Database Users

How to keep xposed after installing nightly?

Everytime I flash the latest nightly thru opendelta, my xposed framework becomes uninstalled. What can I do to prevent this? Perhaps a flashable zip somewhere?

Have you tried this?
http://forum.xda-developers.com/showthread.php?t=2575966

Honestly, the easiest and surest process would be to use an addon.d script to back up and restore it, while Omni is being updated. Similar to the script that backs up and restores gapps. Rename this file to 90-xposed.sh (also attached), and put it int /system/addon.d/
Code:
#!/sbin/sh
#
# /system/addon.d/90-xposed.sh
# During an upgrade, if /system/bin/app_process.orig exists, this
# script backs up /system/bin/app_process, /system is formatted
# and reinstalled, the ROM bundled /system/bin/app_process is copied as
# /system/bin/app_process.orig, then /system/bin/app_process is restored
# (as would the Xposed Installer do)
. /tmp/backuptool.functions
APP_PROCESS=bin/app_process
case "$1" in
backup)
[ -e "$S/${APP_PROCESS}.orig" ] && backup_file "$S/${APP_PROCESS}"
;;
restore)
if [ -e "$C/$S/${APP_PROCESS}" ]; then
echo "Backuping new $S/${APP_PROCESS} as $S/${APP_PROCESS}.orig"
cp -p "$S/${APP_PROCESS}" "$S/${APP_PROCESS}.orig"
echo "Restoring Xposed $S/${APP_PROCESS}"
restore_file "$S/${APP_PROCESS}"
echo "If your system bootloops, you can either:"
echo " - Replace $S/${APP_PROCESS} with $S/${APP_PROCESS}.orig"
echo " - Remove $S/${APP_PROCESS} and reinstall your ROM"
fi
;;
pre-backup)
# Stub
;;
post-backup)
# Stub
;;
pre-restore)
# Stub
;;
post-restore)
# Stub
;;
esac

PonsAsinorem said:
Honestly, the easiest and surest process would be to use an addon.d script to back up and restore it, while Omni is being updated. Similar to the script that backs up and restores gapps. Rename this file to 90-xposed.sh (also attached), and put it int /system/addon.d/
Code:
#!/sbin/sh
#
# /system/addon.d/90-xposed.sh
# During an upgrade, if /system/bin/app_process.orig exists, this
# script backs up /system/bin/app_process, /system is formatted
# and reinstalled, the ROM bundled /system/bin/app_process is copied as
# /system/bin/app_process.orig, then /system/bin/app_process is restored
# (as would the Xposed Installer do)
. /tmp/backuptool.functions
APP_PROCESS=bin/app_process
case "$1" in
backup)
[ -e "$S/${APP_PROCESS}.orig" ] && backup_file "$S/${APP_PROCESS}"
;;
restore)
if [ -e "$C/$S/${APP_PROCESS}" ]; then
echo "Backuping new $S/${APP_PROCESS} as $S/${APP_PROCESS}.orig"
cp -p "$S/${APP_PROCESS}" "$S/${APP_PROCESS}.orig"
echo "Restoring Xposed $S/${APP_PROCESS}"
restore_file "$S/${APP_PROCESS}"
echo "If your system bootloops, you can either:"
echo " - Replace $S/${APP_PROCESS} with $S/${APP_PROCESS}.orig"
echo " - Remove $S/${APP_PROCESS} and reinstall your ROM"
fi
;;
pre-backup)
# Stub
;;
post-backup)
# Stub
;;
pre-restore)
# Stub
;;
post-restore)
# Stub
;;
esac
Click to expand...
Click to collapse
That'll work. Another option that requires less modification of the script is to copy and modify the example script in /system/addon.d/

i wonder if the xposed toggle actually reinstalls the frameworks files.

XxPixX said:
Have you tried this?
http://forum.xda-developers.com/showthread.php?t=2575966
Click to expand...
Click to collapse
This way works great for me
Sent from my GT-I9505 using xda app-developers app

PonsAsinorem said:
Honestly, the easiest and surest process would be to use an addon.d script to back up and restore it, while Omni is being updated. Similar to the script that backs up and restores gapps. Rename this file to 90-xposed.sh (also attached), and put it int /system/addon.d/
Code:
#!/sbin/sh
#
# /system/addon.d/90-xposed.sh
# During an upgrade, if /system/bin/app_process.orig exists, this
# script backs up /system/bin/app_process, /system is formatted
# and reinstalled, the ROM bundled /system/bin/app_process is copied as
# /system/bin/app_process.orig, then /system/bin/app_process is restored
# (as would the Xposed Installer do)
. /tmp/backuptool.functions
APP_PROCESS=bin/app_process
case "$1" in
backup)
[ -e "$S/${APP_PROCESS}.orig" ] && backup_file "$S/${APP_PROCESS}"
;;
restore)
if [ -e "$C/$S/${APP_PROCESS}" ]; then
echo "Backuping new $S/${APP_PROCESS} as $S/${APP_PROCESS}.orig"
cp -p "$S/${APP_PROCESS}" "$S/${APP_PROCESS}.orig"
echo "Restoring Xposed $S/${APP_PROCESS}"
restore_file "$S/${APP_PROCESS}"
echo "If your system bootloops, you can either:"
echo " - Replace $S/${APP_PROCESS} with $S/${APP_PROCESS}.orig"
echo " - Remove $S/${APP_PROCESS} and reinstall your ROM"
fi
;;
pre-backup)
# Stub
;;
post-backup)
# Stub
;;
pre-restore)
# Stub
;;
post-restore)
# Stub
;;
esac
Click to expand...
Click to collapse
Made this for myself using your script. Thanks, thought I would share.
https://www.dropbox.com/s/ijyat7g5gdb8mq2/xposed_OTA_survival.zip

hlxanthus said:
Made this for myself using your script. Thanks, thought I would share.
https://www.dropbox.com/s/ijyat7g5gdb8mq2/xposed_OTA_survival.zip
Click to expand...
Click to collapse
You should just have to flash it once, not put it in the flash after update location. Once the script is in the correct location, it's pretty much a fire and forget. No more flashing required.
Edit: I know you didn't say that's where it goes, just filling in this info for others. A lot of people like to stack a bunch of zips in that directory for some reason.

Similar script for kernel?
Is there a way to keep the kernel in a similar fashion (e.g. I have franco's kernel flashed for N5 and would like to keep it even with nightly updates)?
Thanks

The update script can't do that. But i think i remember s.o. mentioning using opendelta to reflash the ZIP.
Sent from my Find 5 using XDA Premium 4 mobile app

The Xposed method
Xposed installer itself can give you the solution:
Inside Xposed installer, in settings, choose install method to be zip & manual flash, hit install and it will create the required flashable zip that installs/enables the Xposed framework. Now find that file (remember the path from the confirmation dialog) and copy it into OpenDelta's FlashAfterUpdate folder. You are done.

dumb question how do i copy that 90-xposed.sh to the /system/addon.d/ folder?
adb? if so, what is the command? sorry I am alittle dumb to doing this.
thanks!

spacemanvt said:
dumb question how do i copy that 90-xposed.sh to the /system/addon.d/ folder?
adb? if so, what is the command? sorry I am alittle dumb to doing this.
thanks!
Click to expand...
Click to collapse
If using adb,
adb push /path/to/file/on/your/pc /desired/path/to/file/on/your/phone
Or use a root file explorer to just copy and paste.

keep Avast Anti-Theft after OpenDelta / nightly flash

hey guys,
I'm trying to write an addon.d script to keep Avast Anti-Theft installed after OpenDelta's upgrades.
it only has the ability to self add a backup script in CM roms.
I looked for the list of files being kept at the appropriate .sh file for CM, and wrote the following "91-antitheft.sh" :
Code:
#!/sbin/sh
#
# /system/addon.d/91-antitheft.sh
# During a system upgrade, this script backs up avast anti theft,
# /system is formatted and reinstalled, then the files is restored.
#
. /tmp/backuptool.functions
list_files() {
cat <<EOF
priv-app/com.avast.android.antitheft.apk
etc/com.avast.android.antitheft.backup.enc
EOF
}
case "$1" in
backup)
list_files | while read FILE DUMMY; do
backup_file $S/$FILE
done
;;
restore)
list_files | while read FILE REPLACEMENT; do
R=""
[ -n "$REPLACEMENT" ] && R="$S/$REPLACEMENT"
[ -f "$C/$S/$FILE" ] && restore_file $S/$FILE $R
done
;;
pre-backup)
# Stub
;;
post-backup)
# Stub
;;
pre-restore)
# Stub
;;
post-restore)
# Stub
;;
esac
unfortunately, that doesn't keep the files.
the 2 files are definitely the following:
com.avast.android.antitheft.apk located in /system/priv-app
com.avast.android.antitheft.backup.enc located in /system/etc
what is wrong with the code?
thanks

Just use the same .sh file they developed for CM - our backuptool implementation is fully compatible.

thanks for your answer!
I went from CM 4.3 to OmniROM 4.4, so for 4.3 this is what I found in my /system:
custom_backup_list.txt inside /system/etc
containing:
Code:
app/com.avast.android.antitheft.apk
etc/com.avast.android.antitheft.backup.enc
and 99-cm.sh containing:
Code:
#!/sbin/sh
#
# /system/addon.d/50-cm.sh
# During a CM10 upgrade, this script backs up /system/etc/hosts,
# /system is formatted and reinstalled, then the file is restored.
#
. /tmp/backuptool.functions
list_files() {
cat <<EOF
app/com.avast.android.antitheft.apk
etc/com.avast.android.antitheft.backup.enc
EOF
}
case "$1" in
backup)
list_files | while read FILE DUMMY; do
backup_file $S/"$FILE"
done
;;
restore)
list_files | while read FILE REPLACEMENT; do
R=""
[ -n "$REPLACEMENT" ] && R="$S/$REPLACEMENT"
[ -f "$C/$S/$FILE" ] && restore_file $S/"$FILE" "$R"
done
;;
pre-backup)
# Stub
;;
post-backup)
# Stub
;;
pre-restore)
# Stub
;;
post-restore)
# Stub
;;
esac
so, I'm not sure OmniROM supports "custom_backup_list.txt"
and for the 99-cm.sh file, it says "app/com..." so I changed it to "priv-app/com....".
and it doesn't work. the 2 files are not there after the upgrade is finished.
so it must be something with my code, no?

hmm, custom_backup_list is something I've never seen in CM... Just backuptool in /system/addon.d/
You should be able to take the example backuptool shell file, replace the files to be backed up with the ones you want, and it should work, although you might need to make sure the file mode/ownership match the other shell files in /system/addon.d/

I changed the hosts "template" file and it works.
it's super weird because there's no real difference to what I've previously wrote.
might be that last unused # dangs it all up.
thanks for your help, Entropy512.
I've attached the sh file to whom it may concern

shmizan said:
I changed the hosts "template" file and it works.
it's super weird because there's no real difference to what I've previously wrote.
might be that last unused # dangs it all up.
thanks for your help, Entropy512.
I've attached the sh file to whom it may concern
Click to expand...
Click to collapse
Where do we put the file once we download it? Will it autorun every time we flash a nightly?

inside /system/addon.d/
and yes it will.

I followed your instructions exactly, unfortunately avast anti-theft still isn't being kept whenever I flash a new nightly. Did I need to do something else or?

Jokerswild2412 said:
I followed your instructions exactly, unfortunately avast anti-theft still isn't being kept whenever I flash a new nightly. Did I need to do something else or?
Click to expand...
Click to collapse
I think u have to remove the .txt and then save it. (save it as a .sh file)

Thanks for the script. I was just wondering how to make a script for that and then I thought let's give Google a try
And I found your post. Thanks

There's also another method.
When installing Anti-theft from within Avast you are asked if you want to install it in the system directory or make a flashable update.zip. Select the update.zip method. Then you take that zip and rename it to Update1.zip and move it to /"sdcard folder"/OpenDelta/FlashAfterUpdate/
When storing the settings for hard reset protection selec also the update.zip method rename the zip to Update2.zip and move it to the same folder.
Those two files will be flashed after every update.
The problem with this method is that you'll have to update the zips whenever there's an update for Anti-theft, but that doesn't happen really often.

I am not using OmniRom so I dont think its gonna work for me.
But the script method isn't more useful ? I mean, it does work even after flashing a new rom, or I am mistaken ?

johnannis said:
I am not using OmniRom so I dont think its gonna work for me.
But the script method isn't more useful ? I mean, it does work even after flashing a new rom, or I am mistaken ?
Click to expand...
Click to collapse
The script method is more useful for ROMs that support addon.d. As far as lately, I've only ran omni and CM. But possibly other aosp derivatives like pac, carbon, PA, etc support this as well. Check your roms OP as well as code for better answers on this.

I am on PA, but nevermind I ll keep it script method, it seems better for my needs
Sent from my Nexus 5 using Tapatalk

[SCRIPT] Log CPU Usage with interval (Linux)

Hey guys, I've just decided to get inside of the Android development world. Anyways, I'm mostly a fan of Linux, so I've made my first Linux script, I know it's simple, but I've never interacted with the user before, or picked an output. When I knew that Android made use of Linux in its core, my interest on working inside it grew up faster than ever.
In my script, firstly, you type the filename. For compatibility reasons, it'll everytime save to /sdcard/filename. Then, it will ask you how many times you want the script to log everything, and lately, every how many seconds should it save everything to the file.
The script will save, before every entry at the log, the screen status (if it's on or off), that can help to, for example, if your device has been lagging as a result of a bad screen driver or UI error.
Last thnig: it also works on recovery (maybe it give some error, and if no dumpsys is present on your recovery's ramdisk, it'll save everything as OFF).
Remember to send it anywhere excepting from /storage and any sbudir, it won't work as the Android permissions system blocks script execution on those dirs.
Code:
clear
# Wipe $logfile content in /sdcard (if any existing)
echo "Please type the filename where you want to save the log: "
read -r logfile
echo "" > /sdcard/$logfile
echo "Deleted previous log."
echo "SCREEN | CPU" >> /sdcard/$logfile
#cont=60
cont=1
#SHOWLOG=X
echo "Please type how many times the cycle must repeat: "
read -r maxcont
echo "Please type how many seconds will the interval take: "
read -r maxmin
clear
# Here it counts how many times the logging script has been ran
while [ $cont -lt $((maxcont + 1)) ];
do
# That nested while takes control of how many seconds have passed in the current cycle
while [ "$contmin" -lt "$maxmin" ];
do
contmin=$((contmin + 1))
sleep 1
clear
echo "C: $cont/$maxcont - T: $contmin/$maxmin"
done
# echo "$maxmin seconds passed."
# Logs the fist line of "busybox top" to a var
LOGVAR=$(busybox top -d 1 -n 1 | grep "idle")
# Logs the screen state (on or off) to another var
SCREENSTATE=$(dumpsys input_method | grep mScreenOn | tr -dc '[:alnum:]\n\r' | tr '[:upper:]' '[:lower:]')
# Saves a string that tells what it should expect if the screen is on
SCREENSTATEON="msystemreadytruemscreenontrue"
if [ "$SCREENSTATE" == "$SCREENSTATEON" ]
then
echo "ON: $LOGVAR" >> /sdcard/$logfile
else
echo "OFF: $LOGVAR" >> /sdcard/$logfile
fi
cont=$((cont + 1))
contmin=0
done
echo "Show logged values? [Y/N]"
read -r SHOWLOG
case $SHOWLOG in
[yY] | [yY][Ee][Ss] )
cat /sdcard/$logfile
;;
[nN] | [n|N][O|o] )
echo "Ok, goodbye. You'll see a what you've asked me to log in /sdcard/$logfile";
exit 1
;;
*) echo "You must write Y or N to continue."
;;
esac
exit 0
For example, save it as script.sh (remember to save it using Unix codifcation, if you're running Windows, else, it'll tell you that it's unable to find many binaries, as long as Linux isn't ok with CR+LF and requires LF as newline). Then, send it to the sdcard (over USB or adb push script.sh /sdcard/) , now, run ADB shell. Type the following commands:
Code:
su -c "cp -f /sdcard/script.sh /data/local/;chmod 777 /data/local/script.sh"
Then, if you want to run it:
Code:
su
sh /data/local/script.sh
That's all, I hope you enjoy it and not so many people kills me for explaining and feeling so grateful for that simple script.

[EXE] Static Linux binaries for ARM/Android (Cryptsetup, EncFS, F2FS-Tools, Testdisk, PhotoRec,..)

Native ARM/static Linux binaries
(for all ARMv7+ compatible platforms)
Open-source Linux binaries that are either not available on Android (e.g. in Termux)
or make sense to be statically compiled (e.g. to run in TWRP/recovery for data recovery).
These are root tools and might damage your device severely. Use at your own risk. I take no responsibility whatsoever. If in doubt don't use them.​
Minimum CPU: ARMv7/vfpv3-d16. Compiled against musl-libc/Android Kernel 3.4. Binaries are static, bionic/libc independent and should run on Android, TWRP, emulator or any other compatible ARM device. Musl is patched (info)(info2)(patch file: patch -p0 -u -b -i musl-android-smp.patch) to iterate CPU cores by /proc/stat instead of _SC_NPROCESSORS_CONF/sched_getaffinity to prevent false detection due to ARM cpu core powersaving (permanently turning cores on/off). This should report CPU cores more reliably to multithreading apps.
Example instructions how to build EncFS can be found here.
Some Cryptsetup compile recipes are here.
Changelog:
20190923 - f2fs-tools added
20190915 - dislocker, ntfs-3g, mount.exfat-fuse added
20190910 - VeraCrypt v1.24-b5 added
20191215 - musl smp patch added
20191224 - hstr v2.2.0 updated
20191225 - Testdisk, PhotoRec v7.2-wip-dec2019 updated
20200103 - tar v1.32 updated (with selinux, acl, xattr support)
20200513 - Cryptsetup v2.3.2 added
20200518 - fscrypt 0.2.7, strace56(aarch64) added
20200525 - p7zip v17.01 added
20200603 - parted v3.3 added
20200606 - fxz v1.1.0alpha added
20201212 - ddrescue v1.25 added
20201212 - Cryptsetup v2.3.4 updated
20210113 - f2fs-tools updated to v1.14.0
20210125 - Several tools compiled by @Borovets. See 'Misc' tools.
20210413 - Cryptsetup v2.3.5 updated
20210916 - Cryptsetup v2.4.1 updated. Thx to @misterhsp.
20211108 - rsync v3.2.3 updated
20211118 - Cryptsetup v2.4.2 updated. Thx to @misterhsp.
20220103 - mmc-utils added
20220106 - More tools from @Borovets. See spoiler.
Spoiler
bash-5.1.16-[1]-[2022.01.05].tar.gz
openssl3-3.0.1-[2021.12.14]-static.tar.gz
tree-2.0.0-[2021.12.23]-static.tar.gz
e2fsprogs-1.46.5-[2021.12.31]-static.tar.gz
openssl-1.1.1-m-[2021.12.15]-static.tar.gz
libsqlite-3.37.1-[2021.12.30]-static.tar.gz
ldns-host-1.7.1-[2021.12.30]-static.tar.gz
bootimg-info-2.0-[2021.12.18]-static.tar.gz
bc-5.2.1-[2021.12.29]-static.tar.gz
openssl3-tool-3.0.1-[2021.12.14]-static.tar.gz
openssl-tool-1.1.1-m-[2021.12.15]-static.tar.gz
sqlite-3.37.1-[2021.12.30]-static.tar.gz
stunnel-5.61-[2021.12.17]-static.tar.gz
toybox-0.8.6-borovets-295-applets-[2021.12.30]-static.tar.gz
unrar-6.10-beta-3-[2021.12.11]-static.tar.gz
zstd-1.5.1-[2021.12.22]-static.tar.gz
20220107 - parted v3.4 updated
20220113 - cryptsetup v2.4.3 updated. Thx to @misterhsp.
20220114 - gptfdisk v1.0.8 added
20220212 - tar v1.34 updated
20220622 - gptfdisk v1.0.9 (armv7) added
20220724 - dialog v1.3 added
20220728 - f2fs tools v1.15.0 updated
20220730 - cryptsetup v2.5.0 updated. Thx to @misterhsp.
20220806 - 7z-zstd v22.01 added. Thx to @xenosaur
20220910 - rsync v3.2.6 updated
20220913 - htop v3.2.1 added
20220913 - gocryptfs v2.3 updated. Thx to @misterhsp
20220922 - veracrypt v1.25.9 updated
20220924 - fdisk v2.38.1 and file v5.43 added
20221129 - cryptsetup v2.6.0 updated. Thx to @misterhsp
20221213 - f2fs tools v1.15.0 fixed (uuid.h missing)
20230215 - cryptsetup v2.6.1 updated. Thx to @misterhsp
20230307 - gocryptfs v2.3.1. Thx to @misterhsp
Data recovery tools:
- PhotoRec 7.2 - PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.
- Testdisk 7.2 - Recover lost partitions and partition tables. For external sdcards. Never use it on internal mmc unless you know what you're doing.
- ext4magic 0.3.2 (with supplementary gnu date binary that can handle relative time like 'date -d "-20minutes" +%s')
- fidentity - A little utility sharing PhotoRec signature database. It identifies the type of data contained in a file and reports the extension as seen by PhotoRec.
- debugfs - Might be helpful on ext2 systems or other stuff.
- strace 4.20 - For debugging. Mainly to catch syslog messages (as Android has no traditional /dev/log buffer).
- strace 5.6 - For aarch64.
- ddrescue v1.25 - Data recovery tool for block devices with errors.
Compression tools:
p7zip v17.01 (fork) - (Download) A new p7zip fork with additional codecs and improvements
pixz - Parallel, indexed xz compressor
xz - Multicore aware version of xz/lzma (use --thread=0)
tar v1.32 - Tar provides the ability to create tar archives, as well as various other kinds of manipulation. Download below. More builds from @mirfatif here.
fxz - (Download) FXZ Utils is a fork of XZ Utils. It adds a multi-threaded radix match finder and optimized encoder.
Misc:
- hexcurse v1.60.0 - Hexcurse is a curses-base hex editing utility that can open, edit, and save files, editing both the hexadecimal and decimal values. 'ncurses' ui layout depends on TERM env variable. Change temporary with eg. 'TERM=xterm-256color hexcurse <file>'. See /system/etc/terminfo for possible terminals (xterm-256color, linux..).
- nethogs v0.8.5 - ncurse/nettop-like per-app separated speedmeter and traffic counter supporting high refresh rate. Try 'nethogs -d0' (speedmeter) or 'nethogs -v1' (traffic counter).
- rsync v3.2.3 - rsync is an open source utility that provides fast incremental file transfer. (--with-rsyncd-conf=/data/etc/rsyncd.conf)
- smbnetfs v0.6.1 - SMBNetFS is a Linux/FreeBSD filesystem that allow you to use samba/microsoft network in the same manner as the network neighborhood in Microsoft Windows. More info see below.
- progress v0.14 - Linux tool to show progress for cp, mv, dd, ... (formerly known as cv). Download here.
- archivemount (20180801) - A fuse filesystem for mounting archives in formats supported by libarchive. Download here.
- squashfuse v0.1.103 - FUSE filesystem to mount squashfs archives Download here.
- FuseISO - FuseISO is a FUSE module to mount ISO filesystem images (.iso, .nrg, .bin, .mdf and .img files). It currently support plain ISO9660 Level 1 and 2, Rock Ridge, Joliet, and zisofs. Download here.
- HSTR v2.2.0 - HSTR (HiSToRy) is a command line utility that brings improved Bash/zsh command completion from the history. It aims to make completion easier and more efficient than Ctrl-r. (If history is empty try setting HISTFILE in /system/etc/bash/bashrc e.g. export HISTFILE=/data/.bash_history).
- GNU screen, tmux - Thanks to @mirfatif.
- dislocker, ntfs-3g, mount.exfat-fuse - Thanks to @mirfatif.
- f2fs-tools - Thanks to @mirfatif. Update: v1.14.0 here.
- parted v3.3 - GNU Parted (the name being the conjunction of the two words PARTition and EDitor) is a free partition editor, used for creating and deleting partitions. Note: It might be useful to partition external sdcards (e.g. to limit adoptable storage). I do not recommend to use it on internal memory. It might brick your phone.
- Several tools compiled by @Borovets
Spoiler: Borovets tools
Borovets tools 2021.01.25
arptables-0.0.5-[2021.01.17]-static.zip
autoflushtest-1.0-[2021.01.14]-static.zip
btrfs-compsize-1.3-[build-2]-[2020.12.27].zip
btyacc-3.0-[2021.01.18]-static.zip
c-blosc-1.21.1-development-[2020.12.22].zip
c-blosc2-2.0.0-beta-6-development-[2020.04.21].zip
cabextract-1.9.1-[2021.01.08]-static.zip
compsize-1.3-[2021.01.07]-static.zip
convert-color-space-0.1-[2021.01.18]-static.zip
cpustat-0.02.13-[2021.01.13]-static.zip
doxygen-1.9.2-[2021.01.17]-static.zip
ed-1.17-[2021.01.11]-static.zip
hello-2.10-[2021.01.08]-static.zip
htop-3.0.5-[2021.01.13]-static.zip
ipcalc-ng-1.0.0-[2020.12.28]-static.zip
iw-5.9-[2021.01.08]-static.zip
libsqlite-3.34.1-[2021.01.20].zip
libtar-1.2.20-[2021.01.16]-static.zip
m5-1.0-[2020.12.31]-static.zip
sqlite-3.34.1-[2021.01.20]-static.zip
Borovets tools 2021.01.27
lcab-1.0-beta-12-[2021.01.17].zip
memdump-1.01-[2021.01.25].zip
memdumper-0.4-[2021.01.25].zip
memtester-4.5.0-[2021.01.09].zip
tcpdump-4.99.0-[libcap-1.9.1]-[2021.01.05].zip
wget2-1.99.2-[2020.12.12].zip
wolfssl-4.5.0-[2020.12.12].zip
xfsprogs-5.10.0-[2021.01.01].zip
Crypttools:
(These crypttools are mostly frontend tools for the main backend that resides in the kernel. If your kernel hasn't been configured accordingly at compile time you might not be able to use all features.)
Cryptsetup v2.3.5 - (Download) Cryptsetup is an utility used to conveniently setup disk encryption based on DMCrypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.
eCryptfs-utils v111 - Frontend tools for the enterprise cryptographic filesystem for Linux. That's what Android/Google use for encryption. It's file-based (no container) and mounting can be automated by Termux widget. Needs shared libraries but is still portable. See notes below.
EncFS v1.9.5 - EncFS provides an encrypted filesystem in user-space. It runs in userspace, using the FUSE library for the filesystem interface.
gocryptfs - An encrypted overlay filesystem written in Go. Download here. Thanks to @mirfatif.
VeraCrypt - VeraCrypt is a free open source disk encryption software. Download here. Thanks to @mirfatif.
fscrypt 0.2.7 - (Download) fscrypt is a high-level tool for the management of Linux filesystem encryption. Needs at least kernel 4.1.
Crypttools info:
Cryptsetup:
General Notes:
- Features like TrueCrypt, VeraCrypt and LUKS2 need 'userspace crypto api' enabled in kernel. Most Android kernels are probably not configured for that and you have to recompile your kernel or contact your kernel maintainer. For kernel 3.4 you need this:
Code:
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_USER_API=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
- If 'cryptsetup benchmark' is incomplete and says 'userspace crypto api not available' you might be affected. You can still use LUKS1 though. A full benchmark looks like this:
Code:
# cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 249186 iterations per second for 256-bit key
PBKDF2-sha256 327680 iterations per second for 256-bit key
PBKDF2-sha512 58829 iterations per second for 256-bit key
PBKDF2-ripemd160 227555 iterations per second for 256-bit key
PBKDF2-whirlpool 33539 iterations per second for 256-bit key
argon2i 4 iterations, 208288 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id 4 iterations, 207817 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 77.8 MiB/s 88.4 MiB/s
serpent-cbc 128b N/A N/A
twofish-cbc 128b 58.5 MiB/s 61.9 MiB/s
aes-cbc 256b 61.5 MiB/s 68.4 MiB/s
serpent-cbc 256b N/A N/A
twofish-cbc 256b 58.5 MiB/s 61.8 MiB/s
aes-xts 256b 95.1 MiB/s 86.9 MiB/s
serpent-xts 256b N/A N/A
twofish-xts 256b 60.0 MiB/s 61.8 MiB/s
aes-xts 512b 74.1 MiB/s 67.2 MiB/s
serpent-xts 512b N/A N/A
twofish-xts 512b 60.3 MiB/s 62.0 MiB/s
LUKS:
Code:
** 10MB test image (luks.img) **
dd if=/dev/zero of=luks.img bs=1M count 10M
cryptsetup luksFormat luks.img
cryptsetup open luks.img myluks
mke2fs -t ext4 /dev/mapper/myluks
mkdir luks
mount /dev/mapper/myluks luks
** luks folder is ready here **
umount luks
cryptsetup close myluks
- If standard luksFormat cipher (aes-xts-plain64) doesn't work (not supported by your kernel) you can try one of the more compatible ciphers:
Code:
cryptsetup luksFormat -c cbc-essiv:sha256 luks.img myluks
cryptsetup luksFormat -c aes-plain luks.img myluks
- For LUKS2 (experimental) use:
Code:
cryptsetup luksFormat --type luks2 luks.img
- Use "cryptsetup -v --debug" for more verbose output (debugging). In case of errors.
Veracrypt:
Code:
cryptsetup open --type tcrypt --veracrypt veracrypt.tc myvera
cryptsetup status myvera
mkdir /data/myvera
mount /dev/mapper/myvera /data/myvera
umount /data/myvera
cryptsetup close myvera
- Use container from desktop system (created with real Veracrypt)
- "veracrypt.tc" is the veracrypt container name
- "myvera" is an arbitrary name (handle)
- Use "cryptsetup -v --debug" for more verbose output (debugging). In case of errors.
eCryptfs-utils:
General Notes:
These tools are not built statically as they explicitly rely on 'dlopen' (plugin system). Instead they are compiled with relative rpaths (./libs). That means dependencies (libraries in subfolders) must be present in the binaries folder and you have to be in the binaries folder itself (with 'cd') before invoking any binary. By this the binaries are still portable (system independent) as long as the subfolders are present. I've put the files into a tar.gz archive so permissions should be set +x already. Extract the archive into /data/local/bin for 'Example' below.
Code:
mkdir -p /data/local/bin
cd /data/local/bin
tar xf crypttools.armv7.20180204.tar.gz
cd ecryptfs
./ecryptfs-stat --help
More info: ArchLinux Wiki
Example:
Tested on /sdcard based on FUSE filesystem. sdcardfs untested. Might need selinux permissive.
We create a folder /sdcard/pics that can be enabled (files present) or disabled (no files present) by a click on a widget button (Termux script) and entering our password. The encryption is done on a per-file basis. The actual files are stored encrypted in /sdcard/efs/pics.
- You might need SuperSU or Magisk Superuser for 'su -mm'. That makes sure that all apps can see the mounted folder (mount namespace separation).
- Busybox needed
- Install Termux and Termux:Widget from F-Droid or Playstore
- Start it and enter:
Code:
pkg upgrade
pkg install tsu
exit
- Create script /data/data/com.termux/files/home/.shortcuts/efs-pics.sh and make sure permissions(700) and owner (take from parent folder) are correct.
Code:
#!/system/xbin/bash
su -mm -c "/system/xbin/bash -c /data/local/scripts/$(basename "$0")"
- Create script /data/local/scripts/efs-pics.sh (770/root):
Code:
#!/system/xbin/bash
set -e
PATH=$PATH:/data/data/com.termux/files/usr/bin
# Necessary because rpaths are relative
cd /data/local/bin/ecryptfs
# /data/myefskey contains the salted key.
# Don't forget to make a backup.
# Without it encrypted data is lost.
function enter_passphrase {
read -p "Enter passphrase: " passphrase
sig=$(printf "%s" "$passphrase" | ./ecryptfs-insert-wrapped-passphrase-into-keyring /data/myefskey -) || exit
sig=$(echo $sig | cut -d "[" -f2 | cut -d "]" -f1)
}
CPATH1="/data/media/0/efs/pics"
CPATH2="/data/media/0/pics"
if ! mountpoint -q ${CPATH2}; then
enter_passphrase
echo ""
mount -t ecryptfs -o ecryptfs_sig=$sig,ecryptfs_fnek_sig=$sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 ${CPATH1} ${CPATH2} || (echo "$(basename "$0") mount failed!"; exit)
./keyctl clear @u
echo "$(basename "$0") mount successful! :)"
else
umount ${CPATH2} || (echo "$(basename "$0") umount error $? :("; exit)
echo "$(basename "$0") umount successful :)"
fi
# uncomment to force-close Termux window
# killall com.termux
- If your rom uses encryption already (/data/data) beware the './keyctl clear @u' command. It might flush *all* keys in the kernel including the Android encryption one (i'm not sure). This might lead to unpredicted behavior. Either comment it out (then your once injected key remains in the kernel keystore and someone could simply remount your folder without passphrase) or make yourself familiar with the keyctl command and handle it yourself. My phone is not encrypted so i cannot help here.
- Create random keyfile (/data/myefskey) and wrap it with passphrase. This might need 1-2 minutes depending on your devices entropy pool (/dev/random). Backup this key (/data/myefskey). Without it your encrypted data is lost. And don't forget the trailing '-' (minus) at the end of the line, it's important.
Code:
cd /data/local/bin/ecryptfs
read -p "Enter passphrase: " passphrase; printf "%s\n%s" $(busybox od -x -N 100 --width=30 /dev/random | head -n 1 | busybox sed "s/^0000000//" | busybox sed "s/[[:space:]]*//g") "${passphrase}" | ./ecryptfs-wrap-passphrase /data/myefskey -
- Create folders:
Code:
mkdir -p /sdcard/efs/pics /sdcard/pics
- Create Widget (Termux) and select 'efs-pics.sh'.
- Start it and enter your passphrase (you used above). If everything goes well (it will tell you) you can place files into /sdcard/pics and scrambled files should come up in /sdcard/efs/pics. Never write into /sdcard/efs/pics directly.
- Activate widget again. /sdcard/pics should get emptied.
- Optional: You can set /data/media/0/efs/pics to 700/root so no one can access/see the encrypted data.
SMBNetFS info:
Note: The library paths are relative. You need to be in the folder (with 'cd') to spawn the executable (./smbnetfs). You can extract the archive wherever you want though as far as the file/folder structure remains intact.
Example:
Code:
mount -o remount,rw /
mkdir -p /data/local/bin /mnt/cifs
mount -o remount,ro /
tar xf smbnetfs.tar.gz -C /data/local/bin
cd /data/local/bin/smbnetfs
export HOME=/data/local/bin/smbnetfs/home
* enter your smb credentials into smbnetfs/home/.smb/smbnetfs.auth (eg. auth "192.168.1.2" "${user}" "${pass}")
./smbnetfs /mnt/cifs
cd /mnt/cifs/192.168.1.2/${share}
I think it usually should list the samba environment in /mnt/cifs but i'm not sure which prerequisites are necessary for that (edit: maybe it needs real workgroup/hostname instead of IPs). If nothing comes up this should work:
The folder 192.168.1.2/${share} is unreachable by Androids folder picker (unless you can enter the path manually). So either pre-create the folder structure beforehand (mkdir -p /mnt/cifs/192.168.1.2/${share}) and add/register the folder to your app by folder picker (eg. MXPlayer) and then overmount that with the actual ${share}. Or bindmount the folder:
Code:
mount --bind /mnt/cifs/192.168.1.2/${share} /mnt/cifs2
Edit: Another option is to let smbnetfs create a static link (actually a symbolic link) to the share in the mountpoint root (/mnt/cifs). Its not as robust as the bindmount though. MXPlayer doesn't find any files (even though the folder picker shows the folders properly).
Code:
echo "link myfiles 192.168.1.2/${share}" > /data/local/bin/smbnetfs/home/.smb/smbnetfs.host
chmod 700 /data/local/bin/smbnetfs/home/.smb/smbnetfs.host
I've noticed that MXPlayer shows the samba folders just for a glimpse of a second. But if you enter one of the local folders and then go back all samba folders are there. Not sure why this is happening or maybe its just my system.
Edit2: Not yet tested but.. check the permissions. Its possible that SMBNetFS mounts with 755 or something. That's inaccessible for Android apps. Try this:
Code:
./smbnetfs -o umask=000,noatime,noexec,nodev,nosuid /mnt/cifs
Samba 4.8.3 configuration:
Code:
_idmap_modules=idmap_rid,idmap_hash,idmap_tdb2
_pdb_modules=pdb_tdbsam,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4
_auth_modules=auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4
waf configure --prefix=/tmp/myout \
-C \
--sysconfdir=./conf/etc/samba \
--with-configdir=./conf/etc/samba \
--localstatedir=./conf/var \
--libexecdir=./conf/usr/lib \
--enable-fhs \
--with-lockdir=./conf/var/cache/samba \
--with-piddir=./conf/run/samba \
--with-logfilebase=./conf/var/log/samba \
--without-pam \
--without-systemd \
--without-ads \
--with-shared-modules=$_idmap_modules,$_pdb_modules,$_auth_modules \
--disable-cups \
--without-gettext \
--bundled-libraries=NONE,com_err,ldb,uid_wrapper,resolv_wrapper,socket_wrapper,nss_wrapper,ntdb,roken,wind,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,kdc,cmocka,talloc,tdb,pytdb,ldb,pyldb,tevent,pytevent \
--disable-rpath-install \
--disable-python --without-ad-dc --without-acl-support --without-ldap \
--hostcc=/usr/bin/gcc \
--cross-compile --cross-execute='qemu-arm -L /media/devpart/qemu/root'
waf build -j4
waf install

Compression tools added.
Next are crypttools (ecryptfs-utils, cryptsetup).

DualJoe said:
Compression tools added.
Next are crypttools (ecryptfs-utils, cryptsetup).
Click to expand...
Click to collapse
Please add ecryptfs-simple
xyne.archlinux.ca/projects/ecryptfs-simple
Thanks.

Ecryptfs-simple is not POSIX compliant. It relies on an argv interface (to parse command-line parameters) that is a GNU extension that musl doesn't support.
The original eCryptFS is simple enough anyway (and its the upstream project). I will provide a quickstart example and a one button GUI controlled solution (Termux widget) to handle it.

Please to add gifsicle,
http://github.com/kohler/gifsicle
Thanks.

I only have gifsicle. The other ones are too complex for my setup atm.

DualJoe said:
I only have gifsicle. The other ones are too complex for my setup atm.
Click to expand...
Click to collapse
Thank you very much.

Please help me again to build giflossy (fork of gifsicle).
I really need it to compress (--lossy=N) the Gif file to be smaller.
https://github.com/kornelski/giflossy
Thanks.

Do you use them directly on your phone for web postings or something? What's your use case to not prefer a desktop system for this?

DualJoe said:
Do you use them directly on your phone for web postings or something? What's your use case to not prefer a desktop system for this?
Click to expand...
Click to collapse
I use it directly on the phone, for learning purposes.
Using it on the phone is so handy that it can be easily used anywhere.
Thanks.

Please help me again to build lbzip2
http://lbzip2.org/
Thanks.

Here it is.

DualJoe said:
Compression tools added.
Next are crypttools (ecryptfs-utils, cryptsetup).
Click to expand...
Click to collapse
When will Crypttools be released.

I've waited for the major update of cryptsetup. Its out now indeed. I should get it up this week.

Crypttools and quickstart tutorials added.

Mountpoint is not writable (eCryptfs)
DualJoe said:
Crypttools and quickstart tutorials added.
Click to expand...
Click to collapse
Can't write to mountpoint.
# touch /sdcard/pics/test
touch: /sdcard/pics/test: Permission denied
# cp file /sdcard/pics
cp: can't create '/sdcard/pics/file': Permission denied

buengeut said:
touch: /sdcard/pics/test: Permission denied
Click to expand...
Click to collapse
What are your permissions?
Code:
# stat /data/media/0/pics
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
# stat /data/media/0/efs
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
# stat /data/media/0/efs/pics
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
How does your mount look like?
Code:
# mount |grep pics
/data/media/0/efs/pics on /data/media/0/pics type ecryptfs (rw,relatime,ecryptfs_fnek_sig=56b1f3c519fb3412,ecryptfs_sig=56b1f3c519fb3412,ecryptfs_cipher=aes,ecryptfs_key_bytes=16)
Is /sdcard linked?
Code:
# ls -l /sdcard
lrwxrwxrwx 1 root root 21 May 10 1973 /sdcard -> /storage/self/primary
What Android version and kernel do you have?

DualJoe said:
What are your permissions?
Code:
# stat /data/media/0/pics
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
# stat /data/media/0/efs
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
# stat /data/media/0/efs/pics
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
How does your mount look like?
Code:
# mount |grep pics
/data/media/0/efs/pics on /data/media/0/pics type ecryptfs (rw,relatime,ecryptfs_fnek_sig=56b1f3c519fb3412,ecryptfs_sig=56b1f3c519fb3412,ecryptfs_cipher=aes,ecryptfs_key_bytes=16)
Is /sdcard linked?
Code:
# ls -l /sdcard
lrwxrwxrwx 1 root root 21 May 10 1973 /sdcard -> /storage/self/primary
What Android version and kernel do you have?
Click to expand...
Click to collapse
Android 6.0 kernel 3.18.14
/sdcard is symlink to /mnt/sdcard, i changed /sdcard to /mnt/sdcard
Code:
# mount -t ecryptfs
/mnt/sdcard/efs/pics on /mnt/sdcard/pics type ecryptfs (rw,relatime,ecryptfs_fnek_sig=1b77138d91206e66,ecryptfs_sig=1b77138d91206e66,ecryptfs_cipher=aes,ecryptfs_key_bytes=16)
Code:
# stat /mnt/sdcard/pics
Access: (775/drwxrwxr-x) Uid: (1000/ system) Gid: (1015/sdcard_rw)
# stat /mnt/sdcard/efs
Access: (775/drwxrwxr-x) Uid: (1000/ system) Gid: (1015/sdcard_rw)
# stat /mnt/sdcard/efs/pics
Access: (775/drwxrwxr-x) Uid: (1000/ system) Gid: (1015/sdcard_rw)
Code:
# touch /mnt/sdcard/pics/test
touch: /mnt/sdcard/pics/test: Permission denied

What about the permissions of /data/media/0 folders? That's the most important part.
If your sdcard is not at /data/media/0 you probably don't have a multiuser environment (older phone?) and /mnt/sdcard is probably a real partition. This is early Kitkat partition layout (/sdcard and /data have separate partitions). On later systems both are on /data partition and /sdcard is abstracted by a FUSE file system that would automatically set the proper permissions whenever you write something to it (even as root).
In case you are on an old layout you would need to set proper permissions to /sdcard/pics and /sdcard/efs yourself. Just take a look at the other folders with 'ls -l /mnt/sdcard' and set accordingly. You would also need to change /data/media/0 to /mnt/sdcard in the script.
What do you get with this?
Code:
# mount |grep sdcard
# mount |grep storage
What phone is it? Kernel 3.18 doesn't sound all too old.
Edit: Another theory is your internal sdcard is scardfs or something. If so, it might break "stacking" folders (mount over). Try to use /data/pics and /data/efs/pics as a test.

It works in Permissive mode (setenforce 0)
I need Busybox with SELinux-enabled and use it to set it to Permissive mode
Code:
# busybox getenforce
Enforcing
# busybox setenforce 0
# busybox getenforce
Permissive
And then execute the efs-pics.sh and test it
Code:
# cp file /mnt/sdcard/pics ; echo $?
[b]0[/b]
# ls /mnt/sdcard/pics
[b]file[/b]
Horreee.... it Works.

SELinux Denial and I can't fix it

Device tree:= https://github.com/Sohamlad7/android_device_motorola_cedric
Vendor:= https://github.com/Sohamlad7/android_vendor_motorola_cedric
Kernel Source:= https://github.com/Sohamlad7/android_kernel_motorola_msm8937
[!] I have changes at https://github.com/nift4/Mint-OS/tree/master/device/cedric; If you wonder why patching: It's waaay easier to maintain in my little time
ROM Source:= https://github.com/LineageOS / https://github.com/nift4/Mint-OS
Haste or Dogbin URL:= https://del.dog/fuppocifog
List Of Things You Have Tried To Do To Try And Resolve This Error:= Adding these Things to the DT:
https://github.com/Sohamlad7/androi...mmit/8978df3780d4b9cbc00c7b40b4505ce3752373c4
https://github.com/nift4/Mint-OS/bl...4b2825a6eff213850/device/cedric/device.mk#L10

You can generate the needed sepolicy rules with the following commands:
Code:
adb pull /sys/fs/selinux/policy
adb logcat -b all -d | audit2allow -p policy
Under Ubuntu/Debian, the audit2allow util is in the "policycoreutils-python-utils" package.
BTW, my patch for LOS15.1 and the HID USB keyboard app looked like this (I don't use it anymore):
Code:
diff --git a/private/file_contexts b/private/file_contexts
index 02e9fd74..774b2654 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -171,6 +171,7 @@
/dev/xt_qtaguid u:object_r:qtaguid_device:s0
/dev/zero u:object_r:zero_device:s0
/dev/__properties__ u:object_r:properties_device:s0
+/dev/hidg[0-9]* u:object_r:hid_gadget_device:s0
#############################
# System files
#
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index a090ec13..f37dfc2b 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -54,6 +54,9 @@ allow untrusted_app_all system_app_data_file:file { read write getattr };
# This includes what used to be media_app, shared_app, and release_app.
#
+#USB Gadget
+allow untrusted_app_all hid_gadget_device:chr_file rw_file_perms;
+
# Access to /data/media.
allow untrusted_app_all media_rw_data_file:dir create_dir_perms;
allow untrusted_app_all media_rw_data_file:file create_file_perms;
diff --git a/public/device.te b/public/device.te
index 475948da..e9f5e36d 100644
--- a/public/device.te
+++ b/public/device.te
@@ -101,3 +101,6 @@ type metadata_block_device, dev_type;
# The 'misc' partition used by recovery and A/B.
type misc_block_device, dev_type;
+
+#USB Gadget
+type hid_gadget_device, dev_type, mlstrustedobject;

meiser said:
You can generate the needed sepolicy rules with the following commands:
Under Ubuntu/Debian, the audit2allow util is in the "policycoreutils-python-utils" package.
BTW, my patch for LOS15.1 and the HID USB keyboard app looked like this (I don't use it anymore):
Click to expand...
Click to collapse
Thanks
I have that except mlstrustedobject. That is for sure the reason write is still denied.