Related
-- Update:
User Guitwo2 wrote an excellent init.d-script to load the overclock-module on boot. To make it even easier to use, he made a flashable zip. See this post: http://forum.xda-developers.com/showpost.php?p=39659179&postcount=6
Hi,
i recently updated the overclock-module (see attachement). Before starting it, find the required addresses in memory, as the module's defaults match only the RTFR-Firmware:
Find address of transition-table
Open adb-shell, become su and type
Code:
cat /proc/kallsyms | grep -A 1 pll0_960_pll1_245_pll2_1200_pll4_800_25a
You'll find the address at the leftmost side in the first row of the result.
Find address time-in-state-table
In the same shell, type
Code:
cat /proc/kallsyms | grep -A 1 cpufreq_stats_table
Again, the required address ist at the left side of the first row.
Then, one can try to install the kernel module. Parameter "pll2_l_val" ist used to adjust the multiplier of pll2. Default is 62, i got it stable at 69 (=CPU-Speed of 69 * 19.2 Mhz / 2 = 662 MHz). You can also try to set the multipliers of pll0 and pll1. I didn't test it.
So, with the above addresses one types the following to load the kernel module (replace the addresses with the ones you found, where parameter acpu_freq_tbl_addr equals transition-table and parameter cpufreq_stats_tbl_addr takes the time-in-state-table-address) :
Code:
busybox insmod /sdcard/temp/defymini_oc.ko pll2_l_val=63 acpu_freq_tbl_addr=0xc0755bdc cpufreq_stats_tbl_addr=0xc0789134
Update: In version 0.3 there is another parameter, "vdd", which takes a value between 1 and 7 (don't play with it, as there is no error handling!), where 1 is the lowest and 7 the highest vdd. Default is 6.
CHANGELOG
2013-04-29 0.4 added source (use it for other devices with locked bootloader)
2013-04-08 0.4 beautified messages, show current vdd
2013-04-01 0.3 added vdd-level for highest freq as parameter
2013-03-27 0.2 added time-in-state table modification (CPUSpy etc)
2013-03-21 0.1 initial release
rootdefyxt320 said:
Can we change the socinfo_get_msm_cpu() or is it already fused into the silicon chip?
Click to expand...
Click to collapse
No, but we can change the definition for soc-id 96 to msm7225aa. I did it. Didn't work. when switching to 800Mhz via PLL4, device hangs and reboots.
Using cat /proc/kallsyms | grep -A 1 pll0_960_pll1_245_pll2_1200_pll4_800_25a gives grep: not found
write: Broken pipe
Bernd.Defy said:
No, but we can change the definition for soc-id 96 to msm7225aa. I did it. Didn't work. when switching to 800Mhz via PLL4, device hangs and reboots.
Click to expand...
Click to collapse
Probably not supported in kernel or we can try some how to patch it via modules like the Motorola Defy MB525/MB526 which has a locked bootloader or try to obtain the Defy XT535 kernel aka boot.img and flash it via fastboot but it's risky. I can't get the memory addresses. Just upload your boot.img from your nandroid backup so I can flash it via fastboot. What's the difference between PLL2 overclocking and PLL4 overclock?
Bernd.Defy said:
Hi,
i recently updated the overclock-module (see attachement). Before starting it, find the required addresses in memory, as the module's defaults match only the RTFR-Firmware:
Find address of transition-table
Open adb-shell, become su and type
Code:
cat /proc/kallsyms | grep -A 1 pll0_960_pll1_245_pll2_1200_pll4_800_25a
You'll find the address at the leftmost side in the first row of the result.
Find address time-in-state-table
In the same shell, type
Code:
cat /proc/kallsyms | grep -A 1 cpufreq_stats_table
Again, the required address ist at the left side of the first row.
Then, one can try to install the kernel module. Parameter "pll2_l_val" ist used to adjust the multiplier of pll2. Default is 62, i got it stable at 69 (=CPU-Speed of 69 * 19.2 Mhz / 2 = 662 MHz). You can also try to set the multipliers of pll0 and pll1. I didn't test it.
So, with the above addresses one types the following to load the kernel module (replace the addresses with the ones you found, where parameter acpu_freq_tbl_addr equals transition-table and parameter cpufreq_stats_tbl_addr takes the time-in-state-table-address) :
Code:
busybox insmod /sdcard/temp/defymini_oc.ko pll2_l_val=63 acpu_freq_tbl_addr=0xc0755bdc cpufreq_stats_tbl_addr=0xc0789134
Click to expand...
Click to collapse
I just followed your instructions.
The addresses were the same.
It seems to work so far.
Mine seems stable too.
Great work !
I am loading it on boot via a init.d script.
With : TNBST_4_0A.1F.0ERPS - WE_Orange_Spain_v22_0223_FLEXTNBST
What could we probably gain by increasing PLL0 and PLL1 ?
And which value should we choose ?
With pll2: 70 I get 672MHz stable.
Sh0m1 said:
Using cat /proc/kallsyms | grep -A 1 pll0_960_pll1_245_pll2_1200_pll4_800_25a gives grep: not found
write: Broken pipe
Click to expand...
Click to collapse
Code:
cat /proc/kallsyms > /sdcard/toto.log
Then search for pll0_960_pll1_245_pll2_1200_pll4_800_25a in the /sdcard/toto.log file.
---------- Post added at 11:08 AM ---------- Previous post was at 10:38 AM ----------
If you want to load the module on boot and have init.d support, there is attached a init.d script that will do it automatically.
There is a CWM flashable zip
0 - push the XT320_overclock.zip on your sdcard
1 - Make sure you have busybox installed
2 - Reboot with a CWM... (recovery.img attached)
Code:
>adb reboot bootloader
> fastboot boot recovery.img
3 - Flash XT320_overclock.zip thorough CWM
4 - Enjoy !
Default values are : pll2=69 and vdd=6
Edit /etc/init.d/66ocmodule for further tweaking.
In V2 - updater-script has been updated, to fix busybox permission issues.
66ocmodule script change log :
V0.1
First be sure to adjust pll2_l_val, acpu_freq_tbl_addr and cpufreq_stats_tbl_addr.
Be sure that defymini_oc.ko is in /sdcard/
1 - push the module to your phone :
Code:
adb push 66ocmodule.txt /sdcard/66ocmodule.txt
2 - in shell mode, remove the extension .txt and move the file to /etc/init.d folder
Code:
mv /sdcard/66ocmodule.txt /etc/init.d/66ocmodule
3 - Change mode to -rwxrwxrwx
Code:
chmod 777 /etc/init.d/66ocmodule
4 - Change user/group to root/root
Code:
chown 0.0 /etc/init.d/66ocmodule
That should work.
NB : you may have to remount your /system partition in rw to change user/group
Code:
busybox mount -o remount,rw -t auto /system
NB2: For init.d support go to : http://forum.xda-developers.com/showthread.php?t=1933849
NB3: have only one version of 66ocmodule in your /etc/init.d directory to avoid trouble.
NB4: if you are experiencing trouble with step 2, use
Code:
cp /sdcard/66ocmodule_vX.X.txt /etc/init.d/66ocmodule
rm /sdcard/66ocmodule_vX.X.txt
where X.X is the number version
NB5: be extra careful when editing the files. You could mess when with the end of line markers. I recommend using Notepad++ and check if the end of line markers are in unix format (LF) (view/show symbol/show all characters). You can correct that easily with edit/EOL conversion/convert to UNIX format
NB6: make sure there is a blank line in the end of the file as well
V0.2
gets automatically the needed addresses.
Module is supposed to be located at /data/defymini_oc.ko
If troubleshoot refer to the /data/oc.log log file.
Set for a 700MHz oc
Follow steps 1 to 4 for installation. Read NB, NB2 and NB3.
V0.3
Checks for the presence of older versions and gives a warning
Checks if the module is already loaded (unload if true)
Chekcs in the end if the module is loaded
+ Minor changes
pll value and module path can be edited in the beginning of the file
Follow steps 1 to 4 for installation. Read NB, NB2 and NB3.
V0.4
Vdd support
+Minor changes
pll and vdd values and module path can be edited in the beginning of the file
Follow steps 1 to 4 for installation. Read NB, NB2 and NB3.
V0.5
best busybox support
+Minor changes
pll and vdd values and module path can be edited in the beginning of the file
V0.6
Force vdd change if performance governor set
+ Minor changes
Follow steps 1 to 4 for installation. Read all NBs.
pll and vdd values and module path can be edited in the beginning of the file
Follow steps 1 to 4 for installation. Read NB, NB2 and NB3.
V0.7
+ Minor changes
V0.8
Log some info, available in logcat
V0.9
Can adjust all pll values.
What could we probably gain by increasing PLL0 and PLL1 ?
And which value should we choose ?
Click to expand...
Click to collapse
Tried to oc pll1 -> distorted display. can't recommend that. OC'ing PLL0 leads to somewhat faster 480 MHz frequency (480 MHz is generated by PLL0 and DIV2, so 960MHz / 2 => 480 MHz.) In the module only changed PLL2 is payed attention for modified frequency-tables.
---------- Post added at 11:53 AM ---------- Previous post was at 11:25 AM ----------
rootdefyxt320 said:
What's the difference between PLL2 overclocking and PLL4 overclock?
Click to expand...
Click to collapse
Simple difference: PLL2 exists in SOC, PLL4 does not exist. So Motorola didn't underclock something, they got a crippled MSM7225A. Speed ist limitied by hardware.
I'm pushing pll2_l_val to 73 (+11)
I get 700 MHz stable for now. Without overeating.
I'll keep you posted.
Guitwo2 said:
I'm pushing pll2_l_val to 73 (+11)
I get 700 MHz stable for now. Without overeating.
I'll keep you posted.
Click to expand...
Click to collapse
Do you still use the "performance" governor?
Re: Defy-Mini: Updated the overclock-module
I use setCPU with different governor. All seems to work. Higher freq (600) is replaced by a new one thanks to your OC module.
Btw 700 is stable. I runned some stress tests. Performances are increased. Linpack score goes from. 14.5 to 17.5 MFLOPS.
I was wondering if the soc pll were used by other stuff than cpu. Could explain your troubleshoot when oc pll0.
XT230 rocks now
Guitwo2 said:
I use setCPU with different governor. All seems to work. Higher freq (600) is replaced by a new one thanks to your OC module.
Btw 700 is stable. I runned some stress tests. Performances are increased. Linpack score goes from. 14.5 to 17.5 MFLOPS.
XT230 rocks now
Click to expand...
Click to collapse
...but keep an eye on stability.
For ~16% overclocking ~20% higher MFLOPS? Hmmm.... sounds - interesting.
Re: Defy-Mini: Updated the overclock-module
Bernd.Defy said:
...but keep an eye on stability.
For ~16% overclocking ~20% higher MFLOPS? Hmmm.... sounds - interesting.
Click to expand...
Click to collapse
I would rather have a buggy phone than a awfully slow one... (thank you motorola).
The linpack result shows a .5 MFLOPS standard deviation.
XT230 rocks now
I'm a noob, can you tell me what exactly do i need? Busybox?
Re: Defy-Mini: Updated the overclock-module
Sh0m1 said:
I'm a noob, can you tell me what exactly do i need? Busybox?
Click to expand...
Click to collapse
Busybox / adb or a terminal emulator / root access
Eventually init.d support if you want to use my script to automatically load the module at boot.
XT230 rocks now
Ok so i've installed busybox, done steps in the first post but nothing happened? Is it normal that the phone hadn't restarted or something?
Sh0m1 said:
Ok so i've installed busybox, done steps in the first post but nothing happened? Is it normal that the phone hadn't restarted or something?
Click to expand...
Click to collapse
It's definatly a good sign if your phone doesn't reboot. Just check the Frequencies using CPU-Spy or something else.
And please post your Firmware-Version and the adresses you used, i'll add them in the first post.
I just installed your module from the first post and i changed value from 63 to 70, and now i have 672mhz. How can i change pll2 value again? What do i type? If i use your module but with 73 instead od 63 i get: File already exists.
Re: Defy-Mini: Updated the overclock-module
Sh0m1 said:
I just installed your module from the first post and i changed value from 63 to 70, and now i have 672mhz. How can i change pll2 value again? What do i type? If i use your module but with 73 instead od 63 i get: File already exists.
Click to expand...
Click to collapse
reboot and load it again with other arguments.
Or use rmmod command
Code:
busybox rmmod defymini_oc.ko
XT230 rocks now
Sh0m1 said:
I just installed your module from the first post and i changed value from 63 to 70, and now i have 672mhz. How can i change pll2 value again? What do i type? If i use your module but with 73 instead od 63 i get: File already exists.
Click to expand...
Click to collapse
You have to remove the module first (no need to reboot):
Code:
rmmod defymini_oc.ko
Then you can install the module again.
Alright i've used 66overclock file and pushed it manually with root explorer, changed permissions, set owner and i've edited it so pll2 is 73. My phone is rebooting atm, i will post if i had success.
---------- Post added at 04:22 PM ---------- Previous post was at 04:12 PM ----------
I just cant get it to keep freq at 700 after reboot. I've done everything from Guitwo2's post and it keeps resetting to 600MHz after reboot
Hi. A week ago I had no clue about any of this so I'm definitely a noob. I wanted to say thanks to everyone on this site who have contributed to the software, who've made guides, and who have answered questions. Special thanks to kinfauns for his Beginner's Guide and his Howto Root, etc. I had already started taking notes and piecing together definitions of the various parts of this process when I found his guide and fell over in worship. Also big thanks to Jcase for his 6.3 root guide, which gave me confidence in the procedure for rooting my 6.3.2 KF. I must also extend my gratitude to Thepooch for maintaining his Index of links for the KF. Unfortunately, I found this later rather than sooner, but it was an immense help anyway. Pokey9000, ChainsDD, TWRP, the CryanogenMod team, and Hashcode deserve thanks and recognition for their development and maintenance of software. (Links to each of these pages in next post.)
My story is that from the first day I bought the KF I had planned on ditching Amazon's crappy OS, but I just didn't have time or get around to it for years. I finally got googling the other day. I saw some simple directions, but not knowing what certain things did I wasn't willing to go running programs or commands on my computer and KF without having a better understanding and trust in the authors' instructions, so I kept reading. As I always do with complicated procedures that I'll probably forget by the time I do it a second time, I began taking some fairly detailed notes, especially on procedures. When I felt knowledgeable enough, I gave it a go and had only a minor hiccup. In the spirit of helping, I'm posting those notes here for others to use.
Experts, if you care to please feel free to correct anything you see that is wrong, or make suggestions. I'll probably incorporate some corrections, but I doubt I'll maintain this for too long. In other words, read the comments, people.
Noobs, please be aware that this is in no way a fully proper and tested procedure, nor is it in any way definitive. It is merely the things I learned starting from zero and getting to the point where I was comfortable enough to move forward. So keep this in mind. It does, however, also include many of the links and sources for my information, which should also help people make their own determination on things when it's clear I'm speculating. It also extends beyond the setup process into discussing apps a bit, which should be helpful for the complete noob like me.
###############################################
##### Android / Kindle Fire Rooting and Romming #####
###############################################
Read this (skip the windows driver section, but check out the section after that for fastboot and adb commands):
----- http://forum.xda-developers.com/showthread.php?t=1552547
And then this:
----- http://forum.xda-developers.com/showthread.php?t=1638452
And then note this for v6.3:
----- http://forum.xda-developers.com/showthread.php?t=1568340
And here is the repository for links to ROMs (including stocks), bootloaders, recoveries, et al.
----- http://forum.xda-developers.com/showthread.php?t=1859851
FYI: The Kindle Fire uses the ARM architecture in an TI OMAP 4430 chip.
----- http://www.zdnet.com/blog/hardware/inside-the-kindle-fire-processor/16317
----- The OMAP 4430 is a dual-core ARM A9 part clocked at 1GHz built using 45nm CMOS process. It features Symmetric Multiprocessing (SMP) and an integrated POWERVR SGX540 graphics accelerator (supporting OpenGL ES v2.0, OpenGL ES v1.1, OpenVG v1.1 and EGL v1.3) for 3D games and UI. It also features IVA 3 hardware accelerators to allow full HD 1080p video encode/decode. The chip also features on-board USB 2.0 support.
----- FYI: The 1st-generation Kindle Fire (which I have) is 'codenamed' Otter. The 2nd-gen is Otter2.
----- ----- http://wiki.cyanogenmod.org/w/Otter_Info
###################
#### Key Terms #####
###################
ADB (Android Debug Bridge) - Communicate with and control an Android-powered device over a USB link from a computer; part of the Android SDK; has a client, server, and daemon.
----- http://www.androidauthority.com/about-android-debug-bridge-adb-21510/
Code:
./adb help
Fastboot - A diagnostic and engineering protocol that you can boot your Android device into so you can modify the file system images from a computer over a USB connection, that is, you can flash roms to it. Is part of the ASDK (Requires more than the SDK - does it?), and specific USB drivers for windows. For fastboot to work, the device has to be in fastboot mode in order for the computer to send commands to it.
----- http://www.elinux.org/Android_Fastboot
Code:
./fastboot help
----- Usually commands are in the format: fastboot <operation> <kf_source/destination> <file>
----- So to change the splash screen image, something like:
----- ----- http://forum.xda-developers.com/showpost.php?p=21262416&postcount=126
Code:
fastboot flash splash1 splash1.img
Recovery Mods - Essentially a rudimentary OS / advanced bootloader. Many are ROM managers that allow you to switch between various OS's you have stored on your device in ROM format, or to add/delete them. You basically wipe the system then install a new one each time you switch ROMs. Recovery mods also serve backup functions, and allow tethering (so you can use your phone as an internet connection for your laptop). The term 'recovery' comes from Android's /dev/mtd/mtd1 recovery partition, as compared to the /dev/mtd/mtd2 boot partition; the latter is the primary boot holding the kernel and initrd with rootfs for default boot, while the former is the backup boot holding another kernel and initrd with rootfs in case the primary borks; note that mtd3 is the system partition holding the bulk of the Android system files, mtd4 is the cache which is only used for OTA (Over The Air Amazon/Sprint/Verizon updates) so largely unused, and mtd5 is userdata for user-installed apps and data.
----- http://www.elinux.org/Android_Fastboot
----- TWRP (Team Win Recovery Project) is one popular recovery, built on ASOP (Android Open Source Recovery) recovery.
----- ----- http://www.teamw.in/project/twrp
----- ----- http://teamw.in/project/twrp2/79 <- the kindle fire page
----- CWM (ClockworkMod) is another recovery, but there is some sort of bug with certain chips in 1st-gen Kindles that will brick sometimes with CWM, so don't use it.
----- ----- http://www.clockworkmod.com/
----- COTR (Cannibal Open Touch Recovery) is a newer recov. Open as in open source, touch as in touch screen.
----- ----- http://www.redmondpie.com/cannibal-...ures-of-all-custom-recoveries-under-one-hood/
Bootloader - Just like a linux bootloader. This is the first thing you install (after you get root access). The Kindle requires a special one because there needs to be a way to access recovery with just one button (as opposed to a cell phone).
----- FFFe (FireFireFire Extended) - Seems to be the most popular for Kindle Fire. The extended, I believe, is a variations where dual boot is enabled (see Recovery Mods info to get an idea of how that works.) To use it, when the logo pops up after you turn on the Fire press the power button. It also does some other stuff, like make fastboot easier (I think the usb detection triggering fastboot is the 1st stage, and the rest of FFF is second). I believe that FFF is based on kf_u-boot (which is now outdated?).
----- ----- http://forum.xda-developers.com/showthread.php?t=1369405
----- ----- http://forum.xda-developers.com/showthread.php?t=1615093 dual boot with FFFe
----- kf_u-boot - Pokey9000's (from http://forum.xda-developers.com) KF-specific fork of the firmware Das U-Boot (typically abbreviated as just "U-Boot") for Embedded PowerPC, ARM and MIPS systems.
----- ----- http://www.denx.de/wiki/U-Boot/
Bootmode - "As the Kindle Fire powers up or reboots, the bootloader begins to do its job and checks for the bootmode of the device. The bootmode tells the bootloader how it should proceed in the boot up process. Most users will just be concerned about three of these bootmodes: normal (4000), fastboot (4002), and recovery (5001). In a great majority of the cases, the Kindle Fire will be in the normal bootmode setting, telling the bootloader to continue right on to booting the operating system. However, there are circumstances when the device needs to be started up directly in fastboot or recovery mode. This is possible by changing the bootmode setting and rebooting the device. Bootmode is a persistent setting, meaning the Kindle Fire will remember this new setting until it is changed again. No amount of restarts or ROM flashes will change the bootmode until it is explicitly changed again."
----- http://forum.xda-developers.com/showthread.php?t=1552547
SU and Superuser.apk - Superuser is an app that manages what apps on your rooted device have access to the su binary. Apps that are granted su have elevated permissions and can modify just about any part of the system. Superuser.apk runs as any other app and gives you, the user, a place to see what apps you have allowed or denied, as well as view a log of which apps have used su when. The su binary is what other apps call when they need superuser rights. The binary checks the database maintained by Superuser.apk to determine if you have already granted rights to the requesting app, and if not tells Superuser.apk to display a prompt asking you for permission. Superuser comes pre-installed on any rooted ROM. In fact, without it, you don’t have a rooted device at all. You cannot uninstall it, it lives on the system partition with other apps that came pre-installed on your device. It can be updated from the Market if the developer of your particular ROM has used a version that is signed with the proper keys, which are publicly available on my github (see link).
----- http://androidsu.com/superuser/ (You want the ARM architecture for the KF.)
##########################################
##### Set up ADB and Fastboot (via ASDK) #####
##########################################
http://androidtweak.in/general/installing-and-setting-up-android-sdk-adb-and-fastboot-on-gnulinux/
1. Download and unpack the Android SDK from Google to /opt. Get the full ADT bundle.
----- http://developer.android.com/sdk/index.html#ExistingIDE
2. Inside its directory, inside sdk/tools, run ./android.
3. In the SDK Manager that opens check that under Tools the Android SDK Platform-Tools are installed. If not, install them.
4. Exit the SDK Manager.
5. Verify that there is now a sdk/platform-tools directory, and that adb and fastboot are in it.
6. If you want, you can add blah/sdk/platform-tools to your $PATH.
Code:
PATH=$PATH:blah/sdk/platform-tools
####################################################
##### Get ADB to recognize the device (Kindle Fire) #####
####################################################
1. Plug in your device. The screen that comes on is called Mass Storage Mode, which allows you to mount /mnt/usb (with fstab setup correctly: /dev/sdh /mnt/usb auto defaults,noauto,user,uid=1000,gid=100 0 0 # kindle fire). Pressing 'Disconnect' on the Kindle will turn off this mode. The following I did with it on, but I don't think it matters.
2. Run 'adb devices'. If you see the first results, ignore the rest of this section.
----- https://rechtzeit.wordpress.com/2011/02/24/adb-devices-shows-no-permissions/
Code:
adb devices
List of devices attached
0123456789012345 device
----- If you see the following, then udev is unable to determine the permissions for this USB device.
Code:
adb devices
List of devices attached
???????????? no permissions
3. Verify the device is connected and get some basic info. (If you're unsure which device is yours, do a lsusb before plugging it in as well.)
Code:
lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 004: ID 1949:0006 Lab126
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
...
----- So the Kindle is device 004 on bus 002, the vendor ID# is 1949, and 0006 is the device #.
4. Get more info. Note that the first result will probably be the last usb device plugged in, but verify by looking at the idVendor and idProduct as well as the manufacturer and product attribute lines.
Code:
udevadm info --attribute-walk --name=/dev/bus/usb/002/004
looking at device '/devices/pci0000:00/0000:00:13.2/usb2/2-5':
KERNEL=="2-5"
SUBSYSTEM=="usb"
DRIVER=="usb"
ATTR{configuration}==""
ATTR{bNumInterfaces}==" 2"
ATTR{bConfigurationValue}=="1"
ATTR{bmAttributes}=="c0"
ATTR{bMaxPower}=="500mA"
ATTR{urbnum}=="1473"
ATTR{idVendor}=="1949"
ATTR{idProduct}=="0006"
ATTR{bcdDevice}=="0216"
ATTR{bDeviceClass}=="00"
ATTR{bDeviceSubClass}=="00"
ATTR{bDeviceProtocol}=="00"
ATTR{bNumConfigurations}=="1"
ATTR{bMaxPacketSize0}=="64"
ATTR{speed}=="480"
ATTR{busnum}=="2"
ATTR{devnum}=="4"
ATTR{devpath}=="5"
ATTR{version}==" 2.00"
ATTR{maxchild}=="0"
ATTR{quirks}=="0x0"
ATTR{authorized}=="1"
ATTR{manufacturer}=="Amazon"
ATTR{product}=="Kindle"
ATTR{serial}=="123456789012345"
5. If you haven't up to this point, switch to root.
6. Create a udev rules file for the device.
Code:
cd /etc/udev/rules.d/
vi 99-android.rules
----- Note that udev is being replaced by hal (at least in Slackware), and so a rules/policy file will probably need to be made in /etc/hal/fdi/policy instead of this in the future.
7. Enter the following into it and save. You should be able to leave out owner:group to let anyone use, and there are probably several other variations that will work (e.g., I believe instead of SYSFS you can have ATTR or ATTRS).
Code:
SUBSYSTEM=="usb", SYSFS{idVendor}=="1949", OWNER="me" GROUP="users", MODE="666"
8. Try it again as root, and then as your user. You should now see the serial number from the udevadm command.
Code:
adb devices
List of devices attached
123456789012345 device
9. You will also need to add a second, identical line changing the idVendor attribute to "18d1". This may not become a problem for you, but when the KF boots into fastboot mode it ceases to be recognized as a standard Kindle and instead looks like this:
Code:
lsusb
...
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 002: ID 18d1:0100 Google Inc.
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
######################
##### Temp Root It #####
######################
In order to gain root access to the device, you must use one of several methods. Which one you use will depend on the device and its current system (firmware?) version. To find your version go to Settings -> More -> Device -> System Version. As of this writing (2013-09-20), my 1st-gen Fire is version 6.3.2. The generic Android root util called SuperOneClick is known to work on at least the 6.2 Kindle software versions. You can also install an app on your Kindle called ES File Explorer (Apps -> Store -> search for 'ES', select the app, click Free, click Get App, click Install, etc., Open App) that has a root util that comes installed in it (which should show up right there, check out youtube vids for details). You can also do it by hand using fbmode (known to work with 6.2 through 6.3.1). Note that most of the one click type utils just batch run fbmode commands or similar by hand methods.
1. Go to Settings -> More -> Device
----- 1a. -> Allow Installation of Applications, change it to on.
----- 1b. Be sure you see Battery Fully Charged. If something goes wrong, you don't want it running out of juice before you can fix it.
2. Connect your device to the computer, and disconnect (aka turn off Mass Storage Mode).
3. Verify that adb is working. The prompt in the first result means it is. If it's not you'll see the device not found error. (Be sure to exit the adb shell when done.)
Code:
adb shell
$
$ exit
adb shell
error: device not found
4. (Be sure to exit the adb shell first.) Check to see if you already have root access. If you get the first result, then you have root access and can skip the rest of this section.
Code:
adb root
adbd is already running as root
adb root
adbd cannot run as root in production builds
5. Get into fastboot mode somehow, fbmode is the easiest. This is a workaround to get you into fastboot mode when you don't have root privileges. Note that once you have root privileges, you can change the bootmode with "adb shell idme bootmode 4002; adb reboot" instead. (Also, I'm not sure if fbmode gives permanent root privileges.) First download fbmode and unzip it into the platform-tools dir.
----- http://forum.xda-developers.com/showthread.php?t=1414832
----- MD5sum: 091dc2ca822eab525d85aad629add7d3 fbmode.zip
----- I extracted it to sdk/platform-tools/fbmode(by_pokey9000).
----- 5a. Place the fbmode file onto your KF in /data/local/tmp. (You can also use /data/local. The /data partition is write accessible to unprivileged users so that's why we use it.)
Code:
adb push fbmode(by_pokey9000)/fbmode /data/local/tmp
3225 KB/s (510876 bytes in 0.154s)
----- 5b. Change the file to executable by running a command in a remote shell on the KF, and verify.
Code:
adb shell chmod 755 /data/local/tmp/fbmode
adb shell ls -l /data/local/tmp/fbmode
-rwxr-xr-x shell shell 510876 2011-12-29 01:32 fbmode
----- 5c. Now run the binary via a remote shell, and verify.
Code:
adb shell /data/local/tmp/fbmode
----- 5d. Reboot the device (will reboot into fastboot).
Code:
adb reboot
6. Immediately continue with installing a bootloader.
############################
##### Install a Bootloader #####
############################
There are lots of these available. Currently (2013-09-20) FireFireFire Extended v1.4a seems to be the most popular. Note that the older version of FFFe (prior to 1.4) caused the yellow triangle boot hang problem you may read about. As mentioned in the Key Terms above, you will need a bootloader specifically designed for the Kindle Fire so you will be able to access the recovery partition/software using the only (power) button.
1. Download FFFe, and unzip it into the platform-tools dir.
----- http://forum.xda-developers.com/showthread.php?t=1632375
----- ----- https://code.google.com/p/kindle-alt-roms-cm10-cm9-dev/downloads/detail?name=fffe-1.4.1-awidawad.zip
----- ----- SHA1: b99620e382ea5d01cb6fa9e465ab719f63621780
----- or: http://goo.im/devs/Hashcode/otter/bootloader/ <- this one is hashcode's and I think I trust it more.
----- ----- MD5sum: 419c53b922c963082454b14b7de75a90 fff-u-boot_v1.4a.zip
----- I extracted this into sdk/platform-tools/fff-u-boot_v1.4a(by_hashcode)
2. Flash the fff binary to the bootloader partition. The binary will be in the cache directory. I'm not sure you even need the META-INF files or the padfile. I expect it would have been fine to go from sdk/platform-tools/fff-u-boot_v1.4a(by_hashcode)/cache/fff-u-boot_v1.4a.bin, however, I'm not sure how important the other files are so I unzipped it all to the sdk/platform-tools dir and used it from there. The -i 0x1949 switch is required for non-root privileged devices.
Code:
fastboot -i 0x1949 flash bootloader fff-u-boot_v1.4a.bin
sending 'bootloader' (243 KB)...
OKAY [ 0.065s]
writing 'bootloader'...
OKAY [ 0.177s]
finished. total time: 0.242s
3. Continue immediately with flashing the recovery.
##########################
##### Install a Recovery #####
##########################
1. Download TWRP. As of this writing (2013-09-20) TWRP is at 2.6.3, and we want the Otter. (Note the codename for KF 1st-gen is Otter. So I assume Otter is what we want, but I've seen people mention or reference Blaze a lot. I'm not sure what that is, but since the references were usually a year or so old and since I know Otter will be correct, I'm going with Otter.)
----- http://teamw.in/project/twrp2/79
----- MD5sum: 8b5e6f15ab88ce52022991925dcd4ac0 openrecovery-twrp-2.6.3.0-otter.img
----- I extracted this directly into sdk/platform-tools/.
2. Flash the openrecovery image to the KF's recovery partition. The -i 0x1949 switch is required for non-root privileged devices.
Code:
fastboot -i 0x1949 flash recovery openrecovery-twrp-2.6.3.0-otter.img
sending 'recovery' (6564 KB)...
OKAY [ 1.648s]
writing 'recovery'...
OKAY [ 1.416s]
finished. total time: 3.064s
3. You now need to reboot the KF. Do not do 3a, but read because in Jcase's 2.6.3 instructions, he tells you:
----- http://forum.xda-developers.com/showthread.php?t=1568340
----- 3a. Your device will now boot into twrp recovery, and flash the firefirefire bootlaoder. When done it will prompt you to reboot. Upon reboot you will get stuck on the "yellow triangle" screen of firefire fire.
Code:
fastboot oem idme bootmode 5002
fastboot reboot
----- I have no idea what he's talking about. Those commands did not work for me. When I figured out how to restart in a manner that made more sense (see 3b.), I selected to boot into the TWRP recovery, and as far as I could tell, TWRP did not flash its own version of FFF, nor did it reboot. It simply started TWRP. I poked around in there. It did at one point tell me that it was not yet rooted and asked me if I wanted to have it do it, but I declined to follow the rest of Jcase's instructions. Point of the story: ignore 3a, and do 3b instead.
----- 3b. Reboot the KF.
Code:
fastboot -i 0x1949 reboot
rebooting...
finished. total time: 0.000s
4. This will now boot into the FFF bootloader, which will offer you a choice prior to booting into the primary OS of booting into recovery. You will want to do that for the next commands to work. You need to immediately continue to permanently root it.
############################
##### Permanently Root It #####
############################
1. Get Superuser/Su and unzip it. As of this writing (2013-09-20) the latest is Superuser 3.2 RC3. The KF uses the ARM chip architecture so we want the ARM version (see above in the Key Terms section). Note that you need to make its own directory to unzip it into because all but two of its files are the same that as those that came with FFF, and in case they are different (use diff) you don't want to replace them; if they are different, you'll have to make the call which versions you want to use. The two files you do want no matter what will be in the system/ directory.
----- http://androidsu.com/superuser/ (You want the ARM architecture for the KF.)
----- MD5sum: 6462ac14cd38ed7c539ce3e29a6b92a8 Superuser-3.2-RC3-arm-signed
----- I extracted it into sdk/platform-tools/Superuser-3.2-RC3-arm-signed(by_ChainsDD)
----- 1a. Once in recovery, mount the /system partition in read/write mode. ("adb shell remount system" might also do this, and it will change a mounted /system between r/w and ro.)
Code:
adb shell mount system
----- 1b. Copy su to the right place in /system.
Code:
adb push Superuser-3.2-RC3-arm-signed(by_ChainsDD)/system/bin/su /system/xbin/su
3447 KB/s (85096 bytes in 0.024s)
----- 1c. Change the ownership to root only (so nobody can mess with it).
Code:
adb shell chown 0.0 /system/xbin/su
----- 1d. Change the permissions to executable (so anyone can try to get su), and verify.
Code:
adb shell chmod 06755 /system/xbin/su
adb shell ls -l /system/xbin/su
-rwsr-sr-x 1 root root 85096 Feb 29 2008 /system/xbin/su
2. Disable the root checker by renaming the executable. (I suppose you could just chmod a-x it, but this is how the pros do it, so I'll stick with their method.) I'm not entirely certain what check_rooted does, but I assume it is used by Amazon and will cause headaches.
Code:
adb shell ls -l /system/bin/check_*
-rwxr-xr-x 1 root shell 54680 Aug 1 2008 /system/bin/check_prereq
-rwxr-xr-x 1 root shell 5556 Aug 1 2008 /system/bin/check_rooted
adb shell mv /system/bin/check_rooted /system/bin/check_rooted.bak
adb shell ls -l /system/bin/check_*
-rwxr-xr-x 1 root shell 54680 Aug 1 2008 /system/bin/check_prereq
-rwxr-xr-x 1 root shell 5556 Aug 1 2008 /system/bin/check_rooted.bak
3. Return to normal bootmode (4000), and reboot. (Actually I'm not sure we ever changed it since we didn't use Jcase's "oem idme bootmode 5002" command, and I'm pretty sure fbmode only changes it for 1 reboot. But doing this will not hurt anyway.)
Code:
adb shell idme bootmode 4000
<idme> write 4000 to offset 0x1000
adb reboot
4. After reboot, when you're back in Amazon's default OS, install the Superuser app. It will appear in your carousel. Play with it.
Code:
adb install system/app/Superuser.apk
7539 KB/s (1500495 bytes in 0.194s)
pkg: /data/local/tmp/Superuser.apk
Success
######################################
##### Make A Full (up to 8GB) Backup #####
######################################
This will back up all partitions and the hidden NVRAM data. If you ever have to restore from scratch, you can get fastboot to write a new partition table and then fastboot in these backups. Need >8GB local free, and adb installed and able to get a shell.
----- http://forum.xda-developers.com/showthread.php?t=1369405
1. Make a new directory to store the dump files and cd into it.
Code:
sudo mkdir /mnt/1.2tb.pri_my300/KindleFire
sudo mkdir /mnt/1.2tb.pri_my300/KindleFire/preROMing.backup
2. Make sure that your KF is running adb as root (as above in #? of the Root It section).
Code:
adb root
adbd is already running as root
3. Then pull the blk copies from the device. This will place them on the root fs, and then I move them to the backup directory. (I'm sure you can direct them to the end destination with pull, but I didn't figure that out before I ran this.)
Code:
for F in `seq 1 12`; do adb pull /dev/block/mmcblk0p$F; done
adb shell idme ? > nvram.txt
sudo mv mmcblk* nvram.txt /mnt/1.2tb.pri_my300/KindleFire/preROMing.backup
#######################
##### Install a ROM #####
#######################
http://forum.xda-developers.com/showthread.php?t=1638452
1. Download the one you want from the link. Hashcode, who is active on xda-developers, maintains the CryanogenMod, and he seems to be trusted to do quality work so I'll use the latest CM ROM. As of this writing (2013-09-20) the CryanogenMod-10.2 is current. Note the codename for KF 1st-gen is Otter (not Otter2, not sure what blaze is for).
----- http://forum.xda-developers.com/showthread.php?t=2410112
----- http://goo.im/devs/loosethisskin/otter/cm-10.2
----- MD5sum: 7a5c807f410ecaeb37220bda8c7b4eee cm-10.2-20130913-0258-otter-sgt7.zip
2. Copy the ROM.zip file to the /sdcard directory on the KF, and checksum it.
Code:
adb push cm-10.2-20130913-0258-otter-sgt7.zip /sdcard
6569 KB/s (186800117 bytes in 27.769s)
adb shell md5sum /sdcard/cm-10.2-20130913-0258-otter-sgt7.zip
7a5c807f410ecaeb37220bda8c7b4eee /sdcard/cm-10.2-20130913-0258-otter-sgt7.zip
md5sum cm-10.2-20130913-0258-otter-sgt7.zip
7a5c807f410ecaeb37220bda8c7b4eee cm-10.2-20130913-0258-otter-sgt7.zip
2. Definitely check and follow the instructions on the specific ROM's info page. In this case, I believe it is the standard methodology. Since it tells us to also install Gapps, we need to download that as well. (See Install Gapps section below for more info.)
----- 2a. Download it. In my case, Hashcode has given instructions to get it the following link. You are to match up your CryanogenMod version with the appropriate Gapps version, which is made easy with the table at the top.
----- ----- http://goo.im/gapps
----- ----- MD5sum: 1f51b5cc6370c1f45dc951109b6ce6ed gapps-jb-20130813-signed.zip
----- 2b. Copy it to the KF, and checksum it.
Code:
adb push gapps-jb-20130813-signed.zip /sdcard
adb shell md5sum /sdcard/gapps-jb-20130813-signed.zip
1f51b5cc6370c1f45dc951109b6ce6ed /sdcard/gapps-jb-20130813-signed.zip
3. Wipe cache, dalvik, data and system (full wipe). Wipes typically remove the existing files in the data and cache partitions that could interfere with the operation of the new system software. A "Factory Reset" will delete any installed apps, software/network settings, etc. It will not touch the /sdcard directory that contains music, eBooks, and files of that nature. In our case, we need to do the four listed by Hashcode.
----- 3a. From the main menu of TWRP, Wipe -> Advanced Wipe -> Select Partitions to Wipe
----- 3b. Check the dalvik, data, cache, and system boxes.
----- 3c. Swipe to Wipe.
4. Install from your ROM.zip, and tell it to install Gapps while you're at it.
----- 4a. From the main menu of TWRP, "Install"
----- 4b. Navigate to the /sdcard directory on the left (should be the default the first time you use TWRP) and select the cm-10.2-20130913-0258-otter-sgt7.zip file from the list on the right.
----- 4c. Check the box "Zip file signature verification?" if you've placed .md5 files with the zips. Even though you already have, it's nice to make sure TWRP agrees with you.
----- 4d. Press "Add More Zips"
----- 4e. Select the gapps-jb-20130813-signed.zip file from the right.
----- 4f. Swipe to flash install them.
5. When it's finished and you are prompted, press "Reboot.
6. When you reboot, CM will take some time to get going the first time, just let it. Then walk through the setup process. All your setings, like the Wi-Fi password, will be gone and need to be recreated.
7. Cleanup by deleting the zips within the File Manager app.
###################################
##### Install Google Apps (Gapps) #####
###################################
You may not actually need this. It may come installed with the ROM, but you'll definitely want Gapps either way because this includes Google Marketplace where you can get all the Android apps.
1. Download it. In my case, Hashcode has given instructions to get it the following link. You are to match up your CryanogenMod version with the appropriate Gapps version, which is made easy with the table at the top.
----- http://goo.im/gapps
----- MD5sum: 1f51b5cc6370c1f45dc951109b6ce6ed gapps-jb-20130813-signed.zip
###################################
YOU'RE DONE MOTHER****ER!
Play around.
Try some other stuff:
###################
##### ~/.android #####
###################
It's useful to have a single place on your main box to keep everything you want/need. So:
1. Make a ~/.android dir and cd into it.
2. Make some dirs.
----- .Bootloader
----- .Recovery
----- .ROM
----- .ROM/CM-10.2
3. link to platform tools
Code:
ln -s ../../../opt/adt-bundle-linux-x86_64-20130917/sdk/platform-tools/ .platform-tools
4. Move the fbmode and superuser dirs from there to here.
----- .fbmode(by_pokey9000)
----- .superuser-3.2-RC3-arm-signed(by_ChainsDD)
5. Move fff-u-boot_v1.4a(by_hashcode) into .Bootloader, move openrecovery-twrp-2.6.3.0-otter.img into .Recovery, move cm-10.2-20130913-0258-otter-sgt7.zip and gapps-jb-20130813-signed.zip in .ROMS/CM-10.2 (you move gapps with it because it is fairly specific to the ROMs)
6. CD to the real /opt/.../platform-tools. Symlink to those six dirs and files.
#####################
##### App Backup #####
#####################
Besides complete backups, you can also simply save the apps you have installed to you 'puter. This is useful before you go uninstalling **** that you only think you don't need. Of course, there are apps that will do most of the following for you, namely Titanium Backup, which you should probably use since they'll sync things instead of just overwriting.
1. Navigate to your ~/.android/ director.
2. mkdir an apps folder, an apps/system, and an apps/data.
3. Copy all the apk files to your pc. Note that the data/app files are all unimportant apps that you've downloaded. The system ones are what you really need to be concerned about removing.
Code:
adb pull /system/app ./app/system
pull: building file list...
pull: /system/app/FaceLock.apk -> ./FaceLock.apk
pull: /system/app/VoiceSearchStub.apk -> ./VoiceSearchStub.apk
pull: /system/app/TalkBack.apk -> ./TalkBack.apk
...
adb pull /data/app ./app/data
pull: building file list...
pull: /system/app/FaceLock.apk -> ./FaceLock.apk
pull: /system/app/VoiceSearchStub.apk -> ./VoiceSearchStub.apk
pull: /system/app/TalkBack.apk -> ./TalkBack.apk
...
----- You can also look at the package list via the package manager, and include their associated files (-f) if you want.
Code:
adb shell pm list packages
...
adb shell pm list packages -f
...
----- Or grab the list files directly and look at them.
Code:
adb pull /data/system/packages.xml .
adb pull /data/system/packages.list .
----- You can install or uninstall via adb (assuming you have root access and system is mounted rw)
Code:
adb root
adb remount (or adb mount -o rw,remount /system)
adb install <package name>
adb uninstall <package name>
----- Or more viciously:
Code:
adb shell rm -f /system/app/<apk-name>.apk
----- Or via the package manager:
Code:
adb shell pm uninstall <package-name>
###############################
##### Remove Unneeded Apps #####
###############################
Check out this page to give you a list of apps included with your specific CM OS version. Then remove ones you don't want. You will want to use ES File Explorer to shutdown, clear data/cache, then uninstall these. For some you'll need to use ES in root mode, which can be found in ES's settings.
[couldn't post the url]
[couldn't post the url]
Android Keyboard (AOSP) - If you replace this with a different keyboard, you can remove this safely. I like Hacker's Keyboard, but honestly I don't feel quite safe eliminating this one altogether.
Apollo - Music app/widget. You will probably want to replace with something else that handles more codecs.
Bluetooth Share - The KF doesn't have bluetooth.
Bubbles - This and other wallpapers can obviously be removed.
Calculator - Might want to replace this with a better one.
Calendar, Calendar Storage - You can remove this, but Google uses it to sync with your Google account. More importantly, it appears that _LOTS_ of calendar apps use Google's Calendar/Sync as a proxy. So even if you find a different calendar app, it might need Google's stuff here to work correctly. Leave it alone.
Cell Broadcast (Receiver) - This app operates on a different frequency than primary cell/data/text service. This means that when an emergency happens and too many people are calling each other at the same time, the cell carriers, and really the govt, can broadcast emergency info that will get to everyone. You can also use it to listen to a specific channel if you know someone is broadcasting on it. Obviously, since the KF doesn't have cell service, this is completely useless and can be removed.
Clock and cLock - You can remove both, but the system Clock might need to be kept for certain apps to function. cLock doesn't need to be there. I did take out both, and FancyWidget's clock kept working so it obviously didn't depend on this app and took date/time from the system itself. That said, Clock does provide an alarm, and so might possibly be the primary alarm service.
Downloads & Download Manager - You might be able to replace these, but why bother.
DSP Manager - Digital Sound Processing. This is basically an equalizer, but does let you make different settings for speakers, headphones, etc. There are probably better, but why bother. More, do you really need this at all? Wait and find out.
Email - An email client. Can be replaced by something else. You don't need this as long as you're solely using gmail or other web-based email.
Exchange Services - This is a client for MS Exchange. It provides the server-client sync.
Face Unlock - Provides capability to unlock screen with face recognition. With no camera, the KF has no need for this whatsoever.
File Manager - If you've replaced it with ES File Explorer, you can remove this. However, I think it's not a bad idea to keep this around as a backup. Of course, with the ability to use ADB to install, it's really not necessary.
Focal - This is CM's replacement for android's standard camera app. The KF has no camera, remove this.
Gallery - Is a simple 3d photo browser. There are probably better ones, but since your KF doesn't have a camera this will only be useful for pics you grab from the net. You probably will not need anything better.
Google Ears - This is a widget that will ID songs for you by listening. This is a problem since the KF doesn't have a built in mic. It might work via a headset device's mic. You can try it and see. I'm not sure if this might also ID a song playing through the KF, like if you're listening to internet radio.
Google Feedback - This is the app that reports back to Google when apps bork. I always turn error reporting off, but removing this would ensure nothing hinky takes place without your knowledge. On the other hand, other Google apps might wig out if it's not there. CM says it's safe to remove.
Google One Time Init - This runs the first time you start the device. That CM link says that it conflicts with another Google app. Remove it after the first run.
Google Partner Setup - Not sure what it does, but according to the second link it's no problem to remove. I removed it from the startup list so far.
Live Wallpaper Picker - Yeah, you need this.
Market Feedback Agent - It's a Google app that allows other apps to call it and ask you to provide market feedback, you can safely kill or remove it.
Media Uploader - This is an app for use with Swingular.com that lets you take pics of yourself and share them to people you're cybering with. It has things like auto-faceblurring. You can use this without a cam, but with the KF it seems unlikely. Remove.
Mobile Data - Used for data xfer on cell carrier network. Pretty sure it won't hurt to remove.
Mobile Network Config - Used for configuring cell network. Pretty sure it won't hurt to remove.
Movie Studio - This is a fairly low-rated video editor. It was probably included by CM for size and/or simplicity. You don't really need a vid editor on your KF since with no camera you can't take vids. I honestly can't imagine needing to replace this, so remove.
News & Weather - A simple news reader app. Probably should find a replacement.
Notepad3 - This is a simple text editor app. It is very small, so you could probably leave it even if you replace it with something else.
One Time Init - See Google One Time Init above. I think these are two parts of the same thing, but this one might be to trigger the CM Account app and prompt for registration.
Picasa Uploader - Uploads pics to your Picasa account. Since no camera on KF, remove this.
Pico TTS - Is a service for Text to Sound. It might only be used by TalkBack below, in which case you can eliminate it. But, it also might be used by other TTS apps, in which case you'll probably want it around.
Provider Telephony - Provides APIs for monitoring the basic phone information, such as the network type and connection state, plus utilities for manipulating phone number strings. Probably can safely remove this.
Search Applications Provider - This has to do with Google Search. Apparently there's a bug in it that makes this slow down search. I don't think it's a good idea to remove this, but you should disable it in the App Manager. This could, however, cause problems so keep it in mind.
Setup Wizard - Runs the first time you start phone. Remove it.
SMS Push - This has to do with text messaging and also WAP Push. You can probably remove it, but might want to wait.
----- [couldn't post url]
Sound Recorder - A simple recorder. Probably don't need more.
TalkBack - This is a Google app that will read and speak aloud text from your phone's menus and some Google apps. So for Gmail it'll read the subject line of each email you touch. It's for blind people and probably not all that great for them, either, since it's pretty limited. There are other apps that do TTS (Text to Sound), and I'd recommend looking into those. I'd say remove this, but who knows how *****y Google will get about it. See Pico TTS above.
Terminal Emulator - Is one of the most popular terms. I think Terminal IDE is better, so you should at least add that, if not replace this altogether.
Trebuchet - This is a launcher service which does a lot more than just launch apps. Good launchers provide _lots_ of additional ui customizations, and Trebuchet is one of the better ones. Keep it unless something changes in the near future. Halo (notification manager) is somehow related to this, although I think it is a seperate app; Halo is also considered excellent.
User Dictionary - A user dictionary addon for android devices that do not have a standard user dictionary component. It is used by the keyboard and god knows what else. Do not remove it. There are similar apps. It might be possible to replace this with one of the others, but why bother.
Voice Dialer - This is a voice activated dialer for phones by Google. Obviously the KF doesn't need it.
Voice+ - Another phone related Google app; it catches all outgoing calls and uses Google Voice service to connect you with the dialed number by calling you back on your selected callback number first, then calling the number you dialed. I think it basically covers your cell phone's number with an online one. Obviously the FK doesn't need this, either.
###################
##### Add Apps #####
###################
Important:
DroidWall - Simple firewall app, lets you whitelist apps to give access to the internet.
Titanium Backup - System backup/restore app, lets you transfer apps/data/settings from one OS/mod to the next.
ES File Explorer - File manager.
ES Task Manager - Lets you kill apps.
TrustGo Security - FW/AV. Lets you scan your system/apps, scan incoming, etc. Currently one of the better free Firewall/AntiVirus for Android. It will probably be replaced by the next time you need to dl one, so google.
Greenify - Resource manager of sorts, it lets you choose which apps to have free reign of resources, and which to stick into hibernate mode when you're done using them. This means you don't have to constantly use ES Task Manager to kill apps when you're finished with them.
Adfree - Downloads/Updates a hosts file to block ads from the internet and apps.
System Tuner - Has endless tweaks, diagnostics, and functions.
Terminal IDE - A terminal emulator with all sorts of nice features and commands. Just poking around in this for a couple minutes and I'm in love. It installs a bunch of C binaries of commands you're used to, giving a much more familiar robustness. Note that this will create a $HOME directory for you that exists within the app's own /data/ directory tree. If you want to create a single home for all apps, you will need to make some changes.
ROM Manager - This would be useful if it would use TWRP, but since it's developed by the same guys as ClockworkMod Recovery, it insists you install that. Since at this time it seems CWM has problems with Kindle Fire?, you probably won't be able to use much of this for a while. What you really need is to find an entire system image creator for backups. ROM Manager does have a function for fixing permissions, which presumably makes sure nothing has messed up the permissions on important sys files.
Apps:
Amazon App Store - This is the second largest after Google's, but you'll have to get the app store app to use it. And there will be apps only available there.
Keyboard - You can remove the keyboard that comes with your OS if you replace it with a different one.
Hacker's Keyboard - This is a full keyboard complete with arrow keys. It also has a function key to get Home, End, the F row, etc. You can set it so that it will use the Android Keyboard in portrait mode, but switch to the HK in landscape.
Swype - Lets you drag finger across screen to each letter rather than tapping.
SwiftKey - Predictive text is the specialty here, gets to know you and can predict your next word.
Widgets:
FancyWidgets - Not perfect, but gives you a nice clock/weather widget.
WeatherBug - Gives you detailed weather info.
Browser:
Android Browser: Seems fast.
Dolphin - I think this is the winner. Pretty fast, and also has a lot of good features.
FF - Seems slow, and also has your familiar add-ons, but there would be the nice advantage of bookmarks sync. Of course, with a hosts file based ad block (AdFree) you won't need adblock and that should help.
Opera - Seems fast but limited in features.
There are many others.
Browserlike Apps:
Gmail - Google's gmail reader app.
Tapatalk - A BBS forum reader/interface app.
Facebook - Some say a good, others say a ****ty FB reader app.
DuckDuckGo - Is a search app that I believe you can set up to punt you off to a browser if you're going to do much more.
Ebook Reader:
----- TTS (Text to Sound) - I'm not sure if you'll need one of these or if one will come in your ebook reader, but I think you'll eventually want to check it out. It'd be nice to be able to have a book or wikip page read to you while doing other ****. Also see Pico TTS.
There are a lot.
Video Player, Video Editor:
tbd
Music Player:
tbd
News Reader:
tbd
Pic Viewer, Pic Editor:
tbd
RSS Reader:
tbd
Maps:
Google Maps - Supposedly there's a way to get offline maps, but I couldn't figure it out.
Maps With Me - Offline. I dig it.
OsmAnd - Offline. Didn't like.
RMaps - Offline. Didn't like.
MapsOn - Offline. I dig it.
Misc:
Google Sky Map - A very fun app to have to see the location of stars, planets, galaxies, and constellations.
Bubble Level (not sure of name) - An app that will act like a carpenter's level.
Screenshot UX - Lots of root and non-root screenshot apps. I liked this the best.
Games / Learning - Be very careful of these. Definitely want to AV scan these before using. Watch their permission requests for strange things they shouldn't need.
Chess Free
Sudoku Plus
Duolingo - Learn a language.
Solitaire
Tetris
##################################
##### Stop Auto Startup of Apps #####
##################################
It will scare you how many apps and services startup by default. Use SystemTuner -> Startups. And uncheck all these (note that some need to have other things installed before you do this, like the Android Keyboard, so be smart).
Android Keyboard AOSP
Calendar, Calendar Storage
Clock - This might cause probs, but shouldn't.
CyanogenMod Account
DSP Manager - You may want to check that this starts on its own when you start your media apps. If not, if you want this you'll have to start it by hand, or turn this startup back on.
Firefox
Gallery
Gmail
Google Contacts Sync
Google Partner Setup
Google Play services
Google Play Store
Google Search
News & Weather
ROM Manager
System Tuner
Titanium Backup
WeatherBug
Fixed. No links in 3rd post, sorry.
Sent from the 404
How to fix always maxed CPU usage and its result, high battery drain.
Whats the reason?
This is due to some "program" that tries to log something, unfortunately, this process takes up all CPU capacities.
I have encountered this issue (after Nandroid Restore) and I thought it might by worth mentioning. It not only happens after Nandroid Restores, as my friend reported.
What you need to fix this:
You will need a rooted device, and a file explorer (root explorer)
Optional: Any terminal emulator, and busybox (just for diagnostics)
How to fix it:
Just start the explorer, and navigate to
Code:
/system/bin
and there search
Code:
logd
. Rename this to
Code:
logd.bak
and Restart
Optional diagnostics (or if method above doesnt change anything: Start your Terminal Emulatorand type this:
Code:
su
then
Code:
busybox top
This will give you all inforamtions about the running processes. If you see another process (very unlikely) that takes up much CPU capacity, and you dont need for ANYTHING (like that logd thingy) you can do same thing as above (just track its path)
Hope I helped you. Thanks
thanks for the guide, but is that comic sans?
Hey, this looks like the same procedure as with other phones to disable logd since it's part of Android, but I don't think this would work for those who develop Android apps and rely on Logcat for debugging. Otherwise thanks!
If you restore system image instead of system this does not happen. At least in my testing.
You can also recover from this by running flashall with -w removed.
Thanks for the tip too.
Sent from my Pixel using Tapatalk
Hello, when you using phh's GSIs, you may found bugs on auto brightness, battery usage data, etc (e.g: Xiaomi, Huawei, etc.). For this, you can make an overlay files for your mobiles.
Requirements:
framework-res.apk on your stock rom. (It may on /system/framework/framework-res.apk)
apktool (to extract framework-res.apk)
git (to clone repo)
Linux (to build overlay files)
Steps:
1. Fork phhusson/vendor_hardware_overlay on GitHub.
2. Clone Repository which you forked, and make a new branch for your works.
3. Copy a device which similar for your device, and rename it to your own device.
4. Edit <Your device>/Android.mk (Just modify the contents of the brackets, same as below)
Code:
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE_TAGS := optional
LOCAL_PACKAGE_NAME := treble-overlay-[Manufacturer of your device]-[Name of your device]
LOCAL_MODULE_PATH := $(TARGET_OUT)/overlay
LOCAL_IS_RUNTIME_RESOURCE_OVERLAY := true
LOCAL_PRIVATE_PLATFORM_APIS := true
include $(BUILD_PACKAGE)
5. Edit <Your device>/AndroidManifest.xml
Code:
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="me.phh.treble.overlay.[Manufacturer of your device].[Name of your device]"
android:versionCode="1"
android:versionName="1.0">
<overlay android:targetPackage="android"
android:requiredSystemPropertyName="ro.vendor.build.fingerprint"
android:requiredSystemPropertyValue="+[write as similar format]*"
android:priority="[Take next number of last used]"
android:isStatic="true" />
</manifest>
If you don't know how to take androidriority, you can execute this commands to list priority which used already:
Code:
cd [Path of repository]
find -name AndroidManifest.xml |while read manifest;do packagename="$(xmlstarlet sel -t -m '//manifest' -v @package -n $manifest)";priority="$(xmlstarlet sel -t -m '//overlay' -v @android:priority -n $manifest)";echo -e "$priority\t$packagename";done|more
(the single line command split here, just for viewing or making a shell script):
Code:
find -name AndroidManifest.xml |while read manifest;do
packagename="$(xmlstarlet sel -t -m '//manifest' -v @package -n $manifest)";
priority="$(xmlstarlet sel -t -m '//overlay' -v @android:priority -n $manifest)";
echo -e "$priority\t$packagename";
done
It will print a list for you (unsorted), and you just take an unused priority.
You can find device fingerprint on /vendor/build.prop, or execute following commands (on your device or adb shell):
Code:
getprop ro.vendor.build.fingerprint
If you can't find ro.vendor.build.fingerprint, you can find ro.vendor.product.name or ro.product.vendor.device, then change android:requiredSystemPropertyName and android:requiredSystemPropertyValue what you found.
Huawei seems to use ro.hw.oemName to detect phone, and others manufacturer maybe have their own detection, too. But it should be unique for other phones with same manufacturer.
(It's NOT recommended unless your device don't have ro.vendor.build.fingerprint.)
6. Extract framework-res.apk with apktool on another side. (to avoid commited by mistake)
7. Replace <Your device>/res/xml/power_profile.xml to which power_profile.xml for your device.
It will on <Extracted framework-res.apk>/res/xml/power_profile.xml.
Or you can find whoever's device tree, it may have this file, too.
8. Edit <Your device>/res/values/config.xml
Find each key on following files what for your device:
Code:
[Extracted framework-res.apk]/res/values/arrays.xml
[Extracted framework-res.apk]/res/values/bools.xml
[Extracted framework-res.apk]/res/values/fractions.xml
[Extracted framework-res.apk]/res/values/integers.xml
And then replace values into <Your device>/res/values/config.xml
9. Add your device into <Path of repository>/overlay.mk
Just write like other lines.
10. Build overlays
Just execute following commands:
Code:
chmod u+x [Path of repository]/build/build.sh
[Path of repository]/build/build.sh
If You get this, Do what it said:
Code:
Please install aapt (apt install aapt should do)
Or if you get this:
Code:
OpenJDK Server VM warning: You have loaded library /root/overlay/vendor_hardware_overlay/build/signapk/libconscrypt_openjdk_jni.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'.
Exception in thread "main" java.lang.UnsatisfiedLinkError: org.conscrypt.NativeCrypto.get_cipher_names(Ljava/lang/String;)[Ljava/lang/String;
at org.conscrypt.NativeCrypto.get_cipher_names(Native Method)
at org.conscrypt.NativeCrypto.<clinit>(NativeCrypto.java:764)
at org.conscrypt.OpenSSLProvider.<init>(OpenSSLProvider.java:56)
at org.conscrypt.OpenSSLProvider.<init>(OpenSSLProvider.java:49)
at com.android.signapk.SignApk.main(SignApk.java:942)
I have no solution, either. Try to build on another computer.
11. Test overlay with tests.sh and yourself
For general checks (symtax, etc.), just execute following command:
Code:
chmod u+x [Path of repository]/tests/tests.sh
[Path of repository]/tests/tests.sh
You should fix errors what reported for your device, and then restart from step 10.
If it reported errors but not for your device, just ignore it.
When check passed, you can find overlay file on <Path of repository>/build/treble-overlay-<Manufacturer of your device>-<Name of your device>.apk, just copy it into your phone's /system/overlay/, and set permission to rw-r--r-- / 0644.
And then reboot your phone to test your overlay.
12. If it works for your device, don't forget to perform a pull request for phhusson/vendor_hardware_overlay, to support his awesome works.
Thanks for the guide @minadzuki
but i'm getting this error after step 10:
(core dumped) aapt package -f -F ${name}-unsigned.apk -M $path/AndroidManifest.xml -S $path/res -I android.jar
even when i try to build for existing devices I got the same error
king1990 said:
Thanks for the guide @minadzuki
but i'm getting this error after step 10:
(core dumped) aapt package -f -F ${name}-unsigned.apk -M $path/AndroidManifest.xml -S $path/res -I android.jar
even when i try to build for existing devices I got the same error
Click to expand...
Click to collapse
Oh...I forgot this, sorry.
Because I haven't encountered this error, so I don't have a way to solve it, either. (I tried to built it on three remote servers only)
And...is it cause segment fault?
Or you can try to install google-android-build-tools instead of aapt. (because I can't find aapt on archlinux but found this)
Very nice guide, thanks!
I'll link it as part of a "how to contribute"
For aapt, there is an aapt included in the git. If it doesn't work for you (like @king1990's segfault), know that the one included in the git has the lowest priority. It will pick up aapt from the system first.
(but then you'll need to have a system-wide aapt).
Or if you have an Android SDK somewhere, you can set your PATH to include it.
Edit: I just realized that what I just described might actually be the issue. If there is a system-wide aapt, it will use the libc++ in the git, which would explain the crash.
I fixed this case in my current git.
If there is a system-wide aapt it will use it.
If for some reason, system-wide aapt isn't suitable, you can run build.sh with --local-aapt to force the use of the in-git aapt (i.e. it will have higher priority than system's so no conflict should happen)
king1990 said:
Thanks for the guide @minadzuki
but i'm getting this error after step 10:
(core dumped) aapt package -f -F ${name}-unsigned.apk -M $path/AndroidManifest.xml -S $path/res -I android.jar
even when i try to build for existing devices I got the same error
Click to expand...
Click to collapse
Could you check again with latest git?
If it still doesn't work, can you try to call build.sh --local-aapt ?
@phhusson Thanks now it working fine and building without faults
I have few questions regarding the AndroidManifest.xml :
1- for android:requiredSystemPropertyValue how do I know which name to use ? is it trial and error ?
2- for androidriority does matter which number I choose ?
3- some vendors have this overlay (framework-res__auto_generated_rro.apk) under "vendor/overlay". Does is affect the device overlay in system/overlay ?
4- to install the overlay is it just as @minadzuki says ?
and thanks again for your great work
king1990 said:
@phhusson Thanks now it working fine and building without faults
I have few questions regarding the AndroidManifest.xml :
1- for android:requiredSystemPropertyValue how do I know which name to use ? is it trial and error ?
2- for androidriority does matter which number I choose ?
3- some vendors have this overlay (framework-res__auto_generated_rro.apk) under "vendor/overlay". Does is affect the device overlay in system/overlay ?
4- to install the overlay is it just as @minadzuki says ?
and thanks again for your great work
Click to expand...
Click to collapse
1. For example, Xiaomi Mi 6X has this fingerprint:
xiaomi/wayne/wayne:8.1.0/OPM1.171019.011/8.7.12:user/release-keys/
So you can take xiaomi/wayne to use, and android:requiredSystemPropertyValue will be: +xiaomi/wayne*
2. it will affect to build images, or affect the detection on System. If you got this:
Code:
F: .xxx/AndroidManifest.xml: priority xx conflicts with another manifest
You just take next number and try again, until now priority 53 has been taken (without pull request), you can take priority since 54.
3. Sorry, I don't know for this.
4. Yes, just simply copy and permission change.
king1990 said:
@phhusson Thanks now it working fine and building without faults
Click to expand...
Click to collapse
Cool
3- some vendors have this overlay (framework-res__auto_generated_rro.apk) under "vendor/overlay". Does is affect the device overlay in system/overlay ?
Click to expand...
Click to collapse
overlays in /system/overlay and /vendor/overlay are the same thing, and on my GSI both are loaded, so yes it affects it.
But if your vendor has a framework-res__auto_generated_rro.apk, you probably don't need an overlay file for your phone, because it's already there.
(Please note that /system/overlay doesn't exist in AOSP, that's a change specific to my ROM, and custom ROMs based on it. AOSP only has /vendor/overlay)
@minadzuki Thanks for answering my questions. @phhusson its clear now , I don't know if this is related to your treble approach or not but some GSI ROMs refuse to go the minimum value in the brightness curve no mater what value I set in the curve, it never achieved.
is this treble or ROM related ?
king1990 said:
@minadzuki Thanks for answering my questions. @phhusson its clear now , I don't know if this is related to your treble approach or not but some GSI ROMs refuse to go the minimum value in the brightness curve no mater what value I set in the curve, it never achieved.
is this treble or ROM related ?
Click to expand...
Click to collapse
Brightness is a bit complex on Android Pie... (well it already was before, but it got even worse)
Do you have a link to your current overlay, so I can take a look at which code path you'd go to?
What's the lowest backlight value you get in /sys/class/backlight/panel0-backlight/brightness or /sys/class/leds/lcd-backlight/brightness?
Also what's your device? Does it have extended brightness range? (what's the value of getprop persist.sys.qcom-brightness // is it a samsung device?)
phhusson said:
Brightness is a bit complex on Android Pie... (well it already was before, but it got even worse)
Do you have a link to your current overlay, so I can take a look at which code path you'd go to?
What's the lowest backlight value you get in /sys/class/backlight/panel0-backlight/brightness or /sys/class/leds/lcd-backlight/brightness?
Also what's your device? Does it have extended brightness range? (what's the value of getprop persist.sys.qcom-brightness // is it a samsung device?)
Click to expand...
Click to collapse
for overlay this the extracted files from the overlay apk (my device is Axon7)
The lowest backlight is 10 (once manually edit it to 1 it goes to really dim brightness)
what I don't understand that I already built two GSI ROMs one is DU13 & other Liquid pie both report the same backlight light value at 10 at minimum value but in DU its very dim and in liquid its still bright ?!
The command did not give back any information so I assume we don't extended brightness range.
Thanks
Edit : it was overlay problem , fixed after modifying it
I tried to create an overlay for my Honor View 10 (Berkeley)
Is there a list of recommended settings to copy over from the stock ROM? I started with copying everything listed in tests/knownKeys and it seems to work
There's a power_profile.xml in the framework-res.apk I dumped from my stock ROM but the battery capacity is set to 1000 instead of 3750. Is that right?
There's also a power_profile_test.xml in there with a much more sane value of 3000 mAh. Should I use this one instead?
Copperhead100 said:
I tried to create an overlay for my Honor View 10 (Berkeley)
Is there a list of recommended settings to copy over from the stock ROM? I started with copying everything listed in tests/knownKeys and it seems to work
There's a power_profile.xml in the framework-res.apk I dumped from my stock ROM but the battery capacity is set to 1000 instead of 3750. Is that right?
There's also a power_profile_test.xml in there with a much more sane value of 3000 mAh. Should I use this one instead?
Click to expand...
Click to collapse
I don't have any Huawei phones, sorry.
Maybe you can referrer /Huawei/kirin970/CLT or /Huawei/kirin970/EML, Honor V10 maybe have its OEM name and called "BKL"
Copperhead100 said:
I tried to create an overlay for my Honor View 10 (Berkeley)
Is there a list of recommended settings to copy over from the stock ROM? I started with copying everything listed in tests/knownKeys and it seems to work
There's a power_profile.xml in the framework-res.apk I dumped from my stock ROM but the battery capacity is set to 1000 instead of 3750. Is that right?
There's also a power_profile_test.xml in there with a much more sane value of 3000 mAh. Should I use this one instead?
Click to expand...
Click to collapse
On Huawei, you'll find real power_profile.xml somewhere in /odm or /product. I'd say /product/etc/power_profile.xml
phhusson said:
On Huawei, you'll find real power_profile.xml somewhere in /odm or /product. I'd say /product/etc/power_profile.xml
Click to expand...
Click to collapse
Thanks. It's actually /product/etc/xml/power_profile.xml
There's a new pull request incoming
is it possible to create an overlay in Widows usingGIT for Windows?
JEANRIVERA said:
is it possible to create an overlay in Widows usingGIT for Windows?
Click to expand...
Click to collapse
Yes, you can write source code everywhere (don't forget to replace CRLF to LF), but maybe you should build it on Linux, or you have a way to build it on Windows (e.g.: WSL, Mingw, etc.)
@minadzuki I can't find a config.xml in my framework-res.apk, am I missing something? or that gets created somehow in the process?
another question
on step 5 you say to edit AndroidManifext.xml, does that means delete everything in it and copy paste what you put on the code box? or just add that at the end of the xml file?
JEANRIVERA said:
@minadzuki I can't find a config.xml in my framework-res.apk, am I missing something? or that gets created somehow in the process?
another question
on step 5 you say to edit AndroidManifext.xml, does that means delete everything in it and copy paste what you put on the code box? or just add that at the end of the xml file?
Click to expand...
Click to collapse
framework-res.apk doesn't contain config.xml, it split into several files: arrays.xml, bools.xml, fraction.xml, integers.xml. just create config.xml or copy from other devices and find values on these files (to replace it).
and step 5, just replace values which for your device, like what other devices wrote.
minadzuki said:
framework-res.apk doesn't contain config.xml, it split into several files: arrays.xml, bools.xml, fraction.xml, integers.xml. just create config.xml or copy from other devices and find values on these files (to replace it).
and step 5, just replace values which for your device, like what other devices wrote.
Click to expand...
Click to collapse
thanks for the response but I am really lost here those 4 xml has way to much data in it, should I just copy everything to config.xml?
to be honest what I am trying to fix are 2 things the battery stats not showing and the auto brightness and brightness slider and if the led light is fixable by an overlay that too, I can provide you all the files needed could you build it for me please? my device is an HTC U12+
JEANRIVERA said:
thanks for the response but I am really lost here those 4 xml has way to much data in it, should I just copy everything to config.xml?
to be honest what I am trying to fix are 2 things the battery stats not showing and the auto brightness and brightness slider and if the led light is fixable by an overlay that too, I can provide you all the files needed could you build it for me please? my device is an HTC U12+
Click to expand...
Click to collapse
you can check like this:
https://github.com/phhusson/vendor_hardware_overlay/blob/master/Xiaomi/Mi8/res/values/config.xml
then take values from those 4 xmls.
****Moderator Note****
A thread on this topic already exists here. Links have been removed from this one.
In Samsung's TTS app, someone discovered an exploit where the app, using it's receiver capabilities, will accept just about any command or information it receives from just about anything. This exploit so far as I know has not yet been patched but does affect a significant number of existing Samsung devices up to present day including the Samsung Galaxy Note 9 (SM-N960U) and probably others. Essentially this exploit allows a user to to run commands as system user (User: 1000) which is essentially one user level below root access. I am hoping this exploit will assist us in finding a root method for this device. In the meantime, as system user, you can run any command in a shell that is available to system. Running root commands will not work. I have not yet explored the extent of this exploit's capabilities, but you can change system props, some of which persist a reboot, probably disable some applications as opposed to uninstalling them per user, have full access to the /data directory and the ability to change anything in /data/system/users/0 at the very least. You need a Windows computer in order to perform these operations. It maybe possible to do through linux, but I did not try. This will also allow Lsposed patch to be installed on the device (a variant of the xposed framework). Though I am not sure it is required this will also allow you to use the dial pad on the device to Launch pretty much every important Samsung secret code that exists. Using Google to search for Samsung secret codes you can find what you need.
NOTE: I did not create this exploit and I do not claim any authorship or ownership over it. I just got it to work on this device. For reference, further reading and additional details and installation methods, please ***Link removed*** The steps below is the easiest and most basic method.
IMPORTANT: changing some of these props and other settings may cause device instability. In some cases a general factory reset will not change these settings back to your factory settings, so if you screw something up you're going to have to download your device's stock firmware and flash your device using odin.
1. Go to the Github repository above and download the zip file and extract it to anywhere you want. If you don't have minimal ADB and fastboot installed, you can get it here. Otherwise you'll need to download Google's platform-tools for Windows.
2. Plug your Note 9 into your PC, making sure ADB is authorized on the device.
3. Navigate to the exploit's folder and open a cmd window inside the folder, or place the folder's files in the platform-tools folder and navigate there and open a cmd window. To do this, click on the folder's window, press and hold down the shift key while right-clicking your mouse and select either "open cmd window here" or "open powershell window". Use adb to push the "samsungTTSVULN2.apk" to /data/local/tmp:
Code:
adb push samsungTTSVULN2.apk /data/local/tmp
.
4. Install "komraids_POC_V1.5.apk" using adb and reboot your Note 9:
Code:
adb install komraids_POC_V1.5.apk and open the app once. Navigate to settings, apps and select the app. Turn off battery optimizations.
adb reboot
5. When your Note 9 is completely rebooted (wait a minute or two after turning it back on, before you unlock your device), return to the exploit's or platform-tools folder and run 'systemshell.exe'. When the box pops up, click on 'start shell' and wait for the process to complete. When finished, click on 'reopen running shell'. You should be user: 1000. Run 'id' in that shell and the user should return as user: 1000. If not successful, navigate to the Github repository for other means of installation. Please note you will have to run this process on your device after every reboot.
With this level of access, you can change some system props, launch hidden activities including some degbug menus in various apps, as well as other things. From the Github repository, some examples of abilities:
Access to most of /efs /efs/imei /efs/sec_efs /efs/FactoryApp - Access to most of /data /data/system /data/user/0/ANY_SYSTEM_APP - The "Insthk" bin becomes useable, - Secure Folder/Separated Apps becomes COMPLETELY compromised if you also install the POC in it (UID 150_system) - start IOTHidden Menu, DM Mode, Service Mode, Multiple Debugging and hidden menus as well as preconfig in system context- Change many protected props, such as: setprop persist.service.adb.root 1, setprop sys.hidden.otatest 1, setprop sys.hiddenmenu.enable 1, setprop persist.sys.knox.device_owner true, setprop persist.sys.usb.qxdm.debug 1, setprop persist.service.adb.enable 1, setprop persist.sys.usb.qxdm.debug 1, setprop persist.rollback.is_test true, setprop sys.oem_unlock_allowed 1.
Click to expand...
Click to collapse
Some props I was able to change which persist upon rebooting:
Code:
persist.service.adb.root 1
setprop sys.hiddenmenu.enable 1
persist.service.adb.enable 1
persist.security.ams.enforcing 0
I am hoping with this access we can figure out a way to use it to our advantage to gain root access. I have only ever had this experience once, where we had gained system level shell access through a debug app accidently left on an Amazon Fire 10 tablet. That access later progressed to root access and from my understanding it is most likely possibility if we can gain this level of access on the device than it is more than likely there is a way to also gain root access. I would very much like any feedback anybody can provide and hopefully we can get further along in this. Please post your modifications and other tricks and hacks in this thread so others can follow along.
@DragonFire1024 Please note that a thread already exists on this topic:
***LOCKED UNTIL FURTHER NOTICE*** System Shell Exploit - ALL Samsung Mobile Devices NO BL UNLOCK REQUIRED.
***MODERATOR ANNOUNCEMENT: THREAD CLOSED*** @K0mraid3 you are hereby required to provide proper credit in your OP as follows: Link the assigned CVE for this exploit as it mentions the author's blog and GitHub, OR Link the original research repo...
forum.xda-developers.com
We do not allow multiple threads on the same topic:
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Links to an external source are only allowed if relevant to the topic in hand. A description must be included, no copy & pasting from the original source.
Click to expand...
Click to collapse
I am closing this thread.
If you or someone else working on the project would like to have an open thread to discuss this topic, please refer to the original. However, I expect you to read the warnings I have posted, as the exploit covered must be credited to the individual who discovered it.