correct me if i'm mistaken, but isn't doing apps 2 SD as simple as
1) su
2) mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
3) busybox cp /data/app/* /system/sd/app
4) rm -r /data/app
5) ln /system/sd/app /data/app
6) reboot
??same thing goes with app-private and dalvik cache? am i wrong?
you're almost right .
1) su
2) mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
3) busybox cp /data/app /system/sd/app
4) rm -r /data/app
5) ln -s /system/etc/app /data/app
6) reboot
Hi every body !
I made my G1 connecting with Ad Hoc mode:
Code:
adb shell mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
adb push tiwlan.ini /data/misc/wifi/tiwlan.ini
adb push wpa_supplicant.conf /data/misc/wifi/wpa_supplicant.conf
adb shell mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system
And i have made a correct tiwlan.ini and wpa_supplicant.conf, this is why it works like a charm.
Now, i have two problems:
1- After every reboot, i can't start my Wifi(no Wifi at all, it is OFF), i have to redo all that script
2- Even i made a Shell Script, noway, it works only by using the ADB. Here is a very basic script that i tried:
Code:
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
cp -f ./tiwlan.ini /data/misc/wifi/tiwlan.ini
cp -f ./wpa_supplicant.conf /data/misc/wifi/wpa_supplicant.conf
mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system
Any idea ?
Thank you.
G1 - Cyanogen 5.0.8-N1
(Sorry for my english writing)
Hi !
UP
I didn't resolve the problem yet
A+
I don't know how much of the script you understand, but your /system partition doesn't seem to be mounted until you run that script. That doesn't seem normal, /system sounds rather important :-/ If you don't know how to undo whatever modifications you have made, I would recommend resetting your phone to factory settings. It should fix it.
I have made a file to mount an sdcard second partition to "/data". It needs to go in "/system/etc/init.d/". Can some have a look to tell me if it would work or not as I don't have a partition sdcard.
-Download link: http://db.tt/paxqo1b
Code:
#!/system/bin/sh
if [ -e /dev/block/platform/msm_sdcc.1/by-num/p2 ]
then
busybox mount -o rw,remount -t yaffs2 /dev/block/mtdblock10 /;
busybox umount /data;
busybox mount /dev/block/platform/msm_sdcc.1/by-num/p2 /data;
busybox chown system system /data;
busybox chmod 771 /data;
busybox mount -o ro,remount -t yaffs2 /dev/block/mtdblock10 /;
fi;
Why would you want the whole data partition on the sdcard? It will ruin it a lot quicker, and also slow the phone down if the card isn't fast enough.
Jack
I tried following this thread: http://forum.xda-developers.com/showthread.php?t=1349652
When I open a CMD window and type this is what happens:
c:\>cd adb
c:\adb>adb shell
$ su
su
# mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
# rm /system/app/Superuser.apk
rm /system/app/Superuser.apk
# rm /system/bin/su
rm /system/bin/su
rm failed for /system/bin/su, No such file or directory
# rm /system/xbin/su
rm /system/xbin/su
# rm /system/bin/su
rm /system/bin/su
rm failed for /system/bin/su, No such file or directory
#
I can't seem to remove '/system/bin/su". I restarted my KF and typed "adb shel" "su" and it says "permission denied". Does that mean my KF is good to ship back and not rooted now?
bal1985 said:
I tried following this thread: http://forum.xda-developers.com/showthread.php?t=1349652
When I open a CMD window and type this is what happens:
c:\>cd adb
c:\adb>adb shell
$ su
su
# mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
# rm /system/app/Superuser.apk
rm /system/app/Superuser.apk
# rm /system/bin/su
rm /system/bin/su
rm failed for /system/bin/su, No such file or directory
# rm /system/xbin/su
rm /system/xbin/su
# rm /system/bin/su
rm /system/bin/su
rm failed for /system/bin/su, No such file or directory
#
I can't seem to remove '/system/bin/su". I restarted my KF and typed "adb shel" "su" and it says "permission denied". Does that mean my KF is good to ship back and not rooted now?
Click to expand...
Click to collapse
Try to install an app that requires root like OpenVPN for example. If it doesn't install or work properly, you're unrooted. Or try to su in with a terminal emulator.
I "made" a security script for cm/aosp and wanted to share. Ok, so I copied a lot from what I could find off the net, and thought I would share Seems as if this closes some of the security holes in android in general, but also cm/aokp.
If any of these are rediculous please help contribute to making it better. I just added what I thought could be true.
Warning: doesnt work on touchwiz roms, only cm/aosp
Warning: at own risk, I take no responsibility
Warning: this could render other scripts useless.
Warning: I am no codemonkey, I find after boot I need to manually apply ro access with rootexplorer for some of the directories used here. Havent been able to solve that with tasker/init.d scripts.
How to use:
run in terminal with su privileges.
Or set as script/task/init.d to run on boot. For some stuff to stick you need to do this. I recommend tasker, thats what I ran this with on boot.
Sources are to various to mention. One of them is secdroid. A lot of what that app has I could verify from a lot of sources. But is missing a lot of other stuff.
Tested Improvements are welcome! Donations/beer also
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
####enable the adbd daemon and busybox
mount -o remount, -rw -t rootfs rootfs /
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
###Disable NFC
chmod 000 /dev/ttyO3
chmod 000 /dev/tty3
###hardening TCP/IP stack for IPV4
###Avoid a smurf attack
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1;
###ICMP broadcast
busybox sysctl -e -w net.ipv4.conf.all.accept_redirects=0;
###ICMP redirects ipv4
busybox sysctl -e -w net.ipv6.conf.all.accept_redirects=0;
###ICMP redirects ipv6
busybox sysctl -e -w net.ipv4.conf.all.send_redirects=0;
### ICMP redirects
busybox sysctl -e -w net.ipv4.conf.all.accept_source_route=0; ###source routing disable
busybox sysctl -e -w net.ipv4.conf.all.forwarding=0;
###Forwarding traffic
busybox sysctl -e -w net.ipv4.conf.all.rp_filter=1;
busybox sysctl -e -w net.ipv4.conf.all.log_martians=1;
###filter martians
busybox sysctl -e -w net.ipv4.tcp_max_syn_backlog=1280;
###TCP syn half-opened
sysctl -w net.ipv4.ip_forward=0;
###Block Redirects
busybox sysctl -e -w net.ipv4.conf.default.accept_redirects=0;
busybox sysctl -e -w net.ipv4.conf.all.secure_redirects=0;
busybox sysctl -e -w net.ipv4.conf.default.secure_redirects=0;
###Block Source-Routing
busybox sysctl -e -w net.ipv4.conf.default.accept_source_route=0;
busybox sysctl -e -w net.ipv4.conf.all.accept_source_route=0;
### IPv4 Tweaks
busybox sysctl -e -w net.ipv4.tcp_timestamps=0;
busybox sysctl -e -w net.ipv4.tcp_sack=1;
busybox sysctl -e -w net.ipv4.tcp_fack=1;
busybox sysctl -e -w net.ipv4.tcp_congestion_control=cubic;
busybox sysctl -e -w net.ipv4.tcp_window_scaling=1;
###Protection against SYN Attacks
busybox sysctl -e -w net.ipv4.tcp_syncookies=1;
busybox sysctl -e -w net.ipv4.conf.all.rp_filter=1;
busybox sysctl -e -w net.ipv4.conf.default.rp_filter=1;
busybox sysctl -e -w net.ipv4.tcp_synack_retries=2;
busybox sysctl -e -w net.ipv4.tcp_syn_retries=2;
busybox sysctl -e -w net.ipv4.tcp_max_syn_backlog=1024;
busybox sysctl -e -w net.ipv4.tcp_max_tw_buckets=16384;
busybox sysctl -e -w net.ipv4.icmp_echo_ignore_all=1;
###Turn on protection for bad icmp error messages
busybox sysctl -e -w net.ipv4.icmp_ignore_bogus_error_responses=1;
busybox sysctl -e -w net.ipv4.tcp_no_metrics_save=1;
busybox sysctl -e -w net.ipv4.tcp_fin_timeout=15;
busybox sysctl -e -w net.ipv4.tcp_keepalive_intvl=30;
busybox sysctl -e -w net.ipv4.tcp_keepalive_probes=5;
busybox sysctl -e -w net.ipv4.tcp_keepalive_time=1800;
###Tune IPv6 and disable lol
busybox sysctl -e -w net.ipv6.conf.default.router_solicitations=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_rtr_pref=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_pinfo=0;
busybox sysctl -e -w net.ipv6.conf.default.accept_ra_defrtr=0;
busybox sysctl -e -w net.ipv6.conf.default.autoconf=0;
busybox sysctl -e -w net.ipv6.conf.default.dad_transmits=0;
busybox sysctl -e -w net.ipv6.conf.default.max_addresses=1;
busybox sysctl -e -w net.ipv6.conf.all.disable_ipv6=1;
busybox sysctl -e -w net.ipv6.conf.default.disable_ipv6=1;
busybox sysctl -e -w net.ipv6.conf.lo.disable_ipv6=1;
### Don't act as a router
busybox sysctl -e -w net.ipv4.ip_forward=0;
busybox sysctl -e -w net.ipv4.conf.all.send_redirects=0;
busybox sysctl -e -w net.ipv4.conf.default.send_redirects=0;
### Removing/ disabling unnecessary binaries. Some of them have access to Internet
mount -o remount, -rw /system/xbin
rm -f /system/xbin/irsii
rm -f /system/xbin/nano
rm -f /system/xbin/nc
rm -f /system/xbin/telnet
rm -f /system/xbin/telnetd
rm -f /system/xbin/telnetd
rm -f /system/xbin/opcontrol
chmod 000 /system/xbin/irsii
chmod 000 /system/xbin/nc
chmod 000 /system/xbin/netserver
chmod 000 /system/xbin/netperf
chmod 000 /system/xbin/opcontrol
chmod 000 /system/xbin/scp
chmod 740 /system/xbin/rsync
chmod 740 /system/xbin/sdptest
chmod 000 /system/xbin/ssh
chmod 000 /system/xbin/sshd
chmod 000 /system/xbin/ssh-keygen
chmod 740 /system/xbin/strace
chmod 000 /system/xbin/tcpdump
chmod 740 /system/xbin/vim
chmod 000 /system/xbin/nano
chmod 000 /system/xbin/telnet
mount -o remount, -ro /system/xbin
###Let's make sure they aren't in bin either
rm -f /system/bin/irsii
rm -f /system/bin/nano
rm -f /system/bin/nc
rm -f /system/bin/telnet
rm -f /system/bin/telnetd
rm -f /system/bin/opcontrol
chmod 000 /system/bin/irsii
chmod 000 /system/bin/nc
chmod 000 /system/bin/netserver
chmod 000 /system/bin/netperf
chmod 000 /system/bin/opcontrol
chmod 000 /system/bin/scp
chmod 740 /system/bin/rsync
chmod 740 /system/bin/sdptest
chmod 000 /system/bin/ssh
chmod 000 /system/bin/sshd
chmod 000 /system/bin/ssh-keygen
chmod 740 /system/bin/strace
chmod 000 /system/bin/tcpdump
chmod 740 /system/bin/vim
chmod 000 /system/bin/nano
chmod 000 /system/bin/telnet
### This disables Bluetooth (Most users want it on)
###chmod 000 /system/bin/bluetoothd
### ONLY root should need these:
chmod 750 /system/bin/iptables
chmod 750 /system/bin/ping
### Let's remove suid from ping (prevent a Privilege escalation attack)
mount -o remount, -rw /system/xbin
chmod 777 /system/xbin/busybox
mount -o remount, -rw /system/bin
busybox chmod -s /system/bin/ping
mount -o remount, -ro /system/bin
chmod 000 /system/xbin/busybox
mount -o remount, -ro /system/xbin
###disable the Packet Management binary - Prevents installing apps
via ADB or remotely
###disable ssh
###remove uiautomator permissions havent found a use for it anyways
mount -o remount, -rw /system/bin
chmod 000 /system/bin/pm
chmod 000 /system/bin/ssh
chmod 000 /system/bin/sshd
chmod 000 /system/bin/sshd
chmod 000 /system/bin/start-ssh
chmod 000 /system/bin/uiautomator
mount -o remount, -ro /system/bin
mount -o remount, -rw /sbin
###Disable the adbd daemon again
mount -o remount, -rw -t rootfs rootfs /
chmod 000 /sbin/adbd
###Prevents adb from running. This protects against attacks like P2P-ADB by Kos
###disable config ssh. No server for me...
###remove files with dictionary for terminals lol wtf
mount -o remount, -rw /etc
rm -rf /etc/terminfo/*
mv /etc/ssh/ssh_config /etc/ssh/ssh_config.donthinkso
mount -o remount, -ro /etc
###close
mount -o remount, -ro -t rootfs rootfs /
mount -o remount, -ro /sbin
mount -o remount, -ro /system/xbin
mount -o remount, -ro /system
mount -o remount, -ro /
###Cause I cant code lol no errors reported. Test without exit 0 to see in terminal if it works for your rom. its here so tasker wont error out if it cant find something.
exit 0
edit, put a /* after terminfo to delete all there
edit, small fix in code, not yet able to properly mount system and root as ro
Unbloatscript
Just removing some of the stuff I dont use. You can add/remove what you like
edit: some apps might forceclose if they are running, thats no issue.
After running wipe cache and dalvik and reboot. To further clean.
warning I added reboot at end so device will reboot!
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
# enable the adbd daemon and busybox
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
rm -f /system/app/QuickSearchBox.apk
rm -f /system/app/VoiceSearchStub.apk
rm -f /system/app/Talkback.apk
rm -f /system/app/Talk.apk
rm -f /system/app/Email2.apk
rm -f /system/app/Exchange2.apk
rm -f /system/app/HoloSpiralWallpaper.apk
rm -f /system/app/MagicSmokeWallpapers.apk
rm -f /system/app/VoiceDialer.apk
rm -f /system/app/VpnDialogs.apk
rm -f /system/app/Apollo.apk
rm -f /system/app/BasicDreams.apk
rm -f /system/app/CMFileManager.apk
rm -f /system/app/CMWallpapers.apk
rm -f /system/app/Development.apk
rm -f /system/app/DSPManager.apk
rm -f /system/app/LiveWallpapers.apk
rm -f /system/app/LiveWallpaperPicker.apk
rm -f /system/app/LockClock.apk
rm -f /system/app/MagicSmokeWallpapers.apk
rm -f /system/app/MediaUploader.apk
rm -f /system/app/NoiseField.apk
rm -f /system/app/Phasebeam.apk
rm -f /system/app/SoundRecorder.apk
rm -f /system/app/Term.apk
rm -f /system/app/Trebuchet.apk
rm -f /system/app/WAPPushManager.apk
###remove dalvik and cache
rm -f /data/dalvik-cache/*
rm -f /cache/dalvik-cache/*
rm -f /cache/lost+found/*
chmod 000 /sbin/adbd
chmod 000 /system/xbin/busybox
mount -o remount, -ro /sbin
mount -o remount, -ro /system/xbin
mount -o remount, -ro /system
exit 0
reboot
Edit, added remove dalvik cache, cache and Reboot after running this to prevent fc. You will get some of apps running but that should be no issue
edit, closing, foolish me didnt mount as ro. and removed a bit of other code
edit some more cleaning
Batch install script
As I run a lot of scripts to automate my post flash activities. I set my phone on airplane mode and run the following script batch install from a certain folder.
Its nowhere near as sophisticated as Chasmodos roms scripts, but it does the job for my user apps
Here I have a folder (batchlove) where I store my backed upped apps (no data) from playstore on my external sdcard. So far play recognizes the apps and lets me update it. However then you would need tro update the apks in this folder in order to always have up to date versions.You can put apks backed up with a lot off aps here.
Ofcourse I dont keep my tasker app here because it installs everything in that folder, and installing tasker while running this script is not a good idea.
You can run this script from a terminal as wel.
Spoiler
#!/system/bin/sh
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
mount -o remount, -rw /system/bin
# enable the adbd daemon and busybox
mount -o remount, -rw -t rootfs rootfs /
chmod 777 /sbin/adbd
chmod 777 /system/xbin/busybox
chmod 777 /system/bin/pm
cd /storage/sdcard1/batchlove;
for app in *.apk; do pm install -r $app; done
chmod 000 /sbin/adbd
chmod 000 /system/xbin/busybox
chmod 000 /system/bin/pm
mount -o remount, -rw /sbin
mount -o remount, -rw /system
mount -o remount, -rw /system/xbin
mount -o remount, -rw /system/bin
exit 0
You copied SecDroid and added some stuff, now you call it your own project. Why not continue SecDroid?
SecUpwN said:
You copied SecDroid and added some stuff, now you call it your own project. Why not continue SecDroid?
Click to expand...
Click to collapse
I copied a bunch of other stuff also, as even secdroid is not the source of most of those lines. It is an awesome initiative though. An app for the masses. For those insterested http://forum.xda-developers.com/showthread.php?t=2086276.
With the script, not really my project, I wanted to set the values immediately as I flash every other day. I got a script for that. As I would still need that for reopening the closed the stuff,every once in a while.
edit submitted most to secdroid git for the security script
added some extra scripts, handy for unbloat/batchinstall.
tip: get tasker, save these scripts as tasks, backup tasker data (from within tasker) and add task to move the backup to external card. Then you only need to install tasker copy the backup to sdcard, restore and run. Its another way
if enough people are interested I can export these scripts as apps from tasker, just install and it will do what the script does.
remember to check folder permissions as these dont always stick lol
hope you find it handy, if anyone has a script that is handy please share
delete