Related
stepw discovered a stack overflow vulnerability that affects ALL Trinity SPL versions up to now, I implemented an exploit for it, see details here.
The same bug is present in Hermes SPL versions >= 1.11, and all SPLs using HTC common base 1.51, so probably newer Breeze SPLs are vulnerable too.
Sadly for hermes users this bug can't be exploited the same way it's done on Trinity, this is the memory layout on Trinity:
Code:
0x80b00000 | xxxxxxxxxxx | \
.... | xxxxxxxxxxx | > wdata buffer
0x80b10000 | xxxxxxxxxxx | /
+-------------+
| . |
| . |
+-------------+
0x8c000000 | SPL-begins | \
.... | SPL SPL SPL | ME
.... | SPL SPL SPL | MO <--- how_far
.... | SPL SPL SPL | RY
.... | SPL SPL SPL | /
0x8c040000 | SPL-ends |
+-------------+
| . |
| . |
+-------------+
| . | \
0x8c08cb90 | . | s
.... | | t /\
.... | | a ||
.... | | c ||
.... | | k ||
0x8c08db90 | | /
| |
By doing recusrive 'ruustart' calls we can overflow the stack and set arbitrary bytes in 0x64 bytes buffer (size of command buffer in ruu mode).
We first try to detect how far the overflow should go, this varies on each SPL version. Then we put a known pattern on the stack and use the 'checksum' command to determine offsets of current stack top and size of stack frame of ruustart and normal command mode.
Then we load our unsigned code using wdata, of course we get an "invalid cert error" from bootloader, but the data we send is stored at 0x80b00000 (wdata buffer). We place here a modified IPL to skip loading SPL from NAND, and the custom SPL we want to load.
Then we calulate how many recursions we need to reach the spl end at 0x8c040000, the first recursions are padded with 0's as they are useless, only need them to overflow the stack, we put our shellcode here, the shellcode is a handler which executes the loader that resides in ram (0x80b00000) which copies patched IPL, SPL to RAM, disables ARM instruction caching and virtual addressing and branches to 0 offset to start IPL.
After placing the shellcode, we send the next ruustart calls with padding that contains branch instructions (relative jumps to the handler), we calculate how many calls we need based on target offset, initial stack offset and stack frame size.
Finally we need to jump to our patched code, to do this we call a function which has its entry point properly aligned with the overflown stack frame (we only control 0x64 bytes out of the frame size for ruustart which is tipically 0xe0), this also varies in each SPL version.
Now let's see the problem we're facing in hermes, this is the Hermes memory layout:
Code:
| . | \
| . | s /\
| | t ||
.... | | a ||
| | c ||
.... | | k
0x8c033b90 | | /
+-------------+
| . |
| . |
+-------------+
0x8c080000 | SPL-begins | \
.... | SPL SPL SPL | ME
.... | SPL SPL SPL | MO <--- how_far; we never reach here :(
.... | SPL SPL SPL | RY
.... | SPL SPL SPL | /
0x8c0c0000 | SPL-ends |
+-------------+
| . |
As you can see here, the stack grows up in the same direction as trinity, but the SPL code is placed below the stack so we can't overwrite it, thus we can't call a function that branches to our code.
So this is a call for developers & researchers, we need to find what else is between the stack and the ram top in hermes and see if there's something there that could be exploited, or if there's a pointer in ram that code branches to, we can exploit it by replacing the pointer.
You can use the Trinity exploit code with '-m hermes' hidden flag to test things on Hermes, feel free to modify / adapt the source for your tests on hermes.
Any ideas are welcome, have fun!
Damn pof your a real wacko and a genious, nice job man congrats!!
Re: spl overflow
Cool!
Congratz to stepw for this amazing research and exploit!
pof! GOOD work and nice code! Hope caffeine let you sleep some day!
Tonight we have to celebrate this with some beers!
heheh
thanks, keep up the good works, hope this software be develope as soon as posible so that our bricked phone be alive again.
I don't Understand
i'm using dopod 838 pro....where the memory layout mus edit?
Hey,
So i got this vibrant off craigslist. I rooted it, installed root explorer and checked the efs folder and it had the nv_data files but the IMEI was 004999010640000. Now i know my nv_data file isnt the original one cuz i tried the repair_nv_data fix with absolutely no luck. No matter what i still get this fake IMEI. Completely different from the one on the back of my phone.
Is there any way to restore my original nv_data files or manually edit the IMEI number? I flash back to stock firmware using ODIN a=but it resulted in the exact same thing. My IMEI was this 004999010640000 number.
Really need help
I have something you might be able to try (but want to you to look at something first).
I encountered a problem after an i9000 rom flash where something changed my product code in the nv_data file (captivate model). The generic imei was nothing new as i had often seen this using custom roms but a flash to stock always restored my original imei until the time my nv_data files were corrupted and showing the wrong product code.
Download SGS-Toolbox and check your product code....report results back here.
bames said:
I have something you might be able to try (but want to you to look at something first).
I encountered a problem after an i9000 rom flash where something changed my product code in the nv_data file (captivate model). The generic imei was nothing new as i had often seen this using custom roms but a flash to stock always restored my original imei until the time my nv_data files were corrupted and showing the wrong product code.
Download SGS-Toolbox and check your product code....report results back here.
Click to expand...
Click to collapse
Hey thanks a lot for the reply. Uh yea just did that and i got this:
product code in nv_data.bin: i9000hkdkor. Lol thats totally wrong isnt it?
darktranquility18 said:
Hey thanks a lot for the reply. Uh yea just did that and i got this:
product code in nv_data.bin: i9000hkdkor. Lol thats totally wrong isnt it?
Click to expand...
Click to collapse
totally wrong.
give me some time as my fix was for the captivate and its codes......need to update/convert the changes to be applicable to your vibrant. Watch here and i will post a fix to try shortly.
In the meantime. Please do me a favor download Hex Editor Free from the market. Go ahead and make backups to external SD Card or if you don't have one create a temp efs backup folder on /sdcard (internal sd) (Backups of all nv_data files in your efs folder) even if they are wrong.
1. Use hex editor to open the backup of the nv_data.bin
2. Use the capacitive menu button on your phone and it will bring up your options....choose JUMP TO
3. enter 0188008 which takes you to line 188008 and tell me what the text to the far right reads (should read something like .4....K )
3. Scroll down to 00188010 and report text @ right
4. Scroll down to 00188018 and report text @ right
4. finally scroll down to line 188020 and also tell me what text is to the far right (i want to make sure product codes on the vibrant are located on same lines as the captivate)
bames said:
totally wrong.
give me some time as my fix was for the captivate and its codes......need to update/convert the changes to be applicable to your vibrant. Watch here and i will post a fix to try shortly.
In the meantime. Please do me a favor download Hex Editor Free from the market. Go ahead and make backups to external SD Card or if you don't have one create a temp efs backup folder on /sdcard (internal sd) (Backups of all nv_data files in your efs folder) even if they are wrong.
1. Use hex editor to open the backup of the nv_data.bin
2. Use the capacitive menu button on your phone and it will bring up your options....choose JUMP TO
3. enter 0188008 which takes you to line 188008 and tell me what the text to the far right reads (should read something like .4....K )
3. Scroll down to 00188010 and report text @ right
4. Scroll down to 00188018 and report text @ right
4. finally scroll down to line 188020 and also tell me what text is to the far right (i want to make sure product codes on the vibrant are located on same lines as the captivate)
Click to expand...
Click to collapse
Yo really appreciate the help man. Aite
00188008: .800...K
00188010: OR....GT
00188018: -I9000HK
00188020: DKOR....
darktranquility18 said:
Yo really appreciate the help man. Aite
00188008: .800...K
00188010: OR....GT
00188018: -I9000HK
00188020: DKOR....
Click to expand...
Click to collapse
thanks just a little bit more info before i convert my fix.
Go back to those same lines in hex editor
There will 8 block of data between the line # and the text at the right that you reposted. Please post the #'s/letters for each corresponding block so i can ensure that i convert properly.
00188008 | | | | | | | | | .800...K
00188010 | | | | | | | | | OR....GT
00188018 | | | | | | | | | -I9000HK
00188020 | | | | | | | | | DKOR....
I will need the 2 digit/numeral codes in each of the boxes for the line above.
thanks
bames said:
thanks just a little bit more info before i convert my fix.
Go back to those same lines in hex editor
There will 8 block of data between the line # and the text at the right that you reposted. Please post the #'s/letters for each corresponding block so i can ensure that i convert properly.
00188008 | | | | | | | | | .800...K
00188010 | | | | | | | | | OR....GT
00188018 | | | | | | | | | -I9000HK
00188020 | | | | | | | | | DKOR....
I will need the 2 digit/numeral codes in each of the boxes for the line above.
thanks
Click to expand...
Click to collapse
sorry...i know thats a pain in the butt but once i have that data i think i can convert the fix to work for you
bames said:
sorry...i know thats a pain in the butt but once i have that data i think i can convert the fix to work for you
Click to expand...
Click to collapse
disregard last post...i got the code from a health nv_data file so you just need to compare the data from those lines to your own and make corrections in Android Hex Editor.
I sent you detailed instructions in a PM. Please test it....if it works i will repost my ported fix to the general section.
let me know if something is unclear.
PS - Even in a custom rom this should correct your product code (tested in 2.2 code).
I was in stock 2.1 when i crafted and executed this fix the first time so i don't know if it will restore your imei in custom rom environment as when i had an invalid product code in 2.2 i still had right imei.
any resolution to this??? i unlocked my vibrant in the USA and used it with both at&t and tmobile, came to india and i can't use indian sim cards...i took it to a local unlocking wiz, and he told me that my phone's imei has been wiped and according to indian law, no network will register to a phone that has a wiped imei...SO NOW I EITHER HAVE TO figure this out, or buy a new phone for 2 weeks
ANY HELP?
ppriyank said:
any resolution to this??? i unlocked my vibrant in the USA and used it with both at&t and tmobile, came to india and i can't use indian sim cards...i took it to a local unlocking wiz, and he told me that my phone's imei has been wiped and according to indian law, no network will register to a phone that has a wiped imei...SO NOW I EITHER HAVE TO figure this out, or buy a new phone for 2 weeks
ANY HELP?
Click to expand...
Click to collapse
Oh for real? So it is the imei? I have 2 vibrants. Used both in the US with AT&T. I came back to india in november and my vibrant worked perfectly. It has the right imei. When i came back in decemeber with the other phone, unlocked working perfectly in the US, it just said no service here. If what you said was true then the only solution would be to repair the imei somehow. Ive tried everything and no luck :S
bames said:
I sent you detailed instructions in a PM. Please test it....if it works i will repost my ported fix to the general section.
let me know if something is unclear.
Click to expand...
Click to collapse
Hi, Bames!
I have the same issue with IMEI of my phone. Now it shows 004999010640000.
Can you help to restore it to the original which must be equal to the number in the back of my phone?
Thanks.
Id like to know if this was ever resolved and if the correct IMEI had been restored or not? Thank you
bumping because I want to know the reultion to this as well
Hey I got the same problem~!!
Wanna know the resolution, Please~!!
Hasnt been fixed on my phone yet. But try doing what bames did. Maybe itll work for you
i thought the imei number for your phone is located under the battery?
Original post by bames. Just posting it again to make everything clear.
***IMPORTANT PRECURSOR - we will be working with an important system folder (/EFS) and its contents (nv_data files). It is important to back this folder up (we will be doing this in step 2 below). I first backed it up to my external sd card but i did also copy the backup folder to my PC just in case.***
This method assumes you are starting with a rooted phone w/ superuser rights
You will need the following APPS that can all be downloaded from market and, with the exception of Root Explorer, are all free:
A. Root Explorer (i know its paid but its the most $ worthy app i have encountered. You can use the free Android Mate as an alternative but not as robust or convenient IMO)
B. Busbybox (once installed from market open the app to install it)
C. Android Terminal Emulator (make sure to download the one with higher star rating)
D. Hex Editor
E. SGS Toolbox
__________________________________________________ _______________
Once all tools/apps listed above have been downloaded proceed as follows:
THERE ARE 3 Total Lines you will need to edit:
00188008
00188010
00188020
1. Install Busybox if you haven't done so already.
2. Use Root Explorer to create EFS Backup folder on an External SD (if you don't have one you can use the internal sd and give it a generic name that you will be able to identify). When ROOT EXPLORER opens you will be in the system file directory to get to your internal sd card open the SDCARD folder (from there you will see your external sd card as well if you have one installed)
3. Use root explorer to view the open the EFS folder from your system directory. The EFS folder contains the file you will will need to edit and replace. Open the efs folder and use the multi-select copy to copy the following files: nv_data.bin and nv_data.bin.md5 (you can also copy their respective backup files nv_data.bak and nv_data.bin.md5.bak).
4. Staying in root explorer go back to parent directory (option at top of file/folder list) and navigate to the backup folder you created and paste the files there. While still in this directory make a copy of just the nv_data.bin and the paste is either in the root directory or external sd or internal sd if you do not have ext.
5. Open Hex Editor Application and open the copy of nv_data.bin from your external or internal SD (click the capacitive menu button on phone and select OPEN FILE)
6. Once the file opens click the capacitive button to bring up the menu again and select jump to address:
7. Enter 0188008
This will take you to line 00188008
8. To the left you will see line #’s followed by 8 blocks of hex code data that will be 2#’s, 2 letters, or a combination of #’s letters (examples | ff | 54| 00| 4b|). Well will need to edit code in 3-4 lines of the code. Once you have used the jump to option you will see all the lines that need edited on the screen starting with 00188008 (the others will be 00188010, 00188018, 00188020)
9. Compare that data in each of your corresponding lines you see below. Where your numbers are different correct them with the corresponding #’s below. (click corresponding box and it brings up the contained # simply replace it with correct # from chart below). I put the parts you will be comparing and correcting in bold to make viewing easier.
00188008 | 2e | 33 | 00 | 00 | 00 | 00 | ff | 54 |
00188010 |4d | 42 | 00 | 00 | 00 | 00 | 53 |47 |
00188018 |48 | 2d | 54 | 39 | 35 | 39 | 5a | 4b |
00188020 |42 | 54 | 4d | 42 | 00 | 00 | 00 | 00 |
10. Save the file and move it back to efs using root explorer copying over the original.
11. delete the nv_data.bak and the nv_data.bin.md5 files (leave the nv_data_bin.md5.bak in the folder..don't delete it).
12. Open Terminal Emulator and run the following commands:
su
busybox chown 1001:1001 efs/nv_data.bin
reboot
(If you have an issue in Android Terminal Emulator where the keyboard doesn’t come back up after entering su command simply hit the capacitive menu button and you will have the open to re-open the keyboar)
13. Once your phone has rebooted use SGS Toolbox APP to check your IMEI and Product Code to make sure the fix worked.
Using hex editor, check these again:
00188000 - ff ff ff ff 52 45 56 30 - . . . . R E V 0
00188008 - 2e 33 00 00 00 00 ff 54 - . 3 . . . . . T
00188010 - 4d 42 00 00 00 00 53 47 - M B . . . . S G
00188018 - 48 2d 54 39 35 39 5a 4b H - T 9 5 9 Z K
00188020 - 42 54 4d 42 00 00 00 00 - B T M B . . . .
00188028 - 00 00 01 50 02 4e 03 4e - . . . P . N . N
Also, the imei cant be fixed without the original nv_data files(ur efs folder). So its very unlikely that itll be fixed. Also with certain carriers in certain countries, Airtel in india for example, have banned phones from connecting to their network cuz of the wrong imei numbers. On the other hand, a phone with a wrong imei still works on a carrier like at&t.
DontJoinTheDarkSide said:
i thought the imei number for your phone is located under the battery?
Click to expand...
Click to collapse
The imei number of the hardware must match the imei in the nv_data.bin file located in the efs folder of the phone. If they do not match, when u go to 'about phone', you get a wrong imei like 004999010640000 which is banned by certain networks and the android market acts weird at times(doesnt download).
How would the imei number get changed in the 1st place?
edit lines 00188000-00188020
to match the screenshot
HOWTO: Setup a working environment to build CM7, with SVN
0. Overview
In this thread: http://forum.xda-developers.com/showthread.php?t=1565517, HPA has shown a custom ROM based on CM7, and his development files. I think there's a need to create a guideline of how to create such artifacts yourself by setting up your own development environment, download the source code and build ones for yourself. This post address that need. Hope this helps!
1. Install a version tracking system
1.1 Install SVN, please refer to "Setup a Subversion Server in 4 Minutes" (http://www.tonyspencer.com/2007/03/02/setup-a-subversion-server-in-4-minutes/)
1.1 Install RapidSVN by running "sudo apt-get install rapidsvn" (Ubuntu users may need to use sudo, or by installing it from Synaptic, for more details please refer to http://www.rapidsvn.org/index.php/OnlineHelp:Contents)
What's just happened: you installed Subversion (a software versioning and revision control system) and a GUI tool to track changes to the scripts you are going to create/update. Having a revision control system up and running is recommended since you're going to change many things from the original files, or create ones yourself. When your change is irrelevant, Subversion will save the day by allow you to revert back to a last-known-good version in the past - that's all we need, I think.
2. Get CM7 source code
Assume that we're going to use a folder named "gingerbread" in your home folder for this task:
Code:
$ cd ~/android/gingerbread
$ repo init -u git://github.com/CyanogenMod/android.git -b gingerbread
$ repo sync
3. Initialize the build script folder structure
Ensure that, the folder containing development files will have the same structure as the CM7 source tree, like this:
Code:
$ tree -d ~/android/cm7dev/gingerbread
gingerbread
|-- device
| `-- dell
| `-- venue
| |-- files
| |-- libaudio-qsd8k
| `-- overlay
| |-- frameworks
| | `-- base
| | |-- core
| | | `-- res
| | | `-- res
| | | `-- values
| | `-- packages
| | `-- SettingsProvider
| | `-- res
| | `-- values
| `-- packages
| `-- apps
| |-- CMParts
| | `-- res
| | `-- values
| |-- Mms
| | `-- res
| | `-- values
| |-- Phone
| | `-- res
| | `-- values
| |-- Settings
| | `-- res
| | `-- values
| `-- Torch
| `-- res
| `-- values
|-- frameworks
| `-- base
| |-- include
| | |-- camera
| | `-- media
| |-- libs
| | `-- camera
| |-- media
| | |-- java
| | | `-- android
| | | `-- media
| | |-- jni
| | `-- libstagefright
| | `-- omx
| |-- policy
| | `-- src
| | `-- com
| | `-- android
| | `-- internal
| | `-- policy
| | `-- impl
| |-- services
| | |-- camera
| | | `-- libcameraservice
| | `-- java
| | `-- com
| | `-- android
| | `-- server
| `-- telephony
| `-- java
| |-- android
| | `-- telephony
| `-- com
| `-- android
| `-- internal
| `-- telephony
| `-- gsm
|-- packages
| `-- providers
| `-- MediaProvider
| `-- src
| `-- com
| `-- android
| `-- providers
| `-- media
`-- vendor
`-- cyanogen
`-- products
Here, we have 4 sub-folders called "device", "frameworks", "packages" and "vendor". Later we will merge this folder with the CM7 source tree.
4. Import cm7dev files (the above tree folder structure) to SVN repo
Code:
$ svn import ~/android/cm7dev/gingerbread file:///data/svnrepos/gingerbread
5. Create a new empty working directory
This will be the place we checkout our code, and actually do the development task
Code:
$ cd ~/android
$ mkdir dv-dev
$ mkdir dv-dev/gingerbread
Now, checkout code from URL file:///data/svnrepos/gingerbread to the above working folder. You can use RapidSVN, or if you're familiar with SVN command line interface, issue this:
Code:
$ svn co file:///data/svnrepos/gingerbread ~/android/dv-dev/gingerbread
6. Merge CM7 code folder with our working directory
Now, copy everything from CM7 code folder (~/android/gingerbread) to the your working directory ~/android/dv-dev/gingerbread. Since they have the same name, with the same sub-folders, a confirmation will be shown to ask you whether you want to merge the content. Say Yes, and besure to select to apply to all items found.
This step ensures that, you can now build CM7 right from the working folder, and any changes to build script can be tracked by SVN (checked in). Now you're ready to go with the build progress. You may want to copy files from ~/android/cm7dev/gingerbread to the working folder again to overwrite all conflicts if there are any.
7. Copy proprietary files
Be sure your phone is connected to your PC, and USB access are well-configured so that ADB can do its task to pull the proprietary needed files.
Code:
$ cd ~/android/dv-dev/gingerbread/device/dell/venue
$ ./extract-files.sh
In this step, several changes need to be made for this file (extract-files.sh). You will have to adjust one for yourself since I noticed that HPA - the author - wrote some script to pull files that do not exists (he might have based on a Streak instead).
8. Install new versions of gApps and Rom Manager (of course, if you want)
Code:
$ cd ~/android/dv-dev/gingerbread/vendor/cyanogen/
$ ./get-rommanager
9. Build (the setup-makefiles.sh below will also has to be modified)
Code:
$ cd ~/android/dv-dev/gingerbread/device/dell/venue
$ ./setup-makefiles.sh
$ cd ~/android/dv-dev/gingerbread
$ cp ./vendor/cyanogen/products/cyanogen_venue.mk ./buildspec.mk
# choose device
$ . build/envsetup.sh
$ lunch cyanogen_venue-eng
# actual build
$ mka (or make -j`grep 'processor' /proc/cpuinfo | wc -l`, like what shown in Cyanogen official guidelines)
Now, let's just wait adjust the build scripts base on what you get (errors) during the build progress. For example, here's what I met:
Code:
target Strip: InputChannel_test (out/target/product/venue/obj/EXECUTABLES/InputChannel_test_intermediates/InputChannel_test)
(unknown): error 4: Added public method android.telephony.PhoneNumberUtils.formatKoreanNumber
(unknown): error 5: Added public field android.media.MediaRecorder.AudioEncoder.EVRC
(unknown): error 5: Added public field android.media.MediaRecorder.AudioEncoder.QCELP
(unknown): error 5: Added public field android.telephony.PhoneNumberUtils.FORMAT_KOREA
******************************
You have tried to change the API from what has been previously approved.
To make these errors go away, you have two choices:
1) You can add "@hide" javadoc comments to the methods, etc. listed in the
errors above.
2) You can update current.xml by executing the following command:
make update-api
^^^^^^^^^^^^^^^^^^
NO. NO. STOP BEING LAZY. SERIOUSLY.
DO NOT DO THIS in CM. THIS IS A LIE. IF YOU DO THIS I WILL HATE YOU.
USE OPTION #1.
-Koush
To submit the revised current.xml to the main Android repository,
you will need approval.
******************************
I typed "make update-api" like the author said above, and things were fine.
10. Remove symbolic links in /system/xbin, /system/bin
All symbolic links in the above folders need to be removed, since they will be created during the flashing progress, via instructions in updater-script
Code:
$ cd ~/android/dv-dev/gingerbread/out/target/product/venue/system/bin
$ find . -maxdepth 1 -type l -exec rm -f {} \;
$ cd ~/android/dv-dev/gingerbread/out/target/product/venue/system/xbin
$ find . -maxdepth 1 -type l -exec rm -f {} \;
11. Deploy
Now, copy the following things from ~/android/dv-dev/gingerbread/out/target/product/venue
- ./system
- boot.img
to another directory to create an update.zip file.
12. Other tools you might need/consider
Meld: a visual diff and merge tool
Geany: a text editor using the GTK2 toolkit with basic features of an integrated development environment
RabbitVCS: a graphical front-end for version control systems available on Linux that can be integrated into file managers such as Nautilus, Thunar. You'll find it familiar if you use TortoiseSVN on Windows before.
P.S. My development files: http://www.mediafire.com/?2ozrmxotdsib9nn
Here is my working result:
http://www.mediafire.com/?8a8ntad2t7tv4mb
and its screenshot:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Still, there is not many differences with the original update-cm-7.2.0-RC1-DV-KANG-HPA-BETA2-signed yet, but at least we know how to build it! Right?
Update: ROM with my custom kernel (4.06)
hey, chacona .!! Can u add my yahoo ID!
Trainhque_dideple_dayemphe_7593
i have something to ask you ! ?
chacona said:
Here is my working result:
http://www.mediafire.com/?zqqkne7qb4bqplf
and its screenshot:
Still, there is not many differences with the original update-cm-7.2.0-RC1-DV-KANG-HPA-BETA2-signed yet, but at least we know how to build it! Right?
Update: ROM with my custom kernel (4.06)
Click to expand...
Click to collapse
Is there anyway to get more free RAM?
How did you get so much RAM?
As I have only 184 MB of free RAM.
prasad12ka4: sorry, I don't know how to get more RAM so far. What I've done is just establishing a development environment, and successfully built a working copy of CM7 myself, proving that what I did is correct. Surely, I have a lot of things to do after that.
Guys.!!! Dell venue n dell streak 5got same rom n environment hardware too just diffrence is venue is Hdpi n dell streak is Mdpi .so why do nt we join hands n make ics work for dell or on other hand u can take advantage of our dell streak 5 formus there r few good roms like longhorn 2.8 with Hdpi support for dell Venue and Dcs 1.1.which supports both hdpi n mdpi just need to edit build.prop n may be kernel....whish u all safe cooking ...n Friends in need friend indeed ..
Max
Sent from my Dell Streak using xda premium
djmax81 said:
Guys.!!! Dell venue n dell streak 5got same rom n environment hardware too just diffrence is venue is Hdpi n dell streak is Mdpi .so why do nt we join hands n make ics work for dell or on other hand u can take advantage of our dell streak 5 formus there r few good roms like longhorn 2.8 with Hdpi support for dell Venue and Dcs 1.1.which supports both hdpi n mdpi just need to edit build.prop n may be kernel....whish u all safe cooking ...n Friends in need friend indeed ..
Max
Sent from my Dell Streak using xda premium
Click to expand...
Click to collapse
this is indeed exciting
Sent from my Dell Venue using xda premium
yah if some dev help us then surely we will get ics on dell venue
I am still working on CM7, with some kernel related tasks such as overclocking, checking the memory (I wonder why with 2.3.3 the total memory is only about 383, and on 2.2.2 is about 400+). Maybe it's a ROM problem, but I will try to find the root cause in the kernel first.
Because of the reason above, I still have no chance to look at the ICS ROM yet. However, there might be a lot of things to be learnt (as stated in CM forum). But, for stability, I think we should wait until ICS becomes RTM to begin our development work since changes are still can be many.
After CM12.1 install I'm unable to install the gapps pico. Here's the log from gapps install.
Notice the Total System Size is only 12mb... Using tk_gapps-modular-pico-5.1.1-20150920-signed.zip
Is there any way to increase the partition size or a quick fix? The smallest pico is about 50mb and it's still going to fail with only 12mb size.
# Begin TK GApps Install Log
--------------------------------------------------------------------------------
ROM Android Version |
ROM ID |
ROM Version | non-standard build.prop
Device Recovery | TWRP 2.8.6.0
Device Name | meliuslte
Device Model |
Device Type | phone
Device CPU |
getprop Density | 240
default.prop Density | 240
build.prop Density |
Display Density Used | 240dpi [default]
Install Type | Clean[Data Wiped]
Google Camera Installedπ | Clean
Google Keyboard Installedπ | Clean
FaceUnlock Compatible | false
Google Camera Compatible | true
Google Webview Compatible | true
Current GApps Version | NO GApps Installed
Curent TK GApps Package | NO GApps Installed
Installing GApps Version | 20150920
Installing GApps Type | pico
Config Type | exclude
Using gapps-config | /external_sd/Download/gapps-config.txt
Remove Stock/AOSP Browser | false[NO_Chrome]
Remove Stock/AOSP Email | false[NO_Gmail]
Remove Stock/AOSP Gallery | false[NO_Photos]
Remove Stock/AOSP Launcher | false[NO_GoogleNow]
Remove Stock/AOSP MMS App | false[NO_Hangouts]
Remove Stock/AOSP Pico TTS | false[NO_GoogleTTS]
Total System Size (KB) | 12052
Used System Space (KB) | 4108
Current Free Space (KB) | 7944
Additional Space Required (KB) | 74904 << See Calculations Below
--------------------------------------------------------------------------------
π Previously installed with TK GApps
# End TK GApps Install Log
INSTALLATION FAILURE: Your device does not have sufficient space available in
the system partition to install this GApps package as currently configured.
You will need to switch to a smaller GApps package or use gapps-config to
reduce the installed size.
# Begin GApps Size Calculations
---------------------------------------------------------
TYPE | DESCRIPTION | SIZE | TOTAL
| Current Free Space | 7944 | 7944
Remove | Existing GApps | + 0 | 7944
Remove | Obsolete Files | + 0 | 7944
Install | Core≤ | - 28744 | -20800
Install | GMSCore≤ | - 43656 | -64456
Install | calsync≥ | - 1232 | -65688
| Buffer Space≤ | - 9216 | -74904
---------------------------------------------------------
Additional Space Required | 74904
---------------------------------------------------------
≤ Required (ALWAYS Installed)
≥ Optional (may be removed)
# End GApps Size Calculations
# Begin User's gapps-config
Books
Chrome
ClooudPrint
Docs
Earth
ExchangeGoogle
Slides
Sheets
# End User's gapps-config
Hi, If this is a stupid noob question, then sorry.
I've got an xt1941-3 Motorola One. Figured out how to put LineageOS 17.1 on, and was looking at opengapps for the play store and google maps only. Since I literally only want the play store app and google play services for the location services, I wrote an exclude file for gapps that looks like this
Code:
# .gapps-config-deen
# Exclude all extras from pico package
# Pico+
CalSync # Install Google Calendar Sync (if Google Calendar is being installed)
DialerFramework # Install Dialer Framework (Android 6.0+)
GoogleTTS # Install Google Text-to-Speech Engine (Micro+ on 5.0-, Pico+ on 6.0+)
PackageInstallerGoogle # Install Package Installer (Android 6.0 only & Android 8.0+)
This results in all the packages except for the Google DialerFramework to be excluded. Looking at the gapps logs, I see That gapps is claiming that the AOSP DialerFramework "is not available on your ROM (anymore)"
The device was factory reset prior to having lineage flashed to ensure a clean install of gapps.
dalvik, system, data was all wiped before the lineage install, so not understanding how the aosp version is not there (anymore).
Code:
# Begin Open GApps Install Log
------------------------------------------------------------------
ROM Android version | 10
ROM Build ID | lineage_deen-eng 10 QQ3A.200605.001 eng.root.20200710.200251 test-keys
ROM Version increment | eng.root.20200710.200251
ROM SDK version | 29
ROM/Recovery modversion | 17.1-20200711-UNOFFICIAL-deen
Device Recovery | TWRP 3.2.3-0-08ee1e2f
Device Name | deen
Device Model | motorola one
Device Type | phone
Device CPU | arm64-v8a,armeabi-v7a,armeabi
Device A/B-partitions | true
Installer Platform | arm
ROM Platform | arm64
Display Density Used | unknown
Install Type | Clean[Data Wiped]
Google Camera already installed | Clean
VRMode Compatible | false
Google Camera Compatible | true
New Camera API Compatible | false
Google Pixel Features | false
Current GApps Version | No GApps Installed
Google Camera version | Legacy
Installing GApps Zipfile | /external_sd/Packages/open_gapps-arm64-10.0-pico-20201110.zip
Installing GApps Version | 20201110
Installing GApps Type | pico
Config Type | exclude
Using gapps-config | /external_sd/Packages/.gapps-config-deen
Remove Stock/AOSP Browser | false[NO_Chrome]
Remove Stock/AOSP Camera | false[NO_CameraGoogle]
[B] Remove Stock/AOSP Dialer | false[NO_DialerGoogle][/B]
Remove Stock/AOSP Email | false[NO_Gmail]
Remove Stock/AOSP Gallery | false[NO_Photos]
Remove Stock/AOSP Launcher | false[NO_GoogleNow/PixelLauncher]
Remove Stock/AOSP MMS App | false[NO_Messenger]
Remove Stock/AOSP Pico TTS | false[NO_GoogleTTS]
Ignore Google Contacts | false
[B] Ignore Google Dialer | true[NoRemove][/B]
Ignore Google Keyboard | false
Ignore Google Package Installer | false
Ignore Google NFC Tag | false
Ignore Google WebView | false
Total System Size (KB) | 2580272
Used System Space (KB) | 1338072
Current Free Space (KB) | 1225816
Post Install Free Space (KB) | 1064544 << See Calculations Below
------------------------------------------------------------------
# End Open GApps Install Log
[B]NOTE: The Stock/AOSP Dialer is not available on your
ROM (anymore), the Google equivalent will not be removed.[/B]
# Begin GApps Size Calculations
------------------------------------------------------------------
TYPE | DESCRIPTION | SIZE | TOTAL
| Current Free Space | 1225816 | 1225816
Remove | Existing GApps | + 0 | 1225816
Remove | Obsolete Files | + 0 | 1225816
Remove | cmsetupwizard | + 0 | 1225816
Remove | extservicesstock | + 96 | 1225912
Remove | extsharedstock | + 24 | 1225936
Remove | provision | + 0 | 1225936
Install | Core | - 152176 | 1073760
| Buffer Space | - 9216 | 1064544
------------------------------------------------------------------
Post Install Free Space | 1064544
------------------------------------------------------------------
# End GApps Size Calculations
# Begin User's gapps-config
CalSync
DialerFramework
GoogleTTS
PackageInstallerGoogle
# End User's gapps-config
What am I missing? Please help understand!
Edit: this may be related to this other problem encountered that I wrote about here: https://forum.xda-developers.com/motorola-one/how-to/problems-google-apps-infecting-fresh-t4191039