Database Users

Not sure if this has been done yet (or is even possible...); Flashing via ADB

Hi everyone ^^
I recently had a little... "Incident"... With my phone, resulting in a soft-brick and a whole lot of the Android system being removed (/System/Bin had to be replaced with ADB). What used to happen (Before replacing some of the Android system) was the phone would boot and get stuck at the bootloader. What happens now (after replacing some of the system files) is it'll boot and then reboot after about 30 seconds.
Common fixes would normally include (And are unavailable because...);
Download Mode via 3 button combo (Unavalable due to homekey not working)
Download Mode via ADB (Reboot/Crash)
Recovery Mode via 3 button combo (Again ,home key)
Recovery Mode via ADB (Reboot/Crash)
JIG (Parts unavailable/Stupidly expensive)
Flash via Odin/Heimdall(ADB recognizes the phone, but the system Odin/Heimdall uses does not)
So, what can I do? Well I just tried "ADB shell sbin/recovery" and... Woah, it worked! Sort of... The phone still crashed after about 30 seconds or when I tried to use the CWM recovery to flash a zip. No biggie. It just means some system stuff is missing (I think...).
This is more or less development, and I do not claim to have any major understanding of Android's inner workings besides some UNIX commands. I can't post in Development because of the 10-post requirement, but meh.
What I'm looking for (It's not exactly a question ) is the absolutely critical files that my system is missing (Which I believe to be causing the crash). I ran logcat only to have;
Code:
link_image[1962]: 98 could not load needed library 'liblog.so' for 'logcat' (load_library[1104]: Library 'liblog.so' not found)CANNOT LINK EXECUTABLE
This would eventually go towards an open-source tool for software-based soft-brick recovery.
Here's the ls from /sbin;
Code:
[ expr mkyaffs2image split
[[ false mmcwait.sh stat
adbd fbsetup.sh modprobe strings
ash fdisk more stty
awk fgrep mount swapoff
basename find mountpoint swapon
bbconfig fix_permissions mv sync
bml_over_mtd flash_image nandroid sysctl
bunzip2 fold nandroid-md5.sh tac
busybox free nice tail
bzcat freeramdisk nohup tar
bzip2 fuser od tee
cal getopt parted test
cat grep patch time
catv gunzip pgrep top
chgrp gzip pidof touch
chmod head pkill tr
chown hexdump printenv true
chroot id printf tty
cksum insmod ps tune2fs
clear install pwd ueventd
cmp kill rdev umount
cp killall readlink uname
cpio killall5 realpath uniq
cut killrecovery.sh reboot unix2dos
date length recovery unlzop
dc less renice unyaffs
dd ln reset unzip
depmod losetup rm uptime
devmem ls rmdir usleep
df lsmod rmmod uudecode
diff lspci run-parts uuencode
dirname lsusb sdparted volume
dmesg lzop sed watch
dos2unix lzopcat seq wc
du md5sum setsid which
dump_image mkdir setupenv.sh whoami
e2fsck mke2fs sh xargs
echo mkfifo sha1sum yes
edify mkfs.ext2 sha256sum zcat
egrep mknod sha512sum
env mkswap sleep
erase_image mktemp sort
And ls /system;
Code:
app fonts lost+found tts xbin
bin framework media usr
etc lib modules vendor
Any help with this would be great ^^

So far, it looks like pushing the system directory from a romkitchen rom I built is working... The only problem is that it can't seem to access /sdcard or /sd-ext Can anybody help with this?

The Download mode jigs are cheap? eBay has them for not much at all, especially if you consider the cost of the handset. It's also possible to make them from more common parts. Read the thread, might save you a lot of messing about.

[HOWTO + BLACKHAWK ROM] Galaxy Ace firmware in ext4 format

Just want to share my command list to convert Galaxy Ace firmware from rfs to ext4.
Code:
cd /home/user/rfs2ext4
dd if=/dev/zero of=system.rfs bs=4096 count=53696
losetup /dev/loop0 system.rfs
mkfs.ext4 -T ext4 -b 4096 -m 0 -J size=4 -O ^resize_inode,^ext_attr,^huge_file,^has_journal /dev/loop0
tune2fs -c 100 -i 100d -m 0 /dev/loop0
mkdir /tmp/ext4
sudo mount /dev/loop0 /tmp/ext4
chmod 755 fix-*.sh
cp fix-*.sh /tmp
mkdir /tmp/rfs
sudo mount -o loop source/system.rfs /tmp/rfs
sudo cp -a /tmp/rfs/* /tmp/ext4
cd /tmp/ext4
sudo ../fix-system.sh
cd /home/user/rfs2ext4
sudo umount /tmp/ext4
sudo umount /tmp/rfs
dd if=/dev/zero of=data.rfs bs=4096 count=46400
losetup /dev/loop0 data.rfs
mkfs.ext4 -T ext4 -b 4096 -m 0 -J size=16 -O ^resize_inode,^ext_attr,^huge_file /dev/loop0
tune2fs -c 100 -i 100d -m 0 /dev/loop0
mount /dev/loop0 /tmp/ext4
sudo mount -o loop source/data.rfs /tmp/rfs
sudo cp -a /tmp/rfs/* /tmp/ext4
cd /tmp/ext4
sudo ../fix-data.sh
cd /home/user/rfs2ext4
sudo umount /tmp/ext4
sudo umount /tmp/rfs
dd if=/dev/zero of=csc.rfs bs=4096 count=6464
losetup /dev/loop0 csc.rfs
mkfs.ext4 -T ext4 -b 4096 -m 0 -J size=4 -O ^resize_inode,^ext_attr,^huge_file /dev/loop0
tune2fs -c 100 -i 100d -m 0 /dev/loop0
mount /dev/loop0 /tmp/ext4
sudo mount -o loop source/csc.rfs /tmp/rfs
sudo cp -a /tmp/rfs/* /tmp/ext4
cd /tmp/ext4
sudo ../fix-csc.sh
cd /home/user/rfs2ext4
sudo umount /tmp/ext4
sudo umount /tmp/rfs
tar -H ustar -c boot.img recovery.img data.rfs system.rfs > CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar
md5sum -t CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar >> CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar
mv CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar.md5
tar -H ustar -c csc.rfs > CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar
md5sum -t CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar >> CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar
mv CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar.md5
tar -H ustar -c arm11boot mibib oemsbl qcsbl > APBOOT_S5830XWKPN_CL375596_REV03.tar
md5sum -t APBOOT_S5830XWKPN_CL375596_REV03.tar >> APBOOT_S5830XWKPN_CL375596_REV03.tar
mv APBOOT_S5830XWKPN_CL375596_REV03.tar CAPBOOT_S5830XWKPN_CL375596_REV03.tar.md5
tar -H ustar -c amss > MODEM_S5830XWKP6_CL375596_REV03.tar
md5sum -t MODEM_S5830XWKP6_CL375596_REV03.tar >> MODEM_S5830XWKP6_CL375596_REV03.tar
mv MODEM_S5830XWKP6_CL375596_REV03.tar MODEM_S5830XWKP6_CL375596_REV03.tar.md5

fix-system.sh script, not perfect but work
Code:
#!/bin/sh
rm -f bin/cat
rm -f bin/chmod
rm -f bin/chown
rm -f bin/cmp
rm -f bin/date
rm -f bin/dd
rm -f bin/df
rm -f bin/dmesg
rm -f bin/getevent
rm -f bin/getprop
rm -f bin/hd
rm -f bin/id
rm -f bin/ifconfig
rm -f bin/iftop
rm -f bin/insmod
rm -f bin/ioctl
rm -f bin/ionice
rm -f bin/kill
rm -f bin/ln
rm -f bin/log
rm -f bin/ls
rm -f bin/lsmod
rm -f bin/lsof
rm -f bin/mkdir
rm -f bin/mount
rm -f bin/mv
rm -f bin/nandread
rm -f bin/netstat
rm -f bin/newfs_msdos
rm -f bin/notify
rm -f bin/printenv
rm -f bin/ps
rm -f bin/reboot
rm -f bin/renice
rm -f bin/rm
rm -f bin/rmdir
rm -f bin/rmmod
rm -f bin/route
rm -f bin/schedtop
rm -f bin/sendevent
rm -f bin/setconsole
rm -f bin/setprop
rm -f bin/sleep
rm -f bin/smd
rm -f bin/start
rm -f bin/stop
rm -f bin/sync
rm -f bin/top
rm -f bin/umount
rm -f bin/uptime
rm -f bin/vmstat
rm -f bin/watchprops
rm -f bin/wipe
rm -f bin/dumpmesg
mkdir -p etc/init.d
mkdir -p sd
chown -R 0:0 .
for i in $( find . ); do
if [ -d $i ]; then
chmod 755 $i
else
chmod 644 $i
fi
done
chown -R 0:0 etc/init.d
chmod -R 777 etc/init.d
chown -R 0:2000 bin
chmod -R 755 bin
chown 0:3003 bin/ip
chmod 6755 bin/ip
chown 0:3003 bin/netcfg
chmod 2750 bin/netcfg
chown 0:3004 bin/ping
chmod 2755 bin/ping
chown 0:2000 bin/run-as
chmod 6750 bin/run-as
chown -R 1002:1002 etc/bluetooth
chmod -R 440 etc/bluetooth
chown 0:0 etc/bluetooth
chmod 755 etc/bluetooth
chown 1000:1000 etc/bluetooth/auto_pairing.conf
chmod 640 etc/bluetooth/auto_pairing.conf
chown 3002:3002 etc/bluetooth/blacklist.conf
chmod 444 etc/bluetooth/blacklist.conf
chown 1002:1002 etc/dbus.conf
chmod 440 etc/dbus.conf
chown 1014:2000 etc/dhcpcd/dhcpcd-run-hooks
chmod 550 etc/dhcpcd/dhcpcd-run-hooks
chown 0:2000 etc/init.goldfish.sh
chmod 550 etc/init.goldfish.sh
chown -R 0:0 etc/ppp
chmod -R 555 etc/ppp
chmod 0755 etc/ppp
chown -R 0:2000 xbin
chmod -R 755 xbin
# For pre-rooted firmware
if [ -f xbin/su ]; then
chmod 4755 xbin/su
fi
if [ -f xbin/sqlite3 ]; then
chmod 4755 xbin/sqlite3
fi
if [ -f bin/su ]; then
chmod 4755 bin/su
fi
if [ -f bin/sqlite3 ]; then
chmod 4755 bin/sqlite3
fi
cd bin
ln -s toolbox cat
ln -s toolbox chmod
ln -s toolbox chown
ln -s toolbox cmp
ln -s toolbox date
ln -s toolbox dd
ln -s toolbox df
ln -s toolbox dmesg
ln -s toolbox getevent
ln -s toolbox getprop
ln -s toolbox hd
ln -s toolbox id
ln -s toolbox ifconfig
ln -s toolbox iftop
ln -s toolbox insmod
ln -s toolbox ioctl
ln -s toolbox ionice
ln -s toolbox kill
ln -s toolbox ln
ln -s toolbox log
ln -s toolbox ls
ln -s toolbox lsmod
ln -s toolbox lsof
ln -s toolbox mkdir
ln -s toolbox mount
ln -s toolbox mv
ln -s toolbox nandread
ln -s toolbox netstat
ln -s toolbox newfs_msdos
ln -s toolbox notify
ln -s toolbox printenv
ln -s toolbox ps
ln -s toolbox reboot
ln -s toolbox renice
ln -s toolbox rm
ln -s toolbox rmdir
ln -s toolbox rmmod
ln -s toolbox route
ln -s toolbox schedtop
ln -s toolbox sendevent
ln -s toolbox setconsole
ln -s toolbox setprop
ln -s toolbox sleep
ln -s toolbox smd
ln -s toolbox start
ln -s toolbox stop
ln -s toolbox sync
ln -s toolbox top
ln -s toolbox umount
ln -s toolbox uptime
ln -s toolbox vmstat
ln -s toolbox watchprops
ln -s toolbox wipe
ln -s dumpstate dumpmesg
cd ../
fix-data.sh script:
Code:
#!/bin/sh
if [ -d data_test ]; then
rm -rf data_test
fi
if [ -d kernel-tests ]; then
rm -rf kernel-tests
fi
if [ -d local ]; then
rm -rf local
fi
if [ -d qmi_test ]; then
rm -rf qmi_test
fi
chown -R 1013:1000 .
chmod -R 777 .
fix-csc.sh script:
Code:
#!/bin/sh
chown -R 0:0 .
for i in $( find . ); do
if [ -d $i ]; then
chmod 755 $i
else
chmod 644 $i
fi
done
chown 1000:2001 recovery
CSC updater script:
Code:
#!/sbin/busybox sh
usage="usage: sec_csc <sales code>"
if [ "$(id | grep -c root)" != "1" ]; then
echo "You have no permission to run sec_csc."
exit 1;
fi
if ! [ "$1" = "" ]; then
if [ -d /system/csc/$1 ]; then
echo -n "Apply $1 sales code? y/N: "
read answer
if [ "$answer" = "y" ]; then
/sbin/busybox mount -o rw,remount /system
cp -f /system/csc/$1/system/CSCFiles.txt /system/
cp -f /system/csc/$1/system/CSCVersion.txt /system/
cp -f /system/csc/$1/system/csc/* /system/csc/
rm -f /data/property/persist.sys.country
rm -f /data/property/persist.sys.language
rm -f /data/property/persist.sys.localevar
echo -n $1 > /proc/LinuStoreIII/efs_info
setprop ril.sales_code $1
/sbin/busybox mount -o ro,remount /system
echo "Turn off and then turn on your phone"
echo "using the dedicated power button to"
echo "apply the new CSC."
fi
else
echo "$1 sales code not found."
fi
else
echo $usage
fi
Q: What's really above scripts do?
A: I do not directly use system.rfs (in rfs format) but making a new system.rfs in ext4 format. Copying the whole contents of the old system.rfs (rfs) into the new system.rfs (ext4), make modifications in the system.rfs (ext4) mount point, and then fix the access rights. Using ext3 format is also not problems as long as you use boot and recovery image that support ext3 and ext4 filesystems. After all the modifications, do not forget to umount both image.
Q: Why?
A: RFS filesystem in linux read as FAT filesystem. FAT filesystem permissions can not be set correctly according to the needs of the operating system (in this case Android). You're lucky if you modify the firmware and do not occur bootloop
Q: Is Odin support *.rfs formatted in ext4?
A: Odin raw writes the filesystem partition, no matter the form as long as *.rfs no larger than the physical partition.
Q: Does this really work?
A: You can try If you want to take the risk why not try XWKPN firmware already formatted to ext4 in ODIN package as follows:
S5830XWKPN_S5830XWKP6_S5830OXXKP7_blackhawk.rar (137.59 MB)
Password: ketut.kumajaya
Inside the package:
CF-Root-S5830 v3.7 b81 candidate
deodexed and zipaligned /system/app and /system/framework, thanks to dsixda
cifs (Samba/Windows share) and tun (openVPN) kernel modules included
BLN service support, modified services.jar. Thanks to neldar
Android Scribble 2.0 boot animation from here, thanks to GLa'DOS
multi CSC taken from XWKPN (Europe?) and DXKC1 (Asia?), XSE sales code (Indonesia as default country)
csc.rfs, data.rfs and system.rfs in ext4 format, no need to convert filesystem manually using ext4 Manager
keep application and themes as a plain XWPKN
DT apps2sd included, a modified version special for CF-Root-S5830. You can find the original Darktremor apps2sd here, thanks to tkirton.
ODIN fullpack, the safest way to flash Samsung firmware
Instructions:
Follow these instructions to the letter. Do not touch any buttons or checkboxes that are not listed below to touch!
Decompress S5830XWKPN_S5830XWKP6_S5830OXXKP7_blackhawk.rar
(USB) Disconnect your phone from your computer
Start ODIN v4.38
Click the OPS button, and select Cooper_v1.0.ops
Click the BOOT button, and select APBOOT_S5830XWKPN_CL375596_REV03.tar.md5
Click the Phone button, and select MODEM_S5830XWKP6_CL375596_REV03.tar.md5
Click the PDA button, and select CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar.md5
Click the CSC button, and select CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar.md5
Put your phone in download mode
(USB) Connect the phone to your computer
Click the START button
Wait for the phone to reboot
No need to wipe the /data and /cache partitions, has been automatically when flashing.
Done
If you expect a better benchmark results. Enable "Media: Stagefright" on "Tweak Manager" and make sure you do not select "CPU: Conservative gov.".
UPDATE:
- Samsung keyboard have more language
- A new script to apply your CSC, run it over "adb shell" or Terminal Emulator or ConnectBot. For example to apply SER (Russia?) sales code:
Code:
sec_csc SER
To activate your new sales code, you must power off and then power on your phone using the dedicated power button.
Apply this update over CWM or CWM Manager app.

Wow sweet i might make a video for this
Thanks any ways

Script updated for pre-rooted firmware.
Maybe I should show the results to get people interested

You are the real dev, ketut.kumajaya!
Thanks for sharing such a great guide to us...
Hey, I think this guide can be applied to build a CWM-flashable ROM

fla.sh said:
You are the real dev, ketut.kumajaya!
Thanks for sharing such a great guide to us...
Hey, I think this guide can be applied to build a CWM-flashable ROM
Click to expand...
Click to collapse
Your welcome!
fix-system.sh and fix-csc.sh updated for better/faster recursive chmod.
CWM flashable? Of course yes, my fix-*.sh scripts is a bash port of dsixda/tools/update_files

Examples of ROM which all *.rfs formatted as ext4 filesystem. Do not expect too much from a ROM made in two short days after work But read the features
Password: ketut.kumajaya

ask how to flash?
wow..what a great work...i gotta try this...do i need to flash KPN 2.3.3 first then i can use this? can i flash this one from froyo for example? is this ROM already included check RAM script or something like that?
sorry for my bad english

LeimRen said:
wow..what a great work...i gotta try this...do i need to flash KPN 2.3.3 first then i can use this? can i flash this one from froyo for example? is this ROM already included check RAM script or something like that?
sorry for my bad english
Click to expand...
Click to collapse
You have to full flash (BOOT, Phone, PDA, CSC) your phone using ODIN. You can flash your own sec_csc.zip (extracted from csc.rfs using WinImage or MagicISO or linux) then. This firmware have all CF-Root- S5830 have, incl. CF-Root-S5830 CWM4 recovery b79 (b78 have CSC flashing error). The boot image using a modified version CF-Root-S5830 b80 for fast boot and apply ondemand CPU governer after boot complete. Fast boot but better battery life. If you need more efficient battery usage, set CPU governer to conservative using Tweak Manager. CF-Root-S5830 installed by default, /res/misc cleared so the boot image freeing some memory.

ketut.kumajaya said:
You have to full flash (BOOT, Phone, PDA, CSC) your phone using ODIN. You can flash your own sec_csc.zip (extracted from csc.rfs using WinImage or MagicISO or linux) then. This firmware have all CF-Root- S5830 have, incl. CF-Root-S5830 CWM4 recovery b79 (b78 have CSC flashing error). The boot image using a modified version CF-Root-S5830 b80 for fast boot and apply ondemand CPU governer after boot complete. Fast boot but better battery life. If you need more efficient battery usage, set CPU governer to conservative using Tweak Manager. CF-Root-S5830 installed by default, /res/misc cleared so the boot image freeing some memory.
Click to expand...
Click to collapse
okay...thanks for the explanation, sir...downloading now....

LeimRen said:
okay...thanks for the explanation, sir...downloading now....
Click to expand...
Click to collapse
You're welcome! For ROM modificator (what I have call you), feel free to use my ROM as your template. I purposely did not make many changes in the userspace, but the core only. A proper credit for me is enough

wow! this rom is blazing fast. imo, this is much faster and smoother than coderomv2x.2v.
thanks for your great work my friend. i'll test this rom further and report if i find any bugs ^^

AdobongKamote said:
wow! this rom is blazing fast. imo, this is much faster and smoother than coderomv2x.2v.
thanks for your great work my friend. i'll test this rom further and report if i find any bugs ^^
Click to expand...
Click to collapse
Your first post? Thanks for your report.

ketut.kumajaya said:
Your first post? Thanks for your report.
Click to expand...
Click to collapse
yeah. i registered just to thank you for your great efforts

Hey guys,
sorry for that question, but what's the password to decompress the archive?

Sprint82 said:
Hey guys,
sorry for that question, but what's the password to decompress the archive?
Click to expand...
Click to collapse
that should be indicated on the first page.
HINT: it's the dev's username

lol
can it be so easy?
Thanks
Then, I give it a try

Thanks Ketut.kumajaya for this. Actually, this modified KPN should have its very own thread. It's fast and by far one of the best ROM out there for the Ace.
http://www.multiupload.com/S6JSJSSZF2

works for my phone, thanks so much!
just one question (I may sound dumb asking this, but I seriously have no idea), but how do I access app2sd?

chinoyray said:
Thanks Ketut.kumajaya for this. Actually, this modified KPN should have its very own thread. It's fast and by far one of the best ROM out there for the Ace.
http://www.multiupload.com/S6JSJSSZF2
Click to expand...
Click to collapse
It's just part of my tutorial on converting rfs to ext4. Incidentally CF-Root-S5830 also from me, then this is the official combination of KPN and CF-Root-S5830

How to uninstall and flash a new SU app?

So now that there's 3 premium super user apps I figured I'd ask what's the proper way to uninstall and install a new one if I wanted to I also figured this would help noobs. The way I would do it is go into file explorer mount my system to R/O and delete the system in system app . then I would flash a new super user through recovery or adb. Now in not sure if anything would be lingering around that would come in conflict with a new SU so hopefully someone can help answer this. Thanks
Sent from my Nexus 4 using Tapatalk 2

Surely the new ZIP package removes/replaces the old one with the new package (assuming they are the same name, of course)?

EddyOS said:
Surely the new ZIP package removes/replaces the old one with the new package (assuming they are the same name, of course)?
Click to expand...
Click to collapse
Well I guess what I mean is going from SuperSu to clockworkmod su
Sent from my Nexus 4 using Tapatalk 2

The ZIP package remove any old versions before flashing the new one so you just flash the package in CWM/TWRP and you should be good to go...
Code:
#!/sbin/sh
# arg 1 is recovery api version, generally 3.
# arg 2 is the pipe fd, to the recovery binary.
# communicate with it using the recovery api.
# arg 3 is the zip file
echo -n -e 'ui_print Installing Superuser...\n' > /proc/self/fd/$2
echo -n -e 'ui_print\n' > /proc/self/fd/$2
cd /tmp
mkdir superuser
cd superuser
unzip -o $3
X86=$(uname -a | grep x86)
if [ ! -z "$X86" ]
then
PLATFORM=x86
else
PLATFORM=armeabi
fi
echo -n -e 'ui_print Installing '$PLATFORM' binaries...\n' > /proc/self/fd/$2
echo -n -e 'ui_print\n' > /proc/self/fd/$2
mount /system
rm -f /system/bin/su
rm -f /system/xbin/su
rm -f /system/app/Superuser.apk
cp $PLATFORM/su /system/bin/su
chown 0:0 /system/bin/su
chmod 6755 /system/bin/su
ln -sf ../bin/su /system/xbin/su
cp Superuser.apk /system/app
umount /system

SecurityScript & unbloatscript & batch install userapp scripts

I "made" a security script for cm/aosp and wanted to share. Ok, so I copied a lot from what I could find off the net, and thought I would share Seems as if this closes some of the security holes in android in general, but also cm/aokp.
If any of these are rediculous please help contribute to making it better. I just added what I thought could be true.
Warning: doesnt work on touchwiz roms, only cm/aosp
Warning: at own risk, I take no responsibility
Warning: this could render other scripts useless.
Warning: I am no codemonkey, I find after boot I need to manually apply ro access with rootexplorer for some of the directories used here. Havent been able to solve that with tasker/init.d scripts.
How to use:
run in terminal with su privileges.
Or set as script/task/init.d to run on boot. For some stuff to stick you need to do this. I recommend tasker, thats what I ran this with on boot.
Sources are to various to mention. One of them is secdroid. A lot of what that app has I could verify from a lot of sources. But is missing a lot of other stuff.
Tested Improvements are welcome! Donations/beer also
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
####enable the adbd daemon and busybox
mount -o remount, -rw -t rootfs rootfs /
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
###Disable NFC
chmod 000 /dev/ttyO3
chmod 000 /dev/tty3
###hardening TCP/IP stack for IPV4
###Avoid a smurf attack
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1;
###ICMP broadcast
busybox sysctl -e -w net.ipv4.conf.all.accept_redirects=0;
###ICMP redirects ipv4
busybox sysctl -e -w net.ipv6.conf.all.accept_redirects=0;
###ICMP redirects ipv6
busybox sysctl -e -w net.ipv4.conf.all.send_redirects=0;
### ICMP redirects
busybox sysctl -e -w net.ipv4.conf.all.accept_source_route=0; ###source routing disable
busybox sysctl -e -w net.ipv4.conf.all.forwarding=0;
###Forwarding traffic
busybox sysctl -e -w net.ipv4.conf.all.rp_filter=1;
busybox sysctl -e -w net.ipv4.conf.all.log_martians=1;
###filter martians
busybox sysctl -e -w net.ipv4.tcp_max_syn_backlog=1280;
###TCP syn half-opened
sysctl -w net.ipv4.ip_forward=0;
###Block Redirects
busybox sysctl -e -w net.ipv4.conf.default.accept_redirects=0;
busybox sysctl -e -w net.ipv4.conf.all.secure_redirects=0;
busybox sysctl -e -w net.ipv4.conf.default.secure_redirects=0;
###Block Source-Routing
busybox sysctl -e -w net.ipv4.conf.default.accept_source_route=0;
busybox sysctl -e -w net.ipv4.conf.all.accept_source_route=0;
### IPv4 Tweaks
busybox sysctl -e -w net.ipv4.tcp_timestamps=0;
busybox sysctl -e -w net.ipv4.tcp_sack=1;
busybox sysctl -e -w net.ipv4.tcp_fack=1;
busybox sysctl -e -w net.ipv4.tcp_congestion_control=cubic;
busybox sysctl -e -w net.ipv4.tcp_window_scaling=1;
###Protection against SYN Attacks
busybox sysctl -e -w net.ipv4.tcp_syncookies=1;
busybox sysctl -e -w net.ipv4.conf.all.rp_filter=1;
busybox sysctl -e -w net.ipv4.conf.default.rp_filter=1;
busybox sysctl -e -w net.ipv4.tcp_synack_retries=2;
busybox sysctl -e -w net.ipv4.tcp_syn_retries=2;
busybox sysctl -e -w net.ipv4.tcp_max_syn_backlog=1024;
busybox sysctl -e -w net.ipv4.tcp_max_tw_buckets=16384;
busybox sysctl -e -w net.ipv4.icmp_echo_ignore_all=1;
###Turn on protection for bad icmp error messages
busybox sysctl -e -w net.ipv4.icmp_ignore_bogus_error_responses=1;
busybox sysctl -e -w net.ipv4.tcp_no_metrics_save=1;
busybox sysctl -e -w net.ipv4.tcp_fin_timeout=15;
busybox sysctl -e -w net.ipv4.tcp_keepalive_intvl=30;
busybox sysctl -e -w net.ipv4.tcp_keepalive_probes=5;
busybox sysctl -e -w net.ipv4.tcp_keepalive_time=1800;
###Tune IPv6 and disable lol
busybox sysctl -e -w net.ipv6.conf.default.router_solicitations=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_rtr_pref=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_pinfo=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_defrtr=0;
busybox sysctl -e -w net.ipv6.conf.default.autoconf=0;
busybox sysctl -e -w net.ipv6.conf.default.dad_transmits=0;
busybox sysctl -e -w net.ipv6.conf.default.max_addresses=1;
busybox sysctl -e -w net.ipv6.conf.all.disable_ipv6=1;
busybox sysctl -e -w net.ipv6.conf.default.disable_ipv6=1;
busybox sysctl -e -w net.ipv6.conf.lo.disable_ipv6=1;
### Don't act as a router
busybox sysctl -e -w net.ipv4.ip_forward=0;
busybox sysctl -e -w net.ipv4.conf.all.send_redirects=0;
busybox sysctl -e -w net.ipv4.conf.default.send_redirects=0;
### Removing/ disabling unnecessary binaries. Some of them have access to Internet
mount -o remount, -rw /system/xbin
rm -f /system/xbin/irsii
rm -f /system/xbin/nano
rm -f /system/xbin/nc
rm -f /system/xbin/telnet
rm -f /system/xbin/telnetd
rm -f /system/xbin/telnetd
rm -f /system/xbin/opcontrol
chmod 000 /system/xbin/irsii
chmod 000 /system/xbin/nc
chmod 000 /system/xbin/netserver
chmod 000 /system/xbin/netperf
chmod 000 /system/xbin/opcontrol
chmod 000 /system/xbin/scp
chmod 740 /system/xbin/rsync
chmod 740 /system/xbin/sdptest
chmod 000 /system/xbin/ssh
chmod 000 /system/xbin/sshd
chmod 000 /system/xbin/ssh-keygen
chmod 740 /system/xbin/strace
chmod 000 /system/xbin/tcpdump
chmod 740 /system/xbin/vim
chmod 000 /system/xbin/nano
chmod 000 /system/xbin/telnet
mount -o remount, -ro /system/xbin
###Let's make sure they aren't in bin either
rm -f /system/bin/irsii
rm -f /system/bin/nano
rm -f /system/bin/nc
rm -f /system/bin/telnet
rm -f /system/bin/telnetd
rm -f /system/bin/opcontrol
chmod 000 /system/bin/irsii
chmod 000 /system/bin/nc
chmod 000 /system/bin/netserver
chmod 000 /system/bin/netperf
chmod 000 /system/bin/opcontrol
chmod 000 /system/bin/scp
chmod 740 /system/bin/rsync
chmod 740 /system/bin/sdptest
chmod 000 /system/bin/ssh
chmod 000 /system/bin/sshd
chmod 000 /system/bin/ssh-keygen
chmod 740 /system/bin/strace
chmod 000 /system/bin/tcpdump
chmod 740 /system/bin/vim
chmod 000 /system/bin/nano
chmod 000 /system/bin/telnet
### This disables Bluetooth (Most users want it on)
###chmod 000 /system/bin/bluetoothd
### ONLY root should need these:
chmod 750 /system/bin/iptables
chmod 750 /system/bin/ping
### Let's remove suid from ping (prevent a Privilege escalation attack)
mount -o remount, -rw /system/xbin
chmod 777 /system/xbin/busybox
mount -o remount, -rw /system/bin
busybox chmod -s /system/bin/ping
mount -o remount, -ro /system/bin
chmod 000 /system/xbin/busybox
mount -o remount, -ro /system/xbin
###disable the Packet Management binary - Prevents installing apps
via ADB or remotely
###disable ssh
###remove uiautomator permissions havent found a use for it anyways
mount -o remount, -rw /system/bin
chmod 000 /system/bin/pm
chmod 000 /system/bin/ssh
chmod 000 /system/bin/sshd
chmod 000 /system/bin/sshd
chmod 000 /system/bin/start-ssh
chmod 000 /system/bin/uiautomator
mount -o remount, -ro /system/bin
mount -o remount, -rw /sbin
###Disable the adbd daemon again
mount -o remount, -rw -t rootfs rootfs /
chmod 000 /sbin/adbd
###Prevents adb from running. This protects against attacks like P2P-ADB by Kos
###disable config ssh. No server for me...
###remove files with dictionary for terminals lol wtf
mount -o remount, -rw /etc
rm -rf /etc/terminfo/*
mv /etc/ssh/ssh_config /etc/ssh/ssh_config.donthinkso
mount -o remount, -ro /etc
###close
mount -o remount, -ro -t rootfs rootfs /
mount -o remount, -ro /sbin
mount -o remount, -ro /system/xbin
mount -o remount, -ro /system
mount -o remount, -ro /
###Cause I cant code lol no errors reported. Test without exit 0 to see in terminal if it works for your rom. its here so tasker wont error out if it cant find something.
exit 0
edit, put a /* after terminfo to delete all there
edit, small fix in code, not yet able to properly mount system and root as ro

Unbloatscript
Just removing some of the stuff I dont use. You can add/remove what you like
edit: some apps might forceclose if they are running, thats no issue.
After running wipe cache and dalvik and reboot. To further clean.
warning I added reboot at end so device will reboot!
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
# enable the adbd daemon and busybox
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
rm -f /system/app/QuickSearchBox.apk
rm -f /system/app/VoiceSearchStub.apk
rm -f /system/app/Talkback.apk
rm -f /system/app/Talk.apk
rm -f /system/app/Email2.apk
rm -f /system/app/Exchange2.apk
rm -f /system/app/HoloSpiralWallpaper.apk
rm -f /system/app/MagicSmokeWallpapers.apk
rm -f /system/app/VoiceDialer.apk
rm -f /system/app/VpnDialogs.apk
rm -f /system/app/Apollo.apk
rm -f /system/app/BasicDreams.apk
rm -f /system/app/CMFileManager.apk
rm -f /system/app/CMWallpapers.apk
rm -f /system/app/Development.apk
rm -f /system/app/DSPManager.apk
rm -f /system/app/LiveWallpapers.apk
rm -f /system/app/LiveWallpaperPicker.apk
rm -f /system/app/LockClock.apk
rm -f /system/app/MagicSmokeWallpapers.apk
rm -f /system/app/MediaUploader.apk
rm -f /system/app/NoiseField.apk
rm -f /system/app/Phasebeam.apk
rm -f /system/app/SoundRecorder.apk
rm -f /system/app/Term.apk
rm -f /system/app/Trebuchet.apk
rm -f /system/app/WAPPushManager.apk
###remove dalvik and cache
rm -f /data/dalvik-cache/*
rm -f /cache/dalvik-cache/*
rm -f /cache/lost+found/*
chmod 000 /sbin/adbd
chmod 000 /system/xbin/busybox
mount -o remount, -ro /sbin
mount -o remount, -ro /system/xbin
mount -o remount, -ro /system
exit 0
reboot
Edit, added remove dalvik cache, cache and Reboot after running this to prevent fc. You will get some of apps running but that should be no issue
edit, closing, foolish me didnt mount as ro. and removed a bit of other code
edit some more cleaning

Batch install script
As I run a lot of scripts to automate my post flash activities. I set my phone on airplane mode and run the following script batch install from a certain folder.
Its nowhere near as sophisticated as Chasmodos roms scripts, but it does the job for my user apps
Here I have a folder (batchlove) where I store my backed upped apps (no data) from playstore on my external sdcard. So far play recognizes the apps and lets me update it. However then you would need tro update the apks in this folder in order to always have up to date versions.You can put apks backed up with a lot off aps here.
Ofcourse I dont keep my tasker app here because it installs everything in that folder, and installing tasker while running this script is not a good idea.
You can run this script from a terminal as wel.
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
mount -o remount, -rw /system/bin
# enable the adbd daemon and busybox
mount -o remount, -rw -t rootfs rootfs /
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
chmod 777 /system/bin/pm
cd /storage/sdcard1/batchlove;
for app in *.apk; do pm install -r $app; done
chmod 000 /sbin/adbd
chmod 000 /system/xbin/busybox
chmod 000 /system/bin/pm
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
mount -o remount, -rw /system/bin
exit 0

You copied SecDroid and added some stuff, now you call it your own project. Why not continue SecDroid?

SecUpwN said:
You copied SecDroid and added some stuff, now you call it your own project. Why not continue SecDroid?
Click to expand...
Click to collapse
I copied a bunch of other stuff also, as even secdroid is not the source of most of those lines. It is an awesome initiative though. An app for the masses. For those insterested http://forum.xda-developers.com/showthread.php?t=2086276.
With the script, not really my project, I wanted to set the values immediately as I flash every other day. I got a script for that. As I would still need that for reopening the closed the stuff,every once in a while.
edit submitted most to secdroid git for the security script

added some extra scripts, handy for unbloat/batchinstall.
tip: get tasker, save these scripts as tasks, backup tasker data (from within tasker) and add task to move the backup to external card. Then you only need to install tasker copy the backup to sdcard, restore and run. Its another way
if enough people are interested I can export these scripts as apps from tasker, just install and it will do what the script does.
remember to check folder permissions as these dont always stick lol

hope you find it handy, if anyone has a script that is handy please share

delete

Stock Rooted Lollipop Rom Help

Hi all,
I've been trying to create a Stock Rooted Lollipop Rom for the last few days and I'm stuck. I was trying to do this without using the 5.0 exploits. I was originally on stock rooted 4.4.2 w/ Safestrap. I used muniz_ri's "[How-To] Update to N900V_NK1 - 4.4.4 and Keep Root" and got rooted 4.4.4. I next extracted the zip and tar file then reviewed what was in them. I tried to mimic what muniz_ri did and I was able to get the OB6 rom to boot but SuperSu force closed and I couldn't see su in /system/xbin, permission denied. I rooted with the exploit and unlocked bootloader and flashed Jasmine Rom. I've even attempted to create a flashable system.img with su and SuperSu and I get the hanging Verizon logo. If anyone can help I would appreciate it.
Thanks,
BlueKalel

out of curiosity I did a differential comparison of the system.img between the stock and "rooted" versions that @muniz_ri provided.
e.g.
Code:
$ echo 'Samsung NK1 stock system'
$ [b]simg2img[/b] stock_system.img.ext4 raw_system.img.ext4
$ su /bin/bash
# mkdir /tmp/nk1
# losetup /dev/loop0 raw_system.img.ext4
# mount -t ext4 -o ro /dev/loop0 /tmp/nk1
# (cd /tmp/nk1 ; find . -type f -exec md5sum {} \; ) 2>&1 | tee stock_system_md5s.txt
# chown user.user stock_system_md5s.txt
# umount /tmp/nk1
# losetup -d /dev/loop0
# rm raw_system.img.ext4
# echo 'Rooted NK1 system - not in sparse format, no need for simg2img'
# losetup /dev/loop0 rooted_system.img.ext4
# mount -t ext4 -o ro /dev/loop0 /tmp/nk1
# (cd /tmp/nk1 ; find . -type f -exec md5sum {} \; ) 2>&1 | tee rooted_system_md5s.txt
# chown user.user stock_system_md5s.txt
# umount /tmp/nk1
# rmdir /tmp/nk1
# losetup -d /dev/loop0
# exit
$
$ echo 'here is the magic'
$ cat rooted_system_md5s.txt stock_system_md5s.txt | sort +1 -2 | uniq -u 2>&1 | tee unique_file_listing.txt
The listing produced is all unique files between the two system images; note they can be unique for two reasons:
(1) A file of that path-name is only present in one but not the other (a file is deleted from one or added to one)
(2) A file of that path-name is present in both but has been modified. You'll see duplicate file path-names in this case.
Having done this comparison for the system images, some things seem rather evident in @muniz_ri deltas; but others are less obvious (note lib/libsupol.so appears in the rooted version)
Code:
e75410f8e31fe505adb26d6a07725689 ./app/Superuser.apk
04cdb55b01d687afa2e085e300cdbe77 ./bin/ddexe
c8bc38e34a3d0456de08f06ec6102956 ./bin/ddexe
c8bc38e34a3d0456de08f06ec6102956 ./bin/ddexe_real
c2d5c3f94c41024eedb4569779597cf6 ./bin/.ext/.su
7beeb0980b778711a4ca30c78a418346 ./csc/contents.db
d514e14350f60f8d6a72aabd6d505722 ./csc/customer.xml
9279436a75cb1012f9999aec603beb33 ./csc/default_application_order.xml
a78afd02d69756736fd8df51776fe588 ./csc/default_workspace_cp.xml
2d46ed4aacf78532d176fbcc0ccdde8f ./csc/default_workspace.xml
b72d13ff1e0e383fa513768313a85c58 ./csc/easylauncher_default_workspace.xml
7f8bb831c5ebbe1d9ad2148dfd57a5b4 ./csc/feature.xml
ab29f88da583a4e04c4d5be423b9ca06 ./csc/others.xml
e17ce2e847276854abf3ec37ca592d4a ./csc/sales_code.dat
2a2931bfef9a2d7c8fd5b6f93e3917c9 ./CSCVersion.txt
fc48464a541cf5dc039f1147f7365e1a ./etc/autorun.iso
d41d8cd98f00b204e9800998ecf8427e ./etc/csc_apks_list.txt
d41d8cd98f00b204e9800998ecf8427e ./etc/csc_remove_apks_list.txt
d41d8cd98f00b204e9800998ecf8427e ./etc/csc_ringtones_list.txt
d41d8cd98f00b204e9800998ecf8427e ./etc/csc_user_apks_list.txt
d41d8cd98f00b204e9800998ecf8427e ./etc/csc_user_remove_apks_list.txt
45f27ea81dacdd6ba8a0722bd1065d01 ./etc/enforceskippingpackages.txt
d41d8cd98f00b204e9800998ecf8427e ./etc/hidden_apks_list.txt
b026324c6904b2a9cb4b88d6d61c81d1 ./etc/.installed_su_daemon
75fe72f2c977635bf2182a1be274345b ./etc/install-recovery.sh
acb73ff1de53675b420a7b14b9eac263 ./finder_cp/cpdata.xml
98357ec8dd72bbcdc39677204bfe05a4 ./finder_cp/web_cp_logo_baidu.png
abea7fc2866484fe9bb86e5aa9b98d6d ./finder_cp/web_cp_logo_bing.png
529173df0ef025a403fa5e0af5bc05df ./finder_cp/web_cp_logo_daum.png
8809f9b7fcdb679a0d66c8c7e7271281 ./finder_cp/web_cp_logo_google.png
58400ecde3dc101babed2a5db8c5a95d ./finder_cp/web_cp_logo_naver.png
c9b13d0610cd161ef48ac69796627d8f ./finder_cp/web_cp_logo_yahoo.png
c2ca061f4f83b44dc6a01579c8236493 ./hidden/INTERNAL_SDCARD/mobitv/dca.config
d84e60fbfe2f9aea6c2fbf268fb9fa8a ./hidden/INTERNAL_SDCARD/mobitv/foa.config
863ed2e929f24ad577905e92308a8800 ./hidden/INTERNAL_SDCARD/Samsung/Music/Over_the_horizon_2013.mp3
8d97de61b73bc6345001aab0e5b2cfdf ./lib/libsupol.so
b00734ca4cbc75ab17e7f04d7d72606f ./sipdb/en_US.zip
e7d85e3154308a40cba592273b34fcc0 ./sipdb/es_US.zip
56e0a71b160da01cbacdd606f6a21d0c ./sipdb/ko_KR.zip
86661c0d2d76cebf4f2f98e5cedb1fba ./sipdb/vi_VN.zip
5b43113a786dd197457a7da544e417bf ./sipdb/zh_CN.zip
bedf281b2ca0cea7b578c56146f61cfb ./SW_Configuration.xml
d41d8cd98f00b204e9800998ecf8427e ./VODB/en_US/checked
3fab613e69ed7bbdb4037227f40b3e93 ./VODB/en_US/en_US-ak-cur.lite.res
d2c7826b54f158388d5d631f7cc4eb94 ./VODB/en_US/en_US.lang
fbb63aed41785d843a3ede94dd5ebba5 ./VODB/en_US/en_US-lk-text.lite.res
d0fddf901a952652d327db6d353c39c5 ./VODB/en_US/files.txt
d41d8cd98f00b204e9800998ecf8427e ./VODB/es_US/checked
37233ae458dc58cce4e1cf3dfc7199bf ./VODB/es_US/es_MX-ak-cur.lite.res
de0e1db152031b405c3f94786519553b ./VODB/es_US/es_MX-lk-text.lite.res
95bf163ae41a21bfb03bde5994d32b47 ./VODB/es_US/es_US.lang
1f5d5bb76aacf2ecaf4efaede1d2de27 ./VODB/es_US/files.txt
d41d8cd98f00b204e9800998ecf8427e ./VODB/ko_KR/checked
f147743aa0e4c81acb66bde88e540cb7 ./VODB/ko_KR/files.txt
daf9861d29a51e989c9a4349cab1f0d2 ./VODB/ko_KR/ko_KR_johab-ak-cur.lite.res
d8598fec91290155e692b48e35c00c14 ./VODB/ko_KR/ko_KR_johab-lk-text.lite.res
ce79e020530910f70cf99e1ef075338d ./VODB/ko_KR/ko_KR.lang
d41d8cd98f00b204e9800998ecf8427e ./VODB/vi_VN/checked
1826e916c633326238aece3f625068d8 ./VODB/vi_VN/files.txt
93dd91b00a3aa970f6cd287a51c86eb8 ./VODB/vi_VN/vi_VN-ak-cur.lite.res
a7858ae999d0595bed5364d116df7f90 ./VODB/vi_VN/vi_VN.lang
ee7501f7588d98febaafa095a8bab689 ./VODB/vi_VN/vi_VN-lk-text.lite.res
d41d8cd98f00b204e9800998ecf8427e ./VODB/zh_CN/checked
8507d9d93801d26c0c112f913aa4a1c0 ./VODB/zh_CN/files.txt
c914ab0bf6f02ea6c607813d4a60d911 ./VODB/zh_CN/zh_CN_gb18030-ak-cur.lite.res
a992e77a706e8be8b182d2829b946069 ./VODB/zh_CN/zh_CN_gb18030-lk-text.lite.res
1d1b38601002c263be46a7970f427aba ./VODB/zh_CN/zh_CN.lang
c6d2482325d35384ce19e34723bb7652 ./wallpaper/lockscreen_default_wallpaper.png
c2d5c3f94c41024eedb4569779597cf6 ./xbin/daemonsu
c2d5c3f94c41024eedb4569779597cf6 ./xbin/su
c2d5c3f94c41024eedb4569779597cf6 ./xbin/sugote
57dd3b21dfb238a3065299851db9fc91 ./xbin/sugote-mksh
521005a1a9a03e118db633e9626b7221 ./xbin/supolicy
Obviously, you will want to unpack the boot images & their ramdisks and follow a similar forensic procedure there.
Hope this helps. Obviously, this is not a comprehensive - for instance it won't flag differences in meta-data such as file modes (permissions), ownership, or extended attributes (which is how SElinux characteristics are stored). Those could easily also create issues if they differ.