hacking android os
DESCRIPTION
Lecture note for Chiang Mai University (Thailand) Student by Click Connect Team about how to compile AOSP and create custom ROM for Android devices.TRANSCRIPT
Hacking Android OShttp://gplus.to/JimmyLIVE
August 13, 2011Room TTN1, ITSC-CMU
Topics (1)
Why Android?Introduction to AOSP (Android Open-Source Project)Compiling AOSP and Creating ROMArchitecture of Android OSAndroid SDK, NDK, ADKIntroduction to CyanogenModInput Method CustomizationCreating your own LauncherTheme and Live Wall Paper
Topics (2)
Rooting Android DevicesHBoot, FastBoot, Recovery, S-OFF, Unlock BootloaderHow to cook the Android ROMSuper User, ODEX, Deodex, Zip-align, SigningHow to trap SMSSensors in Android PhoneIntroduction to Arduino and Android ADK(Android Accessory Developer Kit)
Why Hacking?
Why Hacking?
To know how it worksTo customize itTo make it betterTo enhance itTo have some FUN!
Not to do something illegal.Not to do piracy.
The first step to
Thai Android OS
What will you get from this class?
You will get NOTHING from this class but many links to where to read more
You will break your phone’s warrantee
You may BRICK your phone
You may create the best phone on earth from the bad SH*T phone in your hands
You may go to jail...
In case of Emergency
Why Android?
Android
Android is an open-source software stack (OS, Middle ware, Applications) created for mobile phones and other devices. The Android Open Source Project (AOSP), led by Google, is tasked with the maintenance and further development of Android.
Why Android?
“We created Android in response to our own experiences launching mobile apps. We wanted to make sure that there was no central point of failure, so that no industry player can restrict or control the innovations of any other. That's why we created Android, and made its source code open.”
- Google -
Why I love Android?
I hate Dumbo!
Safe and Fun (for Kids)Fully automatic turning left (with up & down)Need to queue and payHave to be a “Good Boy” to get riding...
Un-safe but more Fun (not for Kids)Turn left by yourselfNeed brave heartHave to be a “Good Boy” to buy BMW 1M
http://www.youtube.com/watch?v=15bQjiwzgUA
AOSP(Android Open Source Project)
AOSP
The goal of the Android Open Source Project is to create a successful real-world product that improves the mobile experience for end users.
To get and compile Android source code:http://source.android.com/source/initializing.html
Android Release History1.0 (branch name unknown, backnaming it Apple Pie)1.1 (branch name unknown, backnaming Banana bread)1.5 (Cupcake branch)1.6 (Donut branch)2.0 (Eclair branch)2.1 (Eclair branch)2.2 (Froyo branch)2.3 (Gingerbread branch)3.0 (Honeycomb branch)3.1 (Honeycomb branch)3.2 (Honeycomb branch)(Ice Cream Sandwich)
To start
Get Android Source
Compile it
Unlock your phone(lost your phone’s warantee)
Install the result ROM to your phone
(lost all of Google and Bundled apps)
Compile AOSP
$ . build/envsetup.sh
$ lunch(Select target device)
$ make -j4
What is Crespo?
Developer DevicesDream (HTC G1)SapphirePassion (Google Nexus One)Crespo (Google Nexus S)Crespo4G (Google Nexus S 4G)
Reboot to Bootloader
$ adb reboot bootloader
Use hardware button
Unlock Bootloader
$ fastboot oem unlock
On Nexus One, the operation voids the warranty and is irreversible.On Nexus S and Nexus S 4G, the bootloader can be locked back with$ fastboot oem lock
Flash your built ROM
$ fastboot flashall -w
Congratulations!You lost all Google and bundled apps!
Goo-inside.me
Google’s stuff and more...
Recovery
Rom Manager
ClockWorkMod Recovery
Try Flash
Google Apps
Restore your phone by flash OTA ROM
How to solve problem when you BRICK your phone
HBoot, FastBoot, SPLHboot is the init script of the device. In others words, it makes possible to the device power on and load all the "programs"
Fastboot is protocol used to update the flash file system in Android devices from a host over USB
The SPL, or Second Program Loader, in conjunction with the IPL comprise a device's bootloader. Aside from bootstrapping Android, the bootloader also fulfills various diagnostic functions. One of these functions is the manipulation of data in the device's internal flash ram. Depending on the SPL installed, the user can apply a signed NBH file, flash nand images, and more. Note that the SPL is installed and operates independently of the Android build that runs atop it.
FastBoot
Fastboot Cheat Sheet http://andblogs.net/fastboot/
Radio, SPL, Recoveryhttp://goondroid.com/root
Radio
SPL
System, Cache, Data
Recovery
ROM
Android Boot Processhttp://www.androidenea.com/2009/06/android-boot-process-from-power-on.html
Boot ROM - load first stage bootloader into system RAMBootloader
First stage bootloader - init memorySecond stage bootloader - load kernel to RAM
Linux KernelThe Init processZygote and Dalvik VMThe System ServerBoot completed
Android Architecture
Create your own Android
BeagleBoard http://beagleboard.org/
Panda Board http://www.pandaboard.org/
http://www.digikey.com/us/en/ph/texas-instruments/pandaboard.html
CyanogenMod
CyanogenMod is an aftermarket firmware for a number of cell phones based on the open-source Android operating system. It offers features not found in the official Android based firmwares of vendors of these cell phones.
http://www.cyanogenmod.com/
MIUIMIUI, Redefining Android.
MIUI is one of the most popular Android ROMs in the world.
It is based on Android 2.3 and has a unique UI that looks and feels great to use. MIUI is updated every Friday based on the feedback from its users, it is then translated to English by our translation team for you all to use and love. So what are you waiting for, head over to the ROMS section and download MIUI for your phone.
http://miuiandroid.com/
AOSP
Workflowhttp://www.androidenea.com/2010/05/android-open-source-project-workflow.html
Fixing Issue
Fixing Issue
Google TV & Android
The software that Google TV runs is a version of Android that has been enhanced to support video search, HDTV signaling, and a full Google Chrome browser. It current'y doesn't support certain Android features like installing third party apps.
Writing Android AppsAndroid Developer sitehttp://developer.android.com/index.html
Android SDKhttp://developer.android.com/sdk/index.html
ADT plugin for Eclipsehttp://developer.android.com/sdk/eclipse-adt.html
Android NDKhttp://developer.android.com/sdk/eclipse-adt.html
Android Open Accesory Development Kit (ADK)http://developer.android.com/guide/topics/usb/adk.html
Android App Building Box
Replace & ReuseComponents
Customize AOSP
Our Goal: Thai Android OSThai IMEThai LauncherThai Theme & Live WallpaperThai Web BrowserThai Date & TimeThai Character DisplayThai SortingThai Essential Apps
Customize IME(Brief Examples)
packages/inputmethods/LatinIME
Add xml-th
Customize Keyboard layout for THAI
(and many detail to fix and add such as word suggestion vocabulary and behavior)
Launcher CustomizationADW Launcher is a good place to start http://forum.xda-developers.com/showthread.php?t=645550
http://code.google.com/p/adw-launcher-android/
Source code:https://github.com/AnderWeb/android_packages_apps_Launcher
ADW.Launcher
ADW Theme
ADW Theme Guidehttp://code.google.com/p/adw-launcher-android/wiki/ADWThemeGuide
Theme Templatehttps://github.com/AnderWeb/ADW.Theme-Template
LIVE Wallpaper
Start at “Cube LIVE Wallpaper” sample code from Android SDK
Tutorialhttp://blog.androgames.net/58/android-live-wallpaper-tutorial/
How to RootRevolutionaryhttp://forum.xda-developers.com/showthread.php?t=1191732
SuperBoot http://android-dls.com/wiki/index.php?title=Use_Superboot_to_get_root
Galaxy S IIhttp://forum.xda-developers.com/showthread.php?t=1103399
HTC Bootloader Unlock
(Coming soon)http://htcdev.com/
While waiting, use Revolutionary :Phttp://www.momobiles.com/s-off-htc-flyer-with-revolutionary-tool/
Cooking Android
Unlock Bootloader (S-OFF)
Flash Custom Recovery
Cook a rooted ROM
Flash ROM
Have Fun!
dsixda’s Kitchen
A good start for Android ROM Cooker
“This is NOT a tool to automatically turn you into a full-fledged ROM developer. ROM development normally involves work from the ground up and involves time, research and patience. I am just giving the tools to help the average person get things done quickly from an existing base.”
dsixda
Reading about CookingHow to cook ROM (Hero) http://forum.xda-developers.com/showthread.php?t=551711
How to cook ROM (Magic)http://forum.xda-developers.com/showthread.php?t=566235
Extract ROM file from HTC’s RUUhttp://lukasz.szmit.eu/2010/04/extracting-rom-files-from-htc-android.html
Signed Update.zip
The "signed update" type ROM image always contains the following components:
boot.img - This file is a binary representation of the root file system of the device. It contains the system kernel and all files required to start the core part of Android
system - This is a directory containing all files found under /system on a running Android device. It has exactly the same layout.
META-INF - This is directory containing the update manifest and script. The manifest is a file which lists all file included in the update, with their SHA1 checksums. The update script is used to apply the update on a device
ODEX File"Normal" apps have an APK with a manifest, resources, and a"classes.dex" inside. The classes.dex is optimized by the packagemanager on first use, and ends up in /data/dalvik-cache/.
"System" apps have the DEX optimization performed ahead of time. Theresulting ".odex" file is stored next to the APK, the classes.dex isremoved from the APK, and the whole thing works without having to putmore stuff in your /data partition.
The optimized DEX files cannot easily be converted back to unoptimizedDEX, and I'm not sure there's any benefit in doing so. Both kinds ofDEX files can be examined with "dexdump".
More detail can be found in dalvik/docs/dexopt.html in the sourcetree, or on the web at: http://android.git.kernel.org/?p=platform/dalvik.git;a=blob_plain;f=docs/dexopt.html;hb=HEAD
De-odex
Deodex Instructionhttp://code.google.com/p/smali/wiki/DeodexInstructions
Boot Logo & Animation
How to createhttp://forum.samdroid.net/f55/tutorial-how-create-custom-bootlogo-bootanimation-863/
Trapping SMS
Broadcast Receiver
SMS Received --> Your app --> FUN!
ADK & Arduino
Arduino Mega ADKhttp://labs.arduino.cc/ADK/Index
Processing for Androidhttp://wiki.processing.org/w/Android
What’s next?
All source code available athttp://clicknect.com
Next TrainingImage Processing using OpenCVIntroduction to OpenGL ESIntroduction to WebGLIntroduction to HTML5 Canvas(You can suggest topics)
Thank youEnjoy your hacking!