hacking android os

Hacking Android OShttp://gplus.to/JimmyLIVE

August 13, 2011Room TTN1, ITSC-CMU

Topics (1)

Why Android?Introduction to AOSP (Android Open-Source Project)Compiling AOSP and Creating ROMArchitecture of Android OSAndroid SDK, NDK, ADKIntroduction to CyanogenModInput Method CustomizationCreating your own LauncherTheme and Live Wall Paper

Topics (2)

Rooting Android DevicesHBoot, FastBoot, Recovery, S-OFF, Unlock BootloaderHow to cook the Android ROMSuper User, ODEX, Deodex, Zip-align, SigningHow to trap SMSSensors in Android PhoneIntroduction to Arduino and Android ADK(Android Accessory Developer Kit)

Why Hacking?

Why Hacking?

To know how it worksTo customize itTo make it betterTo enhance itTo have some FUN!

Not to do something illegal.Not to do piracy.

The first step to

Thai Android OS

What will you get from this class?

You will get NOTHING from this class but many links to where to read more

You will break your phone’s warrantee

You may BRICK your phone

You may create the best phone on earth from the bad SH*T phone in your hands

You may go to jail...

In case of Emergency

Why Android?

Android

Android is an open-source software stack (OS, Middle ware, Applications) created for mobile phones and other devices. The Android Open Source Project (AOSP), led by Google, is tasked with the maintenance and further development of Android.

Why Android?

“We created Android in response to our own experiences launching mobile apps. We wanted to make sure that there was no central point of failure, so that no industry player can restrict or control the innovations of any other. That's why we created Android, and made its source code open.”

- Google -

Why I love Android?

I hate Dumbo!

Safe and Fun (for Kids)Fully automatic turning left (with up & down)Need to queue and payHave to be a “Good Boy” to get riding...

Un-safe but more Fun (not for Kids)Turn left by yourselfNeed brave heartHave to be a “Good Boy” to buy BMW 1M

http://www.youtube.com/watch?v=15bQjiwzgUA

AOSP(Android Open Source Project)

AOSP

The goal of the Android Open Source Project is to create a successful real-world product that improves the mobile experience for end users.

To get and compile Android source code:http://source.android.com/source/initializing.html

Android Release History1.0 (branch name unknown, backnaming it Apple Pie)1.1 (branch name unknown, backnaming Banana bread)1.5 (Cupcake branch)1.6 (Donut branch)2.0 (Eclair branch)2.1 (Eclair branch)2.2 (Froyo branch)2.3 (Gingerbread branch)3.0 (Honeycomb branch)3.1 (Honeycomb branch)3.2 (Honeycomb branch)(Ice Cream Sandwich)

To start

Get Android Source

Compile it

Unlock your phone(lost your phone’s warantee)

Install the result ROM to your phone

(lost all of Google and Bundled apps)

Compile AOSP

$ . build/envsetup.sh

$ lunch(Select target device)

$ make -j4

What is Crespo?

Developer DevicesDream (HTC G1)SapphirePassion (Google Nexus One)Crespo (Google Nexus S)Crespo4G (Google Nexus S 4G)

Reboot to Bootloader

$ adb reboot bootloader

Use hardware button

Unlock Bootloader

$ fastboot oem unlock

On Nexus One, the operation voids the warranty and is irreversible.On Nexus S and Nexus S 4G, the bootloader can be locked back with$ fastboot oem lock

Flash your built ROM

$ fastboot flashall -w

Congratulations!You lost all Google and bundled apps!

Goo-inside.me

Google’s stuff and more...

Recovery

Rom Manager

ClockWorkMod Recovery

Try Flash

Google Apps

Restore your phone by flash OTA ROM

How to solve problem when you BRICK your phone

HBoot, FastBoot, SPLHboot is the init script of the device. In others words, it makes possible to the device power on and load all the "programs"

Fastboot is protocol used to update the flash file system in Android devices from a host over USB

The SPL, or Second Program Loader, in conjunction with the IPL comprise a device's bootloader. Aside from bootstrapping Android, the bootloader also fulfills various diagnostic functions. One of these functions is the manipulation of data in the device's internal flash ram. Depending on the SPL installed, the user can apply a signed NBH file, flash nand images, and more. Note that the SPL is installed and operates independently of the Android build that runs atop it.

FastBoot

Fastboot Cheat Sheet http://andblogs.net/fastboot/

Radio, SPL, Recoveryhttp://goondroid.com/root

Radio

SPL

System, Cache, Data

Recovery

ROM

Android Boot Processhttp://www.androidenea.com/2009/06/android-boot-process-from-power-on.html

Boot ROM - load first stage bootloader into system RAMBootloader

First stage bootloader - init memorySecond stage bootloader - load kernel to RAM

Linux KernelThe Init processZygote and Dalvik VMThe System ServerBoot completed

Android Architecture

Create your own Android

BeagleBoard http://beagleboard.org/

Panda Board http://www.pandaboard.org/

http://www.digikey.com/us/en/ph/texas-instruments/pandaboard.html

CyanogenMod

CyanogenMod is an aftermarket firmware for a number of cell phones based on the open-source Android operating system. It offers features not found in the official Android based firmwares of vendors of these cell phones.

http://www.cyanogenmod.com/

MIUIMIUI, Redefining Android.

MIUI is one of the most popular Android ROMs in the world.

It is based on Android 2.3 and has a unique UI that looks and feels great to use. MIUI is updated every Friday based on the feedback from its users, it is then translated to English by our translation team for you all to use and love. So what are you waiting for, head over to the ROMS section and download MIUI for your phone.

http://miuiandroid.com/

AOSP

Workflowhttp://www.androidenea.com/2010/05/android-open-source-project-workflow.html

Fixing Issue

Fixing Issue

Google TV & Android

The software that Google TV runs is a version of Android that has been enhanced to support video search, HDTV signaling, and a full Google Chrome browser. It current'y doesn't support certain Android features like installing third party apps.

Writing Android AppsAndroid Developer sitehttp://developer.android.com/index.html

Android SDKhttp://developer.android.com/sdk/index.html

ADT plugin for Eclipsehttp://developer.android.com/sdk/eclipse-adt.html

Android NDKhttp://developer.android.com/sdk/eclipse-adt.html

Android Open Accesory Development Kit (ADK)http://developer.android.com/guide/topics/usb/adk.html

Android App Building Box

Replace & ReuseComponents

Customize AOSP

Our Goal: Thai Android OSThai IMEThai LauncherThai Theme & Live WallpaperThai Web BrowserThai Date & TimeThai Character DisplayThai SortingThai Essential Apps

Customize IME(Brief Examples)

packages/inputmethods/LatinIME

Add xml-th

Customize Keyboard layout for THAI

(and many detail to fix and add such as word suggestion vocabulary and behavior)

Launcher CustomizationADW Launcher is a good place to start http://forum.xda-developers.com/showthread.php?t=645550

http://code.google.com/p/adw-launcher-android/

Source code:https://github.com/AnderWeb/android_packages_apps_Launcher

ADW.Launcher

ADW Theme

ADW Theme Guidehttp://code.google.com/p/adw-launcher-android/wiki/ADWThemeGuide

Theme Templatehttps://github.com/AnderWeb/ADW.Theme-Template

LIVE Wallpaper

Start at “Cube LIVE Wallpaper” sample code from Android SDK

Tutorialhttp://blog.androgames.net/58/android-live-wallpaper-tutorial/

How to RootRevolutionaryhttp://forum.xda-developers.com/showthread.php?t=1191732

SuperBoot http://android-dls.com/wiki/index.php?title=Use_Superboot_to_get_root

Galaxy S IIhttp://forum.xda-developers.com/showthread.php?t=1103399

HTC Bootloader Unlock

(Coming soon)http://htcdev.com/

While waiting, use Revolutionary :Phttp://www.momobiles.com/s-off-htc-flyer-with-revolutionary-tool/

Cooking Android

Unlock Bootloader (S-OFF)

Flash Custom Recovery

Cook a rooted ROM

Flash ROM

Have Fun!

dsixda’s Kitchen

A good start for Android ROM Cooker

“This is NOT a tool to automatically turn you into a full-fledged ROM developer. ROM development normally involves work from the ground up and involves time, research and patience. I am just giving the tools to help the average person get things done quickly from an existing base.”

dsixda

Reading about CookingHow to cook ROM (Hero) http://forum.xda-developers.com/showthread.php?t=551711

How to cook ROM (Magic)http://forum.xda-developers.com/showthread.php?t=566235

Extract ROM file from HTC’s RUUhttp://lukasz.szmit.eu/2010/04/extracting-rom-files-from-htc-android.html

Signed Update.zip

The "signed update" type ROM image always contains the following components:

boot.img - This file is a binary representation of the root file system of the device. It contains the system kernel and all files required to start the core part of Android

system - This is a directory containing all files found under /system on a running Android device. It has exactly the same layout.

META-INF - This is directory containing the update manifest and script. The manifest is a file which lists all file included in the update, with their SHA1 checksums. The update script is used to apply the update on a device

ODEX File"Normal" apps have an APK with a manifest, resources, and a"classes.dex" inside. The classes.dex is optimized by the packagemanager on first use, and ends up in /data/dalvik-cache/.

"System" apps have the DEX optimization performed ahead of time. Theresulting ".odex" file is stored next to the APK, the classes.dex isremoved from the APK, and the whole thing works without having to putmore stuff in your /data partition.

The optimized DEX files cannot easily be converted back to unoptimizedDEX, and I'm not sure there's any benefit in doing so. Both kinds ofDEX files can be examined with "dexdump".

More detail can be found in dalvik/docs/dexopt.html in the sourcetree, or on the web at: http://android.git.kernel.org/?p=platform/dalvik.git;a=blob_plain;f=docs/dexopt.html;hb=HEAD

De-odex

Deodex Instructionhttp://code.google.com/p/smali/wiki/DeodexInstructions

Boot Logo & Animation

How to createhttp://forum.samdroid.net/f55/tutorial-how-create-custom-bootlogo-bootanimation-863/

Trapping SMS

Broadcast Receiver

SMS Received --> Your app --> FUN!

ADK & Arduino

Arduino Mega ADKhttp://labs.arduino.cc/ADK/Index

Processing for Androidhttp://wiki.processing.org/w/Android

What’s next?

All source code available athttp://clicknect.com

Next TrainingImage Processing using OpenCVIntroduction to OpenGL ESIntroduction to WebGLIntroduction to HTML5 Canvas(You can suggest topics)

Thank youEnjoy your hacking!