Tuesday, October 21, 2014

Root xperia 3 times to get through & flashing tips

Rooting

This may make you laugh, but I had to run the Easy Root install.sh 3 times (I need to be honest and blunt. The google hosting says this is infected with virus. I put together xda's zxz0O0 easy root and towel root together. For linux use, I have not experienced any trouble. Maybe the virus is for windows. I don't know how the google virus detection works. Maybe there is no virus at all.)

From the tool's link,
 http://forum.xda-developers.com/showthread.php?t=2784900
.

First run, it would be stuck, so I waited 20 minutes at
------------------------------------------
creating vm (loljavasucks)
------------------------------------------
. I unplugged USB cable to run it the second time, and it would be stuck and I had to waite another 20 minutes at
------------------------------------------
cleaning
------------------------------------------
. Then I unplugged USB cable again to run it the third time, and it would finish quickly.

My tip: I have tried root checker while the install.sh is still stuck and have seen that root is already broken in while the script is hang. The last restart just checks the root. My linux PC is a chromebook with fedora21 https://docs.google.com/file/d/0B2NfHoyfFf1aUFE1ckQ0Ty15MU0/edit?usp=docslist_api(md5 sum ...) in chroot (in the top directory inside the chroot, the startfedora.sh shell script starts fedora and full desktop using the chroot's /root/.bash_profile script).

Flashing Distribution

64bit  adb inside flashtool has problem. So, modify the invoke script,
[root@localhost FlashTool]# diff FlashTool.bak FlashTool
4c4
< export system64=$(uname -m)
---
> export system64='x86'


And the GUI will end up running in 32bit. So, it depends on these 5 32bit rpm packs,
Oct 21 19:23:45 Installed: libXcomposite-0.4.4-4.fc20.i686
Oct 21 19:23:45 Installed: avahi-libs-0.6.31-21.fc20.i686
Oct 21 19:23:45 Installed: 1:cups-libs-1.7.0-4.fc20.i686
Oct 21 19:23:46 Installed: atk-2.10.0-1.fc20.i686
Oct 21 19:23:47 Installed: gtk2-2.24.22-2.fc20.i686

.

In various sources, they say that adb driver is needed, but Fedora has the android-tools rpm package that includes adb. I had to check the "Unknow Source" to enable in android xperia because towel root installs an apk to xperia. The FlashTool says use the "back button" to enter flash mode, but the xperia uses volume down instead.

So, here is the link 
https://drive.google.com/file/d/0B2NfHoyfFf1aWUM3TDNlUlViRHM
to the C6806_14.3 681 Sony distribution.


The flashtool is https://drive.google.com/file/d/0B2NfHoyfFf1aNFYyNnhGRDdzZTg


Flashing Bootloader

The CyanogenMod "recovery" is also a Linux kernel that supports file system listing/mounting so that it can be used to flash a distribution onto the disc. The kernel is the boot.img inside of https://drive.google.com/file/d/0B2NfHoyfFf1aYk1oYnFyTXB5NFk distribution, which is for companion Google apps at https://drive.google.com/file/d/0B2NfHoyfFf1abDlCc1lwV3M5dXc
. The CyanogenMod AOSP distribution does not have DRM which precludes google play's movie/TV app.

The linux command to flash the bootloader is
fastboot flash boot boot.img
, but the bootloader is guarded by the sony corporation using IMEI as a variable. So, it needs extra steps with the fastboot command.

When using the "recovery" to flash the disc, the distribution to use is the said distribution.

Friday, October 17, 2014

SSL BIO research better on armhfp image of Fedora 20 than on x86_64

It is strange that HP's code sample for SSL/BIO programming
http://h71000.www7.hp.com/doc/83final/ba554_90007/ch05s03.html
http://h71000.www7.hp.com/doc/83final/ba554_90007/ch05s04.html
readily compile without error in my Xperia ARM with Fedora 20 and 21 armhfp image.

In Fedora 20 x86, the same code got error about converting char to some struct .

Compile them with gcc -lssl -lcrypto client.c . You need to yum install openssl-devel first.
Generate cert and key with openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes
client.c
#include 
#include 
#include 
#include 
#include 
#ifdef __VMS
#include 
#include 

#include 
#else
#include 
#include 
#include 
#include 
#endif

#include 
#include 
#include 

#define RETURN_NULL(x)                                                         \
  if ((x) == NULL)                                                             \
  exit(1)
#define RETURN_ERR(err, s)                                                     \
  if ((err) == -1) {                                                           \
    perror(s);                                                                 \
    exit(1);                                                                   \
  }
#define RETURN_SSL(err)                                                        \
  if ((err) == -1) {                                                           \
    ERR_print_errors_fp(stderr);                                               \
    exit(1);                                                                   \
  }

static int verify_callback(int ok, X509_STORE_CTX *ctx);

#define RSA_CLIENT_CERT "client.crt"
#define RSA_CLIENT_KEY "client.key"

#define ON 1
#define OFF 0

void main() {
  int err;

  int sock;
  struct sockaddr_in server_addr;
  char *str;
  char buf[4096];
  char hello[80];

  SSL_CTX *ctx;
  SSL *ssl;
  SSL_METHOD *meth;
  X509 *server_cert;
  EVP_PKEY *pkey;

  short int s_port = 5555;
  const char *s_ipaddr = "127.0.0.1";

  /*----------------------------------------------------------*/
  printf("Message to be sent to the SSL server: ");
  fgets(hello, 80, stdin);

  /* Load encryption & hashing algorithms for the SSL program */
  SSL_library_init();

  /* Load the error strings for SSL & CRYPTO APIs */
  SSL_load_error_strings();

  /* Create an SSL_METHOD structure (choose an SSL/TLS protocol version) */
  meth = SSLv3_method();

  /* Create an SSL_CTX structure */
  ctx = SSL_CTX_new(meth);

  RETURN_NULL(ctx);

  /* ------------------------------------------------------------- */
  /* Set up a TCP socket */

  sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);

  RETURN_ERR(sock, "socket");

  memset(&server_addr, '\0', sizeof(server_addr));
  server_addr.sin_family = AF_INET;

  server_addr.sin_port = htons(s_port); /* Server Port number */

  server_addr.sin_addr.s_addr = inet_addr(s_ipaddr); /* Server IP */

  /* Establish a TCP/IP connection to the SSL client */

  err = connect(sock, (struct sockaddr *)&server_addr, sizeof(server_addr));

  RETURN_ERR(err, "connect");
  /* ----------------------------------------------- */
  /* An SSL structure is created */

  ssl = SSL_new(ctx);

  RETURN_NULL(ssl);

  /* Assign the socket into the SSL structure (SSL and socket without BIO) */
  SSL_set_fd(ssl, sock);

  /* Perform SSL Handshake on the SSL client */
  err = SSL_connect(ssl);

  RETURN_SSL(err);

  /* Informational output (optional) */
  printf("SSL connection using %s\n", SSL_get_cipher(ssl));

  /* Get the server's certificate (optional) */
  server_cert = SSL_get_peer_certificate(ssl);

  if (server_cert != NULL) {
    printf("Server certificate:\n");

    str = X509_NAME_oneline(X509_get_subject_name(server_cert), 0, 0);
    RETURN_NULL(str);
    printf("\t subject: %s\n", str);
    free(str);

    str = X509_NAME_oneline(X509_get_issuer_name(server_cert), 0, 0);
    RETURN_NULL(str);
    printf("\t issuer: %s\n", str);
    free(str);

    X509_free(server_cert);

  } else
    printf("The SSL server does not have certificate.\n");

  /*-------- DATA EXCHANGE - send message and receive reply. -------*/
  /* Send data to the SSL server */
  err = SSL_write(ssl, hello, strlen(hello));

  RETURN_SSL(err);

  /* Receive data from the SSL server */
  err = SSL_read(ssl, buf, sizeof(buf) - 1);

  RETURN_SSL(err);
  buf[err] = '\0';
  printf("Received %d chars:'%s'\n", err, buf);

  /*--------------- SSL closure ---------------*/
  /* Shutdown the client side of the SSL connection */

  err = SSL_shutdown(ssl);
  RETURN_SSL(err);

  /* Terminate communication on a socket */
  err = close(sock);

  RETURN_ERR(err, "close");

  /* Free the SSL structure */
  SSL_free(ssl);

  /* Free the SSL_CTX structure */
  SSL_CTX_free(ctx);
}



server.c
#include 

#include 

#include 
#include 
#include 
#include 
#ifdef __VMS
#include 
#include 
#include 
#include 
#else
#include 
#include 
#include 
#include 
#endif
#include 
#include 
#include 
#define RSA_SERVER_CERT "server.crt"
#define RSA_SERVER_KEY "server.key"
#define ON 1
#define OFF 0
#define RETURN_NULL(x)                                                         \
  if ((x) == NULL)                                                             \
  exit(1)
#define RETURN_ERR(err, s)                                                     \
  if ((err) == -1) {                                                           \
    perror(s);                                                                 \
    exit(1);                                                                   \
  }
#define RETURN_SSL(err)                                                        \
  if ((err) == -1) {                                                           \
    ERR_print_errors_fp(stderr);                                               \
    exit(1);                                                                   \
  }
void main() {
  int err;
  int listen_sock;
  int sock;
  struct sockaddr_in sa_serv;
  struct sockaddr_in sa_cli;
  size_t client_len;
  char *str;
  char buf[4096];
  SSL_CTX *ctx;
  SSL *ssl;
  SSL_METHOD *meth;

  X509 *client_cert = NULL;
  short int s_port = 5555;
  /*----------------------------------------------------------------*/
  /* Load encryption & hashing algorithms for the SSL program */
  SSL_library_init();
  /* Load the error strings for SSL & CRYPTO APIs */
  SSL_load_error_strings();
  /* Create a SSL_METHOD structure (choose a SSL/TLS protocol version) */
  meth = SSLv3_method();
  /* Create a SSL_CTX structure */
  ctx = SSL_CTX_new(meth);
  if (!ctx) {
    ERR_print_errors_fp(stderr);
    exit(1);
  }
  /* Load the server certificate into the SSL_CTX structure */
  if (SSL_CTX_use_certificate_file(ctx, RSA_SERVER_CERT, SSL_FILETYPE_PEM) <=
      0) {
    ERR_print_errors_fp(stderr);
    exit(1);
  }
  /* Load the private-key corresponding to the server certificate */
  if (SSL_CTX_use_PrivateKey_file(ctx, RSA_SERVER_KEY, SSL_FILETYPE_PEM) <= 0) {
    ERR_print_errors_fp(stderr);
    exit(1);
  }
  /* Check if the server certificate and private-key matches */
  if (!SSL_CTX_check_private_key(ctx)) {
    fprintf(stderr, "Private key does not match the certificate public key\n");
    exit(1);
  }
  /* ----------------------------------------------- */
  /* Set up a TCP socket */
  listen_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
  RETURN_ERR(listen_sock, "socket");
  memset(&sa_serv, '\0', sizeof(sa_serv));
  sa_serv.sin_family = AF_INET;
  sa_serv.sin_addr.s_addr = INADDR_ANY;
  sa_serv.sin_port = htons(s_port); /* Server Port number */
  err = bind(listen_sock, (struct sockaddr *)&sa_serv, sizeof(sa_serv));
  RETURN_ERR(err, "bind");

  /* Wait for an incoming TCP connection. */
  err = listen(listen_sock, 5);
  RETURN_ERR(err, "listen");
  client_len = sizeof(sa_cli);
  /* Socket for a TCP/IP connection is created */
  sock = accept(listen_sock, (struct sockaddr *)&sa_cli, &client_len);
  RETURN_ERR(sock, "accept");
  close(listen_sock);
  printf("Connection from %lx, port %x\n", sa_cli.sin_addr.s_addr,
         sa_cli.sin_port);
  /* ----------------------------------------------- */
  /* TCP connection is ready. */
  /* A SSL structure is created */
  ssl = SSL_new(ctx);
  RETURN_NULL(ssl);
  /* Assign the socket into the SSL structure (SSL and socket without BIO) */
  SSL_set_fd(ssl, sock);
  /* Perform SSL Handshake on the SSL server */
  err = SSL_accept(ssl);
  RETURN_SSL(err);
  /* Informational output (optional) */
  printf("SSL connection using %s\n", SSL_get_cipher(ssl));
  /*------- DATA EXCHANGE - Receive message and send reply. -------*/
  /* Receive data from the SSL client */
  err = SSL_read(ssl, buf, sizeof(buf) - 1);
  RETURN_SSL(err);
  buf[err] = '\0';
  printf("Received %d chars:'%s'\n", err, buf);
  /* Send data to the SSL client */
  err = SSL_write(ssl, "This message is from the SSL server",
                  strlen("This message is from the SSL server"));
  RETURN_SSL(err);
  /*--------------- SSL closure ---------------*/
  /* Shutdown this side (server) of the connection. */
  err = SSL_shutdown(ssl);
  RETURN_SSL(err);
  /* Terminate communication on a socket */
  err = close(sock);
  RETURN_ERR(err, "close");
  /* Free the SSL structure */
  SSL_free(ssl);
  /* Free the SSL_CTX structure */
  SSL_CTX_free(ctx);
}

Tuesday, October 7, 2014

The Red Pill For Modern Phones

https://www.youtube.com/watch?v=BmSwO3DZPsw

A sturdy, portable phone stand that suspends a large screen phone above the keyboard and at comfortable eye level as a home PC monitor exists, and is needed to use a large screen phone as a home PC. It has a US patent number.



Using Google Drawing in this PC phone with Sony Xperia Z Ultra 6.4 inch on the go is a bliss.




Instruction: Start out with installing Busybox Pro by stericson and Android market app XSDL by pelya to run the PC's desktop program set - the task bar, the main menu, the wallpaper, etc. The desktop program set in the above screenshot is the linux Mate' Desktop. You need a terminal emulator app.

Download the chroot package (size is about 2.4GB) https://drive.google.com/file/d/0B2NfHoyfFf1aNkZLUldNSVRiWk0 for Fedora 24. MD5 sum is ff0b47e8...

Fedora-Workstation-armhfp-24-101-chroot.tar.gz is the root filesystem from Fedora24’s ARM main release image plus chromebook chroot utilities from the "crouton" project. It is the bin and chroots branches of crouton layout when you extract the tar gz file. The tar.gz package is not easy to create because it needs unmount /proc to avoid zipping millions of files of the process info files of the entire phone's life processes while frequently mount /proc and others to modify the fedora system. A few other enhancements,
  1. sshd startup is added to chroot login /root/.bash_profile . You need to initiate the sshd system by running sshd-keygen to allow spresenting sh fingerprint of your unique Fedora installation, and set root password to allow login. Set your password with the command line command passwd. The sshd continues to run even after the X server is killed by android operating system or manually closed because sshd is not derived from the XSDL process, rather it is derived from your terminal emulator app that lives throughout the android system's boot life until android reboot. So, the sshd is a 24x7 file server. The file server can serve directories outside the chroot as discussed in another post about the internal machinery of this system.
  2. Installed @mate group software. And mate-session is invoked when entering the chroot with the tar.gz package's bin/android-enter-chroot-fedora.sh . Installed daemonize. Remember the chroot does not have a systemctl, you need to make daemons manually or run with the .bash_profile login script. These are for the everyday use of the system with GUI. The DISPLAY and PULSE_SERVER variables are set in .bash_profile, so that the GUI session as well as sound is delivered to the local phone's screen and speaker/headphone.
  3.  Installed icedtea-web java plugin for Firefox. Wildfly installed, which includes openjdk-devel and all jboss libraries. gcc-c++ installed. openssl-devel installed. These are for a developer's convenience.
  4. Installed gimp, wireshark-gnome, rdesktop, tcl, tk, xterm, liberation narrow fonts. gimp is the photoshop of the Linux world. The narrow fonts allow enlarged text word, like "Computer", to avoid line breaks in the middle of a word.
  5.  8.8.8.8 and 8.8.4.4 and 4.4.4.4 DNS servers have been added to resolv.conf . 
  6. Changed GUI theme to have the thick edge of windows so that mouse cursor can hit the resizing edge in the small phone screen. 
  7. Removed bottom panel to expand desktop height for small phone screen. Moved bottom panel's applets to top panel. Changed top panel's main menu to a single icon menu to save space.
  8. Saved android-enter-chroot.sh and android-startx.sh to android’s /data/local/bin/ . Added the many paths of the android system, like busybox's /system/xbin/ and /system/bin/ to chroot environment variable in android-enter-chroot.sh so that the chroot action can succeed in most android systems where utilities reside in different locations.
  9. Cached whole fedora release software info. Then /etc/dnf/dnf.conf sets metadata_expire=never , so that cell phone internet connection does not poll the whole fedora software package info everytime you want to install or search software. /etc/yum.repo.d/fedora-update.repo set to disabled, so that the system is more stable without changing the base system when you install new software. 
  10.  Installed vncviewer , vncserver. vncserver is started via .bash_profile to serve local connections when the chroot starts. To enable in the server, enter your desired vnc password when you open Terminal Emulator because the vncserver startup is part of the chroot login process in /root/.bash_profile script. To use the local connection from remote client, you need to ssh to the phone with "ssh -L 5901:localhost:5901 root@phone-ip-address" , then vncviewer connect to localhost:1 from the remote host. You can not directly connect vncviewer to phone-ip-address due to Fedora24's default secure configuration of disallowing remote connections. Notice: once you enable the server, the server is very power intensive and drains battery. To disable the server, comment out the last line that starts vncserver in /root/.bash_profile.
All above points are included in tar.gz . So, just tar -xzf extract the downloaded tar.gz file when you are under the /data/local/ directory.

Release note: The Mate file manager caja has problem recognizing the android flash file system as write-able due to the said no-systemctl situation. So, copying files with caja fails with the local chroot system. To work around, use caja to ssh to the chroot itself at 127.0.0.1 and copy files as a remove system in the local system in caja. Command line terminal is not affected by this caja problem.  

Disclaimer: I am not responsible for damaging your phone with this instruction. Removing the chroot has risks of damaging your phone. Before removing the chroot files, you need to temporarily disable entering chroot and reboot the phone so that the android system's /dev is not mounted when you remove chroot files. Removing /dev files, even if it is mounted to chroot, may damage the phone. 

The fedora chroot can be invoked from Terminal Emulator, which can be, in turn, started by android’s Startup app. The Terminal Emulator needs to have initial command
su -c /data/local/bin/android-startx.sh& sleep 15;
su -c /data/local/bin/android-enter-chroot-fedora.sh; 
, for startup to automatically enter fedora.
Now, restart your PC phone and it will boot directly into PC desktop.


This phone PC setup took me close to re-certify my CCIE using CCDE written the second attempt in year 2014. Also I studied for the Oracle EJB expert exam and researched Wildfly EJB and obtained the certification entirely on this chroot.

The internals of the tar.gz will be in another post. All the internals are included in my tar.gz and no need to read the other post if you just extract it.