Just want to share my command list to convert Galaxy Ace firmware from rfs to ext4.
Code:
cd /home/user/rfs2ext4
dd if=/dev/zero of=system.rfs bs=4096 count=53696
losetup /dev/loop0 system.rfs
mkfs.ext4 -T ext4 -b 4096 -m 0 -J size=4 -O ^resize_inode,^ext_attr,^huge_file,^has_journal /dev/loop0
tune2fs -c 100 -i 100d -m 0 /dev/loop0
mkdir /tmp/ext4
sudo mount /dev/loop0 /tmp/ext4
chmod 755 fix-*.sh
cp fix-*.sh /tmp
mkdir /tmp/rfs
sudo mount -o loop source/system.rfs /tmp/rfs
sudo cp -a /tmp/rfs/* /tmp/ext4
cd /tmp/ext4
sudo ../fix-system.sh
cd /home/user/rfs2ext4
sudo umount /tmp/ext4
sudo umount /tmp/rfs
dd if=/dev/zero of=data.rfs bs=4096 count=46400
losetup /dev/loop0 data.rfs
mkfs.ext4 -T ext4 -b 4096 -m 0 -J size=16 -O ^resize_inode,^ext_attr,^huge_file /dev/loop0
tune2fs -c 100 -i 100d -m 0 /dev/loop0
mount /dev/loop0 /tmp/ext4
sudo mount -o loop source/data.rfs /tmp/rfs
sudo cp -a /tmp/rfs/* /tmp/ext4
cd /tmp/ext4
sudo ../fix-data.sh
cd /home/user/rfs2ext4
sudo umount /tmp/ext4
sudo umount /tmp/rfs
dd if=/dev/zero of=csc.rfs bs=4096 count=6464
losetup /dev/loop0 csc.rfs
mkfs.ext4 -T ext4 -b 4096 -m 0 -J size=4 -O ^resize_inode,^ext_attr,^huge_file /dev/loop0
tune2fs -c 100 -i 100d -m 0 /dev/loop0
mount /dev/loop0 /tmp/ext4
sudo mount -o loop source/csc.rfs /tmp/rfs
sudo cp -a /tmp/rfs/* /tmp/ext4
cd /tmp/ext4
sudo ../fix-csc.sh
cd /home/user/rfs2ext4
sudo umount /tmp/ext4
sudo umount /tmp/rfs
tar -H ustar -c boot.img recovery.img data.rfs system.rfs > CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar
md5sum -t CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar >> CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar
mv CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar.md5
tar -H ustar -c csc.rfs > CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar
md5sum -t CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar >> CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar
mv CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar.md5
tar -H ustar -c arm11boot mibib oemsbl qcsbl > APBOOT_S5830XWKPN_CL375596_REV03.tar
md5sum -t APBOOT_S5830XWKPN_CL375596_REV03.tar >> APBOOT_S5830XWKPN_CL375596_REV03.tar
mv APBOOT_S5830XWKPN_CL375596_REV03.tar CAPBOOT_S5830XWKPN_CL375596_REV03.tar.md5
tar -H ustar -c amss > MODEM_S5830XWKP6_CL375596_REV03.tar
md5sum -t MODEM_S5830XWKP6_CL375596_REV03.tar >> MODEM_S5830XWKP6_CL375596_REV03.tar
mv MODEM_S5830XWKP6_CL375596_REV03.tar MODEM_S5830XWKP6_CL375596_REV03.tar.md5
fix-system.sh script, not perfect but work
Code:
#!/bin/sh
rm -f bin/cat
rm -f bin/chmod
rm -f bin/chown
rm -f bin/cmp
rm -f bin/date
rm -f bin/dd
rm -f bin/df
rm -f bin/dmesg
rm -f bin/getevent
rm -f bin/getprop
rm -f bin/hd
rm -f bin/id
rm -f bin/ifconfig
rm -f bin/iftop
rm -f bin/insmod
rm -f bin/ioctl
rm -f bin/ionice
rm -f bin/kill
rm -f bin/ln
rm -f bin/log
rm -f bin/ls
rm -f bin/lsmod
rm -f bin/lsof
rm -f bin/mkdir
rm -f bin/mount
rm -f bin/mv
rm -f bin/nandread
rm -f bin/netstat
rm -f bin/newfs_msdos
rm -f bin/notify
rm -f bin/printenv
rm -f bin/ps
rm -f bin/reboot
rm -f bin/renice
rm -f bin/rm
rm -f bin/rmdir
rm -f bin/rmmod
rm -f bin/route
rm -f bin/schedtop
rm -f bin/sendevent
rm -f bin/setconsole
rm -f bin/setprop
rm -f bin/sleep
rm -f bin/smd
rm -f bin/start
rm -f bin/stop
rm -f bin/sync
rm -f bin/top
rm -f bin/umount
rm -f bin/uptime
rm -f bin/vmstat
rm -f bin/watchprops
rm -f bin/wipe
rm -f bin/dumpmesg
mkdir -p etc/init.d
mkdir -p sd
chown -R 0:0 .
for i in $( find . ); do
if [ -d $i ]; then
chmod 755 $i
else
chmod 644 $i
fi
done
chown -R 0:0 etc/init.d
chmod -R 777 etc/init.d
chown -R 0:2000 bin
chmod -R 755 bin
chown 0:3003 bin/ip
chmod 6755 bin/ip
chown 0:3003 bin/netcfg
chmod 2750 bin/netcfg
chown 0:3004 bin/ping
chmod 2755 bin/ping
chown 0:2000 bin/run-as
chmod 6750 bin/run-as
chown -R 1002:1002 etc/bluetooth
chmod -R 440 etc/bluetooth
chown 0:0 etc/bluetooth
chmod 755 etc/bluetooth
chown 1000:1000 etc/bluetooth/auto_pairing.conf
chmod 640 etc/bluetooth/auto_pairing.conf
chown 3002:3002 etc/bluetooth/blacklist.conf
chmod 444 etc/bluetooth/blacklist.conf
chown 1002:1002 etc/dbus.conf
chmod 440 etc/dbus.conf
chown 1014:2000 etc/dhcpcd/dhcpcd-run-hooks
chmod 550 etc/dhcpcd/dhcpcd-run-hooks
chown 0:2000 etc/init.goldfish.sh
chmod 550 etc/init.goldfish.sh
chown -R 0:0 etc/ppp
chmod -R 555 etc/ppp
chmod 0755 etc/ppp
chown -R 0:2000 xbin
chmod -R 755 xbin
# For pre-rooted firmware
if [ -f xbin/su ]; then
chmod 4755 xbin/su
fi
if [ -f xbin/sqlite3 ]; then
chmod 4755 xbin/sqlite3
fi
if [ -f bin/su ]; then
chmod 4755 bin/su
fi
if [ -f bin/sqlite3 ]; then
chmod 4755 bin/sqlite3
fi
cd bin
ln -s toolbox cat
ln -s toolbox chmod
ln -s toolbox chown
ln -s toolbox cmp
ln -s toolbox date
ln -s toolbox dd
ln -s toolbox df
ln -s toolbox dmesg
ln -s toolbox getevent
ln -s toolbox getprop
ln -s toolbox hd
ln -s toolbox id
ln -s toolbox ifconfig
ln -s toolbox iftop
ln -s toolbox insmod
ln -s toolbox ioctl
ln -s toolbox ionice
ln -s toolbox kill
ln -s toolbox ln
ln -s toolbox log
ln -s toolbox ls
ln -s toolbox lsmod
ln -s toolbox lsof
ln -s toolbox mkdir
ln -s toolbox mount
ln -s toolbox mv
ln -s toolbox nandread
ln -s toolbox netstat
ln -s toolbox newfs_msdos
ln -s toolbox notify
ln -s toolbox printenv
ln -s toolbox ps
ln -s toolbox reboot
ln -s toolbox renice
ln -s toolbox rm
ln -s toolbox rmdir
ln -s toolbox rmmod
ln -s toolbox route
ln -s toolbox schedtop
ln -s toolbox sendevent
ln -s toolbox setconsole
ln -s toolbox setprop
ln -s toolbox sleep
ln -s toolbox smd
ln -s toolbox start
ln -s toolbox stop
ln -s toolbox sync
ln -s toolbox top
ln -s toolbox umount
ln -s toolbox uptime
ln -s toolbox vmstat
ln -s toolbox watchprops
ln -s toolbox wipe
ln -s dumpstate dumpmesg
cd ../
fix-data.sh script:
Code:
#!/bin/sh
if [ -d data_test ]; then
rm -rf data_test
fi
if [ -d kernel-tests ]; then
rm -rf kernel-tests
fi
if [ -d local ]; then
rm -rf local
fi
if [ -d qmi_test ]; then
rm -rf qmi_test
fi
chown -R 1013:1000 .
chmod -R 777 .
fix-csc.sh script:
Code:
#!/bin/sh
chown -R 0:0 .
for i in $( find . ); do
if [ -d $i ]; then
chmod 755 $i
else
chmod 644 $i
fi
done
chown 1000:2001 recovery
CSC updater script:
Code:
#!/sbin/busybox sh
usage="usage: sec_csc <sales code>"
if [ "$(id | grep -c root)" != "1" ]; then
echo "You have no permission to run sec_csc."
exit 1;
fi
if ! [ "$1" = "" ]; then
if [ -d /system/csc/$1 ]; then
echo -n "Apply $1 sales code? y/N: "
read answer
if [ "$answer" = "y" ]; then
/sbin/busybox mount -o rw,remount /system
cp -f /system/csc/$1/system/CSCFiles.txt /system/
cp -f /system/csc/$1/system/CSCVersion.txt /system/
cp -f /system/csc/$1/system/csc/* /system/csc/
rm -f /data/property/persist.sys.country
rm -f /data/property/persist.sys.language
rm -f /data/property/persist.sys.localevar
echo -n $1 > /proc/LinuStoreIII/efs_info
setprop ril.sales_code $1
/sbin/busybox mount -o ro,remount /system
echo "Turn off and then turn on your phone"
echo "using the dedicated power button to"
echo "apply the new CSC."
fi
else
echo "$1 sales code not found."
fi
else
echo $usage
fi
Q: What's really above scripts do?
A: I do not directly use system.rfs (in rfs format) but making a new system.rfs in ext4 format. Copying the whole contents of the old system.rfs (rfs) into the new system.rfs (ext4), make modifications in the system.rfs (ext4) mount point, and then fix the access rights. Using ext3 format is also not problems as long as you use boot and recovery image that support ext3 and ext4 filesystems. After all the modifications, do not forget to umount both image.
Q: Why?
A: RFS filesystem in linux read as FAT filesystem. FAT filesystem permissions can not be set correctly according to the needs of the operating system (in this case Android). You're lucky if you modify the firmware and do not occur bootloop
Q: Is Odin support *.rfs formatted in ext4?
A: Odin raw writes the filesystem partition, no matter the form as long as *.rfs no larger than the physical partition.
Q: Does this really work?
A: You can try If you want to take the risk why not try XWKPN firmware already formatted to ext4 in ODIN package as follows:
S5830XWKPN_S5830XWKP6_S5830OXXKP7_blackhawk.rar (137.59 MB)
Password: ketut.kumajaya
Inside the package:
CF-Root-S5830 v3.7 b81 candidate
deodexed and zipaligned /system/app and /system/framework, thanks to dsixda
cifs (Samba/Windows share) and tun (openVPN) kernel modules included
BLN service support, modified services.jar. Thanks to neldar
Android Scribble 2.0 boot animation from here, thanks to GLa'DOS
multi CSC taken from XWKPN (Europe?) and DXKC1 (Asia?), XSE sales code (Indonesia as default country)
csc.rfs, data.rfs and system.rfs in ext4 format, no need to convert filesystem manually using ext4 Manager
keep application and themes as a plain XWPKN
DT apps2sd included, a modified version special for CF-Root-S5830. You can find the original Darktremor apps2sd here, thanks to tkirton.
ODIN fullpack, the safest way to flash Samsung firmware
Instructions:
Follow these instructions to the letter. Do not touch any buttons or checkboxes that are not listed below to touch!
Decompress S5830XWKPN_S5830XWKP6_S5830OXXKP7_blackhawk.rar
(USB) Disconnect your phone from your computer
Start ODIN v4.38
Click the OPS button, and select Cooper_v1.0.ops
Click the BOOT button, and select APBOOT_S5830XWKPN_CL375596_REV03.tar.md5
Click the Phone button, and select MODEM_S5830XWKP6_CL375596_REV03.tar.md5
Click the PDA button, and select CODE_S5830XWKPN_CL375596_REV03_blackhawk.tar.md5
Click the CSC button, and select CSC_S5830OXXKP7_CL375596_REV03_blackhawk.tar.md5
Put your phone in download mode
(USB) Connect the phone to your computer
Click the START button
Wait for the phone to reboot
No need to wipe the /data and /cache partitions, has been automatically when flashing.
Done
If you expect a better benchmark results. Enable "Media: Stagefright" on "Tweak Manager" and make sure you do not select "CPU: Conservative gov.".
UPDATE:
- Samsung keyboard have more language
- A new script to apply your CSC, run it over "adb shell" or Terminal Emulator or ConnectBot. For example to apply SER (Russia?) sales code:
Code:
sec_csc SER
To activate your new sales code, you must power off and then power on your phone using the dedicated power button.
Apply this update over CWM or CWM Manager app.
Wow sweet i might make a video for this
Thanks any ways
Script updated for pre-rooted firmware.
Maybe I should show the results to get people interested
You are the real dev, ketut.kumajaya!
Thanks for sharing such a great guide to us...
Hey, I think this guide can be applied to build a CWM-flashable ROM
fla.sh said:
You are the real dev, ketut.kumajaya!
Thanks for sharing such a great guide to us...
Hey, I think this guide can be applied to build a CWM-flashable ROM
Click to expand...
Click to collapse
Your welcome!
fix-system.sh and fix-csc.sh updated for better/faster recursive chmod.
CWM flashable? Of course yes, my fix-*.sh scripts is a bash port of dsixda/tools/update_files
Examples of ROM which all *.rfs formatted as ext4 filesystem. Do not expect too much from a ROM made in two short days after work But read the features
Password: ketut.kumajaya
ask how to flash?
wow..what a great work...i gotta try this...do i need to flash KPN 2.3.3 first then i can use this? can i flash this one from froyo for example? is this ROM already included check RAM script or something like that?
sorry for my bad english
LeimRen said:
wow..what a great work...i gotta try this...do i need to flash KPN 2.3.3 first then i can use this? can i flash this one from froyo for example? is this ROM already included check RAM script or something like that?
sorry for my bad english
Click to expand...
Click to collapse
You have to full flash (BOOT, Phone, PDA, CSC) your phone using ODIN. You can flash your own sec_csc.zip (extracted from csc.rfs using WinImage or MagicISO or linux) then. This firmware have all CF-Root- S5830 have, incl. CF-Root-S5830 CWM4 recovery b79 (b78 have CSC flashing error). The boot image using a modified version CF-Root-S5830 b80 for fast boot and apply ondemand CPU governer after boot complete. Fast boot but better battery life. If you need more efficient battery usage, set CPU governer to conservative using Tweak Manager. CF-Root-S5830 installed by default, /res/misc cleared so the boot image freeing some memory.
ketut.kumajaya said:
You have to full flash (BOOT, Phone, PDA, CSC) your phone using ODIN. You can flash your own sec_csc.zip (extracted from csc.rfs using WinImage or MagicISO or linux) then. This firmware have all CF-Root- S5830 have, incl. CF-Root-S5830 CWM4 recovery b79 (b78 have CSC flashing error). The boot image using a modified version CF-Root-S5830 b80 for fast boot and apply ondemand CPU governer after boot complete. Fast boot but better battery life. If you need more efficient battery usage, set CPU governer to conservative using Tweak Manager. CF-Root-S5830 installed by default, /res/misc cleared so the boot image freeing some memory.
Click to expand...
Click to collapse
okay...thanks for the explanation, sir...downloading now....
LeimRen said:
okay...thanks for the explanation, sir...downloading now....
Click to expand...
Click to collapse
You're welcome! For ROM modificator (what I have call you), feel free to use my ROM as your template. I purposely did not make many changes in the userspace, but the core only. A proper credit for me is enough
wow! this rom is blazing fast. imo, this is much faster and smoother than coderomv2x.2v.
thanks for your great work my friend. i'll test this rom further and report if i find any bugs ^^
AdobongKamote said:
wow! this rom is blazing fast. imo, this is much faster and smoother than coderomv2x.2v.
thanks for your great work my friend. i'll test this rom further and report if i find any bugs ^^
Click to expand...
Click to collapse
Your first post? Thanks for your report.
ketut.kumajaya said:
Your first post? Thanks for your report.
Click to expand...
Click to collapse
yeah. i registered just to thank you for your great efforts
Hey guys,
sorry for that question, but what's the password to decompress the archive?
Sprint82 said:
Hey guys,
sorry for that question, but what's the password to decompress the archive?
Click to expand...
Click to collapse
that should be indicated on the first page.
HINT: it's the dev's username
lol
can it be so easy?
Thanks
Then, I give it a try
Thanks Ketut.kumajaya for this. Actually, this modified KPN should have its very own thread. It's fast and by far one of the best ROM out there for the Ace.
http://www.multiupload.com/S6JSJSSZF2
works for my phone, thanks so much!
just one question (I may sound dumb asking this, but I seriously have no idea), but how do I access app2sd?
chinoyray said:
Thanks Ketut.kumajaya for this. Actually, this modified KPN should have its very own thread. It's fast and by far one of the best ROM out there for the Ace.
http://www.multiupload.com/S6JSJSSZF2
Click to expand...
Click to collapse
It's just part of my tutorial on converting rfs to ext4. Incidentally CF-Root-S5830 also from me, then this is the official combination of KPN and CF-Root-S5830
Related
I need to create a script, that would do the following commands:
Code:
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblk3 /system
cd /system/app/
rm com.amazon.mp3.apk
rm Development.apk
rm Mail.apk
rm VoiceDialer.apk
How can I do it, so I could run it on my phone and wouldn't have to use my computer all the time.
I would think you need to be rooted. Like on cyanogen; I think it has bash
So you would be ....
------------------
#!/bin/bash
mount -o remount,rw -t yaffs2 /dev/block/mtdblk3 /system
cd /system/app/
if [ -f com.amazon.mp3.apk ]
then
rm com.amazon.mp3.apk
fi
if [ -f Development.apk ]
then
rm Development.apk
fi
if [ -f Mail.apk ]
then
rm Mail.apk
fi
if [ -f VoiceDialer.apk ]
then
rm VoiceDialer.apk
fi
------------------
So now that there's 3 premium super user apps I figured I'd ask what's the proper way to uninstall and install a new one if I wanted to I also figured this would help noobs. The way I would do it is go into file explorer mount my system to R/O and delete the system in system app . then I would flash a new super user through recovery or adb. Now in not sure if anything would be lingering around that would come in conflict with a new SU so hopefully someone can help answer this. Thanks
Sent from my Nexus 4 using Tapatalk 2
Surely the new ZIP package removes/replaces the old one with the new package (assuming they are the same name, of course)?
EddyOS said:
Surely the new ZIP package removes/replaces the old one with the new package (assuming they are the same name, of course)?
Click to expand...
Click to collapse
Well I guess what I mean is going from SuperSu to clockworkmod su
Sent from my Nexus 4 using Tapatalk 2
The ZIP package remove any old versions before flashing the new one so you just flash the package in CWM/TWRP and you should be good to go...
Code:
#!/sbin/sh
# arg 1 is recovery api version, generally 3.
# arg 2 is the pipe fd, to the recovery binary.
# communicate with it using the recovery api.
# arg 3 is the zip file
echo -n -e 'ui_print Installing Superuser...\n' > /proc/self/fd/$2
echo -n -e 'ui_print\n' > /proc/self/fd/$2
cd /tmp
mkdir superuser
cd superuser
unzip -o $3
X86=$(uname -a | grep x86)
if [ ! -z "$X86" ]
then
PLATFORM=x86
else
PLATFORM=armeabi
fi
echo -n -e 'ui_print Installing '$PLATFORM' binaries...\n' > /proc/self/fd/$2
echo -n -e 'ui_print\n' > /proc/self/fd/$2
mount /system
rm -f /system/bin/su
rm -f /system/xbin/su
rm -f /system/app/Superuser.apk
cp $PLATFORM/su /system/bin/su
chown 0:0 /system/bin/su
chmod 6755 /system/bin/su
ln -sf ../bin/su /system/xbin/su
cp Superuser.apk /system/app
umount /system
I "made" a security script for cm/aosp and wanted to share. Ok, so I copied a lot from what I could find off the net, and thought I would share Seems as if this closes some of the security holes in android in general, but also cm/aokp.
If any of these are rediculous please help contribute to making it better. I just added what I thought could be true.
Warning: doesnt work on touchwiz roms, only cm/aosp
Warning: at own risk, I take no responsibility
Warning: this could render other scripts useless.
Warning: I am no codemonkey, I find after boot I need to manually apply ro access with rootexplorer for some of the directories used here. Havent been able to solve that with tasker/init.d scripts.
How to use:
run in terminal with su privileges.
Or set as script/task/init.d to run on boot. For some stuff to stick you need to do this. I recommend tasker, thats what I ran this with on boot.
Sources are to various to mention. One of them is secdroid. A lot of what that app has I could verify from a lot of sources. But is missing a lot of other stuff.
Tested Improvements are welcome! Donations/beer also
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
####enable the adbd daemon and busybox
mount -o remount, -rw -t rootfs rootfs /
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
###Disable NFC
chmod 000 /dev/ttyO3
chmod 000 /dev/tty3
###hardening TCP/IP stack for IPV4
###Avoid a smurf attack
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1;
###ICMP broadcast
busybox sysctl -e -w net.ipv4.conf.all.accept_redirects=0;
###ICMP redirects ipv4
busybox sysctl -e -w net.ipv6.conf.all.accept_redirects=0;
###ICMP redirects ipv6
busybox sysctl -e -w net.ipv4.conf.all.send_redirects=0;
### ICMP redirects
busybox sysctl -e -w net.ipv4.conf.all.accept_source_route=0; ###source routing disable
busybox sysctl -e -w net.ipv4.conf.all.forwarding=0;
###Forwarding traffic
busybox sysctl -e -w net.ipv4.conf.all.rp_filter=1;
busybox sysctl -e -w net.ipv4.conf.all.log_martians=1;
###filter martians
busybox sysctl -e -w net.ipv4.tcp_max_syn_backlog=1280;
###TCP syn half-opened
sysctl -w net.ipv4.ip_forward=0;
###Block Redirects
busybox sysctl -e -w net.ipv4.conf.default.accept_redirects=0;
busybox sysctl -e -w net.ipv4.conf.all.secure_redirects=0;
busybox sysctl -e -w net.ipv4.conf.default.secure_redirects=0;
###Block Source-Routing
busybox sysctl -e -w net.ipv4.conf.default.accept_source_route=0;
busybox sysctl -e -w net.ipv4.conf.all.accept_source_route=0;
### IPv4 Tweaks
busybox sysctl -e -w net.ipv4.tcp_timestamps=0;
busybox sysctl -e -w net.ipv4.tcp_sack=1;
busybox sysctl -e -w net.ipv4.tcp_fack=1;
busybox sysctl -e -w net.ipv4.tcp_congestion_control=cubic;
busybox sysctl -e -w net.ipv4.tcp_window_scaling=1;
###Protection against SYN Attacks
busybox sysctl -e -w net.ipv4.tcp_syncookies=1;
busybox sysctl -e -w net.ipv4.conf.all.rp_filter=1;
busybox sysctl -e -w net.ipv4.conf.default.rp_filter=1;
busybox sysctl -e -w net.ipv4.tcp_synack_retries=2;
busybox sysctl -e -w net.ipv4.tcp_syn_retries=2;
busybox sysctl -e -w net.ipv4.tcp_max_syn_backlog=1024;
busybox sysctl -e -w net.ipv4.tcp_max_tw_buckets=16384;
busybox sysctl -e -w net.ipv4.icmp_echo_ignore_all=1;
###Turn on protection for bad icmp error messages
busybox sysctl -e -w net.ipv4.icmp_ignore_bogus_error_responses=1;
busybox sysctl -e -w net.ipv4.tcp_no_metrics_save=1;
busybox sysctl -e -w net.ipv4.tcp_fin_timeout=15;
busybox sysctl -e -w net.ipv4.tcp_keepalive_intvl=30;
busybox sysctl -e -w net.ipv4.tcp_keepalive_probes=5;
busybox sysctl -e -w net.ipv4.tcp_keepalive_time=1800;
###Tune IPv6 and disable lol
busybox sysctl -e -w net.ipv6.conf.default.router_solicitations=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_rtr_pref=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_pinfo=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_defrtr=0;
busybox sysctl -e -w net.ipv6.conf.default.autoconf=0;
busybox sysctl -e -w net.ipv6.conf.default.dad_transmits=0;
busybox sysctl -e -w net.ipv6.conf.default.max_addresses=1;
busybox sysctl -e -w net.ipv6.conf.all.disable_ipv6=1;
busybox sysctl -e -w net.ipv6.conf.default.disable_ipv6=1;
busybox sysctl -e -w net.ipv6.conf.lo.disable_ipv6=1;
### Don't act as a router
busybox sysctl -e -w net.ipv4.ip_forward=0;
busybox sysctl -e -w net.ipv4.conf.all.send_redirects=0;
busybox sysctl -e -w net.ipv4.conf.default.send_redirects=0;
### Removing/ disabling unnecessary binaries. Some of them have access to Internet
mount -o remount, -rw /system/xbin
rm -f /system/xbin/irsii
rm -f /system/xbin/nano
rm -f /system/xbin/nc
rm -f /system/xbin/telnet
rm -f /system/xbin/telnetd
rm -f /system/xbin/telnetd
rm -f /system/xbin/opcontrol
chmod 000 /system/xbin/irsii
chmod 000 /system/xbin/nc
chmod 000 /system/xbin/netserver
chmod 000 /system/xbin/netperf
chmod 000 /system/xbin/opcontrol
chmod 000 /system/xbin/scp
chmod 740 /system/xbin/rsync
chmod 740 /system/xbin/sdptest
chmod 000 /system/xbin/ssh
chmod 000 /system/xbin/sshd
chmod 000 /system/xbin/ssh-keygen
chmod 740 /system/xbin/strace
chmod 000 /system/xbin/tcpdump
chmod 740 /system/xbin/vim
chmod 000 /system/xbin/nano
chmod 000 /system/xbin/telnet
mount -o remount, -ro /system/xbin
###Let's make sure they aren't in bin either
rm -f /system/bin/irsii
rm -f /system/bin/nano
rm -f /system/bin/nc
rm -f /system/bin/telnet
rm -f /system/bin/telnetd
rm -f /system/bin/opcontrol
chmod 000 /system/bin/irsii
chmod 000 /system/bin/nc
chmod 000 /system/bin/netserver
chmod 000 /system/bin/netperf
chmod 000 /system/bin/opcontrol
chmod 000 /system/bin/scp
chmod 740 /system/bin/rsync
chmod 740 /system/bin/sdptest
chmod 000 /system/bin/ssh
chmod 000 /system/bin/sshd
chmod 000 /system/bin/ssh-keygen
chmod 740 /system/bin/strace
chmod 000 /system/bin/tcpdump
chmod 740 /system/bin/vim
chmod 000 /system/bin/nano
chmod 000 /system/bin/telnet
### This disables Bluetooth (Most users want it on)
###chmod 000 /system/bin/bluetoothd
### ONLY root should need these:
chmod 750 /system/bin/iptables
chmod 750 /system/bin/ping
### Let's remove suid from ping (prevent a Privilege escalation attack)
mount -o remount, -rw /system/xbin
chmod 777 /system/xbin/busybox
mount -o remount, -rw /system/bin
busybox chmod -s /system/bin/ping
mount -o remount, -ro /system/bin
chmod 000 /system/xbin/busybox
mount -o remount, -ro /system/xbin
###disable the Packet Management binary - Prevents installing apps
via ADB or remotely
###disable ssh
###remove uiautomator permissions havent found a use for it anyways
mount -o remount, -rw /system/bin
chmod 000 /system/bin/pm
chmod 000 /system/bin/ssh
chmod 000 /system/bin/sshd
chmod 000 /system/bin/sshd
chmod 000 /system/bin/start-ssh
chmod 000 /system/bin/uiautomator
mount -o remount, -ro /system/bin
mount -o remount, -rw /sbin
###Disable the adbd daemon again
mount -o remount, -rw -t rootfs rootfs /
chmod 000 /sbin/adbd
###Prevents adb from running. This protects against attacks like P2P-ADB by Kos
###disable config ssh. No server for me...
###remove files with dictionary for terminals lol wtf
mount -o remount, -rw /etc
rm -rf /etc/terminfo/*
mv /etc/ssh/ssh_config /etc/ssh/ssh_config.donthinkso
mount -o remount, -ro /etc
###close
mount -o remount, -ro -t rootfs rootfs /
mount -o remount, -ro /sbin
mount -o remount, -ro /system/xbin
mount -o remount, -ro /system
mount -o remount, -ro /
###Cause I cant code lol no errors reported. Test without exit 0 to see in terminal if it works for your rom. its here so tasker wont error out if it cant find something.
exit 0
edit, put a /* after terminfo to delete all there
edit, small fix in code, not yet able to properly mount system and root as ro
Unbloatscript
Just removing some of the stuff I dont use. You can add/remove what you like
edit: some apps might forceclose if they are running, thats no issue.
After running wipe cache and dalvik and reboot. To further clean.
warning I added reboot at end so device will reboot!
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
# enable the adbd daemon and busybox
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
rm -f /system/app/QuickSearchBox.apk
rm -f /system/app/VoiceSearchStub.apk
rm -f /system/app/Talkback.apk
rm -f /system/app/Talk.apk
rm -f /system/app/Email2.apk
rm -f /system/app/Exchange2.apk
rm -f /system/app/HoloSpiralWallpaper.apk
rm -f /system/app/MagicSmokeWallpapers.apk
rm -f /system/app/VoiceDialer.apk
rm -f /system/app/VpnDialogs.apk
rm -f /system/app/Apollo.apk
rm -f /system/app/BasicDreams.apk
rm -f /system/app/CMFileManager.apk
rm -f /system/app/CMWallpapers.apk
rm -f /system/app/Development.apk
rm -f /system/app/DSPManager.apk
rm -f /system/app/LiveWallpapers.apk
rm -f /system/app/LiveWallpaperPicker.apk
rm -f /system/app/LockClock.apk
rm -f /system/app/MagicSmokeWallpapers.apk
rm -f /system/app/MediaUploader.apk
rm -f /system/app/NoiseField.apk
rm -f /system/app/Phasebeam.apk
rm -f /system/app/SoundRecorder.apk
rm -f /system/app/Term.apk
rm -f /system/app/Trebuchet.apk
rm -f /system/app/WAPPushManager.apk
###remove dalvik and cache
rm -f /data/dalvik-cache/*
rm -f /cache/dalvik-cache/*
rm -f /cache/lost+found/*
chmod 000 /sbin/adbd
chmod 000 /system/xbin/busybox
mount -o remount, -ro /sbin
mount -o remount, -ro /system/xbin
mount -o remount, -ro /system
exit 0
reboot
Edit, added remove dalvik cache, cache and Reboot after running this to prevent fc. You will get some of apps running but that should be no issue
edit, closing, foolish me didnt mount as ro. and removed a bit of other code
edit some more cleaning
Batch install script
As I run a lot of scripts to automate my post flash activities. I set my phone on airplane mode and run the following script batch install from a certain folder.
Its nowhere near as sophisticated as Chasmodos roms scripts, but it does the job for my user apps
Here I have a folder (batchlove) where I store my backed upped apps (no data) from playstore on my external sdcard. So far play recognizes the apps and lets me update it. However then you would need tro update the apks in this folder in order to always have up to date versions.You can put apks backed up with a lot off aps here.
Ofcourse I dont keep my tasker app here because it installs everything in that folder, and installing tasker while running this script is not a good idea.
You can run this script from a terminal as wel.
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
mount -o remount, -rw /system/bin
# enable the adbd daemon and busybox
mount -o remount, -rw -t rootfs rootfs /
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
chmod 777 /system/bin/pm
cd /storage/sdcard1/batchlove;
for app in *.apk; do pm install -r $app; done
chmod 000 /sbin/adbd
chmod 000 /system/xbin/busybox
chmod 000 /system/bin/pm
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
mount -o remount, -rw /system/bin
exit 0
You copied SecDroid and added some stuff, now you call it your own project. Why not continue SecDroid?
SecUpwN said:
You copied SecDroid and added some stuff, now you call it your own project. Why not continue SecDroid?
Click to expand...
Click to collapse
I copied a bunch of other stuff also, as even secdroid is not the source of most of those lines. It is an awesome initiative though. An app for the masses. For those insterested http://forum.xda-developers.com/showthread.php?t=2086276.
With the script, not really my project, I wanted to set the values immediately as I flash every other day. I got a script for that. As I would still need that for reopening the closed the stuff,every once in a while.
edit submitted most to secdroid git for the security script
added some extra scripts, handy for unbloat/batchinstall.
tip: get tasker, save these scripts as tasks, backup tasker data (from within tasker) and add task to move the backup to external card. Then you only need to install tasker copy the backup to sdcard, restore and run. Its another way
if enough people are interested I can export these scripts as apps from tasker, just install and it will do what the script does.
remember to check folder permissions as these dont always stick lol
hope you find it handy, if anyone has a script that is handy please share
delete
Hello all.
This script is my first contribution to this section.
THIS ZIP removes more than 100 MB of samsung apps.
I have made a similar thread here, but I wanted more people to try and test my work .
This is not SPAM , but I have no regrets if this thread is closed.
It removes the following apps-
AccuWeatherDaemonService
SamsungWidget_WeatherClock
install_flash_player
Dlna
SamsungWidget_News
BuddiesNow
CarHomeGoogle
ChocoEUKor
AnalogClock
PressReader
PRUI DualClock
Email
EmailWidget
FmRadio
HelvNeueLT
SamsungIM
KiesAir
kieswifi
Kobo
Memo
Microbesgl
MiniDiary
PostIt
MusicHub_
MusicHub_U
GenieWidget
PolarisOffice
PhotoRetouching
ReadersHub
signin
SamsungApps
SamsungAppsUNA
ShareApp
SnsProvider
SnsDisclaimer
SnsAccountFb
SnsAccountLi
SnsAccountMs
SnsAccountTw
SevenEngine
SocialHub
Kies
wssyncmlnps
SamsungWidget_StockClock
Thanking you in advance for testing it.
This removes all bloatware from samsung JB firmwares for all devices.
Just go to CWM and flash.
If you think something is wrong in the script or you have any suggestions please do reply.
Hit thanks if you like it.
<<<<<DOWNLOAD HERE>>>>>
Credits------>
broadways----> original script and the innovative idea. I have used his script as a base.
ME :silly:
You----->For testing and more suggestions.
Hi, like the look off this. Just checking will this remove the S-Pen functionality? Thanks
http://forum.xda-developers.com/showthread.php?t=2417773
Consider the above thread to know which bloat can be removed from note's tw jb
Sent from my GT-N7000 using Tapatalk 4
ccpezza said:
Hi, like the look off this. Just checking will this remove the S-Pen functionality? Thanks
Click to expand...
Click to collapse
SPen is the only feature which has made note so popular.
This script will not remove SPen functionality.
Look out for version 2 (Coming Soon ) of the script which will do so.
Did not work for me.
Tried on both internal and external SD. Installation aborted.
Can you elaborate please
Status __: Installation aborted
Fill in the blanks
Sent from my GT-S5360 using Xparent Cyan Tapatalk 2
Tesla said:
Did not work for me.
Tried on both internal and external SD. Installation aborted.
Click to expand...
Click to collapse
this is for touchwiz not cm based roms. lol
run this in terminal. Adapt with new package names and remove what you want to keep:
set permissions as you like
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
mount -o remount, -rw /system/app
# enable the adbd daemon and busybox
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
rm -f /system/app/Browser.apk
rm -f /system/app/VoiceSearchStub.apk
rm -f /system/app/QuickSearchBox.apk
rm -f /system/app/VoiceSearchStub.apk
rm -f /system/app/Talkback.apk
rm -f /system/app/Talk.apk
rm -f /system/app/Email2.apk
rm -f /system/app/Exchange2.apk
rm -f /system/app/HoloSpiralWallpaper.apk
rm -f /system/app/MagicSmokeWallpapers.apk
rm -f /system/app/VoiceDialer.apk
rm -f /system/app/VpnDialogs.apk
rm -f /system/app/Apollo.apk
rm -f /system/app/BasicDreams.apk
rm -f /system/app/CMFileManager.apk
rm -f /system/app/CMWallpapers.apk
rm -f /system/app/Development.apk
rm -f /system/app/DSPManager.apk
rm -f /system/app/LiveWallpapers.apk
rm -f /system/app/LiveWallpaperPicker.apk
rm -f /system/app/LockClock.apk
rm -f /system/app/MagicSmokeWallpapers.apk
rm -f /system/app/MediaUploader.apk
rm -f /system/app/NoiseField.apk
rm -f /system/app/Phasebeam.apk
rm -f /system/app/SoundRecorder.apk
rm -f /system/app/DashClock.apk
rm -f /system/app/GenieWidget.apk
rm -f /system/app/LiquidPapers.apk
rm -f /system/app/Talk.apk
rm -f /system/app/Talkback.apk
###remove dalvik and cache
###rm -f /data/dalvik-cache/*
###rm -f /cache/dalvik-cache/*
###rm -f /cache/lost+found/*
###reboot
chmod 740 /sbin/adbd
chmod 740 /system/xbin/busybox
mount -o remount, -ro /sbin
mount -o remount, -ro /system/xbin
mount -o remount, -ro /system/app
mount -o remount, -ro /system
exit 0
To work properly init.d must have installed busybox , so I copy latest busybox in system/bin and put this command in updater-script
Code:
run_program("/system/xbin/busybox", "--install", "-s", "/system/xbin");
After intallation and first boot everything is OK , init.d support is activated , root is OK.
But after I reboot phone , root is lost - "SU binary is missing"
If I not include command for installing busybox in updater-script , root is OK and isn't lost after I reboot phone , but busybox is not installed properly and init.d support is not active.
I don't know what to do anymore ?
Do you have the init.d script to start the su binary in daemon mode or something like that? Have you double checked that su is still in /system/xbin? Also, under /system/bin there should be a directory called ".ext"
elesbb said:
Do you have the init.d script to start the su binary in daemon mode or something like that? Have you double checked that su is still in /system/xbin? Also, under /system/bin there should be a directory called ".ext"
Click to expand...
Click to collapse
1.Yes I have
Code:
#!/system/bin/sh
/system/xbin/daemonsu --auto-daemon &
2.Yes
Problem appears when I include busybox installation in updater-script.
With 4.3 I don't have this problem.
mom4ence said:
1.Yes I have
Code:
#!/system/bin/sh
/system/xbin/daemonsu --auto-daemon &
2.Yes
Problem appears when I include busybox installation in updater-script.
With 4.3 I don't have this problem.
Click to expand...
Click to collapse
Try to reflash this via recovery http://download.chainfire.eu/376/SuperSU/UPDATE-SuperSU-v1.89.zip?retrieve_file=1
Repulsa said:
Try to reflash this via recovery http://download.chainfire.eu/376/SuperSU/UPDATE-SuperSU-v1.89.zip?retrieve_file=1
Click to expand...
Click to collapse
I know about this , and is working without problem.
But I want to integrate everything in my rom , i don't want user to flash another file after finish installation of rom.
With 4.3 base i don't have any problem.I don't know where is the problem - busybox or Chainfire root
mom4ence said:
I know about this , and is working without problem.
But I want to integrate everything in my rom , i don't want user to flash another file after finish installation of rom.
With 4.3 base i don't have any problem.I don't know where is the problem - busybox or Chainfire root
Click to expand...
Click to collapse
Then just copy chainfire's update zip into yours. Merge the scripts.
Sent from my SGH-M919 using Tapatalk
elesbb said:
Then just copy chainfire's update zip into yours. Merge the scripts.
Sent from my SGH-M919 using Tapatalk
Click to expand...
Click to collapse
This a script
Code:
#!/sbin/sh
OUTFD=$2
ZIP=$3
ui_print() {
echo -n -e "ui_print $1\n" > /proc/self/fd/$OUTFD
echo -n -e "ui_print\n" > /proc/self/fd/$OUTFD
}
set_perm() {
chown $1.$2 $4
chown $1:$2 $4
chmod $3 $4
}
ch_con() {
/system/bin/toolbox chcon u:object_r:system_file:s0 $1
chcon u:object_r:system_file:s0 $1
}
ui_print "*********************"
ui_print "SuperSU installer ZIP"
ui_print "*********************"
ui_print "- Mounting /system, /data and rootfs"
mount /system
mount /data
mount -o rw,remount /system
mount -o rw,remount /system /system
mount -o rw,remount /
mount -o rw,remount / /
ABI=$(cat /default.prop | grep ro.product.cpu.abi= | dd bs=1 skip=19 count=3)
ABI2=$(cat /default.prop | grep ro.product.cpu.abi2= | dd bs=1 skip=20 count=3)
ARCH=arm
if [ "$ABI" = "x86" ]; then ARCH=x86; fi;
if [ "$ABI2" = "x86" ]; then ARCH=x86; fi;
ui_print "- Extracting files"
cd /tmp
mkdir supersu
cd supersu
unzip -o "$ZIP"
BIN=/tmp/supersu/$ARCH
COM=/tmp/supersu/common
ui_print "- Disabling OTA survival"
chmod 0755 /tmp/supersu/$ARCH/chattr
$BIN/chattr -i /system/xbin/su
$BIN/chattr -i /system/bin/.ext/.su
$BIN/chattr -i /system/xbin/daemonsu
$BIN/chattr -i /system/etc/install-recovery.sh
ui_print "- Removing old files"
rm -f /system/bin/su
rm -f /system/xbin/su
rm -f /system/xbin/daemonsu
rm -f /system/bin/.ext/.su
rm -f /system/etc/install-recovery.sh
rm -f /system/etc/init.d/99SuperSUDaemon
rm -f /system/etc/.installed_su_daemon
rm -f /system/app/Superuser.apk
rm -f /system/app/Superuser.odex
rm -f /system/app/SuperUser.apk
rm -f /system/app/SuperUser.odex
rm -f /system/app/superuser.apk
rm -f /system/app/superuser.odex
rm -f /system/app/Supersu.apk
rm -f /system/app/Supersu.odex
rm -f /system/app/SuperSU.apk
rm -f /system/app/SuperSU.odex
rm -f /system/app/supersu.apk
rm -f /system/app/supersu.odex
rm -f /data/dalvik-cache/*com.noshufou.android.su*
rm -f /data/dalvik-cache/*com.koushikdutta.superuser*
rm -f /data/dalvik-cache/*com.mgyun.shua.su*
rm -f /data/dalvik-cache/*Superuser.apk*
rm -f /data/dalvik-cache/*SuperUser.apk*
rm -f /data/dalvik-cache/*superuser.apk*
rm -f /data/dalvik-cache/*eu.chainfire.supersu*
rm -f /data/dalvik-cache/*Supersu.apk*
rm -f /data/dalvik-cache/*SuperSU.apk*
rm -f /data/dalvik-cache/*supersu.apk*
rm -f /data/dalvik-cache/*.oat
rm -f /data/app/com.noshufou.android.su-*
rm -f /data/app/com.koushikdutta.superuser-*
rm -f /data/app/com.mgyun.shua.su-*
rm -f /data/app/eu.chainfire.supersu-*
ui_print "- Creating space"
cp /system/app/Maps.apk /Maps.apk
cp /system/app/GMS_Maps.apk /GMS_Maps.apk
cp /system/app/YouTube.apk /YouTube.apk
rm /system/app/Maps.apk
rm /system/app/GMS_Maps.apk
rm /system/app/YouTube.apk
ui_print "- Placing files"
mkdir /system/bin/.ext
cp $BIN/su /system/xbin/daemonsu
cp $BIN/su /system/xbin/su
cp $BIN/su /system/bin/.ext/.su
cp $COM/Superuser.apk /system/app/Superuser.apk
cp $COM/install-recovery.sh /system/etc/install-recovery.sh
cp $COM/99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon
echo 1 > /system/etc/.installed_su_daemon
ui_print "- Restoring files"
cp /Maps.apk /system/app/Maps.apk
cp /GMS_Maps.apk /system/app/GMS_Maps.apk
cp /YouTube.apk /system/app/YouTube.apk
rm /Maps.apk
rm /GMS_Maps.apk
rm /YouTube.apk
ui_print "- Setting permissions"
set_perm 0 0 0777 /system/bin/.ext
set_perm 0 0 06755 /system/bin/.ext/.su
set_perm 0 0 06755 /system/xbin/su
set_perm 0 0 0755 /system/xbin/daemonsu
set_perm 0 0 0755 /system/etc/install-recovery.sh
set_perm 0 0 0755 /system/etc/init.d/99SuperSUDaemon
set_perm 0 0 0644 /system/etc/.installed_su_daemon
set_perm 0 0 0644 /system/app/Superuser.apk
set_perm 0 0 0644 /system/app/Maps.apk
set_perm 0 0 0644 /system/app/GMS_Maps.apk
set_perm 0 0 0644 /system/app/YouTube.apk
ch_con /system/bin/.ext/.su
ch_con /system/xbin/su
ch_con /system/xbin/daemonsu
ch_con /system/etc/install-recovery.sh
ch_con /system/etc/init.d/99SuperSUDaemon
ch_con /system/etc/.installed_su_daemon
ch_con /system/app/Superuser.apk
ch_con /system/app/Maps.apk
ch_con /system/app/GMS_Maps.apk
ch_con /system/app/YouTube.apk
ui_print "- Post-installation script"
/system/xbin/su --install
ui_print "- Unmounting /system and /data"
umount /system
umount /data
ui_print "- Done !"
exit 0
I try to convert for normal updater-script , because this is in update-binary. Nothings happen , maybe I wrong somewhere
This my version
Code:
package_extract_dir("niko/mod/tools", "/system");
set_perm(0, 0, 0755, "/system/chattr");
run_program("/system/chattr", "-i", "/system/xbin/su");
run_program("/system/chattr", "-i", "/system/bin/.ext/.su");
run_program("/system/chattr", "-i", "/system/xbin/daemonsu");
run_program("/system/chattr", "-i", "/system/etc/install-recovery.sh");
run_program("/sbin/busybox", "cp", "/system/99SuperSUDaemon", "/system/etc/init.d/99SuperSUDaemon");
set_perm(0, 0, 0777, "/system/bin/.ext");
set_perm(0, 0, 06755, "/system/bin/.ext/.su");
set_perm(0, 0, 06755, "/system/xbin/su");
set_perm(0, 0, 06755, "/system/xbin/daemonsu");
set_perm(0, 0, 0755, "/system/etc/install-recovery.sh");
set_perm(0, 0, 0755, "/system/etc/init.d/99SuperSUDaemon");
run_program("/system/chattr", "+i", "/system/etc/install-recovery.sh");
delete("/system/chattr");
delete("/system/99SuperSUDaemon");
I put it after finishing rom installation.