Hello guys newbie warning
i am working on compiling my own android 4.2.2 system on an allwinner A20 SOC, my problem comes when i try to enable an external usb based (ttyUSB1) GPS which gives an error in logcat of "no AGPS interface in agps_data_conn_open" which i have tracked back to the com_android_server_location_GPSLocationProvider.cpp which is located in directory framework/base/services/jni/
1. i have tested the drivers provided by the vendor and they are working
2. further when i unplug the usb driver it gives a warning of missing hardware of gps therefore i know that my gps is detected atleast
3. i haved check my gps.conf to make sure i am using the right settings according to my area
below is the exact area which gives an error in the above mentioned cpp file
Code:
static void android_location_GpsLocationProvider_set_agps_server(JNIEnv* env, jobject obj,
jint type, jstring hostname, jint port)
{
if (!sAGpsInterface) {
ALOGE("no AGPS interface in agps_data_conn_open");
return;
}
const char *c_hostname = env->GetStringUTFChars(hostname, NULL);
sAGpsInterface->set_server(type, c_hostname, port);
env->ReleaseStringUTFChars(hostname, c_hostname);
}
p.s. static const AGpsInterface* sAGpsInterface;
Hi there,
right now I'm trying to get some knowledge about the little kernel bootloader and how it's working. I just read an article about exploiting the S4 bootloader: http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html
Basically the author describes a method, how to modify the function, which verifies the signature during runtime. As far as i understand it, he modifies a boot image in such a way, that a certain shell script is overwriting the check-function and in the end returns a check passed value.
Then i had a quick look into the little kernel source code to the corresponding position (at least i think, that's the right position:
Code:
else
{
dprintf(INFO, "Authenticating boot image (%d): start\n", imagesize_actual);
auth_kernel_img = image_verify((unsigned char *)image_addr,
(unsigned char *)(image_addr + imagesize_actual),
imagesize_actual,
CRYPTO_AUTH_ALG_SHA256);
dprintf(INFO, "Authenticating boot image (%d): done\n", imagesize_actual);
if(auth_kernel_img)
{
/* Authorized kernel */
device.is_tampered = 0;
}
}
I'm just wondering if it wouldn't be possible, to overwrite the image_verify function in the same way the author did it in his article?
regards,
scotch
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What Is Kernel?
The kernel is a computer program that is the core of a computer's operating system, with complete control over everything in the system.[1] It is the first program loaded on start-up. It handles the rest of start-up as well as input/output requests from software, translating them into data-processing instructions for the central processing unit. It handles memory and peripherals like keyboards, monitors, printers, and speakers.
Is There A Connection Between Kernel And Android?
Haha,Sorry but yes.Kernel is the main component for Android.Basically Android devices use the Linux kernel, but it's not the exact same kernel other Linux-based operating systems use. There's a lot of Android specific code built in, and Google's Android kernel maintainers have their work cut out for them. OEMs have to contribute as well, because they need to develop hardware drivers for the parts they're using for the kernel version they're using. This is why it takes a while for independent Android developers and hackers to port new versions to older devices and get everything working. Drivers written to work with the Gingerbread kernel on a phone won't necessarily work with the Ice Cream Sandwich kernel. And that's important, because one of the kernel's main functions is to control the hardware. It's a whole lot of source code, with more options while building it than you can imagine, but in the end it's just the intermediary between the hardware and the software. So basically if any instruction is given to mobile it first gives the command to kernel for the particular task execution.
Ah It's Work Time! Lets Get Started!
Part – ISetting Up Your Build EnvironmentOpen The Terminal and Paste following Command!
Upgrade The Built-In Environments!
Code:
sudo apt-get update && sudo apt-get upgrade
Install Required Tools.
Code:
sudo apt-get install git ccache automake lzop bison gperf build-essential zip curl zlib1g-dev zlib1g-dev:i386 g++-multilib python-networkx libxml2-utils bzip2 libbz2-dev libbz2-1.0 libghc-bzlib-dev squashfs-tools pngcrush schedtool dpkg-dev liblz4-tool make optipng
PART-I.IIGet The Kernel Source!Now When It Comes About Kernel Source,Where You'll Find That?
No Worries,Search In Your Device Open Source Projects Websites To Get The Source OR You May Met With Github. Search In Github For Kernel Source For Your Device!
Here Are Some Sites,Where You Can Download Kernel Source Though:
For HTC: http://www.htcdev.com/
For Samsung: http://opensource.samsung.com/
For Sony: http://developer.sonymobile.com/wportal/devworld/search-downloads/opensource
For LG: http://opensource.lge.com/index
Note: If You've Download The Source Then Extract It In A Directory. Or If You Want To Clone/Download Source From Github Then Follow Next Steps!
How To Download/Clone Kernel Source From Github?To Clone From Github,You Have To Install Repo Tool!
A. Open The Terminal and Paste Following Command!
Code:
sudo apt-get install phablet-tools
1. To Clone Go To Your Kernel Source Page.Like This -->>
2.Then Click On Clone Or Download Button,And Copy The Link!
B. Open A Terminal And Type This Command!
Code:
git clone <the link that you copied from github> android/kernel
For Me I Type The Following -->>
Code:
git clone https://github.com/Alberteno/android_kernel_samsung_on7xelte.git android/kernel
Explaination:
1. <the link that you copied from github> -->> Replace With The Link You Copied From Github To Clone The Source!
2. android/kernel ->> This Is My Directory Where I Want To Clone It!
C. Done.You Cloned The Source!
Part-II
How To Add Features To Kernel?
Ah.So Here I'm With Following Guides.What We're Gonna Learn Today?.Lets Go Ahed.
Here are some features you can add via cherry-picking.Check out those-> https://forum.xda-developers.com/showpost.php?p=77089212&postcount=41
How To Upstream Android Kernel?
Well,I'm Not Gonna Spam Or Do Somethings Like This,Here's A Simple Guide By @The Flash To Upstream!
Here Is The Link-->> [url]https://forum.xda-developers.com/android/software-hacking/reference-how-to-upstream-android-kernel-t3626913[/URL]
How To Add I/O Scheduler Or Governor To Kernel?
To Add Governor Or I/O Scheduler To Kernel,You Have To Learn Cherry-Picking! Well,I'm Not Gonna Make A Tutorial For That![Or Maybe I'll].For Now Follow What I Say In Next Steps.
A.
1. So Basically There's Many Governors/IO Schedulers Available In Internet To Add.Choose One Governor,Well I Choosed Nightmare Governor For Example. I'm Showing How To Add A Governor In The Guide.
2. Now What You Have To Do Is To Go To Github,And Type "Add Nightmare Governor" In Search Bar Then Hit Enter.
3. You'll Get Some Many Results,Open One Of Them That Include Many Files About The Governor.Like This -->>
4. Now Where You'll Find The Commit ID To Cherry-Pick It To Your Kernel Source? See Below Pick To Get Idea Which One Is The Idea -->>
5.Yay,So You Got It! Now Open A Terminal And Go To Your Kernel Source Folder! For Me I Typed -->>
Code:
cd android/kernel
6. Now To Cherry-Pick You Have To Fetch The Kernel Source From Which You'll Cherry-Pick.To Do That Type Following In Terminal -- >>
Code:
git remote add <anyname> <link of the kernel source from which you're taking the governor commit>
For Me I Typed This -->>
Code:
git remote add lol [url]https://github.com/B14CKB1RD-Kernel/B14CKB1RD_Kernel_OnePlus3_Unified.git[/url]
Explaination:
1. <anyname> - What Ever You Want.
2. <link of the kernel source from which you're taking the governor commit> - Where You'll Find? Check Below Image.The Blue Selected Image In URL Bar Is the "<link of the kernel source from which you're taking the governor commit>"
7.Then Type This In Terminal -->>
Code:
git fetch <anyname>
For Me I Typed This -->>
Code:
git fetch lol
B.
1.In Terminal Type -->>
Code:
git cherry-pick <commit id>
For Me I Typed This Change <commit id> with the id you copied from github-->>
[code]git cherry-pick 042b5123de94e9875e717efb0ac1d344fdf2282e
2.Now You'll Get Some Conflicts,How To Solve Them? Use This Guide By @jabza .
Here Is The Guide -->> [url]https://forum.xda-developers.com/showthread.php?t=2763236[/URL]
3.Solve The Conflicts And You're Done Adding Governor To Kernel!
How To Add Support Force Fast Charging?(Only For Snapdragon Devices)
1. In Kernel Source Go To "arch/arm/mach-msm" Folder.
2. Then Open The "Kconfig" File And The Following Code -->>
Code:
config FORCE_FAST_CHARGE
bool "Force AC charge mode at will"
default y
help
A simple sysfs interface to force adapters that
are detected as USB to charge as AC.
3. Save It,Then Open "Makefile" And Add The Following Code-->>
Code:
obj-$(CONFIG_FORCE_FAST_CHARGE) += fastchg.o
4. Save The Makefile,Now Create/Add The Fast Charge File In That Directory! Where Is That File? Here Is It -->> Here
5. Now Go To kernel source/drivers/usb/otg directory And Open "msm_otg.c" File, And Add The Following Code -->>
Code:
#ifdef CONFIG_FORCE_FAST_CHARGE
#include <linux/fastchg.h>
#define USB_FASTCHG_LOAD 1000 /* uA */
#endif
And This Code -->>
Code:
#ifdef CONFIG_FORCE_FAST_CHARGE
if (force_fast_charge == 1) {
mA = USB_FASTCHG_LOAD;
pr_info("USB fast charging is ON - 1000mA.\n");
} else {
pr_info("USB fast charging is OFF.\n");
}
#endif
6. Save msm_otg.c File.Now Go To "include/linux" Directory And Add "fastchg.h" File.Here's The Link For That File -->> Here
7. Well Done You've Added Force Fast Charging Support! :fingers-crossed:
How To Add Support Voltage Control For MSM Devices?
1. Go To arch/arm/mach-msm Folder,And Open "Kconfig" File,And Add Following Codes-->>
Code:
config CPU_VOLTAGE_TABLE
bool "Enable CPU Voltage Table via sysfs for adjustements"
default n
help
Krait User Votlage Control
2.Save Kconfig File.Now open "acpuclock-krait.c" File.Add This Code-->>
Code:
#ifdef CONFIG_CPU_VOLTAGE_TABLE
#define HFPLL_MIN_VDD 800000
#define HFPLL_MAX_VDD 1350000
ssize_t acpuclk_get_vdd_levels_str(char *buf) {
int i, len = 0;
if (buf) {
mutex_lock(&driver_lock);
for (i = 0; drv.acpu_freq_tbl[i].speed.khz; i++) {
/* updated to use uv required by 8x60 architecture - faux123 */
len += sprintf(buf + len, "%8lu: %8d\n", drv.acpu_freq_tbl[i].speed.khz,
drv.acpu_freq_tbl[i].vdd_core );
}
mutex_unlock(&driver_lock);
}
return len;
}
/* updated to use uv required by 8x60 architecture - faux123 */
void acpuclk_set_vdd(unsigned int khz, int vdd_uv) {
int i;
unsigned int new_vdd_uv;
mutex_lock(&driver_lock);
for (i = 0; drv.acpu_freq_tbl[i].speed.khz; i++) {
if (khz == 0)
new_vdd_uv = min(max((unsigned int)(drv.acpu_freq_tbl[i].vdd_core + vdd_uv),
(unsigned int)HFPLL_MIN_VDD), (unsigned int)HFPLL_MAX_VDD);
else if ( drv.acpu_freq_tbl[i].speed.khz == khz)
new_vdd_uv = min(max((unsigned int)vdd_uv,
(unsigned int)HFPLL_MIN_VDD), (unsigned int)HFPLL_MAX_VDD);
else
continue;
drv.acpu_freq_tbl[i].vdd_core = new_vdd_uv;
}
pr_warn("faux123: user voltage table modified!\n");
mutex_unlock(&driver_lock);
}
#endif /* CONFIG_CPU_VOTALGE_TABLE */
3.Save The File.Done! You've Added It To Your Kernel.
How To Add Init.d Support To Kernel?
1. Copy Your boot.img To A Folder In Ubuntu And Open A Terminal With boot.img directory.
2. Now Type The Following In Terminal -->>
Code:
abootimg -x boot.img
3. You'll Get 3 Files From It(bootimg.cfg, initrd.img, zImage)
4. Now Create A New Work Folder And Decompress "initrd.img" Using The Following Commands -->>
Code:
mkdir work
cd work
zcat ../initrd.img | cpio -i
5. Now Open The Work Folder.Now Open The "init.rc" File And Add This Line At The End Of This File -->>
Code:
# Execute files in /etc/init.d during boot
service userinit /system/xbin/busybox run-parts /system/etc/init.d
oneshot
class late_start
user root
group root
6.Save "init.rc" File And You're Done!
Or Try This Guide By @alireza7991 -->> Here :laugh:
How To Make Kernel Boot In Permissive Mode(A Small Guide)
1. Go To "Kernel Source/security/selinux" Folder And Open "hooks.c".
2. Find This Line -->>
Code:
selinux_enforcing = enforcing ? 1 : 0;
3. Change It To -->>
Code:
selinux_enforcing = 0;// enforcing ? 1 : 0;
4. Now Save "hooks.c" File.Now Open "selinuxfs.c" File And Search For This Line -->>
Code:
if (new_value != selinux_enforcing) {
5. Add Below Code Above "if (new_value != selinux_enforcing) {" line -->>
Code:
new_value = 0;
6. Yo.You Finally Made The Kernel Boot In Permissive Mode,To Check If It Got Permissive Or Not -->> Go To Settings -> About Phone -> SE-Linux Status (You'll See Its "Permissive")
How To Build The Kernel?
1. Clone A Toolchain That Supports Your Device[
2. Point the Makefile To Your Compiler (run this from within the toolchain folder!!)
Code:
export CROSS_COMPILE=$(pwd)/bin/<toolchain_prefix>-
Example:
Code:
export CROSS_COMPILE=$(pwd)/bin/aarch64-linux-android-
3. Tell Makefile About The Architecture Of Your Device Using This Command -->>
Code:
export ARCH=<arch> && export SUBARCH=<arch>
Example:
Code:
export ARCH=arm64 && export SUBARCH=arm64
4. Locate Your Proper Defconfig File.Where You Will Found That?
Go To "arch/<arch>/configs" Folder,And There You'll Find A Defconfig File Along With Your Device Codename Like For S7 Edge, Its --> "exynos8890_hero2lte-defconfig"
5. Now Come Back To Main Kernel Source Directory Then Enter These Command To Start Building!
Code:
make clean
make mrproper
make <defconfig_name>
make -s -j$(nproc --all) [B][U]Or[/U][/B] make zImage -j4
6.And You're Done! Where You'll Find The zImage?
When Building Finished,The Terminal Will Show The Directory!
How To Flash The zImage?
1. Pull Your Device's Boot Image From The Latest Image Available For Your Device (Whether It Be A ROM Or Stock).
2. Download The Latest Android Image Kitchen From This thread
3. Run The Following With The Boot Image:
Code:
unpackimg.sh <image_name>.img
4. Locate The New zImage File And Replace It With Your Kernel Image (rename it to what came out of the boot image)
5. Run The Following To Repack:
Code:
repackimg.sh
6. Flash The New Boot Image With TWRP!
Mentions:
@LahKeda For Always Being With Me. (My AOSP Teacher)
@The Flash
@MZO
@krasCGQ
@flar2
@jazba
And All Devs Being With Me!
Some good stuff coming from you
Albe96 said:
6.And You're Done! Where You'll Find The zImage?
When Building Finished,The Terminal Will Show The Directory!
Click to expand...
Click to collapse
It won't if you use -s switch after make
Which will silent the output!
The resulting kernel image will be located at:
ARM: arch/arm/boot/zImage(-dtb)
ARM64: arch/arm64/boot/Image.gz(-dtb)
x86: arch/x86/boot/bzImage(-dtb)
ARM64 only:
If kernel image creation fails, complaining missing dtb, symlink dtb from ARM dts folder:
Code:
$ ln -s ../../../arm/boot/dts/<dtb-name>.dtb arch/arm64/boot/dts/<dtb-name>.dtb
Sent from my Redmi 3 using XDA Labs
krasCGQ said:
It won't if you use -s switch after make
Which will silent the output!
The resulting kernel image will be located at:
ARM: arch/arm/boot/zImage(-dtb)
ARM64: arch/arm64/boot/Image.gz(-dtb)
x86: arch/x86/boot/bzImage(-dtb)
ARM64 only:
If kernel image creation fails, complaining missing dtb, symlink dtb from ARM dts folder:
Click to expand...
Click to collapse
Thanks you sir! Will Update It Soon!
MZO said:
Some good stuff coming from you
Click to expand...
Click to collapse
But There's So New Though.I Just Explained My Guide To Help Some Noobs ?
I
Sent from my SAMSUNG-SM-N920A using Tapatalk
clmenz said:
I
Sent from my SAMSUNG-SM-N920A using Tapatalk
Click to expand...
Click to collapse
How to add to improve sound ??
Enviado desde mi XT1575 mediante Tapatalk
More feature please
lolnwl said:
More feature please
Click to expand...
Click to collapse
umm.Sure why not.But if I get a free time [emoji4]
Hi @Albe96
Can you please help me compile?
I have Samsung J7 prime SM-G610F (nougat).
I Have downloaded GCC "arm-linux-androideabi-4.9" ( as written in the readme_kernel.txt file of kernel source).
I am not sure if my device is 32-bit or 64-bit.
The readme_kernel.txt file points to 64-bit architecture so I am assuming its 64-bit.
Now the problem:-
When compiling as per your codes, when I type:
make clean,
I'm getting the error "make: *** No rule to make target 'clean'. Stop." and same for every other code after that.
Attaching the readme_kernel.txt file for your reference.
ashwini215 said:
Hi @Albe96
Can you please help me compile?
I have Samsung J7 prime SM-G610F (nougat).
I Have downloaded GCC "arm-linux-androideabi-4.9" ( as written in the readme_kernel.txt file of kernel source).
I am not sure if my device is 32-bit or 64-bit.
The readme_kernel.txt file points to 64-bit architecture so I am assuming its 64-bit.
Now the problem:-
When compiling as per your codes, when I type:
make clean,
I'm getting the error "make: *** No rule to make target 'clean'. Stop." and same for every other code after that.
Attaching the readme_kernel.txt file for your reference.
Click to expand...
Click to collapse
the error you're saying me is not a error I assume.Post full error log so I can look into it
Hi.how can we set kernel to permissive?
nikkali25 said:
Hi.how can we set kernel to permissive?
Click to expand...
Click to collapse
Yes and I think guide is already added
Albe96 said:
Yes and I think guide is already added
Click to expand...
Click to collapse
How to dis able tia and ready root kernel
Albe96 said:
the error you're saying me is not a error I assume.Post full error log so I can look into it
Click to expand...
Click to collapse
So, I corrected my previous mistake and finally was able to compile
Towards the end of compilation, I got this message :
/scripts/fips_crypto_utils.c: In function ‘main’:
./scripts/fips_crypto_utils.c:28:7: warning: implicit declaration of function ‘strcmp’ [-Wimplicit-function-declaration]
if (!strcmp ("-u", argv[1]))
^~~~~~
./scripts/fips_crypto_utils.c:52:10: warning: implicit declaration of function ‘update_crypto_hmac’ [-Wimplicit-function-declaration]
return update_crypto_hmac (vmlinux_file, hmac_file, offset);
^~~~~~~~~~~~~~~~~~
./scripts/fips_crypto_utils.c:82:10: warning: implicit declaration of function ‘collect_crypto_bytes’ [-Wimplicit-function-declaration]
return collect_crypto_bytes (in_file, section_name, offset, size, out_file);
^~~~~~~~~~~~~~~~~~~~
HMAC-SHA256(builtime_bytes.bin)= 80387d4cca5322a3de63d73fe615c492385801c8ae36494795eda733492d5a10
OBJCOPY arch/arm64/boot/Image
GZIP arch/arm64/boot/Image.gz
Is this anything to be concerned about?
Can I flash the kernel?
Have added the complete log.
I was able to complete with no errors! ( after running into a dozen )
Although I cannot find zimage anywhere.
I do notice that a bunch of folders / file's modified date has updated throughout the kernels source code folder .
I am building a Samsung exynos 7850 kernel .
Thanks for this great write up!
hightech316 said:
I was able to complete with no errors! ( after running into a dozen )
Although I cannot find zimage anywhere.
I do notice that a bunch of folders / file's modified date has updated throughout the kernels source code folder .
I am building a Samsung exynos 7850 kernel .
Thanks for this great write up!
Click to expand...
Click to collapse
It should be inside arch/(arm/arm64)/boot folder
Basically, there has been an app ported to Android that allows even unrooted(stock) devices to deliver a bootrom exploit to the Nintendo Switch via USB-OTG and a USB cable (or C-to-C). USB 3.0 (xHCI) devices have no issues and deliver the exploit just fine. Apparently it is not even a USB 2.0 problem but rather how the EHCI performs, as certain USB 2.0 phones actually have the xHCI controller and can run the exploit just fine. What happens is that although it can detect the connected Switch in Tegra Recovery Mode, it just doesn't do anything and gives an error in the logs, "SUMBITURB failed".
On Linux desktop systems it is similar, but the exploit can still work with a kernel patch provided by a hacking group that discovered the exploit in the first place:
Code:
--- linux-4.14.27/drivers/usb/host/ehci-hcd.c.old 2018-04-17 18:00:00.000000000 +0000
+++ linux-4.14.27/drivers/usb/host/ehci-hcd.c 2018-04-17 18:00:00.000000000 +0000
@@ -873,14 +873,6 @@
INIT_LIST_HEAD (&qtd_list);
switch (usb_pipetype (urb->pipe)) {
- case PIPE_CONTROL:
- /* qh_completions() code doesn't handle all the fault cases
- * in multi-TD control transfers. Even 1KB is rare anyway.
- */
- if (urb->transfer_buffer_length > (16 * 1024))
- return -EMSGSIZE;
- /* FALLTHROUGH */
- /* case PIPE_BULK: */
default:
if (!qh_urb_transaction (ehci, urb, &qtd_list, mem_flags))
return -ENOMEM;
The author of the Android port had also written a Python "hotpatch" script for desktop Linux systems:
Code:
#!/usr/bin/env python3
import os
"""
Cursed Code.
This code literally patches your kernel memory, proceed at your own risk.
Tested on Ubuntu 17.10 and Arch, x86_64. Should work on other distros, maybe even other architectures!
Run fusee-launcher.py with the "--override-checks" argument.
If you'd rather patch your drivers properly:
https://github.com/fail0verflow/shofel2/blob/master/linux-ehci-enable-large-ctl-xfers.patch
"""
ksyms = {
line[2]: int(line[0], 16)
for line in
map(lambda l: l.strip().split(),
open("/proc/kallsyms", "r").readlines())}
print(hex(ksyms["ehci_urb_enqueue"]))
patch_c = """
#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/pgtable.h>
static u32 ORIG_MAX = 16*1024;
static u32 NEW_MAX = 0x1000000;
/* borrowed from MUSL because I'm lazy AF */
static char *fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
{
uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
for (h+=3, k-=3; k; k--, hw = hw<<8 | *++h)
if (hw == nw) return (char *)h-3;
return 0;
}
static pte_t* (*lookup_addr)(unsigned long, unsigned int*) = (void *) PLACE2;
static void set_addr_rw(unsigned long addr) {
unsigned int level;
pte_t *pte = lookup_addr(addr, &level);
set_pte_atomic(pte, pte_mkwrite(*pte));
}
int init_module(void) {
void * ehci_urb_enqueue_start = (void *) PLACEHOLDER;
u32 * patch_addr;
printk(KERN_INFO "Patch module loaded\\n");
patch_addr = (u32 *) fourbyte_memmem(ehci_urb_enqueue_start, 0x400, (void *)&ORIG_MAX);
if (patch_addr == NULL) {
printk(KERN_INFO "Failed to find patch site :(\\n");
return -1;
}
printk(KERN_INFO "patch_addr: 0x%px\\n", patch_addr);
set_addr_rw((unsigned long)patch_addr);
*patch_addr = NEW_MAX;
printk(KERN_INFO "Patching done!\\n");
return -1;
}
""".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2", hex(ksyms["lookup_address"]))
makefile = """
obj-m += patch.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules
"""
with open("patch.c", "w") as patchfile:
patchfile.write(patch_c)
with open("Makefile", "w") as mf:
mf.write(makefile)
os.system("make")
print("About to insert patch module, 'Operation not permitted' means it probably worked, check dmesg output.")
os.system("insmod patch.ko")
I tried to see if running it in Termux would do anything but I got the following error:
Code:
0x0
Traceback (most recent call last):
File "ehci_patch.py", line 70, in <module>
" " ".replace("PLACEHOLDER", hex(ksyms["ehci_urb_enqueue"])).replace("PLACE2" hex(ksyms["lookup_address"]))
KeyError: 'lookup_address'
I know that script isn't meant for use on Android anyway but maybe it can lead to a solution. The author of it does not know how to go about it at this time either, but believes an entire recompile of the kernel would be necessary. I am hoping that something like a systemless Magisk module would be the easiest solution for users but do not know if that is possible. I am only guessing it might be possible to create a Magisk module because of audio drivers like VIPER4Android. If indeed a custom kernel is needed, does anyone know how to go about it? It could be difficult to implement for everyone because not everyone has a device where the source to the kernel is available, etc. I am willing, however, to test anything on my tablet which is USB 2.0 and gives the error in the app. Any advice for how to go about this will be greatly appreciated.
I feel ya man, i need this stuff too. NXLoader doesn't work on my Galaxy Grand Prime (G530T) and i really need it to Dx
Hi everybody,
I need to modify the source code of the bluetooth stack for android to make some custom tests.
If I understand correctly, the current bluetooth stack used on android platform is fluoride.
I'm wondering, is it possible to compile the stack without recompiling the whole android OS and building/flashing custom ROM every time I need to test a new modification....
In the source code of fluoride I see that the theoretical possibility exists, they even provide a README file explaining how to compile it on ubuntu.
However, the instructions seem to be broken or obsolete because when I try to follow the steps and compile the stack with
Code:
gen gn out/Default
and
Code:
ninja -C out/Default all
, I get some errors indicating that some files are missing (e.g. bt/common/timer.cc, bt/types/le_address.cc etc.). They are really missing in these folders, by the way.
Does anybody know how to compile and test the stack separately (let's say on Linux)? I don't think the fluoride developers build the whole system every time they need to check/test something in the code.... Do they?
Sorry if my question is silly, I'm new to android and trying to learn and understand its details.
Thanks in advance!
Yeah, I think it "should" be buildable, but I think it is mostly done for development purposes and may not be done regularly upstream.
I think le_address.cc was added by mistake, there are unmerged patches that adds that source file. I think you can remove it. I also failed to build it, but so far I patched as follows:
Code:
diff --git a/common/BUILD.gn b/common/BUILD.gn
index 76d70f8fb..a2114f331 100644
--- a/common/BUILD.gn
+++ b/common/BUILD.gn
@@ -19,7 +19,8 @@ static_library("common") {
"message_loop_thread.cc",
"metrics_linux.cc",
"time_util.cc",
- "timer.cc",
+ "repeating_timer.cc",
+ "once_timer.cc",
]
include_dirs = [
@@ -40,7 +41,8 @@ executable("bt_test_common") {
"leaky_bonded_queue_unittest.cc",
"state_machine_unittest.cc",
"time_util_unittest.cc",
- "timer_unittest.cc"
+ "repeating_timer_unittest.cc",
+ "once_timer_unittest.cc"
]
include_dirs = [
diff --git a/types/BUILD.gn b/types/BUILD.gn
index fa9a4af4c..acf7bff88 100644
--- a/types/BUILD.gn
+++ b/types/BUILD.gn
@@ -21,7 +21,6 @@ static_library("types") {
sources = [
"bluetooth/uuid.cc",
- "le_address.cc",
"raw_address.cc",
]
But I get then build errors such as:
Code:
In file included from ../../bta/av/bta_av_aact.cc:39:
In file included from ../../bta/av/bta_av_int.h:31:
In file included from ../../bta/sys/bta_sys.h:32:
In file included from ../../third_party/libchrome/base/threading/thread.h:16:
In file included from ../../third_party/libchrome/base/message_loop/message_loop.h:18:
../../third_party/libchrome/base/message_loop/message_loop_current.h:209:3: error: static_assert failed "MessageLoopCurrentForUI::WatchFileDescriptor is not supported when MessagePumpForUI is not a MessagePumpLibevent."
static_assert(std::is_same<MessagePumpForUI, MessagePumpLibevent>::value,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../third_party/libchrome/base/message_loop/message_loop_current.h:214:28: error: no type named 'Mode' in 'base::MessagePumpGlib'; did you mean 'MessagePumpLibevent::Mode'?
MessagePumpForUI::Mode mode,
^~~~~~~~~~~~~~~~~~~~~~
MessagePumpLibevent::Mode
../../third_party/libchrome/base/message_loop/watchable_io_message_pump_posix.h:55:8: note: 'MessagePumpLibevent::Mode' declared here
enum Mode {
^
It's being a while that I created this post. I tested many things since, finally succeded to compile but there were other problems....
As I was very limited in time for my project I finally dropped this idea and did it directly in Android stack by recompiling and building my custom ROM every time I needed to test... It's very time consuming if you don't have a powerful server to compile it faster but I had one so preferred this option.