안드로이드 기기의 해킹을 위한 필수 기초 지식
2012. 1. 19. 15:07
아트릭스에 포함된 우분투는 모토롤라에서 커스터마이징을 한 것으로, 일반적인 apt-get 이나 synaptics를 이용하여 수행하는 우분투 repository 파일을 사용할 수 없다.
update repository source 파일을 수정하여 apt-get upgrade를 수행하는 방법이 가능할 수도 있으나,
이런 경우 모토롤라에서 설정을 변경한 파일들까지 덮어씌워버려 시스템 전체를 사용하지 못하게 될 수 있다.
내가 그런 상황에 처했다.
하드디스크도 아닌 플래쉬 메모리에 롬을 해킹하는 작업인데,
기본적으로 수행해야 할 사전 작업인 펌웨어 백업도 해 놓지 않고 인터넷에서 찾은 full ubuntu 설치 스크립트를 직접 아트릭스에 띄운 터미널에서 실행했다.
그 결과 apt-get install 단계에서 설치를 진행하다가 의존성 에러가 발생하며 더 이상 진행되지 않는다.
이전으로 되돌리는 것도 불가능하다.
apt-get 이나 aptitude, dpkg 등의 관리 프로그램에서 force 옵션을 주어보아도 더 이상 진행되지 않는다.
수백개에 달하는 패키지를 일일이 찾아 force 옵션으로 강제 설치하는 것도 불가능해 보인다.
안드로이드 시스템 자체에는 아무 이상이 없는데 webtop이 정상작동 하지 않는다.
당연하다, 안드로이드 시스템을 건드린건 아니고, 아트릭스에 별도 파티션으로 심어진 우분투를 건드린거니까.
하지만 아트릭스를 사고자 했던 궁극적인 목적인 랩독, 웹독을 이용한 우분투 사용이 불가능하게 되었으니
필히 해결을 해야할 문제이다.
할수 없이 그 동안 뭔지도 모르고 인터넷에 적힌대로 따라했던 작업들이 어떤 것이 었는지 다시 한번 살펴보고 이다.
안드로이드 기기가 PC 와는 다른 embedded 기기 이므로, 파티셔닝, 부트로더 등 개념이 차이가 많이 난다.
그나마 가장 친절히 설명된 링크가 아래의 xda-developer 사이트같다.
We shall assume you know how to install needed drivers and where to get android sdk and put the sdk binaries (executables) in the system path. If we need to expend this let me know and I'll expend this here.
Further, if I get any parts wrong, PM me and I'll get those parts corrected.
Android Partition, SPL etc.
Followings are a list of partitions on your android phone.
misc - misc partition -
recovery - Recovery Partition - This is where the original HTC recovery or Amon Ra's recovery or any other Recovery would go. Basically if you reboot into recovery it'll boot from here.
boot - This is your boot partition
system - This is where all your system information (ROM resides)
cache - cache (When you factory reset the phone, this area is wiped)
userdata - user data (like your login, your user settings etc) When you factory reset the phone, this area is wiped)
So, if you replace the recovery image, you are pretty much set for updates provided here at XDA. Note: By replacing your recovery image, you may not be able to have OTA updates.
ROM images will normally replace boot and system images at the same time and often time, userdata and cache too; reseting the phone completely.
SPL/Bootloader/Radio/Bricking Phones:
SPL / Bootloader is like BIOS on a computer. At least I think of it that way. SPL can be updated! SPL comes as either Security-On of Security-Off (S-ON/S-OFF).
Note: It is my understanding that radio will boot first, followed by other systems. So it is IMPORTANT that your radio image/version will work with your SPL image/version. This is the one and only reason for phones being bricked. You can not brick your phone by flashing a ROM or Boot image or recovery image. Once you flash the wrong radio for the SPL, the only known method of recovery is to send the phone back into HTC for repair.
How do I know the phone is bricked? A bricked phone can not boot into bootloader, recovery, or into normal operation modes. You can not connect to a bricked phone via adb or fastboot. You can only see one screen on the phone and it will be the first splash screen.
adb - Android Debug Bridge - One of the two things you'll need to know if you ever want to do anything non-conventional on your android based phone.
List of commands that can be used by adb can be prompted by typing adb at the system shell (command prompt or terminal)
Notable adb commands:
adb devices - If you don't know anything, this is the ONE thing you have to know.
adb devices will give you a list of devices connected to the computer. This is also a good way to make sure that your phone is actually connected to the computer.
adb reboot (bootloader|recovery)
adb reboot - this will reboot your phone normally.
adb reboot bootloader - this will reboot your phone back into the bootloader (white screen with the android on wheels)
adb reboot recovery - this will reboot your phone back into recovery console (either default or amon_ra's recovery).
adb shell - this will shell into the phone and you can now explore the phone. Remember phone's native backend os is linux so know your linux commands.
adb remount - remounts the system partition on the phone so you can you read/write to it.
adb push xxx yyy - will push xxx file from computer into yyy location/file on phone (needs rooted access)
adb pull xxx yyy - will pull xxx file from phone into yyy location/file on computer (needs rooted access)
Fastboot is protocol used to update the flash filesystem in Android devices from a host over USB. It allows flashing of unsigned partition images.
Notable fastboot commands:
fastboot devices - If you don't know anything, this is the ONE thing you have to know.
fastboot devices will give you a list of devices connected to the computer. This is also a good way to make sure that your phone is actually connected to the computer.
fastboot reboot - this will reboot your phone normally
fastboot oem unlock - this will unlock your bootloader - NOTE THIS WILL VOID YOUR NEXUS ONE WARRANTY
fastboot erase XXX - Will erase the partition XXX (such as userdata, cache) - mainly used for resetting phone and clearing userdata / factory settings.
fastboot flash XXX YYY - This will flash XXX partitionn with YYY image.
e.g: fastboot flash system system_update.img will flash/update your system partition with an image called system_update
If anyone needs me to dig deep into using anything else, please PM me. I'll add it on here. Hopefully this will help all newbies about the basic commands and what they do.
FAQs (UPDATED Feb 09, 2010)
Q: One question about the Android SDK. Do I need it to flash my N1 or just to program new apps? Where can I get it?
A: Android SDK is not entirely needed to flash the N1. However, there are tools in there that you need. Adb / Fastboot etc. Although they can be downloaded by themselves, the windows version of the SDK also have the Drivers that are needed for android devices for USB connection. So, it is recommended to get it. You can get it fromdeveloper.android.com
Q:I have never experienced anything like this when I did a hard-spl on my winmo phone. Radio versions are included with SPL's, right?
A: Official packages from HTC did come with nbh packaging, meaning it is a all in one upgrader that will update Radio, ROM, System etc, it is very much common for active development area here at XDA to get the radio or SPL or ROM separately and independently of one another. And as such, you will most likely flash them seperately (who wants to wait 6-8 months). Also, since this phone is released by google, HTC will most likely not update any major Radios. However, it is very likely that we will be hacking in Radio updates or any other "updates" from HTC from their new device - HTC Bravo.
Q: Is there a guide for snow leopard? I'm kind of stuck.
A: I personally ran android SDK and aforementioned executable on both MAC OS 10.5 and 10.6. Like I posted, the commands and the executable names may be slightly different. I may call adb and you may find it as adb-mac. I am not going to write 3 separate documents for 3 separate OSes. You have to know that adb=adb-mac (on your mac), adb-linux (for linux) etc. And yes the above guide will work universally.
Q: Can i replace the splash image..?? (unlocking related)
A: As of the above date (next to the FAQ) no you can not. Issue is probably a few folds. One of them is that splash1.img is not going in due to security lock. Remember, you unlocked the phone. HTC will not like it.
Anyhow, I like the current quad color X. If you are thinking of getting rid of the lock logo, good luck. Even if you can get rid of it, you will still have to overcome the pink text that says ***UNLOCKED*** on your bootloader.
Q: Can you run Windows Mobile on Android Phones?
A: With enough resources given, sure. Will it ever happen? No. Why? Windows mobile compiler and builder cost $. As a matter of fact, as of version 5, it was going to cost me $75 per device. That's one of the reasons why handset makers went to Android open platform. Android is free and universal so as long as you use certain chipsets and certain items, you are good to go. Can it ever be ported? Sure. With right amount of time and money anything can be done. But at this point, it's cheaper for you to go buy a windows mobile smartphone.
Q: How do I know the phone is bricked?
A: You can not brick a phone unless you are flashing Radio/SPL packages. Make sure if you are doing that, you follow directions VERY CAREFULLY. A bricked phone can not boot into bootloader, recovery, or into normal operation modes. You can not connect to a bricked phone via adb or fastboot. You can only see one screen on the phone and it will be the first splash screen.
Q: I have installed the Android SDK however, i cannot seem to get the laptop to detect the nexus. What have i left out?
A: Most common item that people forget to enable is USB Debugging. Settings => Applications => Development => USB debugging [checked]
Q: I have rooted n1. when I go to recovery to do backup, I get the triangle with the little green android guy, but phone is stuck there. I have to remove battery to reboot phone. What have I done wrong?
A: You still have the stock (shipping) recovery. If you want a different recovery (Amon RA's), download it, the from fastboot, run fastboot flash recovery downloaded_recovery.img
Q: Which step of the rooting / recovery procedure does it give root?
A: Root and Recovery are two totally different things. Recovery is a partition that contain recovery information. Stock recovery is what allows OTA updates etc. Normally it will search for update.zip in the root folder of the SD card. Amon_RA's Recovery or any other recovery images are there to enhance the traditional stock recovery. Amon Ra's Recovery for example, contains thing such as ability to update from different zip files, and backup/restore of your data/system.
Rooting is not done by recovery but is a kernel level access (simply put) that will give root or "SU". It is done by patching the boot partition of the your android device.
Q: What are the differences, advantages, disadvantages of the different ROM's?
A: They are all different. Some have some features, some are plain stock, some are made for bleeding edge kernel etc. You'll have to try them out and figure out yourself. I may make a chart of what they are (see the bottom at my signature - wiki) but with too many android devices, I will need some major help. One person alone will not have total knowledge of all the ROM releases. There are just way too many devices and ROMs.
Q: Which ROM will allow OTA updates?
A: Stock ROM WITH Stock Recovery.
Q: If the phone is SIM/carrier unlocked and you root do you have to SIM unlock again?
A: SIM/Carrier unlock has nothing to do with rooting your phone. You can still have root and still be carrier locked. Nexus One comes carrier unlocked from factory.
Q: How much space is there for apps? is using the sd card really necessary? (on Nexus One)
A: Search google? The phone has 512MB or space. That SHOULD be more than enough for you. If not, you have some serious issues. I do not believe you will not App2SD for Nexus One. Google did say during the release conference that they will update Android/N1 so that apps can be run/installed to SD but that requires some system and security changes (mainly to prevent pirated software - Yes if I write something, I deserve to get paid for it).
Q: When you do "flash zip from sdcard" or "fastboot flash image" does this merge and overwrite the files in to the partition?
A: When you update a software (via recovery), software my be merged. However, if you fastboot flash, just like the word flash says, it will flash and overwrite the partition.
Q: Which partition does "flash zip from sdcard" affect?
update repository source 파일을 수정하여 apt-get upgrade를 수행하는 방법이 가능할 수도 있으나,
이런 경우 모토롤라에서 설정을 변경한 파일들까지 덮어씌워버려 시스템 전체를 사용하지 못하게 될 수 있다.
내가 그런 상황에 처했다.
하드디스크도 아닌 플래쉬 메모리에 롬을 해킹하는 작업인데,
기본적으로 수행해야 할 사전 작업인 펌웨어 백업도 해 놓지 않고 인터넷에서 찾은 full ubuntu 설치 스크립트를 직접 아트릭스에 띄운 터미널에서 실행했다.
그 결과 apt-get install 단계에서 설치를 진행하다가 의존성 에러가 발생하며 더 이상 진행되지 않는다.
이전으로 되돌리는 것도 불가능하다.
apt-get 이나 aptitude, dpkg 등의 관리 프로그램에서 force 옵션을 주어보아도 더 이상 진행되지 않는다.
수백개에 달하는 패키지를 일일이 찾아 force 옵션으로 강제 설치하는 것도 불가능해 보인다.
안드로이드 시스템 자체에는 아무 이상이 없는데 webtop이 정상작동 하지 않는다.
당연하다, 안드로이드 시스템을 건드린건 아니고, 아트릭스에 별도 파티션으로 심어진 우분투를 건드린거니까.
하지만 아트릭스를 사고자 했던 궁극적인 목적인 랩독, 웹독을 이용한 우분투 사용이 불가능하게 되었으니
필히 해결을 해야할 문제이다.
할수 없이 그 동안 뭔지도 모르고 인터넷에 적힌대로 따라했던 작업들이 어떤 것이 었는지 다시 한번 살펴보고 이다.
안드로이드 기기가 PC 와는 다른 embedded 기기 이므로, 파티셔닝, 부트로더 등 개념이 차이가 많이 난다.
그나마 가장 친절히 설명된 링크가 아래의 xda-developer 사이트같다.
[Newbie Guide] adb/fastboot/bootloader/android 101
The purpose of this document is to clarify a few basics about HTC Android Phones and basic commands to interface with the phones. Think of this as a beginner's guides to the Android device from a non-traditional user's point of view. I'll keep it simple and plain as much as I can for the new users. I'll also try to keep all the technical aspects true as much as I can while keeping it simple.
Before you go on, please read this and understand the basic concepts and how and why following commands are being used. Do not follow anyone's instructions/tutorials/guides without prior basic understanding of what each command do. I do want to believe it's humans visiting this forum and not lemmings. If you do not understand, feel free to ask here. I will or someone else also knowledgeable will answer your questions. DO NOT QUOTE THIS AS A WHOLE. My pet peeves and a complete waste of screen space.
Sometime, depending on your OS, command names may change (e.g: mouse / mouse.exe / mouse-linux / mouse-mac). For general purpose, we'll use mouse instead of an OS specific commands in this instructions.
So to repeat myself, if you understood the concepts of the commands, and you are on a linux system and someone's guide says touch index.php, you will automatically type touch-linux or whatever the name of your executable is on your system.
Before you go on, please read this and understand the basic concepts and how and why following commands are being used. Do not follow anyone's instructions/tutorials/guides without prior basic understanding of what each command do. I do want to believe it's humans visiting this forum and not lemmings. If you do not understand, feel free to ask here. I will or someone else also knowledgeable will answer your questions. DO NOT QUOTE THIS AS A WHOLE. My pet peeves and a complete waste of screen space.
Sometime, depending on your OS, command names may change (e.g: mouse / mouse.exe / mouse-linux / mouse-mac). For general purpose, we'll use mouse instead of an OS specific commands in this instructions.
So to repeat myself, if you understood the concepts of the commands, and you are on a linux system and someone's guide says touch index.php, you will automatically type touch-linux or whatever the name of your executable is on your system.
We shall assume you know how to install needed drivers and where to get android sdk and put the sdk binaries (executables) in the system path. If we need to expend this let me know and I'll expend this here.
Further, if I get any parts wrong, PM me and I'll get those parts corrected.
Android Partition, SPL etc.
Followings are a list of partitions on your android phone.
misc - misc partition -
recovery - Recovery Partition - This is where the original HTC recovery or Amon Ra's recovery or any other Recovery would go. Basically if you reboot into recovery it'll boot from here.
boot - This is your boot partition
system - This is where all your system information (ROM resides)
cache - cache (When you factory reset the phone, this area is wiped)
userdata - user data (like your login, your user settings etc) When you factory reset the phone, this area is wiped)
So, if you replace the recovery image, you are pretty much set for updates provided here at XDA. Note: By replacing your recovery image, you may not be able to have OTA updates.
ROM images will normally replace boot and system images at the same time and often time, userdata and cache too; reseting the phone completely.
SPL/Bootloader/Radio/Bricking Phones:
SPL / Bootloader is like BIOS on a computer. At least I think of it that way. SPL can be updated! SPL comes as either Security-On of Security-Off (S-ON/S-OFF).
Note: It is my understanding that radio will boot first, followed by other systems. So it is IMPORTANT that your radio image/version will work with your SPL image/version. This is the one and only reason for phones being bricked. You can not brick your phone by flashing a ROM or Boot image or recovery image. Once you flash the wrong radio for the SPL, the only known method of recovery is to send the phone back into HTC for repair.
How do I know the phone is bricked? A bricked phone can not boot into bootloader, recovery, or into normal operation modes. You can not connect to a bricked phone via adb or fastboot. You can only see one screen on the phone and it will be the first splash screen.
adb - Android Debug Bridge - One of the two things you'll need to know if you ever want to do anything non-conventional on your android based phone.
List of commands that can be used by adb can be prompted by typing adb at the system shell (command prompt or terminal)
Notable adb commands:
adb devices - If you don't know anything, this is the ONE thing you have to know.
adb devices will give you a list of devices connected to the computer. This is also a good way to make sure that your phone is actually connected to the computer.
adb reboot (bootloader|recovery)
adb reboot - this will reboot your phone normally.
adb reboot bootloader - this will reboot your phone back into the bootloader (white screen with the android on wheels)
adb reboot recovery - this will reboot your phone back into recovery console (either default or amon_ra's recovery).
adb shell - this will shell into the phone and you can now explore the phone. Remember phone's native backend os is linux so know your linux commands.
adb remount - remounts the system partition on the phone so you can you read/write to it.
adb push xxx yyy - will push xxx file from computer into yyy location/file on phone (needs rooted access)
adb pull xxx yyy - will pull xxx file from phone into yyy location/file on computer (needs rooted access)
Fastboot is protocol used to update the flash filesystem in Android devices from a host over USB. It allows flashing of unsigned partition images.
Notable fastboot commands:
fastboot devices - If you don't know anything, this is the ONE thing you have to know.
fastboot devices will give you a list of devices connected to the computer. This is also a good way to make sure that your phone is actually connected to the computer.
fastboot reboot - this will reboot your phone normally
fastboot oem unlock - this will unlock your bootloader - NOTE THIS WILL VOID YOUR NEXUS ONE WARRANTY
fastboot erase XXX - Will erase the partition XXX (such as userdata, cache) - mainly used for resetting phone and clearing userdata / factory settings.
fastboot flash XXX YYY - This will flash XXX partitionn with YYY image.
e.g: fastboot flash system system_update.img will flash/update your system partition with an image called system_update
If anyone needs me to dig deep into using anything else, please PM me. I'll add it on here. Hopefully this will help all newbies about the basic commands and what they do.
FAQs (UPDATED Feb 09, 2010)
Q: One question about the Android SDK. Do I need it to flash my N1 or just to program new apps? Where can I get it?
A: Android SDK is not entirely needed to flash the N1. However, there are tools in there that you need. Adb / Fastboot etc. Although they can be downloaded by themselves, the windows version of the SDK also have the Drivers that are needed for android devices for USB connection. So, it is recommended to get it. You can get it fromdeveloper.android.com
Q:I have never experienced anything like this when I did a hard-spl on my winmo phone. Radio versions are included with SPL's, right?
A: Official packages from HTC did come with nbh packaging, meaning it is a all in one upgrader that will update Radio, ROM, System etc, it is very much common for active development area here at XDA to get the radio or SPL or ROM separately and independently of one another. And as such, you will most likely flash them seperately (who wants to wait 6-8 months). Also, since this phone is released by google, HTC will most likely not update any major Radios. However, it is very likely that we will be hacking in Radio updates or any other "updates" from HTC from their new device - HTC Bravo.
Q: Is there a guide for snow leopard? I'm kind of stuck.
A: I personally ran android SDK and aforementioned executable on both MAC OS 10.5 and 10.6. Like I posted, the commands and the executable names may be slightly different. I may call adb and you may find it as adb-mac. I am not going to write 3 separate documents for 3 separate OSes. You have to know that adb=adb-mac (on your mac), adb-linux (for linux) etc. And yes the above guide will work universally.
Q: Can i replace the splash image..?? (unlocking related)
A: As of the above date (next to the FAQ) no you can not. Issue is probably a few folds. One of them is that splash1.img is not going in due to security lock. Remember, you unlocked the phone. HTC will not like it.

Q: Can you run Windows Mobile on Android Phones?
A: With enough resources given, sure. Will it ever happen? No. Why? Windows mobile compiler and builder cost $. As a matter of fact, as of version 5, it was going to cost me $75 per device. That's one of the reasons why handset makers went to Android open platform. Android is free and universal so as long as you use certain chipsets and certain items, you are good to go. Can it ever be ported? Sure. With right amount of time and money anything can be done. But at this point, it's cheaper for you to go buy a windows mobile smartphone.
Q: How do I know the phone is bricked?
A: You can not brick a phone unless you are flashing Radio/SPL packages. Make sure if you are doing that, you follow directions VERY CAREFULLY. A bricked phone can not boot into bootloader, recovery, or into normal operation modes. You can not connect to a bricked phone via adb or fastboot. You can only see one screen on the phone and it will be the first splash screen.
Q: I have installed the Android SDK however, i cannot seem to get the laptop to detect the nexus. What have i left out?
A: Most common item that people forget to enable is USB Debugging. Settings => Applications => Development => USB debugging [checked]
Q: I have rooted n1. when I go to recovery to do backup, I get the triangle with the little green android guy, but phone is stuck there. I have to remove battery to reboot phone. What have I done wrong?
A: You still have the stock (shipping) recovery. If you want a different recovery (Amon RA's), download it, the from fastboot, run fastboot flash recovery downloaded_recovery.img
Q: Which step of the rooting / recovery procedure does it give root?
A: Root and Recovery are two totally different things. Recovery is a partition that contain recovery information. Stock recovery is what allows OTA updates etc. Normally it will search for update.zip in the root folder of the SD card. Amon_RA's Recovery or any other recovery images are there to enhance the traditional stock recovery. Amon Ra's Recovery for example, contains thing such as ability to update from different zip files, and backup/restore of your data/system.
Rooting is not done by recovery but is a kernel level access (simply put) that will give root or "SU". It is done by patching the boot partition of the your android device.
Q: What are the differences, advantages, disadvantages of the different ROM's?
A: They are all different. Some have some features, some are plain stock, some are made for bleeding edge kernel etc. You'll have to try them out and figure out yourself. I may make a chart of what they are (see the bottom at my signature - wiki) but with too many android devices, I will need some major help. One person alone will not have total knowledge of all the ROM releases. There are just way too many devices and ROMs.
Q: Which ROM will allow OTA updates?
A: Stock ROM WITH Stock Recovery.
Q: If the phone is SIM/carrier unlocked and you root do you have to SIM unlock again?
A: SIM/Carrier unlock has nothing to do with rooting your phone. You can still have root and still be carrier locked. Nexus One comes carrier unlocked from factory.
Q: How much space is there for apps? is using the sd card really necessary? (on Nexus One)
A: Search google? The phone has 512MB or space. That SHOULD be more than enough for you. If not, you have some serious issues. I do not believe you will not App2SD for Nexus One. Google did say during the release conference that they will update Android/N1 so that apps can be run/installed to SD but that requires some system and security changes (mainly to prevent pirated software - Yes if I write something, I deserve to get paid for it).
Q: When you do "flash zip from sdcard" or "fastboot flash image" does this merge and overwrite the files in to the partition?
A: When you update a software (via recovery), software my be merged. However, if you fastboot flash, just like the word flash says, it will flash and overwrite the partition.
Q: Which partition does "flash zip from sdcard" affect?
A: Depends on what you are flashing. It could be any or all of the partitions such as SPL, Boot, System, Recovery, Radio. You should study first before randomly flashing things.