I show how to replace a system apk, that is a apk which uses the shared user android.uid.system.
You will have to look at
adb shell dumpsys package
and find all apk that use this shared user, because they all have to be signed by the same key to be in the shared user.
Then you will have to resign them all with the same key and copy them to the phone.
When you have foobar.apk and foobar.odex on the phone, you will only have to resign the apk and the odex can stay unchanged there. It seems that they are not protected by signature.
(More to come)
Friday, July 9, 2010
Thursday, July 8, 2010
Comparison of various LG GW620 firmwares
I extracted various images downloaded directly from the lg site.
The images are:
V10C_02-BOUYGUES-FRANCE
V10E_05-Vodafone
V10G_00-European-Open
V10I_00-European-Open
V10R_00-Korean-KH5200
I extracted the kdz into cab by the LG-Utils, cab by cabextractor, dz by DZExtractor.
You see there the md5sums of those files. What we see is, that there are quite a lot similarities between amsshd.mbn, appsboothd.mbn and oemsbl.mbn and oemsblhd.mbn.
But amss.mbn and appsboot.mbn are different in each version. Maybe there is some version information included?
As far as I know, amss is the modem firmware and appsboot is the fastboot bootloader. I dont know what the *hd.mbn files are for or what oemsbl* do? (bl=bootloader??)
dfb0769dc93ecdc5988380bed9aaff1c *./V10C-Bouygues/amss.mbn
2a17c5247dba9fce11498488fee12061 *./V10E_05-Vodafone/amss.mbn
dd333e6566eef99a969713799553be75 *./V10G-EuOpen/amss.mbn
7253bd80c73edb549300d87253078968 *./V10I-EuOpen/amss.mbn
d8bcae68375240d397522275dbd0830b *./V10R-Korean/amss.mbn
cdda75572994a6daab80c5e5351310b9 *./V10C-Bouygues/appsboot.mbn
314c89a375728fa02442c56992aff1eb *./V10E_05-Vodafone/appsboot.mbn
44967c50fd8301aee1d032a51b7793df *./V10G-EuOpen/appsboot.mbn
70b1b733b69e5dfe2df3c735338394cf *./V10I-EuOpen/appsboot.mbn
6693756d83d122e385780c245ab79b3d *./V10R-Korean/appsboot.mbn
f58e8960cdb4b12b49f9012a9d1ce2b7 *./V10C-Bouygues/amsshd.mbn
e26cd6f9e9fe7b7695f84cdebdf39cd3 *./V10E_05-Vodafone/amsshd.mbn
e26cd6f9e9fe7b7695f84cdebdf39cd3 *./V10G-EuOpen/amsshd.mbn
0d8c685e56e06b85cb7044ed791790d9 *./V10I-EuOpen/amsshd.mbn
0d8c685e56e06b85cb7044ed791790d9 *./V10R-Korean/amsshd.mbn
46d7ede5e2e68dca935f0861ae0483ef *./V10C-Bouygues/appsboothd.mbn
46d7ede5e2e68dca935f0861ae0483ef *./V10E_05-Vodafone/appsboothd.mbn
46d7ede5e2e68dca935f0861ae0483ef *./V10G-EuOpen/appsboothd.mbn
223e9770b5a2df3221395b0063958327 *./V10I-EuOpen/appsboothd.mbn
e94486df5e239789905fec03c095cd47 *./V10R-Korean/appsboothd.mbn
97b73ae9e69966d211ae239a04421482 *./V10C-Bouygues/oemsblhd.mbn
97b73ae9e69966d211ae239a04421482 *./V10E_05-Vodafone/oemsblhd.mbn
97b73ae9e69966d211ae239a04421482 *./V10G-EuOpen/oemsblhd.mbn
97b73ae9e69966d211ae239a04421482 *./V10I-EuOpen/oemsblhd.mbn
e5fcd9de494ac6eb8069726ea224865e *./V10R-Korean/oemsblhd.mbn
923ba573446a32cec1763a8acf752b64 *./V10C-Bouygues/oemsbl.mbn
923ba573446a32cec1763a8acf752b64 *./V10E_05-Vodafone/oemsbl.mbn
923ba573446a32cec1763a8acf752b64 *./V10G-EuOpen/oemsbl.mbn
751718cb392653314127319d490e4c65 *./V10I-EuOpen/oemsbl.mbn
7ee4fcbe4c80f2f9bce340820e57bc93 *./V10R-Korean/oemsbl.mbn
The images are:
V10C_02-BOUYGUES-FRANCE
V10E_05-Vodafone
V10G_00-European-Open
V10I_00-European-Open
V10R_00-Korean-KH5200
I extracted the kdz into cab by the LG-Utils, cab by cabextractor, dz by DZExtractor.
You see there the md5sums of those files. What we see is, that there are quite a lot similarities between amsshd.mbn, appsboothd.mbn and oemsbl.mbn and oemsblhd.mbn.
But amss.mbn and appsboot.mbn are different in each version. Maybe there is some version information included?
As far as I know, amss is the modem firmware and appsboot is the fastboot bootloader. I dont know what the *hd.mbn files are for or what oemsbl* do? (bl=bootloader??)
dfb0769dc93ecdc5988380bed9aaff1c *./V10C-Bouygues/amss.mbn
2a17c5247dba9fce11498488fee12061 *./V10E_05-Vodafone/amss.mbn
dd333e6566eef99a969713799553be75 *./V10G-EuOpen/amss.mbn
7253bd80c73edb549300d87253078968 *./V10I-EuOpen/amss.mbn
d8bcae68375240d397522275dbd0830b *./V10R-Korean/amss.mbn
cdda75572994a6daab80c5e5351310b9 *./V10C-Bouygues/appsboot.mbn
314c89a375728fa02442c56992aff1eb *./V10E_05-Vodafone/appsboot.mbn
44967c50fd8301aee1d032a51b7793df *./V10G-EuOpen/appsboot.mbn
70b1b733b69e5dfe2df3c735338394cf *./V10I-EuOpen/appsboot.mbn
6693756d83d122e385780c245ab79b3d *./V10R-Korean/appsboot.mbn
f58e8960cdb4b12b49f9012a9d1ce2b7 *./V10C-Bouygues/amsshd.mbn
e26cd6f9e9fe7b7695f84cdebdf39cd3 *./V10E_05-Vodafone/amsshd.mbn
e26cd6f9e9fe7b7695f84cdebdf39cd3 *./V10G-EuOpen/amsshd.mbn
0d8c685e56e06b85cb7044ed791790d9 *./V10I-EuOpen/amsshd.mbn
0d8c685e56e06b85cb7044ed791790d9 *./V10R-Korean/amsshd.mbn
46d7ede5e2e68dca935f0861ae0483ef *./V10C-Bouygues/appsboothd.mbn
46d7ede5e2e68dca935f0861ae0483ef *./V10E_05-Vodafone/appsboothd.mbn
46d7ede5e2e68dca935f0861ae0483ef *./V10G-EuOpen/appsboothd.mbn
223e9770b5a2df3221395b0063958327 *./V10I-EuOpen/appsboothd.mbn
e94486df5e239789905fec03c095cd47 *./V10R-Korean/appsboothd.mbn
97b73ae9e69966d211ae239a04421482 *./V10C-Bouygues/oemsblhd.mbn
97b73ae9e69966d211ae239a04421482 *./V10E_05-Vodafone/oemsblhd.mbn
97b73ae9e69966d211ae239a04421482 *./V10G-EuOpen/oemsblhd.mbn
97b73ae9e69966d211ae239a04421482 *./V10I-EuOpen/oemsblhd.mbn
e5fcd9de494ac6eb8069726ea224865e *./V10R-Korean/oemsblhd.mbn
923ba573446a32cec1763a8acf752b64 *./V10C-Bouygues/oemsbl.mbn
923ba573446a32cec1763a8acf752b64 *./V10E_05-Vodafone/oemsbl.mbn
923ba573446a32cec1763a8acf752b64 *./V10G-EuOpen/oemsbl.mbn
751718cb392653314127319d490e4c65 *./V10I-EuOpen/oemsbl.mbn
7ee4fcbe4c80f2f9bce340820e57bc93 *./V10R-Korean/oemsbl.mbn
Friday, July 2, 2010
VPN on the GW620 1.5 cupcake
This will make pptp with mppe work on your cupcake GW620 (but it should easily extend to other android 1.5 phones). L2TP, pptp without mppe and other configurations should work, but I have not tested them. You will need root on you phone.
0. Step: get the files
I have uploaded the kernel patch, pppd, mtpd and even busybox and a complete boot.img here and here.
The boot.img may not work for your phone, so you should consider creating it yourself as under step 1.
1. Step: update your kernel and create a boot.img
Use the GW620-LG Kernel sources for 1.5 and apply the patch at the end of this post. This is the state of ppp in 2.6.29 kernel with very little modifications.
I used /proc/config.gz on the phone as my starting point for the config.
After applying the patch, you have to enable
CONFIG_PPP, CONFIG_PPP_ASYN, CONFIG_PPP_MPPE and CONFIG_PPPOPNS.
You will find various resources on how to compile the kernel for android.
Create a new boot.img by
../android-1.5/out/host/linux-x86/bin/mkbootimg --cmdline 'root=/dev/mtdblock1 rootfstype=yaffs2 lpj=1912832 console=/dev/null' --kernel my-kernel/arch/arm/boot/zImage --ramdisk debug-ramdisk.cpio.gz -o debug-boot.img
I got the parameter for cmdline by looking at cat /proc/cmdline on my phone. You may check if it gives the same output on your phone (and I would also be interested to hear it!)
The kernel parameter is (of course!) the path to your kernel image you just created.
The ramdisk can be one extracted from a previous but image.
ATTENTION: Dont flash this right away! First try by using
fastboot boot debug-boot.img
to boot this image without flashing and see if everything works.
If it goes fine, then use fastboot flash boot debug-boot.img to flash it.
If your phone crashes on boot after you have replaced your kernel, you should also replace wireless.ko in /system/lib/modules/. This fixed the crashes for me.
2. Copy pppd and mtpd binaries to /system/bin on your phone.
Those binaries are build when you compile the plain 1.6 android source.
3. create /system/etc/ppp/chap-secrets
See pppd's documentation how this should look like. I would recommend you to test the pptp on your computer first and then use the same chap-secrets file.
4. Using adb to run:
(Everything in one line)
Replace $hostname and $username by their respective values. For $username you should have the entry in chap-secrets.
Here 1723 is the (standard) port for pptp servers. After the port come _two_ _single_ ' and the rest of the commandline is directly passed to the pppd binary.
You will have to omit require-mppe-128 if you dont use it.
When you enable debug, you will see verbose output in logcat. (See my other post on how to enable locat)
At first I tried without mru 1280 mtu 1280, but after half a minute or so, the logcat output would fill with pppd: Unsupported Protocol ... with varying protocol numbers.
Using mru 1280 mtu 1280 fixed this problem.
Notes:
If it does not work, check that the output of 'route' is correct. You may want to install busybox for that, because the supplied route command is awful.
You could call this binary by using ASE - android scripting, for example.
UPDATE:
You will have to make an link /dev.pts to /dev/pts
or apply the following patch to and comile your own pppd:
+++ ../android-1.6/external/ppp/pppd/sys-linux.c 2010-05-12 18:57:24.511791149 +0200
@@ -2561,7 +2561,7 @@
if (mfd >= 0) {
int ptn;
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
- slprintf(pty_name, sizeof(pty_name), "/dev.pts/%d", ptn);
+ slprintf(pty_name, sizeof(pty_name), "/dev/pts/%d", ptn);
chmod(pty_name, S_IRUSR | S_IWUSR);
#ifdef TIOCSPTLCK
ptn = 0;
0. Step: get the files
I have uploaded the kernel patch, pppd, mtpd and even busybox and a complete boot.img here and here.
The boot.img may not work for your phone, so you should consider creating it yourself as under step 1.
1. Step: update your kernel and create a boot.img
Use the GW620-LG Kernel sources for 1.5 and apply the patch at the end of this post. This is the state of ppp in 2.6.29 kernel with very little modifications.
I used /proc/config.gz on the phone as my starting point for the config.
After applying the patch, you have to enable
CONFIG_PPP, CONFIG_PPP_ASYN, CONFIG_PPP_MPPE and CONFIG_PPPOPNS.
You will find various resources on how to compile the kernel for android.
Create a new boot.img by
../android-1.5/out/host/linux-x86/bin/mkbootimg --cmdline 'root=/dev/mtdblock1 rootfstype=yaffs2 lpj=1912832 console=/dev/null' --kernel my-kernel/arch/arm/boot/zImage --ramdisk debug-ramdisk.cpio.gz -o debug-boot.img
I got the parameter for cmdline by looking at cat /proc/cmdline on my phone. You may check if it gives the same output on your phone (and I would also be interested to hear it!)
The kernel parameter is (of course!) the path to your kernel image you just created.
The ramdisk can be one extracted from a previous but image.
ATTENTION: Dont flash this right away! First try by using
fastboot boot debug-boot.img
to boot this image without flashing and see if everything works.
If it goes fine, then use fastboot flash boot debug-boot.img to flash it.
If your phone crashes on boot after you have replaced your kernel, you should also replace wireless.ko in /system/lib/modules/. This fixed the crashes for me.
2. Copy pppd and mtpd binaries to /system/bin on your phone.
Those binaries are build when you compile the plain 1.6 android source.
3. create /system/etc/ppp/chap-secrets
See pppd's documentation how this should look like. I would recommend you to test the pptp on your computer first and then use the same chap-secrets file.
4. Using adb to run:
mtpd pptp $hostname 1723 '' name $username defaultroute require-mppe-128 debug mru 1280 mtu 1280
(Everything in one line)
Replace $hostname and $username by their respective values. For $username you should have the entry in chap-secrets.
Here 1723 is the (standard) port for pptp servers. After the port come _two_ _single_ ' and the rest of the commandline is directly passed to the pppd binary.
You will have to omit require-mppe-128 if you dont use it.
When you enable debug, you will see verbose output in logcat. (See my other post on how to enable locat)
At first I tried without mru 1280 mtu 1280, but after half a minute or so, the logcat output would fill with pppd: Unsupported Protocol ... with varying protocol numbers.
Using mru 1280 mtu 1280 fixed this problem.
Notes:
If it does not work, check that the output of 'route' is correct. You may want to install busybox for that, because the supplied route command is awful.
You could call this binary by using ASE - android scripting, for example.
UPDATE:
You will have to make an link /dev.pts to /dev/pts
or apply the following patch to and comile your own pppd:
+++ ../android-1.6/external/ppp/pppd/sys-linux.c 2010-05-12 18:57:24.511791149 +0200
@@ -2561,7 +2561,7 @@
if (mfd >= 0) {
int ptn;
if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
- slprintf(pty_name, sizeof(pty_name), "/dev.pts/%d", ptn);
+ slprintf(pty_name, sizeof(pty_name), "/dev/pts/%d", ptn);
chmod(pty_name, S_IRUSR | S_IWUSR);
#ifdef TIOCSPTLCK
ptn = 0;
Subscribe to:
Posts (Atom)