypass password \
 
-alias AndroidTestKey \
 
-keyalg RSA \
 
-v
 
</source>
 
Create a Manifest file, here with some examples of permissions:
 
<source lang=bash>
 
cat << EOF > $DEV_HOME/AndroidManifest.xml
 
<?xml version="1.0" encoding="utf-8"?>
 
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
 
package="$PACKAGE"
 
android:versionCode="1"
 
android:versionName="1.0">
 
   
  +
===Encrypt device===
<uses-permission android:name="android.permission.INTERNET"/>
 
  +
See [https://support.google.com/android/answer/1663755?hl=en official help]
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
 
  +
<br>Some reports say they had to repeat the process several times on Nexus 4 before encryption started. I didn't have that problem.
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
 
   
  +
One major caveat is that this is the same password for disk encryption and screen unlock, cf [https://code.google.com/p/android/issues/detail?id=29468 this longstanding bugreport].
<uses-sdk android:minSdkVersion="2"/>
 
  +
<br>On a rooted device this can be achieved thanks to [https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager Cryptfs password] or simply by doing:
  +
vdc cryptfs changepw <new_password>
  +
Note that it will have to be done every time the screen PIN or pwd is changed.
  +
<br>See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html
  +
==Phone-specific notes==
  +
See [[Android phones]]
   
  +
==Applications==
<application android:icon="@drawable/mylogo"
 
  +
See [[Android Apps]]
android:label="@string/myApplicationName">
 
<activity android:name="$PACKAGE.HelloAndroid"
 
android:label="@string/myApplicationName">
 
<intent-filter>
 
<action android:name="android.intent.action.MAIN" />
 
<category android:name="android.intent.category.LAUNCHER" />
 
</intent-filter>
 
</activity>
 
</application>
 
   
  +
==Applications development==
</manifest>
 
  +
See [[Android SDK]]
EOF
 
  +
==Using the embedded SE==
</source>
 
  +
See [[Android SE]]
Provide source code of an app, here a simple HelloWorld, using an icon file some_icon.png:
 
  +
==Using TrustZone==
<source lang=bash>
 
  +
See [[Android TrustZone]]
cat << EOF > $DEV_HOME/src/$PACKAGE_SLASH/HelloAndroid.java
 
package $PACKAGE;
 
   
  +
==using Software Card Emulation==
import android.app.Activity;
 
  +
See [[Android Software Card Emulation]]
import android.content.res.Resources;
 
import android.os.Bundle;
 
import android.widget.TextView;
 
   
  +
==Misc==
public class HelloAndroid extends Activity {
 
  +
===Security===
  +
http://wiki.secmobi.com/
  +
===Wi-Fi & client certs===
  +
To be able to authenticate to a Wi-Fi network using client certificates via TLS:
  +
<br>If needed, export certificate from IE in Pkcs#12 PFX, *with* private key, *with* all certs, *without* strong enc, *without* deletion of private key.
  +
<br>Rename .pfx file as .p12
  +
<br>(source: http://www.google.com/support/mobile/bin/answer.py?answer=168466&topic=27214#1086573)
  +
<br>Copy pkcs#12 certificate to root of USB storage.
  +
<br>File must end with .p12, not .pfx!
  +
<br>One single file with key+cert+cacerts is ok
  +
<br>Wi-Fi params: 802.1x EAP / TLS / phase2: None / CA cert: cf previous import / user cert: idem / Identity: DOMAIN\user... / Anonymous id: empty / password:...
   
  +
Note that after each reboot, you'll have to select manually one of the protected networks to unlock the secure storage of personal certificates or open manually the certificates storage:
@Override
 
  +
<br>Settings > Location & Security > Use secure credentials
public void onCreate(Bundle savedInstanceState) {
 
  +
<br>See also [https://market.android.com/details?id=ru.chunky.AutoKeystore Keystore Unlocker]
super.onCreate(savedInstanceState);
 
   
  +
===Importing certs===
TextView textView = new TextView(this);
 
  +
Since Android 3.0, no need for rooting anymore
  +
<br>If troubles, use PEM format, with file extension .crt
  +
* drop certs on /sdcard/
  +
* go to settings / personal: security / credential storage: install from storage & select both certs
  +
===Test menu===
  +
Dial *#*#4636#*#* (== *#*#INFO#*#*)
  +
===SMSC configuration===
  +
To configure the SMSC (SMS gateway) on Android is not straight forward.
  +
<br>Access a hidden settings menu by dialing *#*#4636#*#* (*#*#INFO#*#*) -> phone settings -> SMSC -> Refresh (to get current value)
  +
<br>To update that field, if it does not work in plain or between quotes, try [http://www.twit88.com/home/utility/sms-pdu-encode-decode encode it in PDU]
  +
* First byte is length of SMSC info, so if it's e.g. +32475161616, it's 11 digits to code on 6 bytes, + 1 byte to code type of SMSC address => 7 bytes
  +
* Second byte is the type of SMSC address, 91 for international format
  +
* Next bytes are the SMSC digits, padded with "f" if odd, then nibble-swapped so in our example: 32475161616F => 2374151616F6
  +
* Full PDU-encoded SMSC is then: 07912374151616F6 -> Update
   
  +
===Screenshots===
String text = getResources().getString(R.string.helloText);
 
  +
Run ddms (from [[Android SDK]]) -> Tools / Device / Screen capture
textView.setText(text);
 
  +
===Screencast===
 
  +
[http://droid-at-screen.ribomation.com/ Droid@Screen]:
setContentView(textView);
 
  +
<br>You'll need [[Android SDK]] too.
}
 
  +
<br>Make sure you're using the adb from SDK and not from e.g. Debian packages:
}
 
EOF
 
 
cat << EOF > $DEV_HOME/res/values/strings.xml
 
<?xml version="1.0" encoding="utf-8"?>
 
<resources>
 
<string name="myApplicationName">Android Test Program</string>
 
<string name="helloText">Hello, world!</string>
 
</resources>
 
EOF
 
cp some_icon.png $DEV_HOME/res/drawable/mylogo.png
 
</source>
 
Create R.java:
 
 
<source lang=bash>
 
<source lang=bash>
  +
adb kill-server
$ANDROID_HOME/platform-tools/aapt package -v -f -m \
 
  +
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
-S $DEV_HOME/res -J $DEV_HOME/src -M $DEV_HOME/AndroidManifest.xml \
 
  +
java -jar droidAtScreen-1.0.2.jar
-I $ANDROID_HOME/platforms/$TARGET/android.jar || exit 1
 
</source>
 
Compile Java:
 
<source lang=bash>
 
$JAVA_HOME/bin/javac -verbose -d $DEV_HOME/obj \
 
-classpath "$ANDROID_HOME/platforms/$TARGET/android.jar:$DEV_HOME/obj" \
 
-sourcepath $DEV_HOME/src \
 
$DEV_HOME/src/$PACKAGE_SLASH/*.java || exit 1
 
</source>
 
Create DEX:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/dx --dex --verbose \
 
--output=$DEV_HOME/bin/classes.dex \
 
$DEV_HOME/obj $DEV_HOME/lib || exit 1
 
</source>
 
Create APK:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/aapt package -v -f \
 
-S $DEV_HOME/res -M $DEV_HOME/AndroidManifest.xml \
 
-I $ANDROID_HOME/platforms/$TARGET/android.jar \
 
-F $DEV_HOME/bin/AndroidTest.unsigned.apk \
 
$DEV_HOME/bin || exit 1
 
</source>
 
Sign APK:
 
<source lang=bash>
 
$JAVA_HOME/bin/jarsigner -verbose \
 
-keystore $DEV_HOME/AndroidTest.keystore \
 
-storepass password \
 
-keypass password \
 
-signedjar $DEV_HOME/bin/AndroidTest.signed.apk \
 
$DEV_HOME/bin/AndroidTest.unsigned.apk \
 
AndroidTestKey || exit 1
 
</source>
 
Zip-align APK:
 
<source lang=bash>
 
$ANDROID_HOME/tools/zipalign -v -f 4 \
 
$DEV_HOME/bin/AndroidTest.signed.apk \
 
$DEV_HOME/bin/AndroidTest.apk || exit 1
 
</source>
 
Generate documentation, if you wish:
 
<source lang=bash>
 
$JAVA_HOME/bin/javadoc -verbose -d $DEV_HOME/docs -sourcepath $DEV_HOME/src \
 
-classpath "$ANDROID_HOME/platforms/$TARGET/android.jar:$DEV_HOME/obj" \
 
-author -package -use -splitIndex -version \
 
-windowtitle 'AndroidTest' -doctitle 'AndroidTest' \
 
$DEV_HOME/src/$PACKAGE_SLASH/*.java
 
</source>
 
To install the resulting application in the emulator (see above how to launch the emulator):
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -e install $DEV_HOME/bin/AndroidTest.apk
 
</source>
 
It's even possible to launch & control application from the PC.
 
<br>See http://learnandroid.blogspot.com/2008/01/run-android-application-from-command.html
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -e shell am start -a android.intent.action.MAIN \
 
-n $PACKAGE/$PACKAGE.HelloAndroid
 
</source>
 
To remove it:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -e uninstall $PACKAGE
 
</source>
 
To do the same on a real device rather than on the emulator, make sure the phone is connected by USB and running in debug mode as explained above, then simple use -d (device) instead of -e (emulator), so previous instructions become:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -d install $DEV_HOME/bin/AndroidTest.apk
 
$ANDROID_HOME/platform-tools/adb -d shell am start -a android.intent.action.MAIN \
 
-n $PACKAGE/$PACKAGE.HelloAndroid
 
$ANDROID_HOME/platform-tools/adb -d uninstall $PACKAGE
 
 
</source>
 
</source>
   
  +
androidscreencast:
===Simple java code in command-line===
 
  +
<br>Get jnlp file from [https://code.google.com/p/androidscreencast/ project page]
See https://davanum.wordpress.com/2007/12/04/command-line-java-on-dalvikvm/
 
<br>Preparing the working directory (based on the environment variables defined above):
 
 
<source lang=bash>
 
<source lang=bash>
  +
adb kill-server
rm -rf $DEV_HOME
 
  +
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
mkdir -p $DEV_HOME/src/$PACKAGE_SLASH/
 
  +
$ANDROID_HOME/platform-tools/adb start-server
mkdir -p $DEV_HOME/obj/
 
  +
javaws androidscreencast.jnlp
mkdir -p $DEV_HOME/lib/
 
mkdir -p $DEV_HOME/bin/
 
 
</source>
 
</source>
  +
===USB tethering===
Provide source code of an app, here a simple HelloWorld:
 
  +
Plug phone & PC via USB
<source lang=bash>
 
  +
<br>Activate USB tethering (Settings / Wireless & networks / Tethering / USB Tethering)
cat << EOF > $DEV_HOME/src/$PACKAGE_SLASH/HelloWorld.java
 
  +
<br>It works OOB on Debian, nothing to do
package $PACKAGE;
 
  +
===Mounting USB as MTP or PTP===
  +
New Nexus devices don't use USB mass storage anymore but MTP or PTP, mainly to be able to access data both from Android & PC at the same time.
  +
<br>There are two methods using fuse so make sure your user is member of fuse group:
  +
sudo adduser <your_user> fuse
  +
and make sure your user can access the USB device (cf above: /etc/udev/rules.d/...)
  +
====Using mtpfs====
  +
See [http://www.omgubuntu.co.uk/2011/12/how-to-connect-your-android-ice-cream-sandwich-phone-to-ubuntu-for-file-access/ this article]
  +
sudo apt-get install mtpfs mtp-tools
  +
mkdir ~/MyAndroid
   
  +
mtpfs ~/MyAndroid
public class HelloWorld {
 
  +
...
public static void main(String[] args) {
 
  +
fusermount -u ~/MyAndroid
System.out.println("Hello World!");
 
  +
Problem is that it's very slow to mount
}
 
}
 
EOF
 
</source>
 
Compile Java:
 
<source lang=bash>
 
$JAVA_HOME/bin/javac -verbose -d $DEV_HOME/obj \
 
-g $DEV_HOME/src/$PACKAGE_SLASH/*.java || exit 1
 
</source>
 
Create DEX:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/dx --dex --verbose \
 
--output=$DEV_HOME/bin/classes.dex \
 
$DEV_HOME/obj $DEV_HOME/lib || exit 1
 
</source>
 
Create JAR:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/aapt add $DEV_HOME/CmdLine.jar \
 
$DEV_HOME/bin/classes.dex || exit 1
 
</source>
 
To install the resulting application in the emulator (see above how to launch the emulator):
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -e push $DEV_HOME/CmdLine.jar /sdcard/
 
</source>
 
To execute it from the PC.
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -e shell \
 
/system/bin/dalvikvm -Xbootclasspath:/system/framework/core.jar -classpath /sdcard/CmdLine.jar $PACKAGE.HelloWorld
 
</source>
 
To do the same on a real device rather than on the emulator, make sure the phone is connected by USB and running in debug mode as explained above, then simple use -d (device) instead of -e (emulator), so previous instructions become:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -d push $DEV_HOME/CmdLine.jar /sdcard/
 
$ANDROID_HOME/platform-tools/adb -d shell \
 
/system/bin/dalvikvm -Xbootclasspath:/system/framework/core.jar -classpath /sdcard/CmdLine.jar $PACKAGE.HelloWorld
 
</source>
 
   
===BouncyCastle library===
+
====Using go-mtpfs====
  +
See [http://blog.itsbilal.com/2012/12/connect-an-android-4-0-phonetablet-to-ubuntu-the-reliable-way/ this article]
Depending on the creation of a real Android app or a simple java code and depending on the fact you want to use the internal crippled version or the full fledged version, different approaches are needed.
 
  +
sudo apt-get install golang fuse git-core libmtp-dev libfuse-dev
<br>Internal library API is explained [https://developer.android.com/reference/javax/crypto/package-summary.html here]
 
  +
mkdir /tmp/go
<br>Some RSA examples are given [http://www.java2s.com/Tutorial/Java/0490__Security/0740__RSA-algorithm.htm here] and a tuto (fr) [http://nyal.developpez.com/tutoriel/java/bouncycastle/ here]
 
  +
GOPATH=/tmp/go go get github.com/hanwen/go-mtpfs
<br>To get a list of supported algorithms, see [http://www.java2s.com/Code/Java/Security/Listtheavailablealgorithmnamesforcipherskeyagreementmacsmessagedigestsandsignatures.htm here]. This illustrates e.g. the differences between the crippled internal version of the library and the complete one.
 
  +
sudo mv /tmp/go/bin/go-mtpfs /usr/local/bin/
====Using internal BouncyCastle library from an Android application====
 
  +
mkdir ~/MyAndroid
That's the normal way.
 
<br>Here is an example, mixing the HelloAndroid shown above with an example from http://www.java2s.com/Tutorial/Java/0490__Security/RSASignatureGeneration.htm
 
<source lang=bash>
 
cat << EOF > $DEV_HOME/src/$PACKAGE_SLASH/HelloAndroid.java
 
package $PACKAGE;
 
   
  +
go-mtpfs ~/MyAndroid &
import java.security.KeyPair;
 
  +
...
import java.security.KeyPairGenerator;
 
  +
fusermount -u ~/MyAndroid
import java.security.SecureRandom;
 
  +
====Using gphotofs====
import java.security.Security;
 
  +
This method requires the phone to share files over USB as Camera (PTP), *not* MTP.
import java.security.Signature;
 
   
  +
sudo apt-get install gphotofs
import android.app.Activity;
 
  +
mkdir ~/MyAndroid
import android.content.res.Resources;
 
import android.os.Bundle;
 
import android.widget.TextView;
 
   
  +
gphotofs ~/MyAndroid
public class HelloAndroid extends Activity {
 
  +
...
  +
fusermount -u ~/MyAndroid
  +
Problem is that it only shows DCIM & Pictures
  +
<br>Not sure if it's a limitation of Android or Gphoto...
   
  +
===Backuping via BackupPC===
@Override
 
  +
I'm a big fan of [[BackupPc]] and [http://www.tolaris.com/2011/06/13/backing-up-your-android-device-with-backuppc/ this guy] managed to link android & backuppc so let's give it a try.
public void onCreate(Bundle savedInstanceState) {
 
  +
<br>Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
super.onCreate(savedInstanceState);
 
  +
<br>Instructions here suppose your phone is rooted.
 
  +
====IP====
TextView textView = new TextView(this);
 
  +
Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.
 
  +
====SSH====
// Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
 
  +
I'm using [http://wiki.yobi.be/wiki/Android_Apps#With_root_support SshDroidPro]
 
  +
<br>Make sure backuppc key is properly installed in /data/data/berserker.android.apps.sshdroidpro/home/.ssh/authorized_keys
try {
 
  +
<br>Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
 
  +
====rsync====
keyGen.initialize(512, new SecureRandom());
 
  +
To get rsync binary, I found [https://market.android.com/details?id=eu.kowalczuk.rsync4android rsync backup for Android] which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
 
  +
<br>The actual binary it downloads is available [https://sites.google.com/a/kowalczuk.eu/android/rsync here].
KeyPair keyPair = keyGen.generateKeyPair();
 
  +
<br>But Android wget doesn't support https so you've to transfer it to your phone by another mean.
Signature signature = Signature.getInstance("SHA1withRSA", "BC");
 
  +
<br>One way is to install the application I mentioned and let it download that binary.
 
  +
<br>Then, to install it at a more rooted-Android standard place:
signature.initSign(keyPair.getPrivate(), new SecureRandom());
 
  +
<source lang=bash>
 
  +
cd /system/xbin
byte[] message = "abc".getBytes();
 
  +
busybox mount -o remount,rw /system
signature.update(message);
 
  +
cp /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/
 
  +
chmod 755 /system/xbin/rsync
byte[] sigBytes = signature.sign();
 
  +
chown root.shell /system/xbin/rsync
signature.initVerify(keyPair.getPublic());
 
  +
busybox mount -o remount,ro /system
signature.update(message);
 
if (signature.verify(sigBytes))
 
textView.setText("true");
 
else
 
textView.setText("false");
 
setContentView(textView);
 
} catch (java.security.NoSuchAlgorithmException e) {
 
textView.setText("NoSuchAlgorithmException");
 
setContentView(textView);
 
return;
 
} catch (java.security.NoSuchProviderException e) {
 
textView.setText("NoSuchProviderException");
 
setContentView(textView);
 
return;
 
} catch (java.security.InvalidKeyException e) {
 
textView.setText("InvalidKeyException");
 
setContentView(textView);
 
return;
 
} catch (java.security.SignatureException e) {
 
textView.setText("SignatureException");
 
setContentView(textView);
 
return;
 
}
 
 
}
 
}
 
EOF
 
 
</source>
 
</source>
   
  +
====Wi-Fi====
====Using external BouncyCastle library from an Android application====
 
  +
Make sure Wi-Fi will stay on!
Not tested. The problem is that it's impossible to get an external library with the exact same name as the internal one (see [https://code.google.com/p/android/issues/detail?id=13314 bugreport]), so different approaches are possible:
 
  +
<br>Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)
* [https://github.com/rtyley/spongycastle#readme SpongyCastle], BouncyCastle rebranded to avoid the conflict.
 
* [http://www.unwesen.de/2011/06/12/encryption-on-android-bouncycastle/ Using JarJar] to rebrand it yourself
 
   
  +
====BackupPC config====
====Using internal BouncyCastle library from a simple java code====
 
  +
My config: create new host in backuppc web interface with:
<br>Here is an example, mixing the HelloWorld shown above with an example from http://www.java2s.com/Tutorial/Java/0490__Security/RSASignatureGeneration.htm
 
  +
XferMethod = rsync
<source lang=bash>
 
  +
RsyncShareName = [/data/, /efs/ (useful??), /system/, /mnt/asec/, /mnt/sdcard/]
cat << EOF > $DEV_HOME/src/$PACKAGE_SLASH/HelloWorld.java
 
  +
RsyncClientPath = /system/xbin/rsync
package $PACKAGE;
 
  +
BackupFilesExclude = /mnt/sdcard/ => [/oruxmaps/mapfiles, /clockworkmod/backup, /radio_dump_*, /videos]
 
  +
Note that in the mentioned link he's using RsyncShareName = / and playing with BackupFilesOnly but for me it looks like BackupFilesOnly was not respected, so I preferred to have separate RsyncShareName
import java.security.KeyPair;
 
  +
<br>Some info on APP2SD [http://android.modaco.com/topic/331205-guide-how-to-get-more-free-space-for-your-apps/ here] and [http://ydal.de/android-2-2-froyo-apps-to-sd/ here]
import java.security.KeyPairGenerator;
 
  +
<br>I had errors "Ping too slow" so I increased
import java.security.SecureRandom;
 
  +
PingMaxMsec = 400
import java.security.Security;
 
  +
as anyway it's on local network
import java.security.Signature;
 
  +
====Non-rooted device====
 
  +
For non-rooted devices the setup is a bit different:
public class HelloWorld {
 
  +
* SSH server will run on a non-privilegied port, e.g. port 2222
 
  +
* login will be done with sshdroid permissions, not root, so it cannot access rsync binary neither /data content
public static void main(String[] args) throws Exception {
 
  +
* rsync needs to be available so we'll transfer it again, as sshdroid user:
//Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
 
  +
scp -P2222 rsync galaxy:/data/data/berserker.android.apps.sshdroid/home/bin/
 
  +
then make it executable
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "BC");
 
  +
* BackupPC config is e.g.:
 
  +
XferMethod = rsync
keyGen.initialize(512, new SecureRandom());
 
  +
RsyncShareName = [/mnt/sdcard/]
 
  +
RsyncClientPath = /data/data/berserker.android.apps.sshdroid/home/bin/rsync
KeyPair keyPair = keyGen.generateKeyPair();
 
  +
BackupFilesExclude = /mnt/sdcard/ => [/Movies]
Signature signature = Signature.getInstance("SHA1withRSA", "BC");
 
  +
RsyncClientCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"
 
  +
RsyncClientRestoreCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"
signature.initSign(keyPair.getPrivate(), new SecureRandom());
 
  +
Because we cannot directly backup /data content, what can be done is to use e.g. MyBackupPro to backup most of the data to the SD card, in a scheduled way.
 
byte[] message = "abc".getBytes();
 
signature.update(message);
 
 
byte[] sigBytes = signature.sign();
 
signature.initVerify(keyPair.getPublic());
 
signature.update(message);
 
System.out.println(signature.verify(sigBytes));
 
}
 
 
}
 
EOF
 
</source>
 
There is a little trick when you will run the example on the phone or emulator: you've to provide explicitly the path to internal BouncyCastle:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -d shell \
 
/system/bin/dalvikvm -Xbootclasspath:/system/framework/core.jar:/system/framework/bouncycastle.jar -classpath /sdcard/CmdLine.jar $PACKAGE.HelloWorld
 
</source>
 
====Using external BouncyCastle library from a simple java code====
 
<br>You can use the same code as above but you need this time to provide the external library:
 
<source lang=bash>
 
# From http://www.bouncycastle.org/latest_releases.html
 
cp -a bcprov-jdk16-146.jar $DEV_HOME/lib
 
</source>
 
To run the example, don't provide any path to the internal lib of course:
 
<source lang=bash>
 
$ANDROID_HOME/platform-tools/adb -d shell \
 
/system/bin/dalvikvm -Xbootclasspath:/system/framework/core.jar -classpath /sdcard/CmdLine.jar $PACKAGE.HelloWorld
 
</source>
 
Normally this works as such. In case of error no "BC" provider found, you can uncomment the line
 
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider())
 

Latest revision as of 15:00, 26 April 2016

Links

App stores

Alternate views on the official market:

Alternate markets:

User manuals

Short notes

ADB

To reveal developer menu, tap 10x on "settings/about/build nr"
Then enable usb debug.
USB debugging is pretty secured since Jelly Bean but beware for older versions!

Since Android 5.0.1, it's required to use at least adb v1.0.32.

apt-get install android-tools-adb

Note that from recovery, you can also use adb:

  • adb shell
  • adb sideload update.zip
  • adb push

etc

Fastboot

apt-get install android-tools-fastboot

USB permissions on the host

Create /etc/udev/rules.d/99-android.rules for Nexus phones:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", MODE="0666", OWNER="<your_account>" # all Nexus

Then execute /etc/init.d/udev reload

To enter Fastboot mode

  • Power off phone
  • Depends on the phone, e.g.:
    • Nexus S: keep volume-up pressed while pressing power on for 5 secs
    • Nexus 4: keep volume-down pressed while pressing power on for 5 secs
    • Nexus 5: keep volume-down pressed while pressing power on for 5 secs
    • You've entered fastboot

See https://source.android.com/source/running.html for other models

Alternatively, fastboot can be triggererd from adb: adb reboot bootloader

OEM unlock

Necessary step before being able to flash partitions or boot on alternative recovery.

This will wipe ALL DATA!!!

fastboot oem unlock

OEM unlock for rooted devices

Once the device has been unlocked and rooted, it can be locked/unlocked again without wiping all the data, at least on some phone models.
Install BootUnlocker

Factory images for Nexus phones

Typical usage: (requires OEM unlock)

tar xzf CODENAME-VERSION-factory-CHECKSUM.tgz
cd CODENAME-VERSION
./flash-all.sh

To avoid erasing user data:
Very important if you want to keep your data!!! Edit flash-all.sh and replace

fastboot -w update image-....zip

by

fastboot update image-....zip

Recovery

TWRP

ClockworkMod

Usage

Flashing an alternative recovery (requires OEM unlock):

fastboot flash recovery recovery-clockwork-VERSION-CODENAME.img

Booting (without flashing) an alternative recovery (requires OEM unlock):

fastboot boot recovery-clockwork-VERSION-CODENAME.img

Stock recovery

To show menu with Nexus stock recovery, it depends on the phone, e.g.:

  • Nexus 4: hold "power" and press "volume-up"
  • Nexus 5: press & release quickly volume-up & power a few times

Rooting

SuperSU

Requires OEM unlock, see above fastboot oem unlock (! erase all) and see below BootUnlocker (for already rooted)
Requires e.g. TWRP recovery
Requires e.g. ChainFire SuperSU (you can check forum for beta releases)

adb reboot bootloader
fastboot boot recovery-xxx.img
# In recovery, choose Advanced / Install zip / from sideload
adb sideload UPDATE-SuperSU-v2.xx.zip
# Reboot (and decline erasing recovery updater install-recovery.sh)

Rooting Android M

Rooting method has changed quite a bit and is still uncertain as those lines are written, see e.g. http://forum.xda-developers.com/apps/supersu/wip-android-6-0-marshmellow-t3219344

Rooting securely

Rooting can be done securely if:

  • bootloader is locked again
    • problem is that unlocking would erase again the data
    • see below BootUnlocker which allows on rooted Nexus to toggle bootloader without deleting data
  • keep stock recovery
  • SuperSU is locked with a PIN
    • this requires the Pro version
  • SuperSU always require the PIN to authorize an app
    • or be very careful which ones you authorize permanently

Rooting and OTA

By experience, it's always quite difficult to apply an OTA on a rooted phone, even after having attempted to unroot the phone.
So I prefer to apply a full factory image (being careful not to overwrite the data) and root it again.
If latest factory image isn't available yet, flash the latest available then apply the regular OTA before rooting.

Prevent OTA

Normally rooting is enough to prevent OTA but to be sure, one can touch build.prop (so its sha1sum won't match anymore)

adb shell
su
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

Attempt OTA

I don't recommend it as most attempts end in an infinite loop after the reboot.

When ready to really do OTA update:

1. Unlock bootloader with BootUnlocker, super critical step!!!

2. Make a backup of the proposed OTA patch, just in case

adb shell
ls -l /cache
adb pull /cache/update.zip

3. Restore build.prop:

adb shell
su
mount -o remount,rw /system
sed -i '/Remove me/d' /system/build.prop
  # or if you don't have sed/busybox:
  grep -v "Remove me" /system/build.prop > /sdcard/build.prop.tmp
  cat /sdcard/build.prop.tmp > /system/build.prop
  rm /sdcard/build.prop.tmp
mount -o remount,ro /system

4. Restore /system/bin/install-recovery.sh
SuperSU may have hijacked /system/bin/install-recovery.sh. If so, we need to restore it. Unfortunately using "full unroot" won't help, see here (and you'll get stuck unrooted!) so we'll restore it manually.

adb shell
su
ls -l /system/bin/install-recovery*
# should be fixed or not?
mount -o remount,rw /system
mv /system/bin/install-recovery_original.sh /system/bin/install-recovery.sh
mount -o remount,ro /system

5. Install proposed OTA update from Android itself

5b. Check recovery logs
In case the automatic update failed, check the recovery logs:
At this point you should be already in stock recovery, if not, go to recovery
Keep power button pressed and press volume-up to get the menu
Go to "view recovery logs"

5c. Install proposed OTA update manually from a local copy on the PC

adb reboot recovery

Keep power button pressed and press volume-up to get the menu
Go to "apply update from ADB"

adb sideload update.zip

6. Reboot and let the system updating its apps
If it seems to stand forever with the boot logo, you can have a look at the same time to the system logs:

adb logcat

Seeing looping logs with a repetition of

>>>>>> START com.android.internal.os.ZygoteInit uid 0 <<<<<<

is a bad sign, time for a full ROM recovery!

7. Root again, see #SuperSU

8. Prevent OTA updates:

adb shell
su
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

9. Lock bootloader with BootUnlocker

See also my feature request for BootUnlocker

Upgrade with factory image

That's my preferred method.

1. Unlock bootloader with BootUnlocker, super critical step!!!

2. Flash a factory image
Get latest image at https://developers.google.com/android/nexus/images

tar xzf ...tgz
cd ...

Or in one go:

wget -O - ... | tar xz
cd ...

Very important if you want to keep your data!!! Edit flash-all.sh and replace

fastboot -w update image-....zip

by

fastboot update image-....zip


Then reboot the phone to bootloader and launch that script:

adb reboot bootloader
./flash-all.sh

Reboot

2b. Apply OTA If you didn't flash the latest version, apply OTA update

3. Root again, see #SuperSU

4. Prevent OTA updates:

adb shell
su
mount -o remount,rw /system
echo "# Remove me to allow OTA update" >> /system/build.prop 
mount -o remount,ro /system

5. Lock bootloader with BootUnlocker

On rooted devices

adbd insecure

As USB debugging is now pretty secure, let's enable immediate root access:
Install adbd insecure
Open app -> enable & enable at boot time

Busybox

From Google Play: https://play.google.com/store/apps/details?id=stericson.busybox&hl=en
Local install:

adb install stericson.busybox-1.apk
=> Run busybox -> install -> smart install

Consider buying Busybox Pro...

Modifying stuffs in system partition using su

adb push some_file /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cat /sdcard/some_file > /etc/some_file"
sleep 1
adb shell su -c "mount -o remount,ro /system"

Modifying stuffs in system partition with insecure adbd (=being root by default)

adb shell mount -o remount,rw /system
adb push some_file /etc/some_file
sleep 1
adb shell mount -o remount,ro /system

Encrypt device

See official help
Some reports say they had to repeat the process several times on Nexus 4 before encryption started. I didn't have that problem.

One major caveat is that this is the same password for disk encryption and screen unlock, cf this longstanding bugreport.
On a rooted device this can be achieved thanks to Cryptfs password or simply by doing:

vdc cryptfs changepw <new_password>

Note that it will have to be done every time the screen PIN or pwd is changed.
See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html

Phone-specific notes

See Android phones

Applications

See Android Apps

Applications development

See Android SDK

Using the embedded SE

See Android SE

Using TrustZone

See Android TrustZone

using Software Card Emulation

See Android Software Card Emulation

Misc

Security

http://wiki.secmobi.com/

Wi-Fi & client certs

To be able to authenticate to a Wi-Fi network using client certificates via TLS:
If needed, export certificate from IE in Pkcs#12 PFX, *with* private key, *with* all certs, *without* strong enc, *without* deletion of private key.
Rename .pfx file as .p12
(source: http://www.google.com/support/mobile/bin/answer.py?answer=168466&topic=27214#1086573)
Copy pkcs#12 certificate to root of USB storage.
File must end with .p12, not .pfx!
One single file with key+cert+cacerts is ok
Wi-Fi params: 802.1x EAP / TLS / phase2: None / CA cert: cf previous import / user cert: idem / Identity: DOMAIN\user... / Anonymous id: empty / password:...

Note that after each reboot, you'll have to select manually one of the protected networks to unlock the secure storage of personal certificates or open manually the certificates storage:
Settings > Location & Security > Use secure credentials
See also Keystore Unlocker

Importing certs

Since Android 3.0, no need for rooting anymore
If troubles, use PEM format, with file extension .crt

  • drop certs on /sdcard/
  • go to settings / personal: security / credential storage: install from storage & select both certs

Test menu

Dial *#*#4636#*#* (== *#*#INFO#*#*)

SMSC configuration

To configure the SMSC (SMS gateway) on Android is not straight forward.
Access a hidden settings menu by dialing *#*#4636#*#* (*#*#INFO#*#*) -> phone settings -> SMSC -> Refresh (to get current value)
To update that field, if it does not work in plain or between quotes, try encode it in PDU

  • First byte is length of SMSC info, so if it's e.g. +32475161616, it's 11 digits to code on 6 bytes, + 1 byte to code type of SMSC address => 7 bytes
  • Second byte is the type of SMSC address, 91 for international format
  • Next bytes are the SMSC digits, padded with "f" if odd, then nibble-swapped so in our example: 32475161616F => 2374151616F6
  • Full PDU-encoded SMSC is then: 07912374151616F6 -> Update

Screenshots

Run ddms (from Android SDK) -> Tools / Device / Screen capture

Screencast

Droid@Screen:
You'll need Android SDK too.
Make sure you're using the adb from SDK and not from e.g. Debian packages:

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
java -jar droidAtScreen-1.0.2.jar

androidscreencast:
Get jnlp file from project page

adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
$ANDROID_HOME/platform-tools/adb start-server
javaws androidscreencast.jnlp

USB tethering

Plug phone & PC via USB
Activate USB tethering (Settings / Wireless & networks / Tethering / USB Tethering)
It works OOB on Debian, nothing to do

Mounting USB as MTP or PTP

New Nexus devices don't use USB mass storage anymore but MTP or PTP, mainly to be able to access data both from Android & PC at the same time.
There are two methods using fuse so make sure your user is member of fuse group:

sudo adduser <your_user> fuse

and make sure your user can access the USB device (cf above: /etc/udev/rules.d/...)

Using mtpfs

See this article

sudo apt-get install mtpfs mtp-tools
mkdir ~/MyAndroid
mtpfs ~/MyAndroid
...
fusermount -u ~/MyAndroid

Problem is that it's very slow to mount

Using go-mtpfs

See this article

sudo apt-get install golang fuse git-core libmtp-dev libfuse-dev
mkdir /tmp/go 
GOPATH=/tmp/go go get github.com/hanwen/go-mtpfs
sudo mv /tmp/go/bin/go-mtpfs /usr/local/bin/
mkdir ~/MyAndroid
go-mtpfs ~/MyAndroid &
...
fusermount -u ~/MyAndroid

Using gphotofs

This method requires the phone to share files over USB as Camera (PTP), *not* MTP.

sudo apt-get install gphotofs
mkdir ~/MyAndroid
gphotofs ~/MyAndroid
...
fusermount -u ~/MyAndroid

Problem is that it only shows DCIM & Pictures
Not sure if it's a limitation of Android or Gphoto...

Backuping via BackupPC

I'm a big fan of BackupPc and this guy managed to link android & backuppc so let's give it a try.
Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
Instructions here suppose your phone is rooted.

IP

Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.

SSH

I'm using SshDroidPro
Make sure backuppc key is properly installed in /data/data/berserker.android.apps.sshdroidpro/home/.ssh/authorized_keys
Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.

rsync

To get rsync binary, I found rsync backup for Android which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
The actual binary it downloads is available here.
But Android wget doesn't support https so you've to transfer it to your phone by another mean.
One way is to install the application I mentioned and let it download that binary.
Then, to install it at a more rooted-Android standard place:

cd /system/xbin
busybox mount -o remount,rw /system
cp /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/
chmod 755 /system/xbin/rsync
chown root.shell /system/xbin/rsync
busybox mount -o remount,ro /system

Wi-Fi

Make sure Wi-Fi will stay on!
Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)

BackupPC config

My config: create new host in backuppc web interface with:

   XferMethod = rsync
   RsyncShareName = [/data/, /efs/ (useful??), /system/, /mnt/asec/, /mnt/sdcard/]
   RsyncClientPath = /system/xbin/rsync
   BackupFilesExclude = /mnt/sdcard/ => [/oruxmaps/mapfiles, /clockworkmod/backup, /radio_dump_*, /videos]

Note that in the mentioned link he's using RsyncShareName = / and playing with BackupFilesOnly but for me it looks like BackupFilesOnly was not respected, so I preferred to have separate RsyncShareName
Some info on APP2SD here and here
I had errors "Ping too slow" so I increased

   PingMaxMsec = 400

as anyway it's on local network

Non-rooted device

For non-rooted devices the setup is a bit different:

  • SSH server will run on a non-privilegied port, e.g. port 2222
  • login will be done with sshdroid permissions, not root, so it cannot access rsync binary neither /data content
  • rsync needs to be available so we'll transfer it again, as sshdroid user:
scp -P2222 rsync galaxy:/data/data/berserker.android.apps.sshdroid/home/bin/

then make it executable

  • BackupPC config is e.g.:
   XferMethod = rsync
   RsyncShareName = [/mnt/sdcard/]
   RsyncClientPath = /data/data/berserker.android.apps.sshdroid/home/bin/rsync
   BackupFilesExclude = /mnt/sdcard/ => [/Movies]
   RsyncClientCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"
   RsyncClientRestoreCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"

Because we cannot directly backup /data content, what can be done is to use e.g. MyBackupPro to backup most of the data to the SD card, in a scheduled way.