Hi guys and gals,
I've been investigating why I can't enable encryption on either of my phones running CM9. I'm getting this error in logcat when I go to enable:
E/Cryptfs ( 1454): Orig filesystem overlaps crypto footer region. Cannot encrypt in place.
What I've discovered is that the dmcrypt layer requires 16kb of space at the end of the /data partition to store its volume keys. In the case of my HOX, stock recovery is smart enough to reserve those last blocks. But from what I can tell, CWM when it formats /data (to perform a wipe) formats the entire partition.
By passing an option for number of blocks (n where n is the total number of blocks - (16/blocksize)) to mke2fs at wipe time it should reserve enough space for encryption.
Looking at the cwm recovery source, I found this code for formatting ext4 volumes such as /data:
Code:
if (strcmp(fs_type, "ext4") == 0) {
int length = 0;
if (strcmp(v->fs_type, "ext4") == 0) {
// Our desired filesystem matches the one in fstab, respect v->length
length = v->length;
}
reset_ext4fs_info();
int result = make_ext4fs(device, length);
if (result != 0) {
LOGE("format_volume: make_extf4fs failed on %s\n", device);
return -1;
}
return 0;
}
So there is already a provision for a length option. The v variable is an array built from this code:
Code:
Volume* volume_for_path(const char* path) {
int i;
for (i = 0; i < num_volumes; ++i) {
Volume* v = device_volumes+i;
int len = strlen(v->mount_point);
if (strncmp(path, v->mount_point, len) == 0 &&
(path[len] == '\0' || path[len] == '/')) {
return v;
}
}
return NULL;
}
device_volumes appears to be populated from fstab, and from what i can see length will always be 0 (??) which i assume tells mkfs to always format the entire volume.
Perhaps someone more familiar with CWM's code paths (I'm a little lost) could explain how to get CWM to format the volume reserving the last 16kb?
Close, but the actual code in question is the following in bootable/recovery/roots.c:
Code:
static int parse_options(char* options, Volume* volume) {
char* option;
while (option = strtok(options, ",")) {
options = NULL;
if (strncmp(option, "length=", 7) == 0) {
volume->length = strtoll(option+7, NULL, 10);
...
That's reading the options from /etc/recovery.fstab (using roots.c:load_volume_table()). So all you need to do is make sure your device's recovery.fstab specifies the correct length. This is easiest done using a negative offset length of 16384. So, for a One X, update device/htc/endeavoru/recovery.fstab to add "length=-16384" to the end of the line for /data. For an example, see https://github.com/CyanogenMod/android_device_htc_pyramid/blob/ics/recovery.fstab.
While it would be better if indeed CWM was made smart enough to deal with this, I did make in the mean time a patch you can apply after a wipe to shrink the partition
cybermaus said:
While it would be better if indeed CWM was made smart enough to deal with this, I did make in the mean time a patch you can apply after a wipe to shrink the partition
Click to expand...
Click to collapse
Just played a bit with CM10.2 on my SGS3. To be honest I don't get this issue with partition size. Could you please help me to understand the following: why do we need to resize the partition if the stock ROM does not do it, neither in runtime (when encrypting) nor in flashing new ROM? How does it work on the stock ROM in comparison to CM? What's different? I'm afraid to resize the partition before I understand why I must do it (I read about this 16kb, I fully understand it, but I don't get why it's not needed by the stock ROM).
Thanks!
Maciej
Related
I've made some modifications to drivers/usb/otg/msm_otg.c in order to support usb host mode for the Nexus 4: http://forum.xda-developers.com/showthread.php?t=2181820
So far, I've been building off Franco's sources, since I was using his kernel anyway. But this has its problems. I'm not looking to have to constantly keep up with Franco's nightlies. A good amount of posts from people are asking if I could compile a different kernel with the otg modifications, or if they could flash a different kernel on top. Franco's been getting requests to implement the modifications, and I didn't mean to put any onus on him.
I've been trying to do some research on creating a kernel module that could somehow hijack/hook/wrap the static functions I've made changes to in msm_otg.c. This is all way, way over my head though, and I could really use some help here. I've done some reading so far, but it hasn't gotten me anywhere. I got some good help on IRC, but am stuck again.
To get things rolling, I've manually found the address from /proc/kallsyms of static function msm_chg_detect_work to be 0xc03b4950. I'm trying to make a jump from here to my own function. I was provided make_jump_op for this purpose, although I have no understanding of how it works. Here is more or less what I've got so far (relevant bits..):
Code:
// max distance: 0x02000000
unsigned int make_jump_op(unsigned int src, unsigned int dst) {
unsigned int o;
int distance;
distance = (int)( ((long long)dst) - (((long long)src) + 8) );
if (distance > 32*1024*1024 || distance < -32*1024*1024) {
printk(KERN_ERR "distance too big!\n");
return 0; // crash, BOOOOM!
}
distance = distance / 4; // read: ">>2"
o = *((unsigned int *)(&distance)); // is there a proper way to do this, too?
o = (o & 0x00ffffff) + 0xea000000;
return o;
}
static void msm_chg_detect_work_MOD(struct work_struct *w) {
printk(KERN_INFO "TEST\n");
}
static int ziddey_otg_init(void) {
unsigned int *origcall;
printk(KERN_INFO "Loading kernel module '%s'\n", MODULE_NAME);
// 0xc03b4950: msm_chg_detect_work
origcall = (unsigned int *) 0xc03b4950;
preempt_disable();
*origcall = make_jump_op(0xc03b4950, (unsigned int)(void*)msm_chg_detect_work_MOD);
preempt_enable();
printk(KERN_INFO "Loaded kernel module '%s'\n", MODULE_NAME);
return 0;
}
Can anyone make sense of this? I get an Oops error and kernel panic.
Thank you
Code:
$ grep msm_chg_detect_work /proc/kallsyms
c03b4950 t msm_chg_detect_work
Hey,
a few months ago I read somewhere that android stores the wifi passwords in plain text (seems to be known since 2010: http://forum.xda-developers.com/showthread.php?t=794555 but no one cares?!)
Because I don't want my wifi password to be stored that way, I searched for a way to store the wpa passphrase. This wasn't difficult, because android usese wpa_supplicant, means I just had to find out my passphrase and replace the plain key in /data/misc/wifi/wpa_supplicant.conf with it. Everything still works fine and my phone is able to connect to wifi.
Now my question is: is there a way to store every new wifi password this way? It's annoying to have to edit the wpa_supplicant.conf file manually...
One problem is, that it seems like android doesn't have the wpa_passphrase binary included, even if the source code seems to exist in the wpa_supplicant repository ( https://android.googlesource.com/platform/external/wpa_supplicant_6/ ).
If someone could tell me, how to build the code (I'm not familiar with the ndk), I could try writing an app, which replaces all plain text passwords with the passphrases.
But it would be awesome, if it were possible to integrate this feature in a custom rom, so no more passwords are stored plain text.
Best regards,
David
Finally, I was able to build CarbonRom from source and found a way to integrate this in the rom! On my device, no wifi password is stored in plain text anymore It took a long time to figure out what file I have to change but finally, I got it
If you are interested, I could create a patch and post it here but I don't know how to submit patches to github.
The only thing that confuses me: I found out, that the SSID I use to generate the password hash is quoted. Means, ThisIsASSID is stored as "ThisIsASSID". But actually the password hash should be wrong because it doesn't use ThisIsASSID. Anyway, it works And the password in wpa_supplicant.conf is hashed.
Edit: Cheered too soon... The wpa_supplicant.conf is probably just read at boot time. After a reboot I couldn't connect to my wifi anymore... But if I change the hash in the wpa_supplicant.conf file manually to the right one it works, so now I have to solve the quoting thing. But that shouldn't be difficult.
So, all problems solved now
Here is a patch I created, if anyone is interested:
PHP:
--- original/external/wpa_supplicant_8/wpa_supplicant/config_file.c 2013-08-15 00:12:50.000000000 +0200
+++ carbon/external/wpa_supplicant_8/wpa_supplicant/config_file.c 2013-08-15 01:09:21.876028461 +0200
@@ -19,6 +19,7 @@
#include "p2p/p2p.h"
#include "eap_peer/eap_methods.h"
#include "eap_peer/eap.h"
+#include "crypto/sha1.h"
static int newline_terminated(const char *buf, size_t buflen)
@@ -483,10 +484,36 @@
static void write_psk(FILE *f, struct wpa_ssid *ssid)
{
+ unsigned char psk[32];
char *value = wpa_config_get(ssid, "psk");
- if (value == NULL)
+ char *s = wpa_config_get(ssid, "ssid");
+ if(value == NULL || s == NULL)
return;
- fprintf(f, "\tpsk=%s\n", value);
+ int slen = os_strlen(s);
+ int plen = os_strlen(value);
+ int pskquoted = (value[0] == '"' && value[plen - 1] == '"') ? 1 : 0;
+ int i;
+ //if passphrase length is 64 it's already hashed as well as hashed passphrases aren't quoted
+ if( pskquoted == 1 || plen < 64){
+ //Check for quotes and remove if necessary
+ if(s[slen - 1] == '"' && s[0] == '"') {
+ s[slen - 1] = '\0';
+ s++;
+ }
+ if(pskquoted == 1) {
+ value[plen - 1] = '\0';
+ value++;
+ }
+ //Hash passphrase
+ pbkdf2_sha1(value, (u8 *) s, os_strlen(s), 4096, psk, 32);
+ fprintf(f, "\tpsk=");
+ for (i = 0; i < 32; i++)
+ fprintf(f, "%02x", psk[i]);
+ fprintf(f, "\n");
+ } else {
+ fprintf(f, "\tpsk=%s\n", value);
+ }
+ os_free(s);
os_free(value);
}
I didn't found a place in the java code so I directly edited the c code of wpa_supplicant
Hi, I'm trying to use the library RootTools to make root operations on android system. I want to make a backup of some files including in the /etc folder with the next commands:
Code:
button.setOnClickListener(new View.OnClickListener() {
public void onClick(View v) {
File exists = new File("/etc/gps.conf");
if (exists.exists()) {
// We make a backup first
int date = (int) System.currentTimeMillis();
String source = "/etc/gps.conf";
String destination = "/etc/gps" + date + ".conf";
RootTools.copyFile(source, destination, true, true);
// Last time that file was modified
// Date filedate = new Date(exists.lastModified());
}
}
});
It's supposed that with the RootTools.copyFile I can make that operation, but It doesn't make anything. I see that in cat /proc/mount doesn't appear etc folder. I'm tried too with the Apache transfer file copy, FileUtils.copyFile(source, destination) but it seems that it have problem with the mount system, who seems to be in RO. I try too with RootTools.remount("/etc", "RW") but fails too.
I'm lost with this issue. Pleeeeeease give some advices!!! I want to know how I can edit, create, delete, modify files in /etc /data... etc.
I'm testing this on a Samsung Galaxy S3 with an stock rom 4.1.2.
Thanks for your advices.
rumbitas said:
Hi, I'm trying to use the library RootTools to make root operations on android system. I want to make a backup of some files including in the /etc folder with the next commands:
Code:
button.setOnClickListener(new View.OnClickListener() {
public void onClick(View v) {
File exists = new File("/etc/gps.conf");
if (exists.exists()) {
// We make a backup first
int date = (int) System.currentTimeMillis();
String source = "/etc/gps.conf";
String destination = "/etc/gps" + date + ".conf";
RootTools.copyFile(source, destination, true, true);
// Last time that file was modified
// Date filedate = new Date(exists.lastModified());
}
}
});
It's supposed that with the RootTools.copyFile I can make that operation, but It doesn't make anything. I see that in cat /proc/mount doesn't appear etc folder. I'm tried too with the Apache transfer file copy, FileUtils.copyFile(source, destination) but it seems that it have problem with the mount system, who seems to be in RO. I try too with RootTools.remount("/etc", "RW") but fails too.
I'm lost with this issue. Pleeeeeease give some advices!!! I want to know how I can edit, create, delete, modify files in /etc /data... etc.
I'm testing this on a Samsung Galaxy S3 with an stock rom 4.1.2.
Thanks for your advices.
Click to expand...
Click to collapse
Simply mount system as read/writeable
Sent from my LT18i using xda premium
exquisite.nish said:
Simply mount system as read/writeable
Sent from my LT18i using xda premium
Click to expand...
Click to collapse
This is the problem. The third parameter of RootTools.copyFile(source, destination, true, true) enable the RW option of the folder before the copy. The problem is that it doesn't change the mount type, still RO, still when I try RootTools.remount("/etc/", "rw").
I want to know if there is another way to do that.
Thanks.
Hello guys. i have been trying to compile cwm recovery for my phone. its using msm7627a board. am using the prebuilt kernel. i succeded compiling but when i flash its not displaying anything. i tried to see whats wrong , from the recovery log i found the frame buffer /dev/graphics is not available. Everything else works i can do a backup from ROM manager, even keystrokes work..adb shell works .. just the display not working..any ideas. ????
i also realise some other devices are not loaded.
how can i make the fb0 graphics loaded or any other fix.. ???
for those who have access to the source code ..
Code:
.................................................................................part of the concerned ui code..........................................................
int gr_init(void)
{
gglInit(&gr_context);
GGLContext *gl = gr_context;
gr_init_font();
gr_vt_fd = open("/dev/tty0", O_RDWR | O_SYNC);
if (gr_vt_fd < 0) {
// This is non-fatal; post-Cupcake kernels don't have tty0.
perror("can't open /dev/tty0");
}
else
{
if (ioctl(gr_vt_fd, KDSETMODE, (void*) KD_GRAPHICS)) {
// However, if we do open tty0, we expect the ioctl to work.
perror("failed KDSETMODE to KD_GRAPHICS on tty0");
gr_exit();
return -1;
}
}
gr_fb_fd = get_framebuffer(gr_framebuffer); // this is the call that fails because it tries opening /dev/graphics/fb0 which does then exists
if (gr_fb_fd < 0) {
gr_exit();
perror("cant get framebuffer");
return -1;
}
get_memory_surface(&gr_mem_surface);
fprintf(stderr, "framebuffer: fd %d (%d x %d)\n",
gr_fb_fd, gr_framebuffer[0].width, gr_framebuffer[0].height);
/* start with 0 as front (displayed) and 1 as back (drawing) */
gr_active_fb = 0;
set_active_framebuffer(0);
gl->colorBuffer(gl, &gr_mem_surface);
gl->activeTexture(gl, 0);
gl->enable(gl, GGL_BLEND);
gl->blendFunc(gl, GGL_SRC_ALPHA, GGL_ONE_MINUS_SRC_ALPHA);
gr_fb_blank(true);
gr_fb_blank(false);
return 0;
}
............................................................code,.........................................................
LG bridge is a nice utility to backup and restart app data on an lg phone. The problem is it can only restore to another lg phone . If you have a LG Bridge backup and then your phone dies like the boot loop of death then if your only backups are google and lg bridge there might be data you can't restore on a new non LG phone.
I've done a lot of searching and have not found a tool that would let you extract the contents of the backup. I did notice that 7zip was able to find one apps worth of the backup. after some digging it looks like for the most part the lbf file is a series of tar files combined. I've started working on a tool to extract the tar's out of the file. Right now my method is very crude and works more like a file carver then anything else. I'm able to extract most of the data from a backup but not all of it. consider this a v0.0.1. I wanted to share what I have now in it's current state because it might be useful for others. I do currently plan on improving the code (and likely hosting it on github) and then porting it to java or some other language that's a little easier to run on windows.
For v1 I would like to figure out the data structure some more to see if they have some sort of file table that I didn't see last night when I wrote this.
I'm not going to provide much documentation right now other then below is the php script and it looks for your backup called LGBackup.lbf in the same folder. The tars will be named something like "data_app_com.netflix.mediaclient-2_base.ap.tar" so it gives you an idea of what's inside each tar. I know it's not extracting the whole tar for each app and there's some apps that are larger then they should be like I said earlier this is not finished code but it should mostly work.
Code:
<?php
$handle = fopen("LGBackup.lbf", "rb");
$chunkSize = 4096;
$tarFooter = str_repeat(chr (0), $chunkSize);
$cnt = 0;
$tar = "";
$lastBuff = "";
while (($buffer = fread($handle, $chunkSize)) !== false) {
if ($buffer == "") {
exit('finished');
}
$lastBuff = $buffer;
$cnt++;
if ($buffer === $tarFooter) {
$footBuffer = $buffer;
while ($buffer === $tarFooter) {
$buffer = fread($handle, $chunkSize);
$cnt++;
$footBuffer .= $buffer;
}
for ($i = 0; $i < strlen($buffer); $i++) {
if ($buffer[$i] !== chr(0)) {
break;
}
}
$tar .= substr($buffer, 0, $i - 1);
for ($b = 0; $b < 200; $b++) {
if ($tar[$b] === chr(0)) {
break;
}
}
$filename = str_replace("/", "_",substr($tar, 0, $b - 1)) . '.tar';
var_dump($filename);
if (strpos($filename, 'data_') === 0){
$fp = fopen($filename, 'w');
fwrite($fp, $tar);
fclose($fp);
}
$tar = substr($buffer, $i);
} else {
$tar .= $buffer;
}
}
fclose($handle);
I've done some more digging and it looks like reading the data at the very start and end of the file is going to be a lot more complex then I'm interested. My personal urgency has deceased as lg has supposedly repaired my boot looping g4 . I made some minor tweaks to my code and it works a little better now I found I got the most data back by running my updated script and then using gnu tar to extract the tar's it made. for some reason it was able to overcome some of the corruption that 7zip didn't want to deal with. I'll attach a new file to the first post.
I think the next and possibly last thing I'm going to try is parse the tar file so I know how long each file is. Right now I'm just looking for 1k of null bytes but that's not always right as some times there's less and some times there could be 1k of null bytes inside of the zip.
LBF tool
Hi! I have looked into lbf files recently and here are my findings (including simple way to extract data).
https://forum.xda-developers.com/android/general/tool-lg-restore-com-lge-bnr-lbf-file-t4053579
I am new to XDA, but please let me know what you think.