[Discussion]Question on methods to block OTA - Nook Color Android Development

Since neither of the two methods that have been tossed about seem to be working: renaming OTAcerts (although, the recommended rename still included OTAcerts.zip which could be a reason it didn't work) or spoofing the build.prop. I put on my thinking hat back to TiVo hacking. For those that don't know or remember, TiVo is an embedded Linux system.
I recalled one means and went and looked it up. The following is a command that set the bootpage and told it to skip software updates: bootpage -P root=/dev/hda4 dsscon=true console=2,115200 upgradesoftware=false. This was set on the hard drive that the TiVo booted from.
My question is this, is this relevant to Android (also an embedded Linux)? If so, could it be adapted?
Homer

I was wondering what you folks thought of this 'prevent' 1.1 hack??
http://forum.xda-developers.com/showthread.php?t=930477
seems reasonable to me, adding:
127.0.0.1 csqaint.barnesandnoble.com
(looks to be the primary check for updates?)
and
127.0.0.1 bncs.barnesandnoble.com
(just for good measure but might have unwanted consequences?)
to /etc/hosts file
I would personally like to be able to put an end to this 'forced' OTA update behind us and be able to sideload any updates from bn manually at our convienence in the future.
how bout u??????

What I did when the first scare of an update arose was:
a) Checked in /data/data/com.bn.nook.devicemanager/databases/ for an sql file
b) Pulled the sql file.
c) Dump its contents with sqlite3.
d) In it there's an entry for OTAs... with value "auto"
e) Changed that value to "manual"
f) Pushed the modified database file to the device.
I never got any OTA updates. Still on first OS version.
(Maybe there's a different reason why it never updated...)

ixampl said:
What I did when the first scare of an update arose was:
a) Checked in /data/data/com.bn.nook.devicemanager/databases/ for an sql file
b) Pulled the sql file.
c) Dump its contents with sqlite3.
d) In it there's an entry for OTAs... with value "auto"
e) Changed that value to "manual"
f) Pushed the modified database file to the device.
I never got any OTA updates. Still on first OS version.
(Maybe there's a different reason why it never updated...)
Click to expand...
Click to collapse
Sounds like you may have found the holy grail..... nice

Related

[SCRIPT] Block B&N 1.1 Update

All you need to do is extract this and run the "runme.bat"
Code:
echo off
cls
echo *********************************
echo * Please plug the USB into Nook *
echo *********************************
pause
adb kill-server
adb devices
echo *******************
echo * Blocking Update *
echo *******************
adb shell mount -o remount,rw /dev/block/mmcblk0p5 /system
adb push block-1.1.sh /system/media
adb shell sh /system/media/block-1.1.sh
ping -n 5 127.0.0.1 >NUL
echo Success
adb reboot
adb kill-server
echo *****************************
echo * You nook is rebooting *
echo * Disconnect the USB cable! *
echo * Wait until rebooted... *
echo * *
echo * BN 1.1 Update Blocked *
echo * *
echo *****************************
pause
exit
Download
Can you release an "Undo" script as well that undoes what this does?
I was under the impression that the otacert rename was a dud and the build.prop was very questionable???
found this and replied to the discussion on the subject.
IMO, Until the OTA is squashed we are going to have a repetitive debockle of blowing up everyones rooted work and would think addressing this would be of significant value:
-cut-n-paste-
I was wondering what you folks thought of this 'prevent' 1.1 hack??
http://forum.xda-developers.com/showthread.php?t=930477
seems reasonable to me, adding:
127.0.0.1 csqaint.barnesandnoble.com
(looks to be the primary check for updates?)
and
127.0.0.1 bncs.barnesandnoble.com
(just for good measure but might have unwanted consequences?)
to /etc/hosts file
I would personally like to be able to put an end to this 'forced' OTA update behind us and be able to sideload any updates from bn manually at our convienence in the future.
how bout u??????
In reviewing the script it appears to apply the build.prop spoof update?
I thought this was questionalble in overall effectiveness?? and even if it worked would have to be reapplied after every update from bn???
I noticed an interesting reply from ixampl as follows:
What I did when the first scare of an update arose was:
a) Checked in /data/data/com.bn.nook.devicemanager/databases/ for an sql file
b) Pulled the sql file.
c) Dump its contents with sqlite3.
d) In it there's an entry for OTAs... with value "auto"
e) Changed that value to "manual"
f) Pushed the modified database file to the device.
I never got any OTA updates. Still on first OS version.
This is exactly what I'm lookin for, a permenant block unless of course the database update got reversed back to auto?????
is this normal? i go into settings/device info/about your nook color. it still shows 1.0.1? where do i have to go to verify this is blocked?
C:\NC - Auto Config Script 1.0.1>adb push block-1.1.sh /system/media
32 KB/s (506 bytes in 0.015s)
C:\NC - Auto Config Script 1.0.1>adb shell sh /system/media/block-1.1.sh
cp: not found
sed: not found
sed: not found
sed: not found
sed: not found
john10101 said:
is this normal? i go into settings/device info/about your nook color. it still shows 1.0.1? where do i have to go to verify this is blocked?
C:\NC - Auto Config Script 1.0.1>adb push block-1.1.sh /system/media
32 KB/s (506 bytes in 0.015s)
C:\NC - Auto Config Script 1.0.1>adb shell sh /system/media/block-1.1.sh
cp: not found
sed: not found
sed: not found
sed: not found
sed: not found
Click to expand...
Click to collapse
You dont have busybox installed on the NC?
bonzer2u said:
In reviewing the script it appears to apply the build.prop spoof update?
I thought this was questionalble in overall effectiveness?? and even if it worked would have to be reapplied after every update from bn???
I noticed an interesting reply from ixampl as follows:
What I did when the first scare of an update arose was:
a) Checked in /data/data/com.bn.nook.devicemanager/databases/ for an sql file
b) Pulled the sql file.
c) Dump its contents with sqlite3.
d) In it there's an entry for OTAs... with value "auto"
e) Changed that value to "manual"
f) Pushed the modified database file to the device.
I never got any OTA updates. Still on first OS version.
This is exactly what I'm lookin for, a permenant block unless of course the database update got reversed back to auto?????
Click to expand...
Click to collapse
Can you elaborate a little further on what commands you used so I might be able to add it into a script.
i dont think so... what installs busybox?
No offense, but this isn't a worry any more anyway. We already have a CWM flashable update.zip that updates you to 1.1, but does not harm your root or installed aps. Why are people bothering with all this "blocking" nonsense?
From this thread:
http://forum.xda-developers.com/showthread.php?t=874871
Attached is a working sqlite3 binary. Copy it to /system/bin and you will be able to edit sqlite databases on the nook itself.
--------------------------------------------------------------------------------
Attached Files sqlite3.7z (11.9 KB, 56 views)
-----------------------------------------------------------------------------
And I found a sqlite3 sample that will need to be edited like somthing as follows:
In your terminal,
$ adb pull /data/data/com.bn.nook.devicemanager/databases/settings.db settings.db
$ sqlite3 settings.db
sqlite> update secure set value='manual' where name='an entry for OTAs???-Dont know the parameter here'
;
sqlite> .q
$ adb push /data/data/com.bn.nook.devicemanager/databases/settings.db settings.db
$ adb reboot
Hope this helps, I dont know the input name for placeholder.
xboxexpert said:
You dont have busybox installed on the NC?
Click to expand...
Click to collapse
Ok i installed busy box off the market, and ran the script!!! success. when i rebooted it told me that 1.1.0 has been installed. and it now shows 1.1.0 in the about.
i suggest noting busy box in the original post.
Divine_Madcat said:
No offense, but this isn't a worry any more anyway. We already have a CWM flashable update.zip that updates you to 1.1, but does not harm your root or installed aps. Why are people bothering with all this "blocking" nonsense?
Click to expand...
Click to collapse
not everyone wants to upgrade to 1.1, or has cwm installed.
john10101 said:
Ok i installed busy box off the market, and ran the script!!! success. when i rebooted it told me that 1.1.0 has been installed. and it now shows 1.1.0 in the about.
i suggest noting busy box in the original post.
Click to expand...
Click to collapse
It says 1.1 is installed but its really not. (Spoofed it)
john10101 said:
not everyone wants to upgrade to 1.1, or has cwm installed.
Click to expand...
Click to collapse
Uh... why? What is there about 1.1 not to want? And if you are ok with doing all of this to block an update, there is no reason not to have CWM (which is quite stable). Sorry, but this really is all just wasted effort..
Divine_Madcat said:
Uh... why? What is there about 1.1 not to want? And if you are ok with doing all of this to block an update, there is no reason not to have CWM (which is quite stable). Sorry, but this really is all just wasted effort..
Click to expand...
Click to collapse
Took me 2 seconds to throw together...took longer to upload then anything. Its just for people who want it. If you dont want it I dont want you to have it :/
xboxexpert said:
Took me 2 seconds to throw together...took longer to upload then anything. Its just for people who want it. If you dont want it I dont want you to have it :/
Click to expand...
Click to collapse
Don't get me wrong, im not knocking your work, just people's reasoning for wanting it done in the first place. I understand before the update.zip was developed, since it would break root and mess up your apps. But now, there is no reason not to take the update; thus the continued demand for this is puzzling.
If you really want the OTA update to stop, take a look at the updater-script inside the sideload_update.zip file from B&N. The first two lines read:
Code:
assert(getprop("ro.product.device") == "zoom2" ||
getprop("ro.build.product") == "zoom2");
I think those are set in the build.prop file. Change either ro.build.product or ro.product.device to something other than zoom2 (say zoom2a), and the rest of the script won't continue. This is what people are seeing when the file gets downloaded OTA and then disappears without being applied. If for some reason you must avoid it, make that change and you will stop the update cold. Not sure what the side effects of making the change are, but there would be an easy way to revert by undoing the edits, if you need to.
Wasn't this already available from another forum member?
http://forum.xda-developers.com/showthread.php?t=930382
Seems a lot easier to just copy and replace build.prop with a filemanager.
Divine_Madcat said:
Uh... why? What is there about 1.1 not to want? And if you are ok with doing all of this to block an update, there is no reason not to have CWM (which is quite stable). Sorry, but this really is all just wasted effort..
Click to expand...
Click to collapse
Yah go ahead and read thru the cwm thread and try to convince anyone in this forum that it is 100% stable. Not to suggest that anyones efforts are not welcome and appreciated but if you asked the actual devs involved I would bet they would not suggest so as well.
I for one have rooted twice (1.0 and 1.0.1) with autoroot and am 100% stable, never had a crash or the pleasure to have to restore/rebuild, not interested in the stock browser or anything else bn has to offer, quite happy and perhaps lucky with the way its workin now. I also dont appreciate being strong armed an update without a confirmation, hell even microbuddies doesnt have that kinda gawl.
I guess it will take one of the next of many 'future forced' updates from bn that bothches all the work that you have put into your NC and for whatever reason your recovery doesnt work and you are forced to rebuild from scratch before you realize that if you had a permenant block in place, you could have the time for outstanding efforts of the local devs to stabilize an upgrade path before you pulled the trigger?
The database hack appears to be best way to permanently kill OTA, no need for future updated spoof build.prop scripts (before you get hit) and no worries about being updated and possibly blown up while your sleepin and bn pushes an update out before you get the news.
or maybe its just me..........
Exactly! If you are not diligently checking the forum everyday, you wouldn't know BN is pushing out 1.1 update and you wouldn't know there is a pre-nootered 1.1 version available. BN will update you OTA before you know any better and screw up your rooted setup. Hence the need for a permanent update block.

RELEASED: Root NT/16GB v1.4.x with Android Market access

Please notice that this is a minimal rooting procedure of the 1GB RAM / 16GB internal storage version only. It is not an end-user "kitchen sink" procedure, nor does it block future OTA updates from B&N. This procedure provides rooting. In addition, I include:
The "su" binary (command-line interface), but not the "SuperSu" (recommended) or "Superuser" app. You can easily get either app from the Android Market; that has the advantage that you will get notified of updates!
The "busybox" binary (common Linux command-line tools).
The "sqlite3" binary (command-line interface to the SQLite library).
A reference to a minimal set of "Gapps", including the Android Market (which is needed to easily proceed after rooting).
I don't solve problems that are unrelated to rooting, like "side-loading" (the installation of "unknown sources"; this is apparently a B&N v1.4.x issue). There are possible solutions to such issues elsewhere on these forums.
Here is the procedure: http://www.mailpen.com/download/NT16-1.4.x-Root_1.07.zip (1.1MB)
Unzip the file onto your (Windows or Linux) PC (everything is in the "rooting" subdirectory), and view the ReadMe.txt file. Note that I may occasionally make minor revisions to the ReadMe.txt file without changing the version number of the .ZIP file, but any procedural improvements will result in a new version number.
Caveats:
Don't use this procedure on the 512MB RAM / 8GB internal storage version !!!
You must have a sense of total personal responsibility (ie, there is no warranty).
You must understand command-line operations and utilities in Linux and Windows. In particular, that means you should ALREADY know how to cut lines from the ReadMe.txt file document and paste them into the command line for your PC (in order to save typing and mistakes).
You must have a basic understand how the Nook Tablet works. That means, don't try to root it within 24 hours of getting it; you need to know how to navigate the device and its settings.
You must have ALREADY installed on your PC, a command-line version of ADB that has ALREADY established an ADB/USB connection to your Nook Tablet. The XDA-developers forum has plenty of help and expertise in this area. Although this procedure does not use QtADB (a GUI add-on to ADB), I heartily recommend it: http://www.addictivetips.com/mobile/qtadb-adb-android-debug-bridge-beginners-gui/
You must be willing (and know how), if all else fails, to revert to stock B&N v1.4.x unrooted.
Questions or comments that reveal a sense of entitlement (eg, "when are you going to do xxx", as opposed to "are you going to do xxx") will be ignored or worse.
Questions or comments that copy most or all of the contents of this message (lack of forum protocol) will be ignored or worse. Note that copying the link above in a message is really, really dumb, as I will be changing it with revisions.
Remaining issues (hopefully eventually resolved):
If you use the "n" button to access the Nook-specific screens, you may find that it is not obvious how to get back to the Zeam (or other) launcher. You can get back to the Android launcher by using the Nook "Search" screen to search for the name ("Zeam" in this case) of the launcher (this is what I do for the very few times I need to), or you can side-load and install the "HomeCatcher" application (see http://forum.xda-developers.com/showthread.php?t=1357175).
For sideloading, you can either use ADB (that's what I do), QtADB (see above), or you can install a newer copy of "NT Hidden Settings" (see http://forum.xda-developers.com/showthread.php?t=1400615). If the latter does not work, contact the author of that app, not me (I rarely use sideloading); that is his area of expertise.
Revision history:
2011-12-27 v0.1 EXPERIMENTAL: Original (experimental).
2011-12-28 v0.2 EXPERIMENTAL: Added missing zergRush.
2011-12-28 v0.3 BETA: Fixed missing "/". Extensive ReadMe.txt (manual procedure) revisions.
2011-12-29 v0.4 BETA: Added scripts (beta) for a semi-automated approach. The manual procedure is now documented in "ReadMe.old".
2011-12-29 v0.5 BETA: Updated to include new "Nt Hidden Settings" app. Cosmetic revisions to file "ReadMe.old". Text files (including scripts) converted to DOS format for Windows weenies ...
2011-12-30 v0.6 BETA: Script files split and updated to reflect testing results. File "ReadMe.txt" updated, file "ReadMe.old" removed.
2011-12-31 v0.7 BETA: Script files split, so that rooting v1.4.0 is separate. This allows those who have already rooted 1.4.0, to skip that step and proceed directly to upgrading to v1.4.1 while preserving root.
2011-12-31 v0.8 RELEASE CANDIDATE: Error in script file "AdbUpdate.cmd" fixed.
2012-01-01 v0.9 RELEASE CANDIDATE: Split the script file "AdbUpdate.cmd" (and updated "ReadMe.txt") to support those who are already rooted v1.4.0. Due to the variation in v1.4.0 rooting procedures by others, this latter option is experimental. That means you are on your own if you don't start with (or revert to) a stock (unrooted) v1.4.0.
2012-01-02 v0.10 (skipped to avoid confusion).
2012-01-02 v0.11 RELEASE CANDIDATE: Convert the script files back to Unix text file format (they now run on Linux as well as Windows).
2012-01-05 v0.12 RELEASE CANDIDATE: Minor script simplifications.
2012-01-08 v1.00 RELEASED: Minor "ReadMe.txt" additions.
2012-01-13 v1.01 RELEASED: Added "busybox" installation.
2012-01-16 v1.02 RELEASED: Fixed typo in script comment; other cosmetic changes.
2012-01-31 v1.03 RELEASED: Added options for installing/fixing Google Calendar, and other (minor) options.
2012-02-21 v1.04 RELEASED: Added support for rooting B&N v1.4.2.
2012-03-12 v1.05 RELEASED: Work around ADB command line parsing bug.
2012-06-27 v1.06 RELEASED: Added support for rooting B&N v1.4.3.
2013-01-03 v1.07 RELEASED: Bug fix: Forgot to add new files referenced in updated scripts!
You may copy my work into other works, but please give credit. Similarly, let me know if I have not given adequate credit for the work of others.
Notes:
Don't use this procedure on the 512MB RAM / 8GB internal storage version !!! The problem is not with this procedure per se, but with the fact that reverting to v1.4.0 will install boot software that assumes that your NT has 1GB of RAM.
There is now a general/universal capability for "sidebooting" an NT from an SDcard (see http://forum.xda-developers.com/showthread.php?t=1466583 ), that is virtually guaranteed to work with all future revisions of NT firmware from B&N. While my procedure above is well-tested by me (and it's what I use), those having problems with it, may be well-advised to try the bootable SDcard solution.
Not to be overly dense, but I assume this would allow side loading as well. It's not clear if this root simply re-enables the "simple" side loading we currently enjoy in 1.4.0.
Sideloading ???
nooknut said:
... I assume this would allow side loading as well.
Click to expand...
Click to collapse
Valid question; YES, via ADB/USB. You can also just use ADB/USB once to install a newer version of "NTHiddenSettings", and that should fix it permanently. I'm looking at adding that to my .ZIP file.
New version !!!
Added missing file "zergRush" to .ZIP file (see OP); extensive revisions to ReadMe.txt.
Still requires downgrade to 1.4.0 first...
I was really hoping this would root 1.4.1 directly, but it looks like from the instructions that I still need to downgrade to 1.4.0 first.
Are there any changes in 1.4.1 that makes it advantageous over 1.4.0?
Congrats on this breakthru !
Question: I have a rooted NT that was upgraded to 1.4.1 after rooting. Could I start your procedure from step 6, that is Root of 1.4.1 after upgrade ?
Regards,
DipDog3 said:
I was really hoping this would root 1.4.1 directly, but it looks like from the instructions that I still need to downgrade to 1.4.0 first.
Are there any changes in 1.4.1 that makes it advantageous over 1.4.0?
Click to expand...
Click to collapse
Yes, you need to be on 1.4.0 first.
See the B&N forums for some discussions of the differences. Over 100 files were changed in the update, and some bugs that were important to some were fixed.
so its not really a 1.4.1 hack, it's a 1.4.0 upgrade hack.
Dean, may I make a suggestion? place all binaries into a separate folder in the zip file...
Windows:
Code:
cd \location\of\my\files
adb push .\separateFolder /data/local/tmp
adb remount
linux/mac:
Code:
cd /location/of/my/files
adb push ./separateFolder /data/local/tmp
adb remount
and in that separate folder you can have a script
Code:
#! /bin/sh
cd /data/local/tmp
chmod 755 zergRush
./zergRush
cat /data/local/tmp/su.upd > /system/bin/su
chmod 6755 /system/bin/su
cat /data/local/tmp/local.prop >/data/local.save
cat /data/local/local.root >/data/local.proprm
#blabla---- put as much crap here as you can without rebooting.
exit 0
which will be executed with
Code:
adb shell
/data/local/tmp/script.sh
I'm suggesting this because even myself, a very experienced linux vet... I would never go through that whole procedure more than once.
Can one assume that since the tablet will be rooted 1.4.1 there is no need to block the OTA to 1.4.1?
Have to start over.
gsoriano said:
Congrats on this breakthru !
Question: I have a rooted NT that was upgraded to 1.4.1 after rooting. Could I start your procedure from step 6, that is Root of 1.4.1 after upgrade ?
Click to expand...
Click to collapse
Unless you did something similar to that in step 5, you lost root. Step 5 is the key to keeping root.
Sorry! I got to the same point as you (without root), and had to go back to step 3.
OTA blocking
miniblue said:
Can one assume that since the tablet will be rooted 1.4.1 there is no need to block the OTA to 1.4.1?
Click to expand...
Click to collapse
That would be my assumption as well.
I keep getting this error when doing step (adb push nooktablet_1_4_1_update.zip /media):
failed to copy 'nooktablet_1_4_1_update.zip' to '/media': Is a directory
Scripting ...
AdamOutler said:
So its not really a 1.4.1 hack, it's a 1.4.0 upgrade hack.
Click to expand...
Click to collapse
Yep, just like for a lot of Android devices (eg, my Droid, my Acer A500 ...), where you have to revert to an easily hackable version first, and then upgrade.
AdamOutler said:
... I'm suggesting this because even myself, a very experienced linux vet... I would never go through that whole procedure more than once.
Click to expand...
Click to collapse
Gee; I've gone through it several times , cutting and pasting one line at a time from the ReadMe.txt file to the command line ... Actually, it's pretty quick if you do that, but I am looking at better ways to script it. However, I'd like to see some others run through the procedure (where they can see the consequences of individual commands if there are problems) before I "automate" it.
Notes:
While Microsoft has never advertized it, their C/C++ compiler libraries have from the beginning supported both "/" and "\" as a path separator on Windows. A quick test of ADB supports that as well. So, it may be possible to create just one set of scripts (note that running zergRush drops the ADB shell connection).
I use individual "adb push" statements for the files, because that preserves the date/time of the original file (I DESPISE the use of "cat" to copy files for this reason). I know using "cat" is a common Android script practice, but it makes it very difficult to determine the age of installed files (WHEN they were installed is not of interest to me). Of course, either usage is easily scriptable.
Oops ...
mfleigle said:
I keep getting this error when doing step (adb push nooktablet_1_4_1_update.zip /media):
failed to copy 'nooktablet_1_4_1_update.zip' to '/media': Is a directory
Click to expand...
Click to collapse
Try "/media/" at the end (missing "/").
.ZIP file has been updated (v0.3).
I used B&N's method. Copying the zip to "MyNook" from: barnesandnoble.c om/u/Software-Updates-NOOK-Tablet/379003187
And You might want to change the wording of step 6.5. I thought you mean to unzip using the cmd window. I ended up using the apks from nookandzergy and modifying its script to install Gapps
Requirement 1.2
mfleigle said:
I used B&N's method. Copying the zip to "MyNook" from: barnesandnoble.c om/u/Software-Updates-NOOK-Tablet/379003187
And step 6.5 I get: 'unzip' is not recognized as an internal or external command,
operable program or batch file.
Click to expand...
Click to collapse
OK, you have to have unzip on your computer or an equivalent unzip program. While "unzip" is not included in Windows distributions, it's an almost universally available program (you can use a GUI version to accomplish the same thing).
DeanGibson said:
OK, you have to have unzip on your computer or an equivalent unzip program. While "unzip" is not included in Windows distributions, it's an almost universally available program (you can use a GUI version to accomplish the same thing.
Click to expand...
Click to collapse
I updated my earlier post, since I relized after posting that that step was for linux. Thanks for the instructions. I am now on a rooted 1.4.1, lol
Use "unzip" or an equivalent
mfleigle said:
I thought you mean to unzip using the cmd window.
Click to expand...
Click to collapse
I did. However, I will change the ReadMe.txt file to note this issue.
mfleigle said:
I ended up using the apks from nookandzergy and modifying its script to install Gapps
Click to expand...
Click to collapse
If that does the job, good!
miniblue said:
Can one assume that since the tablet will be rooted 1.4.1 there is no need to block the OTA to 1.4.1?
Click to expand...
Click to collapse
I would still block OTA's since 1.4.2 might remove rooting altogether.
Did anyone else read the NT's TOS? It says sideloading is allowed (even in the 1.4.1's TOS)
Im sorry is this method for windows or linux? being 1.4.1 i suppose that still have all the fixes? can someone confirm no strange behavior with apps, fc's?

[Q] Change Bluetooth Address

I'm looking for some help verifying a few bits of information before I take a leap and risk bricking my phone. I need to change my bluetooth address. With any luck back to my original hardware address. I do have the original address, as "btnvtool -p" outputs a different address than is reported in 'about phone' -> 'status'. I problem is that both my wife and I have the same phone with the same ROM history, and now we both have the same improper mac address.
By way of links provided by another helpful users I have partial information in Russian. http://4pda.ru/forum/index.php?showtopic=420801&st=6840#entry28414922 post 6853. I think I understand what to do via google translate and my partial understanding of how this works. The post points me to the /misc partition but I can't find any useful information about the partition for this phone that would backup the claims. Also the specific location that the post references, offset 4000, contains a string "ANDROID-BOOT!". While "ANDROI" is hex of 414E44524F49 which matches my incorrect mac address, the fact that it says "BOOT" makes me worry about changing it.
I'm hoping someone can help me any verify that this string isn't part of the boot process, or that the /misc partition isn't required to boot recovery. I feel fairly confident that I could create a flashable zip to restore a backup of this partition if needed. Below is my cleaned translation of the Russian post. If anyone with an e970 and a proper BT address could complete the first half, dd the partition to a file and check out the contents in a hex editor, I would feel much better about doing the rest.
Code:
Hello, using this method you can restore your original Bluetooth addresses. The active mac address is in raw MISC partition at hex offset 4000, it is not spelled out or anything.
perform the following (root is required)
ADB shell
su
dd if=/dev/block/platform/msm_sdcc.1/by-name/misc of=/sdcard/misc.img
and get at the file on the SD card and in a HEX editor zero the MAC address starting at hex offset 4000, save the file. Save the changed file to your phone:
su
dd if=/sdcard/misc.img of=/dev/block/platform/msm_sdcc.1/by-name/misc
reboot
After rebooting the details in the “About Phone” should show the real MAC BT.
----------
So I found a little corroborating evidence to this post. I found this post about the LS970(Sprint LGOG) stating that "All rooted LGOG Bluetooth MAC addresses are 41:4E:44:52:4F:49". Reading the thread a bit, I found a link to a "BT MAC FIX" script found with this kernel.
Looking at what the file does, it uses btnvtool to get the real mac and writes it to byte 16384 ( hex 4000 ) of the misc partition. Seeing as this file has people confirming it works, I took the leap. It worked. Problem solved.
Sound like to me this is a problem as old as unlocking with freegee. Could be wrong but that seems like the common denominator to me from the posts I was reading. And yes for the record, now the dump of the misc partition now reads "******D-BOOT!" *s to hide my real mac.
***Warning, 2015-01-12, This Fix as is doesn't work and causes problems with CM12 on the E970. Will post in thread with details.
I have the exact same issue with mine and my wife's phone. I tried this, and it seems like it should work, but after I reboot my phone, the contents of misc revert to the original (ANDROID...). Any thoughts?
mindstormsguy said:
I have the exact same issue with mine and my wife's phone. I tried this, and it seems like it should work, but after I reboot my phone, the contents of misc revert to the original (ANDROID...). Any thoughts?
Click to expand...
Click to collapse
I believe everyone that used freegee to root/unlock have the corrupted BTmac address. I also believe that it is only an issue when two of these devices try to use BT in close proximity, but you never know what device the person beside you will have.
I had not done anything about my BT until just now. The .zip just puts a script in the userinit.d folder. The script is run every boot. I do not recall what my BTmac address was, but the script does change it from the default.
I deleted the script and rebooted. My BTmac address reverted back to the default. I restored the script and my BTmac address changed back. This shows that the change is not permanent, and the script needs to be run every boot.
Did you flash the .zip, or just extract and run the script?
I've recently upgraded my E970 to CM12 nightly. Just like previous roms the BT Mac address is corrupted and results in my pairing being invalid. My mac address currently reports in "About Phone" as 00:00:00:00:5A:AD. Clearly this is incorrect.
When I tried to install this fix. The init.d script was placed properly, but did not repair the mac address as it did previously. This might be a one off case, but after the script was installed, my phone started acting funny, over heated, and completely drained the battery. The charger I regularly use, an iPad 2.1 amp failed to charge the phone. All it would do was turn on the red notification light solid. I was still able to use the computer usb ports to enter download mode, and start entering the off-charge mode. This port didn't give enough power to fully enter the off-charging mode. The phone made it to the first icon and then shut off, no progress was made.
I needed to switch to a lower output charger before I could gain charge to 5% and boot. As the OS booted it reported 0% charge. I was able to enter airplane mode and reboot. After the reboot the phone functioned well enough to use Solid Explorer to delete the script file from /data/local/userinit.d . After deleting the file my phone was back to functional with the bad mac address.
As I find info I will post it here.
2015-01-13 Update -----
Running the steps of the script file manually, results in a error "dd: stdout: Illegal seek" . Trying to read (if) instead of write (of), I get the same Illegal seek. Might this be part of a new protection with lollipop? I tried editing a dump of the partition as I suggested originally and writing the whole 16mb back. This completes without error, but when I read the partition again the modification was not saved.
Either way my BT Mac address with CM12 doesn't match the expected 41:4E:44:52:4F:49 to match the ANDROID from the file dump, so where is the OS picking up the new address?
Still works for CM11
I noticed my phone and my wifes also had the same bluetooth address. This was messing up my car link. I ran the script and now it shows that I have a different address. I will keep an eye out and make sure nothing else gets messed up. Thanks. I was looking for a fix for some time....

SU for Android on ChromeOS

This is a cross-post from a reddit thread I started, but this is probably a more appropriate location for it.
I have been trying to modify files in the system folder for the Android container on the Asus Flip so I can install SuperSu, but have run into some problems.
The system folder is contained in a squashfs image on the chromebook at /opt/google/containers/android/system.raw.img. Mounted squashfs images appear to not support read-write access. I have been able to unsquash the image, add the SuperSU apk to the /system/priv-app folder and su to the /system/xbin folder, and remake the image. This boots, but SuperSU force closes as soon as it starts.
To make tinkering easier, I've tried building a writable image using dd and mkfs. I placed it in a location that has rw access and modified the /etc/init/android-ureadahead.conf script which mounts it to enable rw access. Unfortunately though it won't boot. The boot logs for the android container show a litany of SELinux errors for different things that it could not set context, operation not permitted. I can post the exact log if necessary. Some googling led me to find that the SELinux security context attributes weren't being replicated in my image, so I tried mounting with context and fscontext options equal to the contexts from the original image, but I get the same problem.
If anyone has any ideas I'd be especially grateful.
lionclaw said:
This is a cross-post from a reddit thread I started, but this is probably a more appropriate location for it.
I have been trying to modify files in the system folder for the Android container on the Asus Flip so I can install SuperSu, but have run into some problems.
The system folder is contained in a squashfs image on the chromebook at /opt/google/containers/android/system.raw.img. Mounted squashfs images appear to not support read-write access. I have been able to unsquash the image, add the SuperSU apk to the /system/priv-app folder and su to the /system/xbin folder, and remake the image. This boots, but SuperSU force closes as soon as it starts.
To make tinkering easier, I've tried building a writable image using dd and mkfs. I placed it in a location that has rw access and modified the /etc/init/android-ureadahead.conf script which mounts it to enable rw access. Unfortunately though it won't boot. The boot logs for the android container show a litany of SELinux errors for different things that it could not set context, operation not permitted. I can post the exact log if necessary. Some googling led me to find that the SELinux security context attributes weren't being replicated in my image, so I tried mounting with context and fscontext options equal to the contexts from the original image, but I get the same problem.
If anyone has any ideas I'd be especially grateful.
Click to expand...
Click to collapse
Wayyyy out of my area of expertise, but here's my (completely novice) best guess.
>All Chromebooks are write-protected with a screw on the motherboard
>Putting a Chromebook in developer mode allows for some tinkering ie things like chroots, and on the asus flip, the ability to install apks from unknown sources.
>Unscrewing the write-protect screw allows for the ability to completely install a new operating system or dual boot setup.
>Maybe you need to do that before you're able to accomplish root access?
My other idea would be to try and figure out a way of doing a systemless root?
Also, total aside but since this is the only thread I've found on XDA about this device, I think chroots are theoretically possible now without the need to be in developer mode via Android apps (even without root on Android). Download the GIMP port from the Play Store to see what I'm talking about. Playing around with that for a few minutes really made me wish that it didn't use emulated mouse/keyboard in it's implementation. Also, it appears that apt-get is broken, but regardless it might interest someone out there looking for a project.
back from the dead, any progress on this?
I have been able to successfully root the Android image on my Asus Flip.
I built a blank image with dd in /usr/local, formatted it with mkfs, mounted it to a folder, mounted the original system.raw.img to a folder, copied the files across, placed *all* the SuperSU files listed as 'required' in the SuperSU update-binary in the relevant places in /system in my new image, set permissions & contexts for those files, edited arc-system-mount.conf and arc-ureadahead.conf to point to the new image and, finally, patched /etc/selinux/arc/policy/policy.30 with the SuperSU sepolicy patching tool in order to boot my rooted Android instance with selinux set to enforcing.
I have created a couple of scripts which more-or-less fully automate this procedure, which can be downloaded from nolirium.blogspot.com. Please feel free to download, open the scripts in a text editor to check them out, and try them out if you like. Only tested on Asus Flip, though.
I seem to be unable to post attachments at the moment so I will just add the descriptions here, I could probably post the entire scripts here too if anyone wants. Feel free to let me know what you think.
DESCRIPTIONS:
1-3.sh
Combines the first three scripts listed below.
01Makecontainer.sh
Creates an 900MB filesystem image in /usr/local/Android_Images, formats it, then copies Android system files therein.
02Editconf.sh
Modifies two system files: arc-system-mount.conf - changing the mount-as-read-only flag and replacing the Android system image location with a new location; and arc-ureadahead.conf - again replacing the Android system image location. Originals are renamed .old - copies of which are also placed in /usr/local/Backup.
03Androidroot.sh
Mounts the previously created Android filesystem image to a folder, and copies SuperSU files to the mounted image as specified in the SuperSU update-binary.
04SEpatch.sh
Copies an SELinux policy file found at /etc/selinux/arc/policy/policy.30 to the Downloads folder, opens an Android root shell for the SuperSU policy patching command to be entered, then copies the patched policy back to the original location. A copy of the original policy.30 is saved at /etc/selinux/arc/policy/policy.30.old and /usr/local/Backup/policy.30.old
Uninstall.sh
Removes the folder /usr/local/Android_Images and attempts to restore the modified system files arc-system-mount.conf and arc-ureadahead.conf.
ok so two questions, one do you think this would work on the Acer r13 convertable? and 2 where can I find the actual instructions/scripts
keithkaaos said:
ok so two questions, one do you think this would work on the Acer r13 convertable? and 2 where can I find the actual instructions/scripts
Click to expand...
Click to collapse
The R13 has a 64-bit Mediatek processor, right?
I have added a version for ARM64, but I haven't tested it.
You can find the instructions and scripts at nolirium.blogspot.com
ya, its a mediatek. and thanks ill go see if i can find it
---------- Post added at 03:31 AM ---------- Previous post was at 02:58 AM ----------
wow, ok. i can do this but im not sure i want to.. after reading the possible problems i may run into. Im going to be getting the G. Home in a couple weeks and i gotta keep things running smooth. This seems like going a tad too far then i need to. The other day i had action launcher going and it looked pretty damn good but i really want to try and get the action3.apk that i have put into the pri-app folder or whatever the chromebook uses i found the syst folder but cant access it. Im wondering if i make the machine writable it would work but im afraid of losing my updates, as long as i could do them manualy, i guess that would be cool. Also since im already going on... has anyone found a way to disable the dev boot screen without tinkering with the physical chromebook yet?
SuperSU on Chromebook
Hey there I love this post but unfortunately im on the mediatek (well not unfortunately cause i love it) but i do really want super su .. But i found this other post that i tried out but i am having a problem executing the scripts. When i go to run the first one, it says can not open "name of script" but the dev takes a pretty cool approach. Im still new to Chrome OS but thanks for the post and if you have any advice on executing scripts id love to hear it!! http://nolirium.blogspot.com/
I'm guessing the above post was moved from another thread...
Anyway, it turns out that zipping/unzipping the files in Chrome OS's file manager sets all the permissions to read-only. Apologies! sudo chmod+x *scriptname* should fix it...
Regarding OS updates, I actually haven't had a problem receiving auto-updates with software write-protect switched off; the main possible potential issue I could imagine arising from the procedure I outlined would involve restoring the original conf files if both sets of backups get deleted/overwritten. This seems unlikely, but in that case either manually editing the files to insert the original string (/opt/google/containers/android/system.raw.img), or doing a powerwash with forced update might be necessary in order to get the original Android container booting again.
I don't think anyone's found a way to shorten/disable the dev boot screen without removing the hardware write-protect screw - from what I've read, the flags are set in a part of the firmware which is essentially read-only unless the screw is removed. Perhaps at some point the Chrome OS devs will get fed up of reading reports from users whose relatives accidentally reset the device by pressing spacebar, and change the setup. Here's hoping.
Hey just jumpig in the thread right quick to see if these instructions are old or what-- got a chromebook pro and the notion of having to update a squashed filesystem every timeto install su seems like a pain..
Is there any kind of authoritative documentation/breakdown regarding what Chromeos is mounting where before I start breaking things? Also anyone happen to know if there's a write-protect screw anywhere in the chromebook plus/pro?
Other questions:
* adbd is running, but is not accessible from adb in the (linux) shell, which shows no devices. Do I need to access adb from another device (i'm short a usb c cable right now) or can I use adb (which is there!) on the chrome side to access adbd on the android side?
* Anyone know if adb via tcp/ip is available? Don't see it in the android settings.
Hey,
There's no real documentation AFAIK, the thing is that ARC++ is a bit of a moving target, as it's so actively being developed/reworked. For instance, with the method described earlier in the thread - it started off being possible to just swap out a file location in arc-ureadahead.conf, then they changed it to arc-setup-conf, and now, since a few CrOS versions ago, the rootfs squashfs image is mounted in a loop fashion via the /usr/sbin/arc-setup binary instead, making an overview of the setup somewhat opaque to the casual observer.
I was kind of hoping to implement a kind of hybrid systemless root style setup myself, but unfortunately I haven't really managed to find the time to sit down and fully figure out a few parts of the puzzle, in particular relating to minijail and working with namespaces. So, I'm still using the method mentioned in posts above for my rooting needs at the moment, the only significant changes being that at the moment I'm replacing /opt/google/containers.android.system.raw.img with a symlink to my writeable rooted rootfs img, and also that in recent CrOS versions the mount-as-read only and debuggable flags can be found in /etc/init/arc-setup-env ("Environment variables for /usr/sbin/arc-setup").
In general though, one can kind of get an idea of what's going on in the default setup by reading through the various /etc/init/arc-* Chrome OS upstart jobs (and their logs in /var/log). Though, like I say, things keep changing around somewhat with every CrOS update, as the implementation 'improves'. As time goes by, and the subsystem matures, it'll certainly be interesting to see what other approaches are possible relating to customizing Android on Chrome OS.
There should definitely be a write protect screw somewhere on the motherboard for the Samsungs, but so far I haven't come across any pics showing exactly which screw it is. So far, no-one seems to have been brave/foolhardy enough to fully tear down their own machine and locate the screw!
Regarding adb, on my device I found the following in arc-setup-env:
# The IPV4 address of the container.
export ARC_CONTAINER_IPV4_ADDRESS=100.115.92.2/30
adb 100.115.92.2 (in Chrome OS's shell) works fine for me, the authorisation checkbox pops up and then good to go. su works fine through adb as expected. There's also a useful little nsenter script in Chrome OS to get into the android shell; /usr/sbin/android-sh, which I've been using in my script to help patch SE linux.
I actually just updated my rooting scripts recently to support 7.1.1, though I've only tested on my own Armv7 device (Flip C100).
I'll attach them to this post in case anyone wants to take a look. There's a readme in the zip, some more details can also be found here and below
EDIT: Fixed the SE Linux issue occurring with the previous version I uploaded (it was launching daemonsu from u:r:init:s0 instead of u:r:supersu:s0).
Anyone considering giving them a spin should bear in mind that the method does involve creating a fairly large file on the device as a rooted copy of the android rootfs. (1GB for arm, 1.4GB for Intel). There's a readme in the zip but the other couple of important points are that:
a) The SuperSU 2.82 SR1 zip also needs to be downloaded and extracted to ~/Downloads on the Chromebook.
b) Rootfs verification needs to be off. The command to force this is:
Code:
sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification --force --partitions $(( $(rootdev -s | sed -r 's/.*(.)$/\1/') - 1))
or the regular command to do it is:
Code:
sudo /usr/share/vboot/bin/make_dev_ssd.sh --remove_rootfs_verification
c) If, subsequent to running the scripts, there's a problem loading Android apps (e.g. after a powerwash or failed install), the command to restore the original rootfs image is:
Code:
sudo mv /opt/google/containers/android/system.raw.img.bk /opt/google/containers/android/system.raw.img
Hey this is a great response.. thanks!
Nolirum said:
Hey,
There's no real documentation AFAIK, the thing is that ARC++ is a bit of a moving target, as it's so actively being developed/reworked. For instance, with the method described earlier in the thread - it started off being possible to just swap out a file location in arc-ureadahead.conf, then they changed it to arc-setup-conf, and now, since a few CrOS versions ago, the rootfs squashfs image is mounted in a loop fashion via the /usr/sbin/arc-setup binary instead, making an overview of the setup somewhat opaque to the casual observer.
Click to expand...
Click to collapse
verity
Yeah playing with it now, I'm looking at these /etc/init/arc-*-conf files... I see that the /dev/loop# files are being set up... (more below)
Nolirum said:
I was kind of hoping to implement a kind of hybrid systemless root style setup myself, but unfortunately I haven't really managed to find the time to sit down and fully figure out a few parts of the puzzle, in particular relating to minijail and working with namespaces. So, I'm still using the method mentioned in posts above for my rooting needs at the moment, the only significant changes being that at the moment I'm replacing /opt/google/containers.android.system.raw.img with a symlink to my writeable rooted rootfs img, and also that in recent CrOS versions the mount-as-read only and debuggable flags can be found in /etc/init/arc-setup-env ("Environment variables for /usr/sbin/arc-setup").
Click to expand...
Click to collapse
Sorry not sure what you mean by "hybrid systemless root style setup"? I take it you're modifying the startup script and replaced the squashfs file in /opt... my concern about doing it was whether they were implementing some kind of dm-verity equivalent to the squashfs file to make sure it hasn't been tampered with (say, by adding /sbin/su or whatever) or whether it's safe to replace that file.. Sounds like you're saying it is? (update: I guess that's what rootfs verification does, and we can turn it off....)
Also you mean arc-setup.conf:
env ANDROID_DEBUGGABLE = 0
right?
Nolirum said:
In general though, one can kind of get an idea of what's going on in the default setup by reading through the various /etc/init/arc-* Chrome OS upstart jobs (and their logs in /var/log). Though, like I say, things keep changing around somewhat with every CrOS update, as the implementation 'improves'. As time goes by, and the subsystem matures, it'll certainly be interesting to see what other approaches are possible relating to customizing Android on Chrome OS.
Click to expand...
Click to collapse
I hadn't realized the boot was still in flux-- I'd have figured they'd worked that out by now...
Nolirum said:
There should definitely be a write protect screw somewhere on the motherboard for the Samsungs, but so far I haven't come across any pics showing exactly which screw it is. So far, no-one seems to have been brave/foolhardy enough to fully tear down their own machine and locate the screw!
Click to expand...
Click to collapse
Heh.. not gonna be me..
Nolirum said:
Regarding adb, on my device I found the following in arc-setup-env:
# The IPV4 address of the container.
export ARC_CONTAINER_IPV4_ADDRESS=100.115.92.2/30
adb 100.115.92.2 (in Chrome OS's shell) works fine for me, the authorisation checkbox pops up and then good to go. su works fine through adb as expected. There's also a useful little nsenter script in Chrome OS to get into the android shell; /usr/sbin/android-sh, which I've been using in my script to help patch SE linux.
Click to expand...
Click to collapse
Cool-- adb connect 100.115.92.2 does indeed work I was gonna use netcat to open port 5555 in chromeos and pipe it through, but looks like nc isn't here and I'm not yet ready to start changing the FS..though probably will be soon... btw any idea which partitions get overwritten when chrome it does it's updates? Will /root and /etc get overwritten, for example... would a "powerwash" overwrite it or can you get easily get into an unbootable state on these things?
It's also kind of strange that adb is listening to port 30 at that (internal?) bridge address by default witho no UI to turn it off.. and it's inaccessible from outside.. i wonder if there's an easy way to change the bridge to share the same IP as the actual interface...
Final thought-- I'd love to build that system image myself soup-to-nuts, but I can't find any "caroline" device tree set up... do you or anyone else happen to know if there's a standalone AOSP device tree for the chromebooks? It would be cool to have a mashup AOSP/lineageos if such a think could be possible-- I'm guessing chromiumos is just taking the android tree, building it and then adding it into their build... I Haven't build chromiumos for many years now so I can't even begin to imagine how this android build integrates with the whole emerge thing they had going.. but I bet it takes a while
Nolirum said:
I actually just updated my rooting scripts recently to support 7.1.1, though I've only tested on my own Armv7 device (Flip C100).
Click to expand...
Click to collapse
Cool I'll take a look at these scripts.
So I haven't yet run the scripts-- just looking through them-- I noticed the section starting:
if [ -e /etc/init/arc-setup-env ]; then
echo "Copying /etc/init/arc-setup-env to /usr/local/Backup"
This doesn't exist on the x86 CB Pro. There's an arc-setup.conf that sets up the environment variables though. It sets WRITABLE_MOUNT to 0, but then so does arc-system-mount.conf
Not sure if these are different between x86 and ARM or if it's just in the latest update.. but figured I'd let you know. Wanna throw thse scripts up on github somewhere? (Or I can do it) and we can maybe look at keeping them up to date and/or standardizing them? It wouldn't be hard to determine if it's running on ARM or x86_64 (uname -i for example)..
fattire said:
So I haven't yet run the scripts-- just looking through them-- I noticed the section starting:
if [ -e /etc/init/arc-setup-env ]; then
echo "Copying /etc/init/arc-setup-env to /usr/local/Backup"
This doesn't exist on the x86 CB Pro. There's an arc-setup.conf that sets up the environment variables though. It sets WRITABLE_MOUNT to 0, but then so does arc-system-mount.conf
Not sure if these are different between x86 and ARM or if it's just in the latest update.. but figured I'd let you know. Wanna throw thse scripts up on github somewhere? (Or I can do it) and we can maybe look at keeping them up to date and/or standardizing them? It wouldn't be hard to determine if it's running on ARM or x86_64 (uname -i for example)..
Click to expand...
Click to collapse
Oh, the arc-setup-env thing is intentional. There does appear to be another issue with the x86 version though. I've written up a detailed response to your previous post; it's in a text file at the moment so I'll copy it over and format it for posting here with quotes etc now - should only take a few minutes. Yeah, sticking them on github might be a good idea; I've been meaning to create an account over there anyway.
Yeah, so... Regarding the scripts, since I've put them up here for people to download - I should mention that the first person to test them (aside from me) has reported that something's not working right (I'm waiting for confirmation but I think he tried out the x86 version). It's likely either an error on my part when copying across from my Arm version, or perhaps something not working right with conditionals, meant to deal with the various OS versions ('if; then' statements, I mean). Once I find out more, I'll edit my earlier post...
fattire said:
Sorry not sure what you mean by "hybrid systemless root style setup"? I take it you're modifying the startup script and replaced the squashfs file in /opt... my concern about doing it was whether they were implementing some kind of dm-verity equivalent to the squashfs file to make sure it hasn't been tampered with (say, by adding /sbin/su or whatever) or whether it's safe to replace that file.. Sounds like you're saying it is?
Click to expand...
Click to collapse
Oh, sorry for being a bit vague - I just mean perhaps implementing a kind of systemless root à la Magisk/SuperSU (from what I understand of how these work) - avoiding the need to actually replace files in /system. Since I'm mainly just using su for the privileges rather than actually wanting to write to /system, I had the idea that perhaps a sort of overlay on e.g. xbin and a few other locations, rather than actually rebuilding the whole of /system, might be an interesting approach....
Yep, I've been replacing /opt/google/containers/android/system.raw.img with a symlink to my modified image lately. Works fine... I think they've been focused on just getting the apps working properly, maybe something like dm-verity is still to come.
Although, one of the cool things with Chromebooks IMO is that once the Developer Mode (virtual) switch has been flipped, the system's pretty open to being hacked around with. I think a large part of the much-trumpeted "security" of the system is thanks to the regular mode/Dev mode feature, once in Dev Mode with verified boot disabled on the rootfs, we can pretty much do what we want (I like the message that comes up in the shell when entering the first command I posted under the spoiler - it literally says "YOU ARE ON YOUR OWN!").
So yeah, with Dev Mode switched off, verified boot switched on, we can't even get into the shell (just the walled-off 'crosh' prompt), making the system indeed rather secure (but, for some of us, rather limited).
fattire said:
Also you mean arc-setup.conf:
env ANDROID_DEBUGGABLE = 0
right?
Click to expand...
Click to collapse
That's what I mean by a moving target, lol. On my device the Canary channel is at Chrome OS version 61; I think they started to move out some ARC++ (the acronym stands for Android Runtime on Chrome, version 2, if anyone's wondering, btw) environment variables to a separate file in version 60, or maybe 61. Problems with being on the more 'bleeding edge' channels include:
#Sometimes stuff gets broken as they commit experimental changes.
#Any updates sometimes overwrite rootfs customizations; the higher the channel - the more frequent the updates occur.
#Some of the stuff that gets updated, may later get reverted.
And so on...
fattire said:
I hadn't realized the boot was still in flux-- I'd have figured they'd worked that out by now...
Click to expand...
Click to collapse
Yeah you'd think so. Honestly, the more I use CrOS the more it seems like a (very polished) work-in-progress to me. Though, I guess most modern OSs are also works-in-progress though. (I don't mean the former statement in a critical way; I'm very happy that new features keep getting added to the OS - Android app support being a perfect case in point, that was a lovely surprise, greatly extending the functionality of my Chromebook).
fattire said:
Cool-- adb connect 100.115.92.2 does indeed work I was gonna use netcat to open port 5555 in chromeos and pipe it through, but looks like nc isn't here and I'm not yet ready to start changing the FS..though probably will be soon...
Click to expand...
Click to collapse
Netcat's not there but socat, which I haven't any experience with but have seen described as a "more advanced version of netcat", is listed in /etc/portage/make.profile/package.installable, meaning that adding it to CrOS is supported, and as simple as:
Code:
sudo su -
dev_install #(sets up portage in /usr/local)
emerge socat
I tried socat out and it seems to work, might be interesting to play around with.
fattire said:
btw any idea which partitions get overwritten when chrome it does it's updates? Will /root and /etc get overwritten, for example...
Click to expand...
Click to collapse
Theres a question. I forget some of the exact details now (gleaned from browsing the developer mailing lists and the documentation on chromium.org), but from what I do remember and my experiences tinkering, I can say:
The auto-update model uses kernel/rootfs pairs, e.g. at the moment my device is booting from partition 2 (KERN-A) with the rootfs being partition 3 (ROOTFS-B). My understanding is that with the next OS update pushed to my device, CrOS will download the deltas of the files to be changed, and apply the changes to partitions 4 and 5 (KERN-B and ROOTS-B), setting new kernel GPT flags (priority=, tries=, successful=), which will, post-reboot, let the BIOS know that 4 and 5 will form the new working kernel/rootfs pair. Then the following update will do the same, but with partitions 2 and 3, and so on and so forth, alternating pairs each time. It's a pretty nifty system, and I think something similar might be happening with new Android devices from version O onward (?).
So partitions 2,3,4,5 are fair game for being overwritten (from the perspective of the CrOS updater program). Partition 1, the 'stateful partition') is a bit special, in addition to a big old encrypted file containing all of the userdata (/home/chronos/ dir?), it also has some extra dirs which get overlaid on the rootfs at boot. If you have a look in /mnt/stateful/, there should also be a dir called 'dev_image', which (on a device in Dev mode) gets mounted up over /usr/local/ at boot. As I mentioned above, if you do
Code:
sudo su -
dev_install
you can then emerge anything listed in /etc/portage/make.profile/package.installable (not a great deal of stuff admittedly, compared to Gentoo), which gets installed to subdirs in /usr/local/. So I think stuff in partition 1; /mnt/stateful/, should be safe from being overwritten with an OS update. I think crouton chroots get put there by default.
Most of the other partitions don't really get used, and shouldn't get touched by the updater, here's a design doc on the disk format, and here's a Reddit post (from a Google/Chromium employee) mentioning dual booting from partitions 6 and 7.
fattire said:
would a "powerwash" overwrite it or can you get easily get into an unbootable state on these things?
Click to expand...
Click to collapse
It's not too hard to mess up the system and get it into an unbootable state, lol. The "powerwash" just seems to remove user data, mainly. If you change up (the contents of) some files in /etc, or /opt, for example, then powerwash, normally they won't get restored to their original state (unless you also change release channel).
But, as long as the write-protect screw's not been removed and the original BIOS overwritten, it's always possible to make a recovery USB in Chrome's Recovery Utility on another device, and then restore the entire disk image fresh (this does overwrite all partitions). Another thing that I did was make a usb to boot into Kali; I was experimenting with the cgpt flags on my internal drive and got it into an unbootable state, but was still able to boot into Kali with Ctrl+U, and restore the flags manually from there. (To successfully boot from USB, it was essential to have previously run the enable_dev_usb_boot or crossystem dev_boot_usb=1 command in CrOS). I understand also that the BIOS type varies with device release date and CPU architecture, and that Intel devices may have some extra potential BIOS options ('legacy boot').
fattire said:
It's also kind of strange that adb is listening to port 30 at that (internal?) bridge address by default with no UI to turn it off.. and it's inaccessible from outside.. i wonder if there's an easy way to change the bridge to share the same IP as the actual interface...
Click to expand...
Click to collapse
I think I saw something related to this on the bug tracker. If I come across any info, I'll let you know...
fattire said:
Final thought-- I'd love to build that system image myself soup-to-nuts, but I can't find any "caroline" device tree set up... do you or anyone else happen to know if there's a standalone AOSP device tree for the chromebooks? It would be cool to have a mashup AOSP/lineageos if such a think could be possible-- I'm guessing chromiumos is just taking the android tree, building it and then adding it into their build... I Haven't build chromiumos for many years now so I can't even begin to imagine how this android build integrates with the whole emerge thing they had going.. but I bet it takes a while
Click to expand...
Click to collapse
Yeah, I haven't built Chromium OS or anything, but apparently, there's an option to create a 'private' overlay for the build, which doesn't get synced with the public stuff.
I think that the higher-ups at Google might be still umming and ahing as to whether or not to make source code available for the Android container, it's certainly not been made public yet. Actually, I remember seeing a Reddit post from a Google/Chromium employee mentioning this.
"That article is a little misleading in terms of open source. While the wayland-server and services that communicate with the ARC++ container are open source, the actual ARC++ container is not."
Perhaps they're waiting to see how similar implementations of Android within a larger Linux setup (e.g. Anbox) fare.
There doesn't seem to be too much that differs from AOSP in the ARC++ container - a few binaries and bits and pieces linking the hardware to the container (e.g. the camera etc), maybe some stuff related to running in a container with the graphics being piped out to Wayland?, and so on.
Oh, I was searching the bug tracker for something else, and just saw this (quoted below). Looks like it might be possible to run AOSP based images on CrOS soon!
arc: Implement android settings link for AOSP image
Reported by [email protected], Today (72 minutes ago)
Status: Started
Pri: 1
Type: Bug
M-60
When ARC started without the Play Store support there is no way for user to activate Android settings. We need implement corresponded section that has
Title: Android settings:
Link: Manage android preferences:
Inner bug: b/62945384
Click to expand...
Click to collapse
Great response! I read it once and I'll read it again in more detail then will probably have questions For whatever it may be worth, my only experience with chromiumos was building the whole thing maybe 4 years ago for my original 2011 Samsung "snow" Chromebook-- and making a bootable USB (or was it an SDcard?) to run it on (with a modified firmware that did... something I can't remember.. i think it was basically a stripped down uboot and I remember adding a simple menu or something-- I think I was trying to bypass that white startupscreen or something..). However, after doing this a few times to play with it, I realized that Chromiumos without the Chrome goodies kinda sucks and I promptly forgot everything and went back to stock.
I did have it re-partitioned to run linux as a dual boot from the SD slot or something-- I remember using that cgpt thing to select the different boot modes and vaguely recall the way it would A/B the updates (which "O" is now doing)... but anyhoo I was using the armhf ubuntu releases with the native kernel and ran into all kinds of sound issues and framebuffer only was a little crappy so...
I'm gonna re-read in more detail soon and I'm sure I'll have questions-- one of which will be-- assuming that most stuff is the same on x86 vs arm, why are there two scripts? How do they differ?
ol. On my device the Canary channel is at Chrome OS version 61; I think they started to move out some ARC++ (the acronym stands for Android Runtime on Chrome, version 2, if anyone's wondering, btw) environment variables to a separate file in version 60, or maybe 61.
Click to expand...
Click to collapse
This is the -env file I'm missing, I presume?
I think that the higher-ups at Google might be still umming and ahing as to whether or not to make source code available for the Android container, it's certainly not been made public yet. Actually, I remember seeing a Reddit post from a Google/Chromium employee mentioning this.
Click to expand...
Click to collapse
It looks from the response that the gapps portion might be what's in question-- just like ChromiumOS vs Chrome has all the proprietary bits taken out?
Here's what I'd ideally like to see:
* Rooted Android, with a toggle switch to hide su in settings a la lineage (requires a kernel patch something like this one) + settings changes from lineageos
* adb access from outside the device-- critical for quickly testing apks from android studio w/o a cable. Basically put the chromebook in a "device mode" where adb is passed through... I'm going to see if I can pipe adb through with socat as you suggest...
* what else... I dunno watch this space.
An update from a couple of guys that have tested out the scripts on Intel: It seems to be that while they are able to launch daemonsu manually (with daemonsu --auto-daemon), it apparently does not seem to be getting launched at boot.
I am waiting for some more information on this. Previously, for Marshmallow, the script was setting up the app_process hijack method in order to to launch daemonsu at boot; to support Nougat I changed it to instead create an .rc file with a service for daemonsu, and add a line to init.rc importing it. This works for me, and from what I can gather, it copied/created all files successfully on the testers devices, too, so I'm not sure at this point what the issue is there.
Edit: Fixed the issue. I updated my previous post with further details.
fattire said:
I realized that Chromiumos without the Chrome goodies kinda sucks and I promptly forgot everything and went back to stock.
Click to expand...
Click to collapse
lol yeah. True, that.
fattire said:
...assuming that most stuff is the same on x86 vs arm, why are there two scripts? How do they differ?
Click to expand...
Click to collapse
It's literally just two things that differ: the few lines where we copy the su binary over e.g.
/x86/su.pie → /system/xbin/su, daemonsu, sugote
vs
/armv7/su → /system/xbin/su, daemonsu, sugote
...and also the size of the created container. The x86 container is about 30 percent larger than the Arm one.
I had a little look at how to determine the CPU architecture programmatically on Chrome OS a while back, but couldn't seem to find a reliable way of doing this, at least not without maybe getting a bunch of people with different CrOS devices to run something like, as you mentioned, uname -i (which returns 'Rockchip' on my device, uname -m (which returns 'armv7'), or such similar, and collating the results. It was just easier to do separate versions for x86/arm, rather than introduce more conditionals (with potential for errors). I'm certainly not averse to adding a check for $ARCH, and thus standardizing the script, as long as it's reliable.
fattire said:
This is the -env file I'm missing, I presume?
Click to expand...
Click to collapse
Yep! It's just the same few envs as in the .confs, moved into a new file. I'm fairly confident that the script's conditionals deals with them OK.
fattire said:
It looks from the response that the gapps portion might be what's in question-- just like ChromiumOS vs Chrome has all the proprietary bits taken out?
Click to expand...
Click to collapse
Yeah, although the respondant there perhaps doesn't seem to realise that he's talking to a Google/Chromium dev, the way he responds. Not that that makes anything he says in his post is necessarily less valid, though.
fattire said:
Here's what I'd ideally like to see:
* Rooted Android, with a toggle switch to hide su in settings a la lineage (requires a kernel patch something like this one) + settings changes from lineageos
* adb access from outside the device-- critical for quickly testing apks from android studio w/o a cable. Basically put the chromebook in a "device mode" where adb is passed through... I'm going to see if I can pipe adb through with socat as you suggest...
Click to expand...
Click to collapse
Interesting... I agree, those would both be useful additions to the functionality of ARC++...
Quick question-- has Samsung provided the source for the GPL components (including the kernel, obviously)? I looked here but didn't see anything...? Previously the kernel was included along with the chromium source and there was like a kernel and kernel-next repository.. but this was like five years ago. I think the codename for the samsung chromebook pro is called caroline... let me quickly see if I can find a defconfig in the chromium source...
Back.. nothing here in the chromeos-4.4 branch. Nothing here either in the master branch. Maybe I'm looking in the wrong branches-- master is probably mainline kernel. Also the directories.. it took me five minutes to realize it wasn't going to be in arch/arm - force of habit I guess. I'll keep looking unless anyone knows. This "chromium-container-vm-x86" one seems to have dm_verity as an unused option. Ah, this is looking promising.
...and... here!
So it would seem that this would be built as part of the chromiumos build system, which seemed to be half gentoo five years ago building out of a chroot and was kind of a pain to set up... still, I'm guessing that since it's got that weird script to make the defconfig, what you could do is use google's chromiumos build script to make the kernel image (with whatever changes you want), then, assuming that it doesn't care if you replace the kernel, just throw it over the right Kernel A/B partition and see if it boots and starts up chromeos... it's weird cuz the kernel has to do double-duty for chromeos and android.. but I bet you can just replace it and it would work fine...
I had a cursory go at building a couple of kernel modules for my Flip C100 a while back - I didn't get too far though, lol. People do seem to have had success building their own kernels and running them with Chrome OS though, as with most things I suppose it's just how much time/effort you're willing to put in.
I think I used this and maybe this, from the crouton project to guide me.
From what I remember, I just got fed up of all the arcane errors/config choices. I remember that even though I'd imported my current device config from modprobe configs, there were then such an incredibly long string of hoops/config choices to have to go through one by one, to then be confronted with various errors (different every time ISTR) that I think I just thought "screw this". I think there were some other issue with the Ubuntu version I was using at the time as well. I know that sort of stuff's kind of par for the course with kernel compilation, but I was mainly only doing it so I could edit xpad in order to get my joypad working, in the end I found a different solution.
It shouldn't be too much hassle though, in theory I guess.... Oh, also, in order to get a freshly built kernel booting up with the CrOS rootfs, in addition to the gpt flags, I think you might have to sign it, too? (just with the devkeys & vbutil_kernel tool provided on the rootfs), some info here, and here.
From what I remember, the build system would do whatever key signing was necessary.... although I do now remember you're right there was some manual step when I was building the kernel, but I can't remember if that's because of MY changes or that was just part of the build process.
I I just dug out the old VM (Xubuntu) I was using to build and, well, let's just say I'll be doing a LOT of ubuntu updates before I can even realistically look at this. I do kinda recall setting up the environment was a huge pain so I'm going to see if I can just update the 5 year old source, target the pro and just build the kernel image and see what pops out the other end. At least I won't have to deal with the cross compiler, though I think it should hopefully take care of that itself.
Interesting to see that those crouton projects have emerged (no pun intended) so I'll check them out too while ubuntu updates itself
Thanks for the github links.. I'm going to go read that wiki.
Update: Looked at it-- funny they just stripped out the chromeos-specific parts they needed rather than emerge everything which is smart. My only question is now that Android is involved, there's that script I linked to earlier that seems to say "if you want Android support you'll need these bits too"-- wonder if the same config scripts apply, and if there are any other device tree considerations as well...
I may play a bit and see how smoothly it goes.. Unfortunately I don't have unlimited time either :/
Also, please do let me know if you put the scripts on github and I can send you pull requests if I come up with anything.
Update: Finally updated like 3 major versions of ubuntu... the "depot_tools" repo had its last commit in 2013, so I updated that. Wow, this is so much clearer than previous docs... it looks like something called gclient is used now, which I configured with:
gclient config --spec 'solutions = [
{
"url": "https://chromium.googlesource.com/chromium/src.git",
"managed": False,
"name": "src",
"deps_file": ".DEPS.git",
"custom_deps": {},
},
]
'
that let me do gclient sync --nohooks --no-history ...which i think is updating the ancient source. I probably should have just started over, but anyway... we'll see what happens.
Update again: After updating with this new gclinet tool, it appears that the old repo sync method is still required as described here. That hasn't changed after all, so now I'm going to go through this old method, which will probably completely overwhelm my storage as it's downloading with history.. but anyway, in case anyone is trying this-- looks like the whole chroot/repo sync thing may still be how it's done... the /src directory described above may only be for building just the browser, not the whole OS...
...and here it is. I will have zero room to actually build anything tho, but hey.
* [new branch] release-R58-9334.B-caroline-chromeos-3.18 -> cros/release-R58-9334.B-caroline-chromeos-3.18
Note to self: use cros_sdk --enter to actually get in the chroot. Then:
~/trunk/src/scripts $ ./setup_board --board=caroline
to set up the build for caroline. Then to build:
./build_packages --board=caroline --nowithdebug
Useful links:
* Building ChromiumOS
* [URL="http://www.chromium.org/chromium-os/how-tos-and-troubleshooting/portage-build-faq"]eBuild FAQ
[/URL]

Updating certs on old AMlogic 812 android 5 TVbox

Recently my trusty old box stopped finding streams in kodi. I suspect it's related to the expired DST Root CA X3 cert that no longer is usable since last week. Since this OTT box hasn't been updated in over 5 years I'm left with few options short of tossing it and starting over, BUT I'de like to try to get android functioning again instead of scrapping the hardware.
Soo...hoping someone could provide some insight how to safely add the new certs to the existing system store -OR- completely replace it. I'm semi-proficient with ADB and the device is rooted AFAIK.
Option #1 : add in the new certs. Per https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ and https://letsencrypt.org/docs/certificate-compatibility/ I have installed the IdentiTrustCommercialRootCA onto the device (ISRG Root X1 I believe) but it installed as a personal cert, and I'm preparing to move it to the system store but I think theres an intermediate cert I need to install as well. I just don't know what it is, or where to find it.
Option #2 : add in the entire Mozilla cert package. http://wiki.cacert.org/FAQ/ImportRo...ect=ImportRootCert#Android_Phones_.26_Tablets has a nice walkthru and a cert package, but the docs get confusing when they explain how to import the two certs, and their download package has over 130 certs in it.
Option #3 : rebuild the entire system store from scratch. Googles github site has all the certs shipped with android 7, but I'm guessing I'll have install each one as a personal cert before moving each one to the system directory similarly to option 1.
Option #4 : REPLACE the entire cacerts.bks file from another android device via ADB. Is this SAFE ? https://forum.xda-developers.com/t/...h-kindle-app-just-stop-syncing.3205615/page-2
Anyone tried any of these, or any insight to any of these options ?
UPDATE : Worked option 1 last weekend, installed 5 certs- 2 from lets encrypt, 2 from identrust, and 1 I extracted from my browser. It was stupidly easy and without ADB since the box was rooted when I got it. Seems to have solved alot of issues, but how can I be sure the cert chain is intact and hashed properly ?
Hi there, could you please go into further details on this procedure on How you installed without replace the entire cacerts, or if you have found a better way.
I know a few friends with older devices and they could surely use my help as well I myself have an old Amlogic S812 device laying around which I wanted to put to some use. Thanks
ocd_amp said:
Hi there, could you please go into further details on this procedure on How you installed without replace the entire cacerts, or if you have found a better way.
I know a few friends with older devices and they could surely use my help as well I myself have an old Amlogic S812 device laying around which I wanted to put to some use. Thanks
Click to expand...
Click to collapse
My box came rooted, and it was required for the procedure I'm about to list here. I've inserted 5 new certs so far and havent seen any adverse effects, but I can say the SSL errors I was seeing in kodi logs no longer appear. I'm also still on android 5.1 so google isn't updating me. I wouldn't attempt this on a supported OS.
I've installed this one first : IdenTrust Commercial Root CA 1 from here : https://www.identrust.com/support/announcements
...also 3 from here : https://letsencrypt.org/certificates/
specifically ISRG Root X1 , Let’s Encrypt R3 , and the DST Root CA X3 ,
Get your certs in CRT format.
Now comes the FUN part :
Install certs normally (as user cert)- lockscreen method , as program certs.
I saw they were installed by looking at the user certs menu afterwards.
Start terminal program
type SU
mount -o rw,remount /system
The directory /data/misc/user/0/cacerts-added is where your user certs are stored. WRITE DOWN the filenames, you'll need them later. The names are now hashes of the actual certs
mv /data/misc/user/0/cacerts-added/FILENAME.0 /system/etc/security/cacerts/
This is where you actually move the certs into the OS folders. Use the 'hash names' you wrote down earlier, entered at the FILENAME.0 spot in the line above, for EACH file.
chmod 644 /system/etc/security/cacerts/FILENAME.0
As above, you'll need to chmod all the new certs.
You'll also need the chown root : root each new file as well.
mount -o ro,remount /system
Reboot
After reboot all your new certs should be system certs.

Categories

Resources