[CM10.2]eCryptFS - How to manually create/mount an encrypted folder? - Galaxy S III Q&A, Help & Troubleshooting

Hallo,
Android 4.x allows to encrypt the phone. I guess it's been done by ecryptfs. How can i use ecryptfs to manually encrypt a single folder? I've tried 'mount -t ecryptfs /sdcard/test /sdcard/test' how it's been usually initialized but on Android/CM10.2 it just throws an 'invalid argument'.
Edit: 'dmesg' throws 'Error parsing options; rc = [-22]'. I've found references on the web that this is because there is only the kernel part implemented and it needs the userspace tools as well (ecryptfs-utils). But how does Android/CM do it then to encrypt the whole phone?
Edit2: Looks like its not done by ecryptfs but dm-crypt via vold.
So, i guess its not possible at the moment to use that on single folders via shell...

Related

UrukDroid 1.6 (Android) on ext4, full r/w access, su (root), SDE

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This is new Android distribution based on Linux, Android and Archos stock os, using SDE from Archos.
Features:
Easy install method for external (SDcard) and Internal storage
EXT4 (much faster than ext3, can store files >4GB comparing to FAT32)
Full read/write access to every part of system
root (su + superuser.apk) out of the box
new services like: samba, sshd, vpnc, openvpn, dvbt, nfs4
3G/usb tether support
Possibility to remove some google/Archos apps
Swap memory in RAM (CompCache) or on disk by default or when you need it
No 300MB limit for apps (and no faulty app2sd required)
You can have SD card Class 8/10 - that can be much faster than internal flash (check this thread)
Many new new kernel modules (usbserial, ntfs, 3G modems, nfs4, cifs, hfs, iptables etc.)
DVB-T support for selected tuners
updated modules, firmware (like WiFi)
User friendly UrukConfig application
... and much, much more - to much to mention all here - please read changelog
Since 1.0 release main documentation source for UrukDroid is on it's WiKi. Please use it as a first and primary information source for UD.
Link to project (googlecode) page is: http://code.google.com/p/urukdroid
Update (10.09.2015)
Since code.google.com is no longer working (read only for limited time) - here are working links to latest (and final) release of UrukDroid: Dropbox,
I hope that new, much more detailed and complete documentation will help you use UrukDroid at it's full potential.
Changelog, proposed futures
Changelog:
UrukDroid 1.6 (02.01.2012) "DOV FUS LOS Wahl ko Daar Sivaas!"
[CHANGE] Incorporated changes from Archos firmware 2.4.19, 2.4.65, 2.4.80 and 2.4.81
[CHANGE] Updated superuser apk and binaries
[FIX] Fixed some library linking
[NEW] Changed top bar button size to 32px permanently
[NEW] New overclock module from milestone-overclock to change CPU voltage and max frequencies on the fly
[CHANGE] Added overclock support to CPUGovernor service
[FIX] Restored proper busybox binary
[NEW] New patches on kernel from December update from Archos git
[NEW] Full iptables support (with NAT, conntrack etc) - so everything is now possible (redirect, proxies etc)
[NEW] Full kernel timing for power consumption monitoring
[NEW] Recompiled WiFi? and HDMI drivers
[NEW] Added python 2.7, iotop (for watching i/o operations), PowerTOP (for power consumption monitoring - but it's not as useful as on x86)
[NEW] Added ntfs-3g support - full read/write support for NTFS file systems (need to be used manually, vold does not use it)
[CHANGE] Added UrukDroid? Rescue Menu - Repair submenu with disabling overclocking (for those who made their device unbootable with overclocking) and Dalvik cache cleaner
[NEW] New feature in cpugovernor script (genconf, current)
[CHANGE] New features in update subsystem
scripts now tries to keep /data/.tmp directory cleaner,
for those with disk shortage /data/.tmp can be now symlink to directory on sdcard
updater now checks if you have enough free space in /data/.tmp before it begin installation
update process now can be during bootup (better one) if you have enough free space on rootfs, or on running system (not so nice - this is default behavior until UD 1.6 release)
[CHANGE] restoring backup in Rescue Menu now erases partition before restore (until now it was just overwriting)
[FIX] added (again ) xbox pad kernel support (was missed out in new kernel compilation)
[FIX] fixes scp/sftp-server (on some configuration refused to start child processes)
UrukDroid 1.5 (16.0.2011) Manamana!
[CHANGE] Since UrukDroid? 1.1 (both beta1/2/3 and release candidate 1/2/3) had stability and compatibility issues - that I was unable to trace down (too many changes on changes etc.) - I've decided to implement all stuff from beginning on fresh OS. Since all "reverse engineering" stuff was already made and I already have required knowledge - It should be the fastest method. So entire system is cleaned up, updated to latest binaries - and so far looks good . That's why I've bumped version to 1.5 - just to make it a bit more visible it's not a straight continuation of 1.0/1.1.
[FIX] No more "soft reboots" (system reloaded it's graphics UI part)
[FIX] No more turning off WiFi issue (but it happens that WiFi can't pop in after full reboot - another reboot is required)
[FIX] CIFS startup on boot (Issue 57)
[CHANGE] Update process should be now more chatty and report more errors
[CHANGE] Reverted back WPA service (which enable UrukDroid? WPA supplicant with AdHoc? support) - since some people reported problems with adding new networks with Uruk version of WPA supplicant.
[CHANGE] Merged changes from Archos 2.3.28 OS
[NEW] New wpa_supplicant - hopefully with all features and without most of known problems (sometimes it still refuses to start)
[CHANGE] Updated modules and kernel
[FIX] Fix camera support for A43
[CHANGE] Merged changes from Archos 2.3.26 OS
[CHANGE] Redesigned services to output more reliable status
[FIX] Mediascanner fixes (did not rescan data sometimes)
[NEW] Introduced in 1.0 "Rescue Menu" now fully functional (RM)
[NEW] RescueMenu now have Alternative OS? boot feature
[NEW] RescueMenu now have "bare metal" backup/restore functionality
[NEW] Update process will now communicate with user with help of UrukConfig
[NEW] Enabled cgroups
[FIX] "Moved" boot image on A101
[FIX] 3Gmodem_init.sh fixes
[NEW] You can dissable boot from SDCard by naming any of it's partition "noboot" ('[email protected]:/root# e2label /dev/block/mmcblk2p1 noboot')
[NEW] patch (by Sibere) increasing USB current in Host mode
[NEW] New default apps in UrukDroid 1.5: WiFi Manager, FileExpert, QuickPic, Opera browser
UrukDroid 1.0 (30.04.2011)
[FIX] sshfs missing files fix
[FIX] EasyInstall: changed datafs max size from 2GB to 1.95GB (for market to work), fixed partition sizes for A101 16GB when doing internal install with resize, fixed installation for A70H devices
[NEW] small script to copy UrukDroid files from SDCard (external) to Internall (copy_from_sd_to_internal.sh)
[CHANGE] Changed behaviour of dvb service (device configuration)
[FIX] Added some missing modules for DVB support
[CHANGE] New kernel modules for more dvb devices (but it requires manual loading and testing)
[NEW] rsync tool
[CHANGE] swap service now can work on swap partition (or like before on swap file), also after mounting sdcard ext4 partition
[NEW] Ad-Hoc WiFi connection support by default (networks are visible with "*" on beginning of it's SSID)
[CHANGE] Some new progress indicators during install/upgrade
[NEW] Simple Animation during late phase of bootup
[NEW] New service: cifs (to load cifs modules)
[NEW] Added cgroups kernel setting
[NEW] Moved some modules dependencies (cifs,ntfs,dvb) to /etc/modprobe.d
UrukDroid 0.7 (28.02.2011) you're damn right it's a gift!!
[NEW] NFSv4 client support
[NEW] FS-Cache (cachefilesd) support for NFS (local disk cache for NFS files)
[NEW] sshfs support
[FIX] OpenVPN fix - thanks to nenadr
[FIX] PPtP fix - thanks to nenadr
[NEW] vpnc tool for using Cisco VPN connections
[NEW] vpnc UrukDroid service
[CHANGE] Updated to libc6 2.11 (and all binaries recompiled/changed because of it - big change)
[NEW] new gnu tools: nmap
[NEW] EasyInstall now allows installing UrukDroid on internal (mmcblk1) storage in A70 and A101
[NEW] Integrated 3G USB modem and RNDIS USB tethering service by nenadr
[CHANGE] New iobench.sh (with new bonnie++ test)
[CHANGE] Changed device fingerprint to work better with google market (enable download some missing apps)
[CHANGE] Merged Archos 2.1.8 firmware changes
[CHANGE] Changed DVB subsystem support and kernel/modules dependencies to work with new v4l2 modules (it will brake compatibility with most other kernels probably)
[FIX] Changes it UrukUpdate mechanism to work every time when file is moved to "/data/UrukUpdate"
[NEW] Added required modules and iptables service configuration for DroidWall (firewall) application
[NEW] sudo subsystem for launching properly some root tasks
UrukDroid 0.6 (11.02.2011) Eye of the Uruk... in new logo
[CHANGE] Merged changes from Archos firmware 2.1.2/2.1.3/2.1.4
[CHANGE] DVB support with LiveTV.apk from chulri (for selected cards, there are more modules then listed in /etc/uruk.conf/dvb - but it requires to do some experiment and report it back)
[CHANGE] Changed Uruk service to work better with new UrukConfig
[NEW] New services: openvpn, mediascanner
[NEW] IO Benchmark tool: iobench.sh
[NEW] Possibility to turn off mediascanner and use it on demand only
[FIX] Fixed mount_sdcard.sh script to work with 2.1.2 ext3 partitions
[NEW] Updated boot sequence with progress during upgrade/install
[NEW] You can hide soft buttons (Archos buttons) with UrukConfig
[NEW] Easy Install method - no need to know anything about Linux - just plug and wait...
[NEW] Kernel modules for 3g dongle
UrukDroid 0.5 (27.01.2011) Tom Bombadil... in red
[NEW] CompCache (aka ramzswap) support
[NEW] New CPU governor - interactive. Ported from XDA CyanogenMOD
[NEW] DVB: applied patches by chulri, Siano SMS1XXX USB support
[NEW] DVB: modules from outside kernel tree
[NEW] Some more GNU tools: gzip utils, zip utils, unzip utils, nc (NetCut for DVB streaming)
[CHANGE] New services model - so they can be easily run/configured with help of UI
[NEW] New kernel modules: usbnet, lzo
[NEW] Mediascanner modification - it should has much, much smaller impact on system performance
[NEW] sqlite3 (3.5.9) installed, for easy database file manipulation
[NEW] after restart of UrukDroid it will boot once again to Uruk without need of pressing any buttons, to boot on stock OS please use boot menu
[FIX] mount_sdcard.sh fixed so it will mount first ext4 partition on sdcard if exist, and will not interfere with Vold if its vfat
[CHANGE] New update/upgrade/flash model - everything done on UrukDroid - no boot menu required
[NEW] New application to configure UrukDroid - UrukConfig.apk. Installed with this release. Can be uninstalled in default way.
[FIX] Fixed corrupted logo in A101
[NEW] Unified kernel for UrukDroid on SDCard and internal storage (A70S/A101)
[CHANGE] Services ENABLED with this release: CpuGovernor, CompCache
UrukDroid 0.4.2 (21.01.2011)
Just extracted as a separate update file GoogleMarket
UrukDroid 0.4.1 (15.01.2011) Myyy preciousssss...
Some more tools like: bc, proc utils, vim, tcpdump, bzip2, tar etc.
Android apps (Market, Maps, Talk, Calendar, Contact, Feedback, Locator, Updater) by default
Samba (3.2.5) support for sharing /mnt/storage (internal and sdcard storage) from Archos
Dropbear SSH server
Backported modprobe, depmod etc. tools for modules management
WiFI driver recompiled, WiFi HW firmware update (from 6.1.0.0.335 to 6.1.5.44.7)
Initial DVB-T support (Afatech AF9005, Afatech AF9015, DiBcom DiB0700, Terratec CinergyT2/qanu)
Bootlogo with progress steps
Cleanups of initramfs and rootfs
EXT4 drivers backported from 2.6.30 - some mount changes (to prevent config files corruption)
Initial A70H support
SDCard/HD layout changed
Autoupgrade service and installation helper
ADB fixes
Removed two apps. TelephonyProvider.apk, Phone.apk
Since 0.4 all services are DISABLED by default, to enable it edit proper config file in /etc/uruk.conf/
UrukDroid 0.3 (9.01.2011) Rise my Uruk... not yet Hai
iptables, ntfs support
some more USB modules: usbserial, pl2303
fixed bluetooth problem (not working in Uruk 0.2)
automounting improvements (much more bulletproof)
new configuration files (/etc/uruk.conf/) to enable/disable features
new Uruk services (/etc/uruk.d/)
some more GNU utils openssh-client, coreutils
USB charging enabled (NOT tested!!!) - It would required much more power then standard USB in PC can give, use USB wall/car charges or double/triple USB cables
UrukDroid 0.2 (5.01.2011) Go GNU release
"smart" automounting script (that will mount ext4/vfat third partition from sdcard in RIGHT place, AFTER internal storage is mount)
plenty of useful GNU tools: whole e2fstools (mkfs, fsck for ext2/ext3/ext4), parted (for partition resize, format etc.), vfat tools, new toolbox, mtr, top, strace, bash - and much more (look in /usr/local/bin and /usr/local/sbin)
swap memory ON by default (50MIB file /swap01.file)
required compiled libraries libparted, libncurses, libe2fs... etc. (look in /usr/local/lib)
new text editor in text mode: nano (my favourite)
some init.rc cleanups
kernel changes (mostly toward console output)
fixed small (but problematic) misconfiguration in Archos (yep original one) Android in linking /etc/mtab
UrukDroid 0.1 (30.12.2010) Initial "release"
recompiled kernel with ext4, nfs4, fb console
added su and superuser.apk
bootup changes (to make it work)
Features planed in next releases:
backup scripts
proxy settings
CynanogenMOD parts backported
OC/UC kernel be default
FAQ or Tips & Tricks
More information you can find in seperate thread on this forum - FAQ + Question/Awnsers
How to upgrade from previous releases
To upgrade from 0.5 you should download special upgrade file (UrukDroid-0.6-upgrade.tbz2) from first post. You need to place this file in directory "/data/UrukUpdate".
First method:
Put it on your internal storage by any means - this is /mnt/storage (also visible as /sdcard/). Then use file manager (like Astro or RooteExplorer - not build in one) or do as follow in terminal (or over ssh)
Code:
su
cd /sdcard/
mv UrukDroid-0.6-upgrade.tbz2 /data/UrukUpdate/
Second method:
Use UrukConfig to enable SSHD (if you don't have it started already), and use any SCP/SSH client (like WinSCP, or plain scp on Linux) to copy file (default username is "root", password is "UrukDroid") to "/data/UrukUpdate".
In both cases upgrade will start automatically; alter kernel, initramfs and when finished, device will reboot itself.
How to enable/disable and configure UrukDroid services?
UrukDroid services are configured by text files, that can be found in /etc/uruk.conf/ directory. You can use file manager like RootExplorer or Terminal to edit them, but most convinient way is to use SSHD service and some ssh client (for example putty).
You can also use UrukConfig application - build in since 0.5 release. After you do some changes, restart service (/etc/uruk.d/service_name stop/start) or simply reboot Archos. Since 0.5, by default only CompCache and CPUGovernor are enabled.
Currently available services
samba - it's SMBD server allowing mounting your Archos storage directory on your PC. Default user is "storage" and password "UrukDroid"
sshd - SSH server allows you to connect to your Archos with any ssh client, work on terminal. It also allows to copy files with scp/sft. Default user is "root", password "UrukDroid"
swap - this service enable swap memory. It can make Archos a bit less responsive but memory manager won't kill application so quickly (co you can use WWW browser, email an communicator simultaneously - for example of course)
iptables - this pseudo service will load necessary modules to use iptables (firewall) features
ntfs - if you plan to connect NTFS formatted devices to your Archos - enable this service
dvb - this service load necessary modules to watch TV on your Archos. This service requires configuration from your side - it won't work "as is". Please read and edit config file (/etc/uruk.conf/dvb)
compcache - Start/stop CompCache swap memory service. Compcache is a compressed part of memory, where less used object reside. Usual compression ratio is 70%
cpugovernor - Changes default CPU governor and it's parameters. Governor decides how to scale CPU frequency. Since 0.5 there is new "interactive" governor.
openvpn - It's an implementation of popular free VPN service for Uruk. It will act like the one used in Archos stock config with difference it will work all the time - whenever you go, and you have full flexibility of configuration. Config file resides in /etc/openvpn/archos.conf.
VPNC - It's open implementation of Cisco VPN service. You should edit /etc/vpnc/archos.conf file.
NFS4 - NFS v4 client service allows you to mount remote file storage with use of NFS (much faster then SMB for example). You can also enable use of cachefilesd sub-service - that will cache locally, files transferred with NFS (for smooth playback of movies for example)
How to remove some default apps?
App started at the boot time are stored in /system/app, I've already removed some of them by moving it to /system/app.old/ - but you can do it by your own - but remember - some of them are actually required to run system
Some filesystems benchmarks (that's the reason why I wanted ext4 so badly)
Write tests (I've testes different filesystem and partition sizes)...
Tests on Archos:
internal 8GB
0,71Mb/s ext3,ordered,noatime
5,45Mb/s fat32
Lexar 16GB
2,63MB/s ext3,ordered
6,25MB/s ext4,ordered
Test on computer (the same lexar card)
2.93Mb/s 1GB,ext3,noatime
2.78Mb/s 1GB,ext3
3.04Mb/s 1GB,ext2
8.62Mb/s 1GB,vfat
7.61Mb/s 1GB,btrfs
7.87Mb/s 1GB,ext4
7.87Mb/s 16GB,ext4
Card is 16GB SDHC Lexar class 6 only - so this toshiba nand inside is not state of the art either :/
How to roughly check your filesystem write speed
Go to directory where you can write and were is more then 100MiB of free space and do the line. It will sync devices (flush all write caches), write 100MiB file filled with zeros, and fush caches once again to measure real write speed without buffers. Then easy math... and my laptop disk has write speed 16,66MiB/s
Code:
[email protected]:/tmp$ sync; date; dd if=/dev/zero of=test.file bs=1M count=100 2>/dev/null; sync; date
Wed Jan 5 19:02:28 CET 2011
Wed Jan 5 19:02:34 CET 2011
[email protected]:/tmp$ bc -q
scale=4
100/(34-28)
16.6666
quit
UrukDroid configuration system
I've created (or recreated, since Google threw away existing Sytem V and other solutions) something that works like rc/init.d system. It's old fashion, but for only few services will do it's job.
There are few location to remember:
/system/etc/uruk.d/ - directory with services
/system/etc/uruk.conf/ - directory with configuration files
/system/etc/init.d/ - symlinks Sxxserice/Kxxservice (like S01swap) to be run during startup process
Proper path is /system/etc/ but it's symlinked on every Archos to /etc - so you can also work on /etc/uruk.d, /etc/uruk.conf etc.
To enable iptables support (load proper module) it's enought to edit /system/etc/uruk.conf/iptables
To change swap memory settings edit /system/etc/uruk.conf/swap
How to mount ext4 under Windows?
There is project called "ext2read" that claims to work with ext4 also (I've only tested it with ext2 long time ago - it worked) http://sourceforge.net/projects/ext2read/ - please write some commends if you use it.
What is current directory/disk layout?
/ -> SDCard first partition (512M) - for root filesystem
/data -> SDCard second partition (1GB) - for installed apps
/mnt/storage -> internal 6GB partition - for data used by installed apps
/mnt/storage/sdcard -> SDCard third partition - anything you want, nothing by default
/mnt/sdcard2 - proposed mount point for other volumes, not used by default
And there is something called symbolic links (symlinks) - witch is kind of Win shortcut used on UN*X extensively.
/sdcard -> /mnt/storage
/storage -> /mnt/storage
/mnt/sdcard -> /mnt/storage
So you can enter /sdcard - and you are be using files from /mnt/storage. You can also create symblinks by yourself
Code:
ln -s /source destinations
How to gather data report from UrukDroid
Best way is to use SSH. For this, please start "sshd" service on UrukDroid by using UrukConfig application or by editing /etc/uruk.conf/sshd file.
First start will take one minute or so - since sshd has to generate unique encryption keys.
If you use Windows download putty.exe (ssh client) and run it. Write your Archos IP (it has to be visible in network) and connect.
Use
Login: root
Password: UrukDroid
Click to expand...
Click to collapse
Now you can write Linux commands and cut/paste results for help/debug purpose.
Thanks!
I think you talked me into it! I'll play with it tomorrow.
I've found this on Nook Color thread http://forum.xda-developers.com/showthread.php?t=888216
Can someone test is it worth to do on Archos? I think we don't need phone service running in background. Ill try this tomorrow when i get back to home but maybe someone can test earlier?
sorry for asking,but what is the point in doing step 3,i mean what does it actually do?
This is backup of install instruction, leaving more space for custom approach. Instruction in first post is now much simpler with less 'if/or'.
Material for this thread came from discussion here. So please be kind read also this thread before getting to work
This is mini how-to boot modified Archos Android from SD card, using SDE. It's base on 2.0.71.
Since this Android mod/distribution required some name - let it be Uruk-Droid
Why bother:
ext4 (much faster than ext3, can store files >4GB comparing to FAT32)
full r/w access to every part of system
root (su + superuser.apk) out of the box
possibility to remove some google/Archos apps (already done partly)
swap memory when you need it
no 300MB limit for apps (and no faulty app2sd required)
you can have SD card Class 8/10 - and that's much faster storage than internal flash (inside is something equal class 6 or 4)
Warning
Be aware that this modification requires SDE and probably some Linux knowledge.
By doing described below steps you probably can't brick your Archos - but do it on your own risk.
Root access on your devices makes it less secure form malicious software (user more head - less fingers )
Known problems:
Android automounter (vold) does not recognize EXT4 in stock firmware - so it will claim SD card is damaged (it's just a message) (FIXED)
Before you start:
Read about SDE on forum
Install some terminal emulator from Market (eg. "Android Terminal Emulator")
You should have 2.0.71 already installed (I'm not sure if it's required but only with that configuration tested)
All operations described here, done on Linux or Android should be done from root user (you can switch to that user in terminal by typing "su" or "sudo su" command)
If you don't have Linux - find any recent Rescue CD, Live CD or Virtual disk (VirtualBox or VMware) - distributions does not matter
SD card partition design
First of all, preferably buy card class 6+. So it won't be slower than internal storage
I'm currently using 3 partitions
0,5GB / (rootfs)
1GB /data
rest /mnt/storage/sdcard/
but You can create one big partition instead - I've made my configuration because of easiness to backup and upgrade (rootfs is easy to upgrade later on, /data has only runtime data and application, rest is for movies etc.) Size of /data partition determines how many apps you can install on your device.
Here it's how it looks on fdisk
Code:
linux-machine:~# fdisk -l /dev/sdb
Disk /dev/sdb: 16.0 GB, 16012804096 bytes
199 heads, 44 sectors/track, 3571 cylinders
Units = cylinders of 8756 * 512 = 4483072 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/sdb1 1 121 529716 83 Linux
/dev/sdb2 122 362 1055098 83 Linux
/dev/sdb3 363 3571 14049002 83 Linux
Step one
Create at least one primary partition on SD card with fdisk, gparted, parted or any other partitioning tool. Assuming your SDCARD is visible as /dev/sdb (on Linux box - check "dmesg").
Code:
su (go root)
fdisk /dev/sdb
fdisk options (it's interactive):
p (print existing partitions)
d n (delete partition by it's number 1,2,3 etc)
n (create partition, you will be asked about type (primary, secondary - go primary), number (give first available), start sector (just enter will set first possible), size (you can give it as +1M, +2G etc)
w (write all changes, until you give this command no changes are made on disk physically)
Format partitions as EXT4 - but without huge_file option (it won't work with this feature since it requires special kernel option that brakes compatibility with existing modules).
Code:
su (go root)
mkfs.ext4 -O ^huge_file /dev/sdb1
If you created more partitions - do those steps for everyone.
Code:
mkfs.ext4 -O ^huge_file /dev/sdb2
mkfs.ext4 -O ^huge_file /dev/sdb3
Kind of "session log" for this steps you can find in this post.
Step two
Extract content of rootfs.tar.gz onto first partition on SD card (it HAS to be first one). Do it from root account on Linux/UNI*X box - or you won't transfer all permissions properly (mainly +s on su/superuser.apk).
assuming your SD Card is visible under Linux as /dev/sdb (you can check it by typing "dmesg" after you connect it)
open terminal/shell - go root: su, or sudo su
create mount point: mkdir /tmp/sdcard
mount it (if it's not mounted already) for example: mount /dev/sdb1 /tmp/sdcard
go to /tmp/sdcard directory: cd /tmp/sdcard
extract rootfs: tar -zxf /path_to_file/rootfs.tar.gz
exit directory: cd
umount your card: umount /tmp/sdcard
Flash initramfs.gz and zImage from SDE boot menu:
reboot Archos70, hold up or down volume key until you see Recovery menu,
choose "Recovery System"->"Developer Edition Menu"->"Flash Kernel and Initramfs",
connect Archos to PC and copy initramfs.gz and zImage to device
Reboot and hold up or down volume, choose "Developer Edition".
You should see all yours apps etc. - it should look like your Archos , but with su/superuser.apk etc. (check it on terminal emulator by typing "su" and enter).
Before go to next step make sure you have booted to SDE system AND it has root access! (check "su" in terminal, run root explorer or titanium backup)
Step three
It's kind of optional - since you have already working system - but it's not fun yet
Now you should copy /data files onto SD card. Use terminal emulator (from market can be "Android Terminal Emulator") or sshd (QuickSSHd and log into your tablet) and do:
If you have ONE partition
Code:
su
cp -rp /data/* /data.new/
If two or more
Code:
su
mount -t ext4 /dev/block/mmcblk2p2 /data.new
cp -rp /data/* /data.new/
umount /data.new/
Poweroff device.
Step four
Put card into computer and:
one partion
remove /data
rename /data.new to /data
On Linux it may look like this:
Code:
su (or sometimes "sudo su")
mkdir /tmp/sdcard
mount /dev/sdb1 /tmp/sdcard
cd /tmp/sdcard
rm -rf data
mv data.new data
edit /init.rc (it's /init.rc on Android - on Linux box it's going to be something like /tmp/sdcard/init.rc) - use any editor to modify file - do it as a root!
Code:
su
vi /tmp/sdcard/init.rc (edit the file)
umount /tmp/sdcard/
What to edit:
Code:
# Comment this
# mount ext3 /dev/block/mmcblk0p4 /data noatime nosuid
# Uncomment this
# mount ext4 /dev/block/mmcblk2p2 /data noatime
mount ext3 /dev/block/mmcblk0p4 /data.old noatime nosuid
two or more partitions
edit /init.rc (it's /init.rc on Android - on Linux box it's going to be something like /tmp/sdcard/init.rc) - use any editor to modify file - do it as a root!
Code:
su (or sometimes "sudo su")
mkdir /tmp/sdcard
mount /dev/sdb1 /tmp/sdcard
cd /tmp/sdcard
vi init.rc (edit file)
umount /tmp/sdcard
What to edit:
Code:
# Comment this
# mount ext3 /dev/block/mmcblk0p4 /data noatime nosuid
# Uncomment this
mount ext4 /dev/block/mmcblk2p2 /data noatime
mount ext3 /dev/block/mmcblk0p4 /data.old noatime nosuid
If you have third partition on SDCARD, whether it's EXT4 (recommended) or FAT32 it should by automounted since 0.2 version.
Reboot - it should work
End
Stuff you can do later:
Vold - automount daemon on android is quit.... crappy - to let go message about "sd card damaged" edit /etc/vold.fstab and hash the line "dev_mount_lun volume_sdcard /mnt/storage/sdcard...."
Other partitions - if, by any reason, you have more partition on SD card (more then 3) you can also mount it putting in init.rc (there are some potential issues with vold to be solved)
for ext4
Code:
mount ext4 /dev/block/mmcblk2p5 /mnt/sdcard2 noatime nosuid
For fat32 partition preferably tweak with Vold config (/etc/vold.fstab) - or add something like this (in init.rc)
Code:
mount vfat /dev/block/mmcblk2p3 /mnt/sdcard2 uid=1000 gid=1015 fmask=0000 dmask=0000
Files (UrukDroid-0.3):
Megaupload.com
initramfs.cpio.gz
zImage
rootfs.tar.gz
Dropbox.com (there can be server error because of download limit)
http://dl.dropbox.com/u/1017593/ArchosGEN8/UrukDroid-0.3/rootfs.tar.gz
http://dl.dropbox.com/u/1017593/ArchosGEN8/UrukDroid-0.3/initramfs.cpio.gz
http://dl.dropbox.com/u/1017593/ArchosGEN8/UrukDroid-0.3/zImage
Nm you said it's faster, interesting... I may test that out.
IMHO you should point out that it is a great security risk for having access to root without any password.
BTW this comment is not meant to insult you in anyway, but I think it is only fair to people that will use it and to cover your own ass.
Maurice
Does this require a clean system to do the SDE Root? what happens to everything already installed etc.
MoonPhantasm said:
Nm you said it's faster, interesting... I may test that out.
Click to expand...
Click to collapse
There was already link to my write speed tests (now I've pasted it to second post) - read speed is about the same. In quadrant I have something about ~2300 (one of quadrants test is I/O benchmark) - but that's not my goal - so I don't care much about that kind of speed.
divx118 said:
IMHO you should point out that it is a great security risk for having access to root without any password.
BTW this comment is not meant to insult you in anyway, but I think it is only fair to people that will use it and to cover your own ass.
Click to expand...
Click to collapse
Of course your are right - but that's kind of obvious, and that's the reason why superuser.apk requires to specify what process can gain root access (I know it's not strong security - but better something than nothing)
Is there any way to do this on the a32, or can will there be a solution for the 32.
I had SDE installed before, but I used the uninstall developer edition option in the boot menu. Now, regardless of if I use the .aos file from archos that has SDE, whenever I reboot holding a volume button, I get to a menu that says "Archos A101IT Recovery", and "Would you like to recover your system?" with the following options:
No
Update Firmware
Repair System
Format System
I select update firmware, and all I get is an update failed error.
I don't know what to do. I have a basic linux knowledge, so I have my sd card properly formatted, without the huge file option. I've extracted the contents of rootfs.tar.gz to the first partition.
Any ideas on what to do?
$aur0n said:
I don't have that problem since I use Linux everywhere
My mmcblk2p3 is also EXT4 partition (since fat 32 has 4/2gb file size limitation it's only place where I can put bigger files - mainly movies. It's one of ther reasons why ext4 is good for the task).
To mount (vfat or ext4) during but of Archos put in init.rc
Code:
mount ext4 /dev/block/mmcblk2p3 /mnt/storage/sdcard noatime nosuid
or
mount vfat /dev/block/mmcblk2p3 /mnt/storage/sdcard
just after mount of /data.old for example..
/mnt/storage/sdcard is the place where automounter would normally mount this device.
Click to expand...
Click to collapse
I did try to add it to init.rc, but it wouldn't mount.
Running "busybox mount -t vfat /dev/block/mmcblk2p3 /mnt/storage/sdcard" after boot seems to work however.
Is /mnt/storage mounted yet at that point? It seems to be separately mounted ("mount" shows /dev/block/vold/179:9 mounted on /mnt/storage, but I can't find any line related to that in init.rc)
Since "Preparing internal storage" appears after boot, I assume the SD card has to be mounted after that (unless I mount it somewhere else, which would break compatibility with some apps)
Actually, I'd prefer if the SD card was mounted on /mnt/storage, and the internal storage on /mnt/storage/internal, is there a way to do that?
Edit: Ah, I checked that /etc/vold.fstab file. It seems to be what I need to edit to auto mount the SD card, but I'm not sure what I need to edit.
The line currently reads:
dev_mount_lun volume_sdcard /mnt/storage/sdcard auto /devices/platform/usb_mass_storage/lun1 /class/block/mmcblk2
"auto" seems to be the partition number, I tried to change this to different values as well as changing mmcblk2 to mmcblk2p3, but they result in the same SD card damaged message. Is this a no-go and just won't work or am I doing something wrong? Either way, it seems like it's the only way to mount the SD card at boot if I want it mounted to /mnt/storage/sdcard.
Edit 2:
Adding these 2 lines to init.rc and commenting out the equivalent lines in /etc/vold.fstab seems to work:
mount vfat /dev/block/mmcblk2p3 /mnt/storage
mount vfat /dev/block/mmcblk1p1 /mnt/storage/internal
Now I have the SD card mounted on /sdcard
However, the settings won't show the space information now, so I have to connect it to the PC to check free space. Is there a better way to do it?
Jdbye said:
I did try to add it to init.rc, but it wouldn't mount.
Running "busybox mount -t vfat /dev/block/mmcblk2p3 /mnt/storage/sdcard" after boot seems to work however.
Is /mnt/storage mounted yet at that point? It seems to be separately mounted
Click to expand...
Click to collapse
No, this mount point (/mnt/storage/sdcard) is not ready yet at this point - that's why I've changed it to /mnt/sdcard2 in howto. It's not good solutions (since probably some tools won't find media - like movie player) - but the only one for now. Vold is crappy, and even so it should mount _first_ usable partition (with auto option) but it does not want to do that. I can't check it, since I don't have vfat on sdcard, but probably the only solution is to do separate script/service with delayed mount - that's what I'm going to do for now, later on (in next release).
Q: However, the settings won't show the space information now, so I have to connect it to the PC to check free space. Is there a better way to do it?
A: (kind of joke) - user "df -h" in terminal, probably some more smart tools with gui are also able to show space used by "other" devices.
hurrpancakes said:
Any ideas on what to do?
Click to expand...
Click to collapse
I guess it's some Archos SDE bug and you should report it (I thing that after uninstall of SDE and second install you should see developer menu back - if not,
it's error or faulty "watermarking" at work)
jab12 said:
Is there any way to do this on the a32, or can will there be a solution for the 32.
Click to expand...
Click to collapse
My guess - it may also work for you. All gen8 devices have the same kernel and system - so give it a try.
xShadoWxDrifTx said:
Does this require a clean system to do the SDE Root? what happens to everything already installed etc.
Click to expand...
Click to collapse
Everything that is installed on INTERNAL 8GB storage is untouch. So even when sde fails to boot, you can go back to original Archos Android and work on that.
When you follow my instr. you should see second Android with all yours application installed but on ext4 with root etc. etc.
$aur0n said:
I guess it's some Archos SDE bug and you should report it (I thing that after uninstall of SDE and second install you should see developer menu back - if not,
it's error or faulty "watermarking" at work)
Click to expand...
Click to collapse
I think the error may lie in the fact that I have to access my sd card by mounting it through my a101. Tomorrow (or later today, rather) I will get a sd card reader so I won't have to rely on using the tablet.
Hi, thanks for howto.
Can we keep the superuser mode explained in this topic http://forum.xda-developers.com/showthread.php?t=880321&page=13 And use your method (in case i forgot m'y sd card And need root access)

[BASIC DONE] A simplified 2ndinit (2ndihkvc) for experimenting

>>>> In a post further down, I have released a updated zip file which contains the 2ndihkvc program as well as its source as well as few support scripts to allow experimentation with this mechanism of multiple user spaces <<<<
Hi All
I have been following the below thread, as well as working on my own on some of the concepts. You can get the details till now from my posts in the below thread.
http://forum.xda-developers.com/showthread.php?t=1378886
I was not able to get the SETREGS to succeed in setting PC required for the current/existing 2nd-init logic, nor wait was waiting to lock the process, SO I tried a new and simpler alternate method for triggering/execve the init process a 2nd time using only POKE and it seems to have succeeded. I am guessing this based on my nooktablet having got messed up and it keeps rebooting again and again when it reaches my logic potentially. I have to restore back to factory settings and try afresh in the morning (Well it is almost morning ;-) now here) with few more debug messages to pin point it fully.
The code I am injecting directly into init process is in the attached txt file which is actually a .s (assembly file). (NOTE: Currently I am not handling environment variables, not sure if that is causing my boot to keep looping).
In turn the logic to hijack the init process and inject the code is as simple as
Step1) PTRACE_ATTACH
Step2) PTRACE_GETREGS
Step3) PTRACE_POKETEXT (Regs.ARM_pc, code to inject)
Step4) PTRACE_CONT
Step5) PTRACE_DETACH
I will upload the code in a day or two - however the jist of the logic is above, if anyone wants to experiment on their own.
NOTE: The code is very simple and experimental and expects the pc address to be known before hand to massage the .s file appropriately.
NOTE: The above algo with the corresponding .s file is still EXPERIMENTAL and also requires additional shell scripts to get access to the boot flow to trigger the hijack. And the current code will break the nooktab booting, so don't experiment this logic and the .s file unless you know what you are doing.
NOTE: I am not that much into Custom Roms etc, so don't expect anything much shortly wrt Custom Roms etc, this is just a experimentation for myself and to feel happy inspite of BN removing some useful features like sideloading as well as forcing a signed bootloader on everyone.
can you make a 2-init zip like on the milestone
http://forum.xda-developers.com/showthread.php?t=998425
because then the devs can go on and make a recovery
Bit more exploration with init hijacking - 2ndihkvc src package for EXPERIMENTATION
Hi,
NOTE: Source code package is attached with this message. However this is WIP and provided for anyone wanting to EXPERIMENT on their own parallel to me. Because I think the basic logic is done now. It is more of cleaning up the init rc files and or killing some additional tasks before restarting init or some such things HOPEFULLY (NO harm in hoping and being positive . HOWEVER NOTE that the current version will loop your boot and fail. I have put a timed triggering logic to try and reduce the risk, check out the documents in the package, but it can factory reset or worst case wipe your partitions and render the nooktab dead.
After yesterdays initial init hijacking, I have cleaned up the .s file so that it passes the Args properly as well as added the environment variables set by Android by default. Also the ptrace code I have updated to do relocation (using a simple custom table) of injected code. Also rather than a minimal ptrace code, I have put a bit more full fledged one with my logic as well as skrilax's logic as well as reg dumping and few other stuff to help experimenters.
In turn I have cross verified, that init is actually getting restarted and it is running thro the scripts and setting up the properties as specified by my modified default.prop as well as in the process rerunning all the commands/services/prgs.
However some where beyond rild/vold sequence it seems to be blocking and looping the boot. Also I had modified the init a bit, have to check that also once later.
Enjoy and experiment
NOTE: Not sure how to avoid having to put the same message in two threads. I created this thread only becasue the original thread was in the wrong category (i.e non development), when it should have been in development also.
This is interesting. I have minimal experience with assembly, none of it ARM. I would like to help, if possible. I appreciate the work you have put into this. I'm really hoping to be able to have CM7 on this tablet eventually.
Sent from my BNTV250 using xda premium
Potentially working Alternate Userspace in uSD using 2ndihkvc
Hi All,
I have updated my 2ndihkvc package a bit more and now you can boot into a ALTERNATE Android user space in uSD (NOTE: Userspace only and not kernel - locked bootloader doesn't allow alternate kernel).
For this you require to copy your required android /system and /data partitions into a MicroSD card in its 2nd and 3rd partitions which should be ext4 (specified in the init.omap4430.rc file in 2ndihkvc directory).
NOTE: Best way of getting a working /system and /data partitions is to ==> After rooting your Nook and removing all unwanted Apps/Junk, make a copy of the /system partition from eMMC to uSD. Same for /data/partition. Then you can copy what ever additional applications you want in this uSD based Android /system/app or /data/app partition. Thus you can have different sets of Android user space in different uSD cards.
Follow the instructions in INSTALL file for experimenting this on your rooted NookTab. BUT REMEMBER IT IS STILL EXPERIMENTAL. ALSO as a SAFETY FEATURE, as of now it will boot into this ALTERNATE MODE (in uSD) only when the current HOUR is specified in the start2ndihkvc.sh file appropriately. Otherwise it tries to boot into the your normal Andorid system in eMMC. This should hopefull CATCH any mistake, BUT THIS IS NOT GUARENTEED AND THIS IS A DANGEROUS THING TO EXPERIMENT, UNLESS YOU KNOW WHAT YOU ARE DOING.
NOTE: One time it did reboot from my alternate android system, I haven't debugged this yet, as it has not occured after it (Well I have tried only once more) so cann't say one way or the other yet. But definitely, there are some corner cases.
NOTE: If something gets messed up or if something is different or even if there is some corner case in my code, which I haven't handled yet, it may MESS UP your NOOK TAB so EXPERIMENT WITH THIS only if you know how to recover on your own, provided the NOOKTAB is recoverable (90% should be, but NO GAURENTEE).
Now the BRAVE HEARTS can experiment and Enjoy a alternate Andorid system in uSD card.
NOTE: With this one should be able to boot into any Custom ROM after suitable updation of the scripts in my zip file, as well as by copying their /system and /data/ partitions into uSD 2nd and 3rd partitions. AS long AS that Custome ROM doesn't have any specific kernel requirements.
BYPASS Kernel and Ramdisk check for People with UART ACCESS
Hi,
NOTE: THis is based on a initial look at the source code and then the objdump of u-boot.bin. I haven't cross checked this yet, because for now I haven't opened up the nooktab for uart access yet. Also this assumes by default booti command is used for booting in BN uboot. If some one wants to use bootm, then a different location requires to be patched wrt the image loading security check.
If you are a lucky ;-) person working with opened up NookTab with UART access, then basically replacing the memory contents of these two offsets with NOP will 90% BYPASS the security check successfully and allow you to boot a MODIFIED KERNEL or RAMDISK as required.
All offsets specified Assuming u-boot is loaded at 0 (adjust for the actual address where u-boot.bin is loaded, haven't looked into that yet).
Check for Security check of Kernel image is at
[ORIG] 0x48c0 => bne 0x48d8 (0x1a00.0004)
Make this a NOP by overwriting using uboot memory write command to
[MODI] 0x48c0 => mov r0, r0 (0xe1a0.0000)
Check for Security check of RAMDisk image is at
[ORIG] 0x4928 => bne 0x4958 (1a00.000a)
Make this a NOP by overwriting with
[MODI] 0x4928 => mov r0, r0 (0xe1a0.0000)
Someone (Hi Adamoutler, maybe you) with opened up NookTab can try this and tell me if it worked or not.
NOTE: you have to add up the actual u-boot load address to the offsets specified.
UPDATE1: It appears the load address is either
Possibility 1) 0x80e8.0000 OR
Possibility 2) 0x80e8.0000-0x120 (More likely).
Have to dig thro bit more, but one of these two will potentially work.
So that means to NOP RAMDisk security check the offset is
Possibility 1 ==> 0x80e8.0000+0x4928
Possibility 2 ==> 0x80e8.0000-0x120+0x4928 (More likely)
Best is to cross check if the resultant address contains the BNE instruction bytes specified above.
Same concept applies for the Kernel security check Nopping offset.
NOTE: It appears there is a 0x120 size header before the actual u-boot.bin code starts and in turn, when I did the objdump, it included the 0x120 bytes of header also assumed as code. And inturn the full (including the header) u-boot.bin or for that matter the u-boot from emmc seems to load into 0x80e8.0000-0x120.
UPDATE 2:
Code around the locations to be noped to help identify the same in memory, in case my offset calculations are wrong
48b4: eb0030f1 bl 0x10c80
48b8: e59d3010 ldr r3, [sp, #16]
48bc: e3530000 cmp r3, #0
48c0: 1a000004 bne 0x48d8
48c4: e59f0104 ldr r0, [pc, #260] ; 0x49d0
48c8: e594100c ldr r1, [r4, #12]
48cc: e5942008 ldr r2, [r4, #8]
48d0: eb0015db bl 0xa044
............
491c: eb0030d7 bl 0x10c80
4920: e59d3010 ldr r3, [sp, #16]
4924: e3530000 cmp r3, #0
4928: 1a00000a bne 0x4958
492c: e59f00a4 ldr r0, [pc, #164] ; 0x49d8
4930: e5941014 ldr r1, [r4, #20]
4934: e5942010 ldr r2, [r4, #16]
4938: eb0015c1 bl 0xa044
UPDATE 3: ... for a rainy day in future ;-)
UPDATE 4: For maximum success, first try a changed RAMDisk rather than Changed Kernel. If Changed Ramdisk works then try Changed Kernel (THere is one more thing in Code, which I am not sure if it will impact a modified kernel or not yet, only way is to experiment).
How can I run 2ndihkvc just to load a new default.prop using the existing userspace? What I did so far was to remount / in rw, updated default.prop, pushed 2ndihkvc to /data/local/, changed permissions to 755 and executed. Here is the output
Code:
# ./2ndihkvc -p 1 -w 0 -c 0 -m 2
INFO:2ndihkvc:v30Dec_2020:
INFO:2ndihkvc: Tracing process with pid = 1
INFO:2ndihkvc: NewPrg = /init
WARN: RESPECT_WAIT disabled
WARN: Mode = MODE_INJECT_HKVC2
INFO: ContType = CONTINUE
INFO:2ndihkvc:PTRACE: Attached to (1)
INFO:2ndihkvc: Giving 2 secs to the likely traced process
ERROR:2ndihkvc:WAIT:Failed (No child processes)
INFO:2ndihkvc:hkvc2: InjectAddr (Regs->ARM_pc) = 0xffff0520
INFO:2ndihkvc:hkvc2: /init found at offset 0x100
INFO:2ndihkvc:hkvc2:ProgramToExecute: /init replaced with /init
INFO:2ndihkvc:hkvc2: At offset 0x208 relocating from 0x100 to 0xffff0620
INFO:2ndihkvc:hkvc2: At offset 0x200 relocating from 0x208 to 0xffff0728
INFO:2ndihkvc:hkvc2: At offset 0x280 relocating from 0x288 to 0xffff07a8
INFO:2ndihkvc:hkvc2: At offset 0x288 relocating from 0x300 to 0xffff0820
INFO:2ndihkvc:hkvc2: At offset 0x28c relocating from 0x307 to 0xffff0827
INFO:2ndihkvc:hkvc2: At offset 0x290 relocating from 0x312 to 0xffff0832
ERROR:PTRACE:POKE failed at location ffff0520
INFO:2ndihkvc:PTRACE: Continue/SingleStep ...
INFO:2ndihkvc: Detaching...
ERROR:2ndihkvc:PTRACE: Failed DETACH (No such process)
#
Do I need to push your init to /system/2ndihkvc/init? I am just trying to play around with it and Adam's BHT just to see what I can do them. Thanks.
Hi Brianf21,
As specified in the INSTALL file with in my zip
Copy my 2ndihkvc.zip file to /data/local/tmp
Then mount /system in rw mode.
Next unzip 2ndihkvc.zip into /system. It should create 2ndihkvc folder.
Next run ./install.sh from with in 2ndihkvc folder.
This will setup the boot process to start into 2ndihkvc. And it inturn will restart init with new set of init.*.rc as well as default.prop files.
Have a look at the 2ndihkvc folder, it already contains a default.prop file. If you want to change anything in default.prop then do the changes in this default.prop in /system/2ndihkvc folder.
Also remember to change the time check in start2ndihkvc.sh file in /system/2ndihkvc folder to the current hour, when you will be experimenting. Otherwise, it will not run 2ndihkvc, but continue with the normal Android init flow.
Cross check my INSTALL file once again for the details/steps to setup 2ndihkvc.
Once you have done the above. When you restart your system, it will trigger 2ndihkvc as required and the default.prop will be the new one which you would have edited/updated in /system/2ndihkvc/ folder.
NOTE: Looking at the address, it seems like you had tried 2ndihkvc once before in the same session. Try following the install step specified above/In the 2ndihkvc zip file and see. There is a minimally modified version of init.omap4430.rc and default.prop already in the 2ndihkvc folder, modify those if you want to modify them. This is because start2ndihkvc.sh will copy these files from /system/2ndihkvc/ folder when it is run to restart init.
I will have to read more, to avoid setting up system and data up on an sdcard. Once the setup is done, will it always hijack init for every following boot until it is removed or only one reboot? i am just to get a clearer picture of what's going on, I wanted to just see the hijack of init work independently of the other processes.. I kind of like to break things down into parts so I can get a better understanding of the entire process. Thanks for the work you've out in so far.
hkvc said:
Hi Brian21,
As specified in the INSTALL file with in my zip
Copy my 2ndihkvc.zip file to /data/local/tmp
Then mount /system in rw mode.
Next unzip 2ndihkvc.zip into /system. It should create 2ndihkvc folder.
Next run ./install.sh from with in 2ndihkvc folder.
This will setup the boot process to start into 2ndihkvc. And it inturn will restart init with new set of init.*.rc as well as default.prop files.
Have a look at the 2ndihkvc folder, it already contains a default.prop file. If you want to change anything in default.prop then do the changes in this default.prop in /system/2ndihkvc folder.
Also remember to change the time check in start2ndihkvc.sh file in /system/2ndihkvc folder to the current hour, when you will be experimenting. Otherwise, it will not run 2ndihkvc, but continue with the normal Android init flow.
Cross check my INSTALL file once again for the details/steps to setup 2ndihkvc.
Once you have done the above. When you restart your system, it will trigger 2ndihkvc as required and the default.prop will be the new one which you would have edited/updated in /system/2ndihkvc/ folder.
NOTE: Looking at the address, it seems like you had tried 2ndihkvc once before in the same session. Try following the install step specified above/In the 2ndihkvc zip file and see. There is a minimally modified version of init.omap4430.rc and default.prop already in the 2ndihkvc folder, modify those if you want to modify them. This is because start2ndihkvc.sh will copy these files from /system/2ndihkvc/ folder when it is run to restart init.
Click to expand...
Click to collapse
brianf21 said:
I will have to read more, to avoid setting up system and data up on an sdcard. Once the setup is done, will it always hijack init for every following boot until it is removed or only one reboot? i am just to get a clearer picture of what's going on, I wanted to just see the hijack of init work independently of the other processes.. I kind of like to break things down into parts so I can get a better understanding of the entire process. Thanks for the work you've out in so far.
Click to expand...
Click to collapse
If all you are interested is run 2ndihkvc with a modified default.prop but no other modification (i.e no uSD /system and /data partitions), then
a) overwrite the init.omap4430.rc in /system/2ndihkvc with the one in / . However if you have already booted into a system with 2ndihkvc then in /data/local/tmp.
Or if required you can directly edit the init.omap4430.rc in /system/2ndihkvc and update the mount commands in there to mount from emmc instead of uSD.
b) Remove the 2 lines in restart-userspace.sh corresponding to mount -o move ....
This will allow you to boot into a system with a modified default.prop but no other change from a runtime perspective (unless I have forgotten something).
Also 2ndihkvc will be applied each time boot into NookTab provided the current hour matches the hour set in start2ndihkvc.sh. Once the current hour no longer matches the hour set in the sh file, it will boot into the normal BN Nooktab environment.
NOTE: I purposefully modified the init.omap4430.rc file to replace the /system and /data from emmc to uSD, so that if someone is experimenting something, he doesn't corrupt the emmc easily as long as he doesn't become root user. HOWEVER with root access emmc can still get corrupted if one is not careful, because eMMC is still available and mounted.
tried but rebooted few times until factory reset kicked in
Hi,
ok. maybe a bit too optimistic, but I compiled ICS for pandaboard and put the system to sd card (partition 1 ext4 empty, partion 2 ext4 system with panda stuff, partion 3 data, partition 4 empty).
I hit adb reboot and the device booted a few times until it restored factory. Uff.
Is there a way without serial console to see what happens?
There's also small glitch in install.sh. It doesn't find init.rc in /system/2ndihkvc.
Rgds,
Chris
chrmhoffmann said:
Hi,
The device booted a few times until it restored factory. Uff.
Click to expand...
Click to collapse
If it's counting boots like the Nook Color you can stop it by running this (if the rom partition is mounted at /rom-- it's p2 on nc and I guess p5 on nt).
chrmhoffmann said:
Hi,
ok. maybe a bit too optimistic, but I compiled ICS for pandaboard and put the system to sd card (partition 1 ext4 empty, partion 2 ext4 system with panda stuff, partion 3 data, partition 4 empty).
I hit adb reboot and the device booted a few times until it restored factory. Uff.
Is there a way without serial console to see what happens?
There's also small glitch in install.sh. It doesn't find init.rc in /system/2ndihkvc.
Rgds,
Chris
Click to expand...
Click to collapse
Hi,
The missing init.rc is not a glitch, I purposefully left it out while packaging, so that one doesn't modify it drastically and botch up the boot. init.4430.rc is the only thing required to change the mount partitions.
Also if you are using my default start2ndihkvc.sh script, then it has a time check, so while xperimenting if you have goofed up. Just let the time you have set in this script pass by (i.e don't power on), then it will automatically go back to the stock NT boot, thus avoiding the factory reset.

[Q] Backup of disk encryption master key

I've been extensively searching on this, but I just can't find any answer, although I really can't image I'm the first one to come up with this.
I have a Google Nexus 4 (rooted, of course) and I'm using the native phone encryption.
There is some information that can be found, revealing that google uses the native linux dmsetup tool for this.
Now, just in case anything goes wrong, I'd like to have a backup of the encryption master-key,
that I could use to restore the dm-crypt header.
On a normal linux system, this would be easy, only one call to dmsetup and I'm done.
However, I just can't find any info to do this on android.
The UI doesn't offer this option (as is to be expected) and I just don't know how to do it by using adb.
I've opened a root shell session and tried some commands (dmsetup, cryptsetup, some calls to "vdc cryptfs", etc...), but I just don't find a way to do it.
Has someone already found a way and can share how it's done, any ideas?
Thanks in advance
Does no one encrypt their android phones or is concerned about integrity of their data?
I think you overestimate Android: In most cases /data partition is not larger then a few GB's on smartphone devices.
Just insert Storage card with enough free space, and do a decrypted backup (for example from CWM recovery being root):
1) Make sure /system, /sdcard, and /data are all mounted inside recovery environment
2) /system/xbin/tar -C / -cf /sdcard/data.tar data
When integrity of your data is no longer given, you can factory reset the device, start again the encryption process (which will use a new key for encryption), and then restore your userdata back:
1) Make sure /system, /sdcard, and /data are all mounted inside recovery environment
2) /system/xbin/tar -C / -xf /sdcard/data.tar
No need to play around with keys and cryptsetups or being afraid you loose data because you have encryption enabled
---------- Post added at 04:12 PM ---------- Previous post was at 03:14 PM ----------
To answer your initial question:
Have a small lecture on h*t*t*p://source.android.com/tech/encryption/android_crypto_implementation.html
It is said, that the "The crypto footer contains details on the type of encryption, and an encrypted copy of the master key to decrypt the filesystem".
And that "[..]the filesystem doesn't extend into the last 16 Kbytes of the partition where the crypto footer is kept".
So basically by doing a backup of the last 16KB of the partition initially was mounted as /data before encryption you are THEORETICALLY save.
I am sorry not being able to give you exact commands, but i am sure someone can post you the right partition name (e.g. for HTC vision devices it would be /dev/block/mmcblk0p26), you can do backup/restore on blocklevel using dd, which is on my current ROM located at /system/bin/dd
You then need to find out the size of this partition, which in my case with /dev/block/mmcblk0p26 would be:
cat /sys/class/block/mmcblk0p26/size gives yout size of partition in blocks (in my case 2234367)
Now you have to reduce this by 16KB, whish i think should be (2234367*4096-16*1024)/4096=2234363, because i think on all Android devices Blocksize is 4096 (you can check the column Blksize on output of shell command "df" on Nexus).
Commands would be then something like this:
Backup: /system/bin/dd if=/dev/block/mmcblk0p26 count=4 bs=4096 skip=2234363 of=/sdcard/masterkey.dd
Restore: /system/bin/dd of=/dev/block/mmcblk0p26 count=4 bs=4096 skip=2234363 if=/sdcard/masterkey.dd
Because 16KB are 4x4096 Byte
With THEORETICALLY i meant that these are my thoughts based on the implementation description, which might be accurate enough about the master key, or not (often the master key is stored on a special sector, and they only mentioned a "region" for the crypto footer), and i never tested above Backup/Restore commands, yet.
Perhaps someone better knowledged can confirm my calculations, or someone who digged in the right passages of the Android source can tell us where exactly the master key is getting stored!
Thanks for the answer.
I'll give it a try and store a backup of that last few kb of the disk.
However, since I can't really test if a restore works,
I wouldn't put too much trust into that backup.
Thanks anyway
Has anyone been able to backup their key? Anyone confirmed the commands that rondald put?
This is ridiculous that the SD card is locked to the device. I need to transfer my SD Card to a new device and should not have to reformat my SD Card.
Encryption without key management = FAIL

Preventing USB name changes on every reboot?

I'm running debian with linux deploy on a external hd, and android is constantly (seems to be every reboot or usb reconnect) it changes the name of the usb drive by adding/removing a (1). This prevents linux deploy from being able to find its img file and auto-starting, any ideas on how to set a fixed name?
On a sidebar I have a smsc7500 1gb usb net card and it needs a driver installed to work, from terminal (insmod /system/lib/modules/smsc75xx.ko) loads it no problem, but apparently init.rc is running from initrd as a ram disk, so adding the insmod cmd to init.rc is not persistent, I've tried scriptmanager and .sh files (getting a strange "syntax error" unexpected (/4) not sure what's up wit dat) anyone have a simpler way than breaking into initrd and making changes there to auto-load a module?

[Encryption in Samsung] FBE File Based Encryption metadata leak

Hi,
I was checking the Samsung Galaxy S8+ and Samsung Galaxy Tab S4 for the encryption method used and found that the sdcard is getting FBE (File Based Encryption) without the file name encryption enabled. This is not really safe since the metadata leak (the file names are in clear so anyone who gets your sdcard can read what you've got there, except for the file contents).
Reading the AOSP manual on how FBE is done there, apparently they do encrypt the file names (cannot post the link since I am a new user...) - see "Encrypt file names with AES-256 in CBC-CTS mode". I don't really get why Samsung does not do that, it would have just taken switching on a single ecryptfs argument flag "ecryptfs_fnek_sig".
And, since I am not willing to root my devices, I presume that the only way to ensure in no metadata leak (encrypt filenames), would be to use Secure Folder (Knox).
- Does anyone know any reasonable workaround (without rooting the device), besides using the Secure Folder?
- Does anyone know whether one can run multiple Secure Folders (Knox containers)?
From below you can see that the sdcard is mounted without the "ecryptfs_fnek_sig" or "ecryptfs_enable_filename_crypto=y", whereas the Secure Folder (Knox) has the FNEK (File Name Encryption Key) enabled.
Code:
[email protected]:~$ cat /proc/self/mounts |grep ecryp
/mnt/media_rw/redacted /mnt/media_rw/redacted ecryptfs rw,seclabel,nodev,relatime,ecryptfs_sig=redacted,userid=0,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_enable_cc,ecryptfs_passthrough,base=,label= 0 0
/data/knox/secure_fs/enc_user /data/enc_user ecryptfs rw,seclabel,nodev,relatime,ecryptfs_fnek_sig=redacted,ecryptfs_sig=redacted,userid=0,sdp_enabled,partition_id=0,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_enable_cc,ecryptfs_passthrough,base=,label= 0 0
/data/knox/secure_fs/enc_media /data/knox/secure_fs/enc_media ecryptfs rw,seclabel,nodev,relatime,ecryptfs_fnek_sig=redacted,ecryptfs_sig=redacted,userid=0,sdp_enabled,partition_id=1,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_enable_cc,ecryptfs_passthrough,base=,label= 0 0

Categories

Resources