First off, sorry if this is redundant... I thought I had found the information I was looking for but I can't seem to locate it again. I have an autopumpkin double din unit in my vehicle. I have a couple of off-brand low end tablets, and some android boxes on my TVs. I was hoping to potentially build from source an AOSP image for my autopumpkin unit with a newer version of android on it - or perhaps an android for TV build. I was reading through thread after thread after thread about the building and flashing of new images. What I am wondering is this: when it comes to off brand vendors, often android will show a build for something like rk3188 chipset for example. Is there anything I can or need to salvage from the existing build in order to replace it with a build that isn't the same? I get it - with things like any custom apps used for interfacing to hardware - like a radio tuner app etc would likeyl have to be found or salvaged. sorry if my wording isn't very good.... but I am looking to potentially build a new android rom for something that isn't really being actively supported anymore... to extend the life of the hardware. I am looking for information on anything in terms of how to get anything proprietary off the existing image or filesystem in order to allow the device to actually boot....
Related
One thing that bothers me about my Android phone is the opaque, closed-source baseband firmware ("radio" as it's often called here). Since the baseband is interposed between the OS and most hardware functions, its firmware presents a major unknown in the total security of the device.
It's unlikely that the source code for any of this baseband firmware is going to be released, and the open source OsmocomBB baseband is a long way off from supporting Android or the dominant Qualcomm chips. But I would settle for decompiling an existing baseband firmware image, so that I can start to understand some things about it's behavior, and perhaps compile modified versions.
Does anyone know where to begin with this? Many thanks.
I wish somebody participated in this with you. I need it also /
funkydaemon said:
One thing that bothers me about my Android phone is the opaque, closed-source baseband firmware ("radio" as it's often called here). Since the baseband is interposed between the OS and most hardware functions, its firmware presents a major unknown in the total security of the device.
It's unlikely that the source code for any of this baseband firmware is going to be released, and the open source OsmocomBB baseband is a long way off from supporting Android or the dominant Qualcomm chips. But I would settle for decompiling an existing baseband firmware image, so that I can start to understand some things about it's behavior, and perhaps compile modified versions.
Does anyone know where to begin with this? Many thanks.
Click to expand...
Click to collapse
Good idea. Although most probably it'll all be native C code compiled into binary form, not amenable to decompiling.
So you'd probably need a very good debugger and a system call tracing facility in strace.
I guess hell might also break loose because SIM encryption(?), voice encoders(?), network locking(?) and god knows how many of those proprietary tidbits may be sitting in there.
SIM encryption broken leading to duplication of SIMs and leading to smartcard encryption and open source tools to reprogram your credit cards with more money.
That's not hell. That's hell in a hand basket with us enjoying the ride
Keep us posted. It's guys like you who think outside the radio that gave us the TV
For Qualcomm based devices you need to decompile Hexagon code.
For other Intel XMM6260 etc based devices suffice IDA (ARM).
In both cases the raw binary blobs may be encrypted, but extractable from running machine.
I'm working on it, in a fashion, and am writing up a document compiling everything that has been done on cellphone radio hacking. I've not found much on baseband firmware; there's a lot of info out there but it's been tough to find amongst all the other hacking that has similar keywords. Currently most quality info around this subject involve an extra (and depending on desired features; expensive) bit of hardware and two open source software packages with their decencies. As the hardware is currently outside my budget ($300 for the best bang for buck) I'll be working on getting the software to recognize the hardware built in my Android devices. Provided that all goes well I should be able to read and write on the frequencies that the in-built hardware supports and hopefully, as I always get an identical device when getting one, read and write with my backup android device. Be warned if you decide to follow me down this path; there are laws restricting what non-licensed persons/companys can do on certain RF frequencies and this depends on where you live, I'm no expert only a person capable of reading lots of dry informative documents, provided I do achieve direct contact between devices this hack could (and likely will) fry one of my antennas so be warned you'll likely do the same :banghead: so do this on an old device that you don't care about before ever trying on something you use daily. With the warning out of the way lets get down to the quick version.
~~~~~~~~~~~~
Currently all the developing I've found educational has involved the before mentioned "expensive hardware" known as software defined radio, shortened to SDR, go a head and pop open a new tab and Google search either. You'll eventually find that cellphone manufacturers have likely already put these into many devices. You'll also hopefully find the two kickstarters, HackRF ~$300 and bladeRF ~$400, these are likely what I'll be saving up for; HackRF for sure as the next release will likely be able to send and receive at the same time instead of switching quickly between modes. If you dig deep enough you'll find a blog post from a hacker that plugged an Android into a much more expensive SDR and was able to place calls and send/receive text; the blog poster stated something to the effect that this was not a useful hack but I believe that it's a great proof of concept and totally worth another look. However, this hacker has also almost been sewed for some of the demonstrations with this kind of technology involving the capture and description of calls and texts so tread carefully.
The software I mentioned before boil down to GNU Radio and Open BTS; there's dependencies for each but all seem to be installable on Linux running on top of Android. Furthermore I see that someone (I'll edit your name in in a sec Edit: idcrisis ) previous mentioned wanting c or c++ support, GNU Radio uses these languages perhaps I can ask for some help when I get a little further in porting this to run without Linux in the middle so much? I think if we use the GPS to set the time then the signal shouldn't drift to much.
I'm using an app called Debian Kit to give me a flavor of Linux called Squeeze for testing the software. If you choose to try what I'm doing then make use of the readme that the developer wrote or the guide I wrote for general Linux on Android installation and interaction fund in my sig to get started. If you want access to the document I'm compiling then you'll want to PM me at this moment as the chances of hardware frying is high and I'll share a link to Google docs; I'll be releasing a full guide when I've figured out how to avoid damage.
Eventually I hope to port many of the functions in GNU Radio into an app that makes use of internal hardware. Currently I've found a few that make use of hardware plugged into Android through USB "on the go" or "host mode" just search "RTL SDR" in the app store and you'll see'em, but, currently nothing making use of internal hardware. If any are interested in joining forces and helping figure out how to do all this I'd be glad to offer any support I can.
Other things related to cellular antenna hacking other than the above mentioned software and hardware that I'm compiling into the same document. Well this is where we get into the parts I'm hitting the wall on. It looks like I'll have to get into Kernel modification as this is one of the things used to communicate between software and hardware. There's also the flashable files known as radios and I'll be digging further in how these files are modified.
Basically this is a very tough question to answer and has taken many months of reading, searching, and more reading to get this close bit if we all work together I know that we'll be able to modify how the antennas in our devices work.
Edit 01142014- Found a guide on reverse engineering embedded device firmware, the guide is on a router but as the chips in our phones are embedded perhaps the steps are similar
http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/
Sent from either my SPH-D700 or myTouch3gs or M470BSA
Guide for running Linux on Android that I'm writing:
http://forum.xda-developers.com/showthread.php?t=2240397
^^ NO! The embedded chips in the Linksys routers are MIPS based and not ARM like all our Androids. Very different, although technique is the same.
But thanks, for taking time to check up on all this.
Any updates ?
Hey Guys,
I'm looking into this, I've successfully extracted files from the OnePlus One's baseband, its running RtOS called REX, QC calls it AMSS.
Have a look at the thread here: http://forum.xda-developers.com/oneplus-one/general/discussion-hlos-reverse-engineering-t3292829
Waiting for the OsmocomBB update it projects
QCOM modem leaked sources.
Type in google/bing: "AU_LINUX_ANDROID_JB_MR1_RB1.04.02.02.050.116_msm8974_JB_MR1_RB1_CL3904528_release_AU"
Hi everyone
I have an LG Optimus Vu device and due to LG's tremendous support for this phone, the operating system is still ICS and the kernel version is 2.6.39 (even the I/O scheduler for this phone is set to noop, and there aren't any alternatives :| ). It could be all good and well if there aren't hundreds of crashes appearing every day about different applications, which is driving me crazy. I've searched and searched and it seems that there are no custom ROMs for this phone, nor is there any custom recovery application. I could barely find an application to root this phone.
To get to the point; I'm considering to make a custom ROM for this phone, but I am a noob in these kind of stuff.
I have the kernel source and the original ROM zip file. Since the original OS version is 4.0.4, is it possible to bring the required proprietary drivers from the original and use it in a newer Android version like 4.4.x?
Can I use Google's recent Tegra 3 kernel (3.10) and port those LG specific drivers from the older kernel?
Am I even starting this process in the correct way?
Any help is appreciated.
set-0 said:
Hi everyone
I have an LG Optimus Vu device and due to LG's tremendous support for this phone, the operating system is still ICS and the kernel version is 2.6.39 (even the I/O scheduler for this phone is set to noop, and there aren't any alternatives :| ). It could be all good and well if there aren't hundreds of crashes appearing every day about different applications, which is driving me crazy. I've searched and searched and it seems that there are no custom ROMs for this phone, nor is there any custom recovery application. I could barely find an application to root this phone.
To get to the point; I'm considering to make a custom ROM for this phone, but I am a noob in these kind of stuff.
I have the kernel source and the original ROM zip file. Since the original OS version is 4.0.4, is it possible to bring the required proprietary drivers from the original and use it in a newer Android version like 4.4.x?
Can I use Google's recent Tegra 3 kernel (3.10) and port those LG specific drivers from the older kernel?
Am I even starting this process in the correct way?
Any help is appreciated.
Click to expand...
Click to collapse
Hate to be the bearer of bad news, but you're pretty much stuck. LG has locked the bootloader on it and has said they have no plans on unlocking it. Since the phone is around a year and a half old or older, I'd imagine they aren't going to change their minds all of a sudden for the relatively small amount of people still using the phone.
http://forum.xda-developers.com/showthread.php?t=2055272 - discussion about your phone here
FYI
What is a bootloader?
The bootloader is the first thing that starts up when a phone is turned on. At its most basic level, a bootloader is the low-level software on your phone that keeps you from breaking it. It is used to check and verify the software running on your phone before it loads. Think of it like a security guard scanning all the code to make sure everything is in order. If you were to try to load software onto the phone that was not properly signed by the device vendor, the bootloader would detect that and refuse to install it on the device.
When we speak about locked bootloaders, the context is often used to give meaning to the term “locked.” Almost all phones ship from the factory with locked bootloaders, but some are encrypted as well. It is this encryption that most reports are referring to when using the term “locked.” If a bootloader is encrypted, users can’t unlock it to load custom software of any sort. The device will be restricted to running software ROMs provided by the manufacturer.
Now, there are ways to unlock or circumvent bootloaders in special situations, but with ones that have no dev support like yours, it's pretty much a lost cause and most likely way beyond your capabilities to figure out without spending 100s of hours of learning about Android stuff. This is not a knock on you or anything of the sort, but it is what it is. It is a very difficult thing to figure out encrypted bootloaders even for the most experienced android developers and hackers and depending on how they are encrypted, there just might not be a way (ask the older Moto phones, especially from VZW).
es0tericcha0s said:
Hate to be the bearer of bad news, but you're pretty much stuck. LG has locked the bootloader on it and has said they have no plans on unlocking it. Since the phone is around a year and a half old or older, I'd imagine they aren't going to change their minds all of a sudden for the relatively small amount of people still using the phone.
...
Now, there are ways to unlock or circumvent bootloaders in special situations, but with ones that have no dev support like yours, it's pretty much a lost cause and most likely way beyond your capabilities to figure out without spending 100s of hours of learning about Android stuff. This is not a knock on you or anything of the sort, but it is what it is. It is a very difficult thing to figure out encrypted bootloaders even for the most experienced android developers and hackers and depending on how they are encrypted, there just might not be a way (ask the older Moto phones, especially from VZW).
Click to expand...
Click to collapse
Two thumbs up for the detailed reply.
Shame really. The phone was released in November 2012 but there wasn't a single OS update...
I guess I would have to give up on that, but I'm interested in system level developments for both Android and desktop systems. Any idea where to start?
set-0 said:
Two thumbs up for the detailed reply.
Shame really. The phone was released in November 2012 but there wasn't a single OS update...
I guess I would have to give up on that, but I'm interested in system level developments for both Android and desktop systems. Any idea where to start?
Click to expand...
Click to collapse
Yea, it does suck. That's one of the downfalls to making 8 million different phones. You have no incentive ($$$), no interest, and no manpower to be able to update them all in a reasonable fashion. But it's not like LG is alone. All of the manufacturers have had decent phones just...disappear in regards to updates or anything of the sort.
As far as getting started, there is a ton of info right here on XDA:
http://xda-university.com/
Modify hashes?
Hi!
Sorry for digging out a dead thread, but for the p895 probably all threads are more or less dead...
I wonder if it is really necessary to decrypt the bootloader. Since it must be able to boot different versions of the stock roms, it would probably only calculate a hash value of some files and compare that to a value stored elsewhere.
By comparing different versions of stock roms it might be possible to get some information about what files are hashed. If it is a standard hash algorithm and the comparison value the bootloader uses is stored in plain text (hope....!) there might be an atack vector in
comparing several known plain texts.
I also noticed, that the p895 has a "software integrity check" in the hidden menu that shows has values for some (a lot) of files. these hash values are likely already calculated when entering that menu option (i am pretty certain because they show immediately), so they might belong to the files checked at boot time and also hint to the hash algorith used.
The idea is to calculate a hash value for the custom rom and put it in the appropriate place so the bootloader thinks of the rom as an update.
These are just vage ideas, but i have no intention whatsoever to buy a new phone anytime soon and I guess I could as well spend "some" time tinkering and learning the tech details...
thank you!
I'm looking into building a custom android device to be embedded in a project I'm working on. I won't need GSM/cell service, so this would be more of a 'tablet' with wifi that's the size of a phone. The first version of this project used some lower level embedded controllers, but for a better user experience (capacitive touch screen, full featured app, etc), I'm looking into using an embedded android device and having a friend (who told me to post here about this) write an app to run on it for me. This project is starting to scale, so buying a cheap tablet and tearing it apart isn't really a good option; I'll need to build something from the ground up. My problem is that I'm more of a microprocessors guy, so I don't really know where to start with this kind of hardware.
I found this thread which was a good start, but the info is like 3 years old now.
Has anyone tried to do something like this? Should I be trying to find a manufacturer who already does this type of thing to work with? If so, how do I find someone like that? If I am going to do the design myself, what kind of processors can run an Android OS? Where's a good place for learning that type of info? Are there any reference designs out there I can use to get started? Is running Android on RaspberryPi a good starting spot, or is that simply not scalable?
Thanks for the help, I hope I'm in the right spot. Apologies if not!
Hi,
I have flashed custom ROMs on my HTC Desire, my HTC One, Samsung Galaxy ACE, ... But all of them had plenty of resources...
I've got this tablet (it came free with a TV) and I can't find any info on it anywhere.
It's extremely sluggish and bloated (there's three system browsers - Android Browser, Chrome and Opera ) so I was thinking I'd find a vanilla ROM or a better ROM, but I can't find any info and I don't know how I would go about flashing since I can't find a ROM designed for this particular device, nor can I find a recovery for this specific device. Can I use resources from other devices (which? what to look for?)?
I'd even give building AOSP source code a try if that's neccesary since I'm a programmer and that would come with the benefit of actually modifying Android code to suit my needs like for instance deleting parts of code pertaining to GSM functionality since it's not a GSM tablet and every CPU tick counts
I am not, however, familiar with the exact hardware so stuff like drivers, kernels, etc... are uncharted territory for me and, even though it cost me less than bubble gum and the device itself is really not something that would be a shame if I bricked it, I still would like to not brick it since I already have the thing and it could be convinient every now and then, but not enough for me to actually pay for a better tablet
Note: I'm not actually looking to build AOSP from source, that's only a last resort since it's not a simple app, it's a whole lot of magic there Just saying that that's a last resort possibility.
Hi,
When I read the questions and guides, it seems the Surface Duo can be unlocked and rooted pretty easily.
So I was wondering why there is no custom ROM for this device which is, by all means, not perfect (it has a lot of flaws) but that I consider as at least a refreshing attempt to dig out of the "one glass rectangle touch screen" that we're now used to for years.
Is it beacause there's no love for the device ?
Or is it because Microsoft released absolutely no sources for the internal hardware ?
If there's anyone willing to try, I can offer build server to do it...
And contacts in a community to help iron out problems...
Regards.
Microsoft has indeed released the sources of the internal hardware, or, at the very least, some of it. I don't really know how to determine whether or not all of the drivers are included with the kernel source code. But they do have this kernel source code hosted on GitHub, under a combination of MIT, Apache, and GPL licensing, as well as full instructions on how to build the kernel. The instructions are located at microsoft/surface-duo-oss, and the scripts end up downloading from other microsoft/surface-duo-oss-* repositories. I've not actually tried to build this myself, and I'm not sure what you actually end up with afterwards, whether it is just a kernel, or if it also includes AOSP, and whether or not this can be included in the process of generating another distribution such as Lineage. But, I think this should at least be some information that can be used to at least start the process assuming anyone with existing experience is interested in starting this.
I have seen it expressed elsewhere that one reason people have not created a custom ROM is that android 10 does not have native support for multiscreen devices, while android 11 does. Meanwhile, Microsoft has only released android 10 for the device, and this includes the surface-duo-oss scripts as well, but that there is plans here soon (late September) by Microsoft release android 11 for the Surface Duo.
Fingers crossed! Looking forward to a robust desktop mode and multiple external monitor support like the regular Surface Pro does
Basically a phone that acts like a Surface PC when you dock at home or at work so you can actually work from the device like a normal Surface laptop and then fold and put it in our pockets when we're done working
I know this is an older post but I sure wish someone would go ahead and give me the dummy guide to flash their custom rom!! If anyone needs a duo that thinks they can make it happen I have a spare one..... The left screen is glitching in and out tho.