Difference between revisions of "Android"
m (→Short notes) |
|||
Line 28: | Line 28: | ||
==Short notes== |
==Short notes== |
||
+ | ===Android 5.0.1 on Nexus 4=== |
||
+ | ====OTA attempt==== |
||
+ | This now requires adb v1.0.32 not yet in Debian/Ubuntu |
||
+ | |||
+ | Update refused to install because it was now also checking /system/bin/install-recovery.sh integrity |
||
+ | cd /system/bin |
||
+ | mount -o remount,rw /system |
||
+ | mv install-recovery_original.sh install-recovery.sh |
||
+ | mount -o remount,ro /system |
||
+ | |||
+ | Then OTA installed properly but attempt to root it with SuperSU v2.40 resulted in boot loop. |
||
+ | ====FW flashing==== |
||
+ | * ADB 1.0.32: https://skia.googlesource.com/skia/+archive/cd048d18e0b81338c1a04b9749a00444597df394/platform_tools/android/bin/linux.tar.gz |
||
+ | * 5.0.1 (LRX22C) for occam: https://developers.google.com/android/nexus/images -> https://dl.google.com/dl/android/aosp/occam-lrx22c-factory-86c04af6.tgz |
||
+ | ** Modified flash-all.sh to not wipe device: fastboot [delete: -w] update image-occam-lrx22c.zip |
||
+ | * TWRP 2.8.2.0 for mako: http://techerrata.com/browse/twrp2/mako -> http://techerrata.com/file/twrp2/mako/openrecovery-twrp-2.8.2.0-mako.img |
||
+ | ** fastboot boot openrecovery-twrp-2.8.2.0-mako.img / Advanced / Sideload |
||
+ | * BETA-SuperSU-v2.41 http://download.chainfire.eu/642/SuperSU/BETA-SuperSU-v2.41.zip |
||
+ | ** adb_1.0.32 sideload BETA-SuperSU-v2.41.zip |
||
===Tools=== |
===Tools=== |
||
apt-get install android-tools-adb |
apt-get install android-tools-adb |
||
Line 193: | Line 212: | ||
Note that it will have to be done every time the screen PIN or pwd is changed. |
Note that it will have to be done every time the screen PIN or pwd is changed. |
||
<br>See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html |
<br>See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html |
||
+ | |||
==Nexus 4== |
==Nexus 4== |
||
https://en.wikipedia.org/wiki/Nexus_4 |
https://en.wikipedia.org/wiki/Nexus_4 |
Revision as of 16:05, 18 December 2014
Links
App stores
Alternate views on the official market:
Alternate markets:
- AppsLib
- AndSpot (beta)
- GetJar
- Handmark
- Mobango
- Handango
- explorePDA
- MiKandi
- MobiHand
- Mobspot
- Smartphone.net
- AndroidGear
- SlideME
User manuals
Some internals info here
Short notes
Android 5.0.1 on Nexus 4
OTA attempt
This now requires adb v1.0.32 not yet in Debian/Ubuntu
Update refused to install because it was now also checking /system/bin/install-recovery.sh integrity
cd /system/bin mount -o remount,rw /system mv install-recovery_original.sh install-recovery.sh mount -o remount,ro /system
Then OTA installed properly but attempt to root it with SuperSU v2.40 resulted in boot loop.
FW flashing
- ADB 1.0.32: https://skia.googlesource.com/skia/+archive/cd048d18e0b81338c1a04b9749a00444597df394/platform_tools/android/bin/linux.tar.gz
- 5.0.1 (LRX22C) for occam: https://developers.google.com/android/nexus/images -> https://dl.google.com/dl/android/aosp/occam-lrx22c-factory-86c04af6.tgz
- Modified flash-all.sh to not wipe device: fastboot [delete: -w] update image-occam-lrx22c.zip
- TWRP 2.8.2.0 for mako: http://techerrata.com/browse/twrp2/mako -> http://techerrata.com/file/twrp2/mako/openrecovery-twrp-2.8.2.0-mako.img
- fastboot boot openrecovery-twrp-2.8.2.0-mako.img / Advanced / Sideload
- BETA-SuperSU-v2.41 http://download.chainfire.eu/642/SuperSU/BETA-SuperSU-v2.41.zip
- adb_1.0.32 sideload BETA-SuperSU-v2.41.zip
Tools
apt-get install android-tools-adb apt-get install android-tools-fastboot
USB permissions on the host
Create /etc/udev/rules.d/99-android.rules for Nexus phones:
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", MODE="0666", OWNER="<your_account>" # all Nexus
Then execute /etc/init.d/udev reload
Enter Fastboot mode
- Power off phone
- Depends on the phone, e.g.:
- Nexus S: keep volume-up pressed while pressing power on for 5 secs
- Nexus 4: keep volume-down pressed while pressing power on for 5 secs
- Nexus 5: keep volume-down pressed while pressing power on for 5 secs
- You've entered fastboot
Alternatively, fastboot can be triggererd from adb: adb reboot-bootloader
OEM unlock
This will wipe ALL DATA!!!
fastboot oem unlock
OEM unlock for rooted devices
Once the device has been unlocked and rooted, it can be locked/unlocked again without wiping all the data, at least on some phone models.
Install BootUnlocker
Factory images for Nexus phones
Example for Nexus S: (requires OEM unlock)
wget https://dl.google.com/dl/android/aosp/soju-imm76d-factory-ca4ae9ee.tgz tar xzf soju-imm76d-factory-ca4ae9ee.tgz cd soju-imm76d ./flash-all.sh
Example for Nexus 4: (requires OEM unlock)
cf https://support.google.com/nexus/4/answer/2936226?hl=en
Factory Images "occam" for Nexus 4 -> Android 4.3 (JWR66Y)
wget https://dl.google.com/dl/android/aosp/occam-jwr66y-factory-74b1deab.tgz tar xzf occam-jwr66y-factory-08d2b697.tgz cf occam-jwr66y ./flash-all.sh
Recovery
Example for Nexus S: (requires OEM unlock)
wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.3-crespo.img fastboot flash recovery recovery-clockwork-6.0.4.3-crespo.img
Example for Nexus 4: (requires OEM unlock)
wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.7-mako.img fastboot flash recovery recovery-clockwork-6.0.4.7-mako.img
Example for Nexus 5: (requires OEM unlock)
wget http://download2.clockworkmod.com/recoveries/recovery-clockwork-6.0.4.5-hammerhead.img fastboot flash recovery recovery-clockwork-6.0.4.5-hammerhead.img
(or Touch version e.g. recovery-clockwork-touch-6.0.4.5-hammerhead.img)
We can also launch this recovery without flashing it:
fastboot boot recovery-clockwork-6.0.4.7-mako.img
Stock recovery
To show menu with stock recovery, it depends on the phone, e.g.:
- Nexus 4: hold "power" and press "volume-up"
- Nexus 5: press & release quickly volume-up & power a few times
Rooting
Requires OEM unlock, see above fastboot oem unlock (! erase all) and BootUnlocker (for already rooted)
Requires e.g. Clockworkmod recovery
Requires e.g. ChainFire SuperSU
adb reboot bootloader fastboot boot recovery-clockwork-touch-6.0.4.7-mako.img # Install zip / from sideload adb sideload UPDATE-SuperSU-v2.00.zip # Reboot (and decline erasing recovery updater install-recovery.sh)
Rooting and OTA
One way of doing:
- Keep stock recovery
- Keep bootloader locked (see BootUnlocker)
- Prevent OTA updates by touching build.prop (so its sha1sum won't match anymore)
adb shell su mount -o remount,rw /system echo "# Remove me to allow OTA update" >> /system/build.prop mount -o remount,ro /system
When ready to really do OTA update:
1. Unlock bootloader with BootUnlocker, super critical step!!!
2. Restore build.prop:
adb shell su mount -o remount,rw /system sed -i '/Remove me/d' /system/build.prop # or if you don't have sed/busybox: grep -v "Remove me" /system/build.prop > /sdcard/build.prop.tmp cat /sdcard/build.prop.tmp > /system/build.prop rm /sdcard/build.prop.tmp mount -o remount,ro /system
3. Install OTA update
This can be done usually directly from the phone but if you want to install manually an OTA update (e.g. before it's available automatically):
adb reboot recovery #(Nexus 4): keep power button pressed and press volume-up to get the menu # In stock recovery, choose "apply update from ADB" adb sideload some_ota_update.zip # In stock recovery, choose "reboot system now"
4. Root again, see above and check for latest CWM recovery and latest SuperSU
adb reboot bootloader fastboot boot recovery-clockwork-touch-6.0.4.7-mako.img # Install zip / from sideload adb sideload UPDATE-SuperSU-v2.xx.zip # Reboot (and decline erasing recovery updater install-recovery.sh)
5. Prevent OTA updates:
adb shell su mount -o remount,rw /system echo "# Remove me to allow OTA update" >> /system/build.prop mount -o remount,ro /system
6. Lock bootloader with BootUnlocker
See also my feature request for BootUnlocker
ADB
To reveal developer menu on Jelly Bean, tap 10x on "settings/about/build nr"
Then enable usb debug.
USB debugging is pretty secured since Jelly Bean but beware for older versions!
adbd insecure
As USB debugging is now pretty secure, let's enable immediate root access:
Install adbd insecure
Open app -> enable & enable at boot time
adb & recovery
From recovery, you can also use adb:
- adb shell
- adb sideload update.zip
- adb push
etc
Busybox
From Google Play: https://play.google.com/store/apps/details?id=stericson.busybox&hl=en
Local install:
adb install stericson.busybox-1.apk => Run busybox -> install -> smart install
Consider buying Busybox Pro...
Modifying stuffs in system partition using su
adb push some_file /sdcard/ adb shell su -c "mount -o remount,rw /system" adb shell su -c "cat /sdcard/some_file > /etc/some_file" sleep 1 adb shell su -c "mount -o remount,ro /system"
Modifying stuffs in system partition with insecure adbd (=being root by default)
adb shell mount -o remount,rw /system adb push some_file /etc/some_file sleep 1 adb shell mount -o remount,ro /system
Encrypt device
See official help
Some reports say they had to repeat the process several times on Nexus 4 before encryption started. I didn't have that problem.
One major caveat is that this is the same password for disk encryption and screen unlock, cf this longstanding bugreport.
On a rooted device this can be achieved thanks to Cryptfs password or simply by doing:
vdc cryptfs changepw <new_password>
Note that it will have to be done every time the screen PIN or pwd is changed.
See also http://nelenkov.blogspot.jp/2012/08/changing-androids-disk-encryption.html
Nexus 4
https://en.wikipedia.org/wiki/Nexus_4
Hardware
- Chipset: Qualcomm Snapdragon™ S4 Pro processor with 1.5GHz Quad-Core Krait CPUs
- Operating System: Android 4.2, Jelly Bean
- Network: 3G (WCDMA), HSPA+
- Display: 4.7-inch WXGA True HD IPS Plus (1280 x 768 pixels)
- Memory: 8GB / 16GB
- RAM: 2GB
- Camera: 8.0MP rear / 1.3MP HD front
- Battery: 2,100mAh Li-Polymer (embedded) / Talk time: 15.3 hours / Standby: 390 hours
- Size: 133.9 x 68.7 x 9.1mm
- Weight: 139g
- Other:
- NFC: Broadcom BCM2079x family: BCM20793 over I2C, cf /dev/bcm2079x-i2c
- SE: ST33 from STMicroelectronics
- Wireless charging
- Miracast
- BT 4.0
- SlimPort for HDMI
Versions
physical mark
- FCC ID: ZNFE960 IC:2703C-E960
- MODEL LG-960 MADE IN KOREA
under fastboot, stock
- PRODUCT_NAME - mako
- VARIANT - mako 16GB
- HW VERSION - rev_11
- BOOTLOADER VERSION - MAKOZ10o
- BASEBAND VERSION - M9615A-CEFWMAZM-2.0.1700.48
- CARRIER INFO - None
- SERIAL NUMBER - xxxxxx
- SIGNING - production
- SECURE BOOT - enabled
- LOCK STATE - lock
under 'About phone' from the settings, stock 4.2.2
- Android 4.2.2
- Baseband M9615A-CEFWMAZM-2.0.1700.48
- Kernel 3.4.0-perf-g7ce11cd
- Build JDQ39
under 'About phone' from the settings, 4.3
- Android 4.3
- Baseband M9615A-CEFWMAZM-2.0.1700.84
- Kernel 3.4.0-perf-gf43c3d9
- Build JWR66V then JWR66Y
My tunings
- Original recovery
- Rooted with "SuperSU"
- "SuperSU" protected by PIN
- Rooting maintained over OTA updates (using chattr +i and "SuperSU" survival mode)
- OEM locked again
- "Bootunlocker" app to unlock without wiping
- Avast Mobile Security
- anti theft with anchor in system (so even factory reset doesn't help)
- application firewall (wifi/3g/roaming per app)
- USB debugging activated and paired with my PC
- "adbd insecure" installed
- "BusyBox Pro"
- "OpenVPN Install" & "OpenVPN Settings"
- "SSHDroidPro"
- Encrypted
- with better pwd at boot time, using "Cryptfs password" app
- Bluetooth & Belkin A2DP for car: no need to unlock my screen
- "Bluetooth Auto Connect" -> pairs when screen is turned on
- "Bluetooth connect and play" -> starts playing when paired
- "AdAway" installed via "F-Droid"
- "Nexus 4 Dot" as live wallpaper
- "Helium" to backup & sync apps via Google Drive
- With Android 4.4 install launcher of Nexus 5:
Nexus S
Old notes here
Versions
physical sticker behind battery
- Model: GT-I9023
- FCC ID: A3LGTI9023
- SSN: -I9023GSMH
- IMEI: xxxxxxx
- S/N: xxxxxxx
under fastboot, after upgrade to 4.1.2
- Bootloader version - I9020XXLC2
- Baseband version - I9020XXKI1
- Carrier info - EUR
under 'About phone' from the settings, after upgrade to 4.1.2
- Android 4.1.2
- Baseband I9023XXKI1
- Kernel 3.0.31-g5894150 android-build@vpbs1 #1
- Build JZO54K
Upgrading to 4.1.2
OTA update is available and the phone proposed me to start upgrade process
update zip is located in /cache
android# ls -l /cache pc$ adb pull /cache/9U4MCfNt.zip .
Preparation
- Go to fastboot (vol-up + power)
- Go to recovery
- Backup & restore / Backup
- Mount USB
- Copy all /sdcard content to PC
- Reboot -> enter fastboot again
Preparation bis
- edit 9U4MCfNt.zip to remove recovery/ and edit META-INF/com/google/android/updater-script
- remove all commands about recovery
- add following line to keep rooted: set_perm(0, 0, 6755, "/system/bin/su");
- radio image don't seem to be affected by update, nothing to do here
This time I tried differently:
- pc$ adb push 9U4MCfNt.zip /cache
- dd if=boot.img of=boot-fit.img bs=262144 count=28 #(with original boot.img from 4.1.1)
- fastboot flash boot boot-fit.img
Upgrade
This time I tried differently:
- Reboot and accept upgrade, it will reboot the phone and let Clockwork recovery applying the patch
- Despite the set_perm, recovery told me "Root access possibly lost. Fix? /system/bin/su" and I accepted, just in case...
- Backup & restore / Backup
- Mount USB
- Copy new backup to PC
- Reboot
Rooting again
- Extract new 4.1.2 boot.img (e.g. using clockworkmod backup or:)
- modify it & flash it back, see below
android$ su android# cat /dev/mtd/mtd2 > /sdcard/boot.img adb pull /sdcard/boot.img . abootimg -x boot.img mkdir ramdisk cd ramdisk gzip -dc ../initrd.img | cpio -i sed -i 's/ro.secure=1/ro.secure=0/' default.prop find . -print|cpio -o -Hnewc|gzip > ../initrd.img2 cd .. abootimg -u boot.img -r initrd.img2 dd if=boot.img of=boot-fit.img bs=262144 count=28 fastboot flash boot boot-fit.img
Installing Cyanogenmod
See http://wiki.cyanogenmod.org/w/Install_CM_for_crespo and repository for Crespo
Boot into cyanogenmod recovery
- Wipe data/factory reset
adb shell mount /data adb push YOURROMZIP.zip /sdcard/
- Install zip from sdcard
- Choose zip from sdcard...
- Reboot
To install Google apps, see http://wiki.cyanogenmod.org/w/Gapps
Rooting Samsung Galaxy Tab 10.1
cf http://forum.xda-developers.com/showthread.php?t=1239185
I used a WinXP within a virtualbox under Debian
When flashing with Odin3 I had problems process being stuck at SetupConnection
Trick was to unplug physically the USB cable, start Odin3, plug the cable, connect the USB device through virtualbox to WinXP
Once rooted, upgrade the Superuser application
Once started, the app should detect su binary needs also to be updated. Follow instructions.
To enter clockwork recovery: power off / press vol down + power till 2 icons appear / press vol down to select left icon / press vol up / you should see recovery menu now
Installing new Market application:
Some apk are lying around, here is how I use them
First test their certificate as I don't want to get a malicious app:
$ adb install Vending_3.1.5.apk Failure [INSTALL_FAILED_ALREADY_EXISTS]
This is ok, but e.g. this one seems more worrisome, I wouldn't try it:
$ adb install Vending_3.1.6.apk Failure [INSTALL_PARSE_FAILED_NO_CERTIFICATES]
Make your backups!
Replace manually /system/app/Vending.apk by the new version and reboot.
If trouble you may try to clean the Dalvik cache from Clockwork recovery advanced menu
busybox mount -o remount,rw /system mv /system/app/Vending.apk /sdcard/Vending_1.0.apk mv /sdcard/Vending_3.1.5.apk /system/app/Vending.apk chown 0.0 /system/app/Vending.apk busybox mount -o remount,ro /system
Rooting Samsung Galaxy Tab 3 7.0 3G/WiFi
cf http://honai-android.blogspot.be/2013/11/how-to-root-galaxy-tab-3-70-sm-t211-on.html
For model number SM-T211!
Other methods reflash completely the device, I prefer the less intrusive method consisting in just installing CyanoGenMod Recovery and SuperSU
I used a Win7 within a virtualbox under Debian
I used
- USB Drivers
- T211.CWM.v6.0.4.5.recovery.tar.zip
- Universal Root Package android-armeabi-universal-root-signed.zip
- Odin 3.07
Steps:
- Enable USB Debugging Mode on the device by navigating to Settings >> Developer Options.
- Extract CWM and Odin 3.07 files
- Switch off the Galaxy Tab 3 7.0. Then boot the device into Download Mode by pressing and holding Volume Down, Home and Power buttons together until a construction Android robot icon with a warning triangle appears on screen. Now press the Volume Up button to enter Download Mode.
- Plug the tablet to let Windows discovering and configuring the device USB drivers
- Unplug the tablet
- Run Odin on the computer as an Administrator.
- Plug the tablet. Wait until Odin detects the device. When the device is connected successfully, the ID: COM box will turn to light blue with the COM port number. Additionally, the successful connected will be indicated by a message saying Added.
- In Odin, click the PDA button and select the recovery.tar.md5 file. Verify that F. Reset Time checkbox is selected. Also, ensure the Auto Reboot and Re-Partition options are NOT selected.
- Double-check and click Start button in Odin. The installation process will now begin.
- Once the installation process completes, you will see a PASS message with green background in the left-most box at the very top of the Odin. You can now unplug the USB cable to disconnect the device from the computer.
- Reboot the device into CWM Recovery mode by pressing and holding Volume Up, Home and Power buttons together.
- In CWM Recovery, select "install zip / install zip from sideload"
- Back on Debian:
adb sideload android-armeabi-universal-root-signed.zip
- Once the installation process completes, return to main recovery menu and select "reboot system now".
Misc
Security
Wi-Fi & client certs
To be able to authenticate to a Wi-Fi network using client certificates via TLS:
If needed, export certificate from IE in Pkcs#12 PFX, *with* private key, *with* all certs, *without* strong enc, *without* deletion of private key.
Rename .pfx file as .p12
(source: http://www.google.com/support/mobile/bin/answer.py?answer=168466&topic=27214#1086573)
Copy pkcs#12 certificate to root of USB storage.
File must end with .p12, not .pfx!
One single file with key+cert+cacerts is ok
Wi-Fi params: 802.1x EAP / TLS / phase2: None / CA cert: cf previous import / user cert: idem / Identity: DOMAIN\user... / Anonymous id: empty / password:...
Note that after each reboot, you'll have to select manually one of the protected networks to unlock the secure storage of personal certificates or open manually the certificates storage:
Settings > Location & Security > Use secure credentials
See also Keystore Unlocker
Importing certs
Since Android 3.0, no need for rooting anymore
If troubles, use PEM format, with file extension .crt
- drop certs on /sdcard/
- go to settings / personal: security / credential storage: install from storage & select both certs
ADB
- Manual, covers adb, am, pm, etc
Installing an app in /system/app :
adb push MyApp.apk /sdcard/
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "cp /sdcard/MyApp.apk /system/app/"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot
adb shell pm list packages -s # Should be there now
Removing an app from /system/app:
adb shell su -c "mount -o remount,rw /system"
adb shell su -c "rm /system/app/MyApp.apk"
sleep 1
adb shell su -c "mount -o remount,ro /system"
adb reboot
In case of error such as:
* daemon not running. starting it now on port 5037 * cannot bind 'local:5037' ADB server didn't ACK * failed to start daemon * error: cannot connect to daemon
strace revealed that the error was in fact:
socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path="/tmp/5037"}, 12) = -1 EACCES (Permission denied)
and there was indeed a named pipe /tmp/5037:
srwxr-xr-x 1 root root 0 Sep 4 23:26 5037
Removing it solved the issue.
Dial *#*#4636#*#* (== *#*#INFO#*#*)
SMSC configuration
To configure the SMSC (SMS gateway) on Android is not straight forward.
Access a hidden settings menu by dialing *#*#4636#*#* (*#*#INFO#*#*) -> phone settings -> SMSC -> Refresh (to get current value)
To update that field, if it does not work in plain or between quotes, try encode it in PDU
- First byte is length of SMSC info, so if it's e.g. +32475161616, it's 11 digits to code on 6 bytes, + 1 byte to code type of SMSC address => 7 bytes
- Second byte is the type of SMSC address, 91 for international format
- Next bytes are the SMSC digits, padded with "f" if odd, then nibble-swapped so in our example: 32475161616F => 2374151616F6
- Full PDU-encoded SMSC is then: 07912374151616F6 -> Update
Screenshots
Run ddms (from Android SDK) -> Tools / Device / Screen capture
Screencast
Droid@Screen:
You'll need Android SDK too.
Make sure you're using the adb from SDK and not from e.g. Debian packages:
adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
java -jar droidAtScreen-1.0.2.jar
androidscreencast:
Get jnlp file from project page
adb kill-server
export ANDROID_HOME=/path_to_your/android-sdk-linux_x86
$ANDROID_HOME/platform-tools/adb start-server
javaws androidscreencast.jnlp
Rooting, old notes
Using ChainsDD SuperUser
wget http://downloads.noshufou.netdna-cdn.com/superuser/Superuser-3.1.3-arm-signed.zip => drop on /sdcard/ (or use adb sideload) => recovery -> install from zip -> Superuser-3.1.3-arm-signed.zip
ChainFire SuperSU
wget http://download.chainfire.eu/345/SuperSU/UPDATE-SuperSU-v1.51.zip => drop on /sdcard/ (or use adb sideload) => recovery -> wipe cache -> install from zip -> from /sdcard: UPDATE-SuperSU-v1.51.zip or -> from sideload: "adb sideload UPDATE-SuperSU-v1.51.zip" -> reboot (and decline erasing recovery updater install-recovery.sh)
Details:
/system/app/Superuser.apk /system/etc/init.d/99SuperSUDaemon /system/etc/install-recovery.sh (lsattr: -----i--A----) /system/bin/.ext/.su (rwsr-sr-x = 06755) /system/xbin/daemonsu (rwsr-sr-x = 06755) /system/xbin/su (rwsr-sr-x = 06755)
The 4 binaries may be locked by a "chattr +i" but this seems to break some OTA updates, so better to change manually OTA updates first.
Version 1.51 still chattr +i /system/etc/install-recovery.sh but this breaks JWR66V to JWR66Y OTA update.
Warning CWM proposes to erase "recovery updater", actually the file from SuperSU, so decline and say no!
Rooting with SuperSU without recovery
Chainfire's CF-Auto-Root makes life really easy to install SuperSU
e.g. for Nexus 4: (requires OEM unlock)
wget http://download.chainfire.eu/297/CF-Root/CF-Auto-Root/CF-Auto-Root-mako-occam-nexus4.zip unzip -j CF-Auto-Root-mako-occam-nexus4.zip image/CF-Auto-Root-mako-occam-nexus4.img sudo fastboot boot CF-Auto-Root-mako-occam-nexus4.img
Consider buying the PRO license key too...
Keep rooting over OTA
Apparently SuperSU has some "survival mode" that you can turn on in the settings but I don't know what it does...
Once you have busybox installed (see below), you can set the su binary immutable to avoid an OTA update to kill its setuid bit:
mount -o remount,rw /system chattr +i /system/xbin/su mount -o remount,ro /system
There is also a "OTA Rootkeeper" application to do the same
If you need to reflash a custom recovery to install a custom OTA update, see this article
Edit I'm not sure the chattr method works.
OTA update JWR66Y-from-JWR66V failed because of /system/etc/install-recovery.sh being locked with chattr +i and used by SuperSU to launch daemonsu.
To solve it I had to modify manually the patch and apply it through custom recovery:
Avoid Clockworkmod recovery to be overwritten.
Avoid su setuid bit to be overwritten.
- OTA update was left in /cache and failed being applied as explained above
- Unzip 6136cbe0fb21994b8bd463d137ac75b953ba8e9b.signed-occam-JWR66Y-from-JWR66V.6136cbe0.zip
- rm -rf recovery
- Edit META-INF/com/google/android/updater-script :
--- updater-script.orig2013-08-27 17:40:36.500787411 +0200
+++ updater-script2013-08-27 17:40:10.912302554 +0200
@@ -1371,11 +1371,8 @@
6713bc8134b88289bf2fd5c17bf30d0d174d6eb0, 374184,
9d87d330c5490fec0fca02ba3d7ba17fa7d65e8c, package_extract_file("patch/system/vendor/lib/mediadrm/libwvdrmengine.so.p"));
set_progress(0.999987);
-delete("/system/recovery-from-boot.p",
- "/system/etc/install-recovery.sh");
+delete("/system/recovery-from-boot.p");
show_progress(0.100000, 10);
-ui_print("Unpacking new recovery...");
-package_extract_dir("recovery", "/system");
ui_print("Symlinks and permissions...");
set_perm_recursive(0, 0, 0755, 0644, "/system");
set_perm_recursive(0, 2000, 0755, 0755, "/system/bin");
@@ -1383,7 +1380,6 @@
set_perm(0, 0, 0755, "/system/bin/ping");
set_perm(0, 2000, 0750, "/system/bin/run-as");
set_perm(1014, 2000, 0550, "/system/etc/dhcpcd/dhcpcd-run-hooks");
-set_perm(0, 0, 0544, "/system/etc/install-recovery.sh");
set_perm_recursive(0, 0, 0755, 0555, "/system/etc/ppp");
set_perm(0, 2000, 0755, "/system/vendor");
set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/etc");
@@ -1407,6 +1403,9 @@
set_perm_recursive(0, 2000, 0755, 0644, "/system/vendor/pittpatt/models/recognition");
set_perm(0, 0, 0644, "/system/vendor/pittpatt/models/recognition/face.face.y0-y0-22-b-N.bin");
set_perm_recursive(0, 2000, 0755, 0755, "/system/xbin");
+set_perm(0, 0, 06755, "/system/xbin/su");
+set_perm(0, 0, 06755, "/system/xbin/daemonsu");
+set_perm(0, 0, 06755, "/system/bin/.ext/.su");
ui_print("Patching remaining system files...");
apply_patch("/system/build.prop", "-",
e336e937ec01a4e2fcb60d3659e296a30701ebf9, 2742,
OTA update KTU84L-from-KOT49H (4.4.3 from 4.4.2):
Modify manually the patch and apply it through custom recovery:
Avoid Clockworkmod recovery to be overwritten.
Failed to preserve root, better to root it after update
- OTA was not pre-downloaded in /cache, so I had to take it from Google: Nexus 4, Nexus 5
- Unzip 61a9ce8d2c4154837905e93a2e00540b7ebad8ff.signed-occam-KTU84L-from-KOT49H.61a9ce8d.zip
- rm -rf recovery
- Edit META-INF/com/google/android/updater-script :
--- updater-script.orig 2014-06-19 17:56:21.000000000 +0200
+++ updater-script 2014-06-19 18:12:23.000000000 +0200
@@ -4408,13 +4408,10 @@
"-", 40e71cb1beb7b998d13ce16530d0e7bf03ed0732, 6518784,
04df7b014a4a6b01095f5728158510fe4d8ae4fc, package_extract_file("patch/boot.img.p"));
set_progress(1.032753);
-delete("/system/recovery-from-boot.p",
- "/system/etc/install-recovery.sh");
+delete("/system/recovery-from-boot.p");
show_progress(0.100000, 10);
ui_print("Unpacking new files...");
package_extract_dir("system", "/system");
-ui_print("Unpacking new recovery...");
-package_extract_dir("recovery", "/system");
ui_print("Symlinks and permissions...");
set_metadata_recursive("/system", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0644, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
set_metadata_recursive("/system/bin", "uid", 0, "gid", 2000, "dmode", 0755, "fmode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
@@ -4449,7 +4446,6 @@
set_metadata("/system/bin/wpa_supplicant", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:wpa_exec:s0");
set_metadata_recursive("/system/etc/dhcpcd", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0644, "capabilities", 0x0, "selabel", "u:object_r:dhcp_system_file:s0");
set_metadata("/system/etc/dhcpcd/dhcpcd-run-hooks", "uid", 1014, "gid", 2000, "mode", 0550, "capabilities", 0x0, "selabel", "u:object_r:dhcp_system_file:s0");
-set_metadata("/system/etc/install-recovery.sh", "uid", 0, "gid", 0, "mode", 0544, "capabilities", 0x0);
set_metadata_recursive("/system/etc/ppp", "uid", 0, "gid", 0, "dmode", 0755, "fmode", 0555, "capabilities", 0x0, "selabel", "u:object_r:ppp_system_file:s0");
set_metadata("/system/recovery-from-boot.p", "uid", 0, "gid", 0, "mode", 0644, "capabilities", 0x0);
set_metadata("/system/vendor", "uid", 0, "gid", 2000, "mode", 0755, "capabilities", 0x0, "selabel", "u:object_r:system_file:s0");
Then install SuperSU v2.00
USB tethering
Plug phone & PC via USB
Activate USB tethering (Settings / Wireless & networks / Tethering / USB Tethering)
It works OOB on Debian, nothing to do
Mounting USB as MTP or PTP
New Nexus devices don't use USB mass storage anymore but MTP or PTP, mainly to be able to access data both from Android & PC at the same time.
There are two methods using fuse so make sure your user is member of fuse group:
sudo adduser <your_user> fuse
and make sure your user can access the USB device (cf above: /etc/udev/rules.d/...)
Using mtpfs
See this article
sudo apt-get install mtpfs mtp-tools mkdir ~/MyAndroid
mtpfs ~/MyAndroid ... fusermount -u ~/MyAndroid
Problem is that it's very slow to mount
Using go-mtpfs
See this article
sudo apt-get install golang fuse git-core libmtp-dev libfuse-dev mkdir /tmp/go GOPATH=/tmp/go go get github.com/hanwen/go-mtpfs sudo mv /tmp/go/bin/go-mtpfs /usr/local/bin/ mkdir ~/MyAndroid
go-mtpfs ~/MyAndroid & ... fusermount -u ~/MyAndroid
Using gphotofs
This method requires the phone to share files over USB as Camera (PTP), *not* MTP.
sudo apt-get install gphotofs mkdir ~/MyAndroid
gphotofs ~/MyAndroid ... fusermount -u ~/MyAndroid
Problem is that it only shows DCIM & Pictures
Not sure if it's a limitation of Android or Gphoto...
Applications
See Android Apps
Applications development
See Android SDK
Using the embedded SE
See Android SE
using Software Card Emulation
See Android Software Card Emulation
Backuping via BackupPC
I'm a big fan of BackupPc and this guy managed to link android & backuppc so let's give it a try.
Check the mentioned link but his setup is a bit different, running CyanogenMod while I'm using a stock fw.
Instructions here suppose your phone is rooted.
IP
Backuppc server needs to reach the phone so your phone needs a static (or DHCP statically attributed) IP or whatever dyndns system.
SSH
I'm using SshDroidPro
Make sure backuppc key is properly installed in /data/data/berserker.android.apps.sshdroidpro/home/.ssh/authorized_keys
Then test it as user backuppc, trying to access the phone and accept the server key fingerprint.
rsync
To get rsync binary, I found rsync backup for Android which downloads a rsync binary during install (a weird way to deal with a GPL program IMHO).
The actual binary it downloads is available here.
But Android wget doesn't support https so you've to transfer it to your phone by another mean.
One way is to install the application I mentioned and let it download that binary.
Then, to install it at a more rooted-Android standard place:
cd /system/xbin
busybox mount -o remount,rw /system
cp /data/data/eu.kowalczuk.rsync4android/files/rsync /system/xbin/
chmod 755 /system/xbin/rsync
chown root.shell /system/xbin/rsync
busybox mount -o remount,ro /system
Wi-Fi
Make sure Wi-Fi will stay on!
Menu > Settings > Wireless & networks > Wi-Fi settings > Menu > Advanced > Wi-Fi sleep policy > Never (or never when powered)
BackupPC config
My config: create new host in backuppc web interface with:
XferMethod = rsync RsyncShareName = [/data/, /efs/ (useful??), /system/, /mnt/asec/, /mnt/sdcard/] RsyncClientPath = /system/xbin/rsync BackupFilesExclude = /mnt/sdcard/ => [/oruxmaps/mapfiles, /clockworkmod/backup, /radio_dump_*, /videos]
Note that in the mentioned link he's using RsyncShareName = / and playing with BackupFilesOnly but for me it looks like BackupFilesOnly was not respected, so I preferred to have separate RsyncShareName
Some info on APP2SD here and here
I had errors "Ping too slow" so I increased
PingMaxMsec = 400
as anyway it's on local network
Non-rooted device
For non-rooted devices the setup is a bit different:
- SSH server will run on a non-privilegied port, e.g. port 2222
- login will be done with sshdroid permissions, not root, so it cannot access rsync binary neither /data content
- rsync needs to be available so we'll transfer it again, as sshdroid user:
scp -P2222 rsync galaxy:/data/data/berserker.android.apps.sshdroid/home/bin/
then make it executable
- BackupPC config is e.g.:
XferMethod = rsync RsyncShareName = [/mnt/sdcard/] RsyncClientPath = /data/data/berserker.android.apps.sshdroid/home/bin/rsync BackupFilesExclude = /mnt/sdcard/ => [/Movies] RsyncClientCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+" RsyncClientRestoreCmd: add "-p2222" to ssh options: "$sshPath -p2222 -q -x -l root $host $rsyncPath $argList+"
Because we cannot directly backup /data content, what can be done is to use e.g. MyBackupPro to backup most of the data to the SD card, in a scheduled way.