ShellScript hex to decimal - android

I have a file how capture the users events in a txt file :
/dev/input/event2: 0003 0039 0000001d
/dev/input/event2: 0003 0035 00000169
Now I would create a shell script how converts hex data to decimal for example I would like :
/dev/input/event2: 3 57 29
/dev/input/event2: 3 53 361
How can I process ? I have tried to read the file line by line and split the string but It doesn't work..

If you are using gawk, you could do as following. input.txt is the file you capture the events.
$ awk '{printf "%s ", $1;for(i=2;i<=NF;i++){v="0x"$i;printf "%d ",strtonum(v)};printf "\n";}' input.txt
/dev/input/event2: 3 57 29
/dev/input/event2: 3 53 361

Related

What is the path of OAT file in Android 7?

There is a similar question:
What is the path of OAT file in Android 5.0
But Android 7, in the same path:
/data/dalvik-cache/<ARCH>/
I can't find the user-installed app, but only the system ones.
Where can I find the oat file generated by the normal installation of an app?
I found the oat file generated by the normal installation of an app in:
/data/app/<PACKAGE_NAME>/oat/<ARCH>/base.odex
And I verified that is an oat file running (on my machine, not in Android) the command:
$ readelf -e base.odex
ELF Header:
Magic: 7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - GNU
ABI Version: 0
Type: DYN (Shared object file)
Machine: ARM
Version: 0x1
Entry point address: 0x0
Start of program headers: 52 (bytes into file)
Start of section headers: 3928128 (bytes into file)
Flags: 0x5000000, Version5 EABI
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 7
Size of section headers: 40 (bytes)
Number of section headers: 9
Section header string table index: 8
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .rodata PROGBITS 00001000 001000 34f000 00 A 0 0 4096
[ 2] .text PROGBITS 00350000 350000 06c3f4 00 AX 0 0 4096
[ 3] .bss NOBITS 003bd000 000000 034604 00 A 0 0 4096
[ 4] .dynstr STRTAB 003f2000 3bd000 00003d 00 A 0 0 4096
[ 5] .dynsym DYNSYM 003f2040 3bd040 000060 10 A 4 0 4
[ 6] .hash HASH 003f20a0 3bd0a0 000024 04 A 5 0 4
[ 7] .dynamic DYNAMIC 003f3000 3be000 000038 08 A 4 0 4096
[ 8] .shstrtab STRTAB 00000000 3bf000 00003d 00 0 0 4096
...
because it contains the .rodata and .text headers as described in: http://newandroidbook.com/files/Andevcon-ART.pdf

Can not execute hexagon_graph_execution on hexagon-sim

I have followed the build_and_run_inception_hexagon.sh and generated the hexagon_graph_execution executable. Now instead of using a real device I would like to test inception model with hexagon-sim available at SDK 3.0. So there is no need to use adb push commands as the SDK can simulate HVX device with hexagon-sim.
I have put the run-time libraries and the inception model plus the image at the same folder. After execution It gives me this error:
~/Qualcomm/HEXAGON_Tools/7.2.12/Tools/bin/hexagon-sim ./hexagon_graph_execution "/home/aashouri/Qualcomm/Hexagon_SDK/3.0/test/common/inception"
Error: Unsupported machine type 0x0 in ELF image "./hexagon_graph_execution" - exiting.
Can anyone comment on this?
Hexagon-readelf:
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: ARM
Version: 0x1
Entry point address: 0xc8c9c
Start of program headers: 52 (bytes into file)
Start of section headers: 39944896 (bytes into file)
Flags: 0x5000000, Version5 EABI
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 8
Size of section headers: 40 (bytes)
Number of section headers: 36
Section header string table index: 35
XXD info:
0000000: 7f45 4c46 0101 0100 0000 0000 0000 0000 .ELF............
0000010: 0300 2800 0100 0000 9c8c 0c00 3400 0000 ..(.........4...
0000020: c082 6102 0000 0005 3400 2000 0800 2800 ..a.....4. ...(.
0000030: 2400 2300 0600 0000 3400 0000 3400 0000 $.#.....4...4...
0000040: 3400 0000 0001 0000 0001 0000 0400 0000 4...............
0000050: 0400 0000 0300 0000 3401 0000 3401 0000 ........4...4...
0000060: 3401 0000 1300 0000 1300 0000 0400 0000 4...............
0000070: 0100 0000 0100 0000 0000 0000 0000 0000 ................
0000080: 0000 0000 ece6 2a01 ece6 2a01 0500 0000 ......*...*.....
0000090: 0010 0000 0100 0000 20eb 2a01 20fb 2a01 ........ .*. .*.
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: DYN (Shared object file)
Machine: ARM
Version: 0x1
This binary was not built by hexagon-clang. You must have accidentally built it with the ARM toolchain -- the "Machine" field would say "Qualcomm Hexagon" if it had been built for the hexagon DSP.

Android editing ubi/ubfs system image

I have a ubifs system image (https://www.dropbox.com/s/txgye8mu5r3og5y/system.img?dl=0) for a mediatek tablet device and am trying to add and remove some files.
I'm stuck trying to mount/extract files from the image.
Here are the steps I have tried so far on Debian Jessie with kernel 4.1.0-0.bpo.2-amd64:
I tried:
https://github.com/jrspruitt/ubi_reader
$ ubireader_display_info ./system.img
UBI File
---------------------
Min I/O: 16384
LEB Size: 4161536
PEB Size: 4194304
Total Block Count: 122
Data Block Count: 120
Layout Block Count: 2
Internal Volume Block Count: 0
Unknown Block Count: 0
First UBI PEB Number: 0
Image: 1101756791
---------------------
Image Sequence Num: 1101756791
Volume Name:system
PEB Range: 0 - 121
Volume: system
---------------------
Vol ID: 0
Name: system
Block Count: 120
Volume Record
---------------------
alignment: 1
crc: 3336263623
data_pad: 0
errors:
flags: autoresize
name: system
name_len: 6
padding:
rec_index: 0
reserved_pebs: 248
upd_marker: 0
vol_type: dynamic
But when I try and extract files using ubireader_extract_files I get the correct number of files but the resulting files are garbage.
Next I dismantled the tablet to work out what nand flash it was using to try and use nandsim following this post:
https://web.archive.org/web/20150109021228/http://www.linux-mtd.infradead.org/faq/ubifs.html#L_ubifs_extract
to emulate the nand and found out it was using SanDisk SDTNRGAMA 64G 3.3V 8-bit which has id bytes of 0x45,0xde,0x94,0x93,0x76,0x50 - from the following post:
http://lists.infradead.org/pipermail/linux-mtd/2014-January/051330.html
Running the following causes a segfault - on earlier kernels the id_bytes option is not recognized:
`modprobe nandsim id_bytes=0x45,0xde,0x94,0x93,0x76,0x50 cache_file=./test.img`
which gives the following segfault:
[ 142.734637] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 142.734637] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 142.734640] nand: device found, Manufacturer ID: 0x45, Chip ID: 0xde
[ 142.734641] nand: SanDisk SDTNRGAMA 64G 3.3V 8-bit
[ 142.734644] nand: 8192 MiB, MLC, erase size: 4096 KiB, page size: 16384, OOB size: 1280
[ 142.734650] nand: No oob scheme defined for oobsize 1280
[ 142.734672] ------------[ cut here ]------------
[ 142.734674] kernel BUG at /build/linux-PoJsUp/linux-4.1.6/drivers/mtd/nand/nand_base.c:3952!
[ 142.734677] invalid opcode: 0000 [#1] SMP
[ 142.734680] Modules linked in: nandsim(+) nand nand_ecc nand_bch bch nand_ids mtd cfg80211 rfkill joydev nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace fscache sunrpc iosf_mbi coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel hid_generic aes_x86_64 lrw irda gf128mul glue_helper psmouse vmw_balloon crc_ccitt ablk_helper serio_raw vmw_vmci cryptd battery pcspkr 8250_fintek acpi_cpufreq processor thermal_sys ac shpchp evdev i2c_piix4 fuse parport_pc ppdev lp parport autofs4 usbhid hid ext4 crc16 mbcache jbd2 sr_mod cdrom ata_generic sg sd_mod crc32c_intel ata_piix uhci_hcd ehci_pci ehci_hcd usbcore e1000 usb_common button libata vmwgfx ttm mptspi scsi_transport_spi mptscsih drm_kms_helper mptbase scsi_mod drm
[ 142.734731] CPU: 0 PID: 1235 Comm: modprobe Not tainted 4.1.0-0.bpo.2-amd64 #1 Debian 4.1.6-1~bpo8+1
[ 142.734733] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/20/2012
[ 142.734735] task: ffff88007aaf54f0 ti: ffff880079134000 task.ti: ffff880079134000
[ 142.734737] RIP: 0010:[<ffffffffa05d5ff0>] [<ffffffffa05d5ff0>] nand_scan_tail+0xa40/0xac0 [nand]
[ 142.734743] RSP: 0018:ffff880079137c58 EFLAGS: 00010296
[ 142.734745] RAX: 000000000000002c RBX: ffff880077093450 RCX: 0000000000000006
[ 142.734746] RDX: 000000000000002c RSI: 0000000000000246 RDI: ffff88007f60ea10
[ 142.734748] RBP: ffff880077093000 R08: 00000000000094d8 R09: 00000000000044aa
[ 142.734750] R10: 0000000000000086 R11: 20726f662064656e R12: ffff880077093860
[ 142.734751] R13: 0000000000000000 R14: ffffffffa05ec200 R15: ffff88007b67ad40
[ 142.734754] FS: 00007fe945772700(0000) GS:ffff88007f600000(0000) knlGS:0000000000000000
[ 142.734756] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 142.734757] CR2: 00007f57a6920040 CR3: 00000000790fa000 CR4: 00000000000406f0
[ 142.734870] Stack:
[ 142.734873] 0000000000000000 0000000000000000 ffff880077093000 ffffffffa05ef54a
[ 142.734877] 0000000000000000 0000000000000018 ffff880079137cd8 ffff880079137c98
[ 142.734879] 0000000000000000 ffffffff81814080 ffff880077211760 ffffffffa05ef000
[ 142.734882] Call Trace:
[ 142.734889] [<ffffffffa05ef54a>] ? ns_init_module+0x54a/0x1000 [nandsim]
[ 142.734896] [<ffffffffa05ef000>] ? 0xffffffffa05ef000
[ 142.734902] [<ffffffff81002148>] ? do_one_initcall+0xd8/0x210
[ 142.734907] [<ffffffff815723c1>] ? do_init_module+0x5a/0x1c2
[ 142.734912] [<ffffffff810f2316>] ? load_module+0x2026/0x24e0
[ 142.734915] [<ffffffff810ede60>] ? store_uevent+0x40/0x40
[ 142.734919] [<ffffffff810ee9d5>] ? copy_module_from_fd.isra.45+0xb5/0x140
[ 142.734923] [<ffffffff810f299d>] ? SyS_finit_module+0x7d/0xa0
[ 142.734928] [<ffffffff815792b2>] ? system_call_fast_compare_end+0xc/0x6b
[ 142.734930] Code: 00 00 30 10 5d a0 e9 f8 f6 ff ff 48 c7 83 88 03 00 00 30 19 5d a0 e9 3c f7 ff ff 89 c6 48 c7 c7 b8 9c 5d a0 31 c0 e8 33 c2 f9 e0 <0f> 0b 48 c7 83 40 03 00 00 40 bb 5d a0 e9 14 f6 ff ff 48 c7 83
[ 142.734959] RIP [<ffffffffa05d5ff0>] nand_scan_tail+0xa40/0xac0 [nand]
[ 142.734964] RSP <ffff880079137c58>
[ 142.734975] ---[ end trace 0270ba33a10a2b05 ]---
So, in short - I need help. I'm not massively familiar with ubi/ubifs method and cannot find any sane well written guides which show you have to mount/extract files from an existing image.
Update: su is installed on the tablet, and I set selinux to permissive mode:
adb shell su -c setenforce 0
from: https://source.android.com/devices/tech/security/selinux/validate.html
Update 03Oct15:
Ran the mdtinfo -a on the tablet and got the following result:
mtd16
Name: system
Type: nand
Eraseblock size: 4194304 bytes, 4.0 MiB
Amount of eraseblocks: 256 (1073741824 bytes, 1024.0 MiB)
Minimum input/output unit size: 16384 bytes
Sub-page size: 16384 bytes
OOB size: 1280 bytes
Character device major/minor: 90:32
Bad blocks are allowed: true
Device is writable: true
Using the information above I tried to create a blank ubifs image on my pc, I get the error that the LEB is too large! Looks like I have a limit of 2MiB on the LEB size!
$ mkfs.ubifs -m 16384 -e 4MiB -c 256 -o ./image.img
Error: too large LEB size 4194304
It looks like that ubi image is using a different compression type for the data. If you run ubireader_extract_files -v system.img the -v is for very verbose, the UBIFS data nodes have a compression type of 3 (compr_type: 3) as far as I know 1 and 2 are the only valid options, LZO and ZLIB respectively. Perhaps they used a custom compression, or somehow it got the wrong number associated with it. But it explains why the files and directories extract okay, but the data is scrambled.
Just in case someone else finds this post. I managed to find a workaround which involved editing the boot.img using mtk-tools to mount the root partition in rw mode rather than ro. (Look in init.rc in the root of boot.img and change any mount options for /system to rw).
I them managed to edit the root image, power down the tablet and then used MTK Droid Tools to image the partition.

Packing Custom Android boot.img Error

I am receiving the following error every time I make a modified Nexus 6 kernel and use Peter Batard's mkbootimg tools (https://github.com/pbatard/bootimg-tools) to create a bootable image:
android#ubuntu:~/android-sdk-linux/platform-tools$ ./fastboot boot myboot3.img
downloading 'boot.img'...
OKAY [ 1.219s]
booting...
FAILED (remote failure)
finished. total time: 1.282s
I have booted off of the stock and Franco bootable images which worked. However, unpacking those bootable images and replacing the kernel with my modified zImage from the msm source (I also tried Franco's Shamu kernel source as well) will result in that same error.
When unpacking the boot.img I receive the mkbootimg command line instructions:
mkbootimg --base 0 --pagesize 2048 --kernel_offset 0x00008000 --ramdisk_offset 0x0000000b --second_offset 0x00f00000 --tags_offset 0x0000000b --cmdline 'console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=shamu msm_rtb.filter=0x37 ehci-hcd.park=3 utags.blkdev=/dev/block/platform/msm_sdcc.1/by-name/utags utags.backup=/dev/block/platform/msm_sdcc.1/by-name/utagsBackup coherent_pool=8M' --kernel kernel --ramdisk ramdisk.cpio.gz -o /home/android/Desktop/shamu-lmy47z/boot.img
The only change to this I make is replacing kernel with the newly created zImage and changing the output name to something like myboot.img. I have been able to unpack the stock image and repack it without making any modifications and it has worked fine. Is it possible that one of the parameters in the mkbootimg command needs to be modified?
-- EDIT --
I ran unmkbootimg from this thread Error with repacking boot.img (Android). Which gave the following information:
*** WARNING ****
This image is built using NON-standard mkbootimg!
OFF_KERNEL_ADDR is 0x000080F5
OFF_RAMDISK_ADDR is 0x00000100
OFF_SECOND_ADDR is 0x00F000F5
Please modify mkbootimg.c using the above values to build your image.
****************
This still resulted in a failed boot.img.
Here are the beginning of the respective files:
boot.img (from the factory build of the LMY47Z Nexus 6 system).
android#ubuntu:~/Desktop/shamu-lmy47z$ xxd -l 320 boot.img
0000000: 414e 4452 4f49 4421 cdc5 6d00 0080 0000 ANDROID!..m.....
0000010: dff2 0a00 0b00 0000 0000 0000 0000 f000 ................
0000020: 0b00 0000 0008 0000 0000 0000 0000 0000 ................
0000030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0000040: 636f 6e73 6f6c 653d 7474 7948 534c 302c console=ttyHSL0,
0000050: 3131 3532 3030 2c6e 3820 616e 6472 6f69 115200,n8 androi
0000060: 6462 6f6f 742e 636f 6e73 6f6c 653d 7474 dboot.console=tt
0000070: 7948 534c 3020 616e 6472 6f69 6462 6f6f yHSL0 androidboo
0000080: 742e 6861 7264 7761 7265 3d73 6861 6d75 t.hardware=shamu
0000090: 206d 736d 5f72 7462 2e66 696c 7465 723d msm_rtb.filter=
00000a0: 3078 3337 2065 6863 692d 6863 642e 7061 0x37 ehci-hcd.pa
00000b0: 726b 3d33 2075 7461 6773 2e62 6c6b 6465 rk=3 utags.blkde
00000c0: 763d 2f64 6576 2f62 6c6f 636b 2f70 6c61 v=/dev/block/pla
00000d0: 7466 6f72 6d2f 6d73 6d5f 7364 6363 2e31 tform/msm_sdcc.1
00000e0: 2f62 792d 6e61 6d65 2f75 7461 6773 2075 /by-name/utags u
00000f0: 7461 6773 2e62 6163 6b75 703d 2f64 6576 tags.backup=/dev
0000100: 2f62 6c6f 636b 2f70 6c61 7466 6f72 6d2f /block/platform/
0000110: 6d73 6d5f 7364 6363 2e31 2f62 792d 6e61 msm_sdcc.1/by-na
0000120: 6d65 2f75 7461 6773 4261 636b 7570 2063 me/utagsBackup c
0000130: 6f68 6572 656e 745f 706f 6f6c 3d38 4d00 oherent_pool=8M.
myboot.img (built w/ mkbootimg and zImage made from msm source)
android#ubuntu:~/Desktop/shamu-lmy47z$ xxd -l 320 myboot.img
0000000: 414e 4452 4f49 4421 4016 6a00 0080 0000 ANDROID!#.j.....
0000010: dff2 0a00 0b00 0000 0000 0000 0000 f000 ................
0000020: 0b00 0000 0010 0000 0000 0000 0000 0000 ................
0000030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0000040: 636f 6e73 6f6c 653d 7474 7948 534c 302c console=ttyHSL0,
0000050: 3131 3532 3030 2c6e 3820 616e 6472 6f69 115200,n8 androi
0000060: 6462 6f6f 742e 636f 6e73 6f6c 653d 7474 dboot.console=tt
0000070: 7948 534c 3020 616e 6472 6f69 6462 6f6f yHSL0 androidboo
0000080: 742e 6861 7264 7761 7265 3d73 6861 6d75 t.hardware=shamu
0000090: 206d 736d 5f72 7462 2e66 696c 7465 723d msm_rtb.filter=
00000a0: 3078 3337 2065 6863 692d 6863 642e 7061 0x37 ehci-hcd.pa
00000b0: 726b 3d33 2075 7461 6773 2e62 6c6b 6465 rk=3 utags.blkde
00000c0: 763d 2f64 6576 2f62 6c6f 636b 2f70 6c61 v=/dev/block/pla
00000d0: 7466 6f72 6d2f 6d73 6d5f 7364 6363 2e31 tform/msm_sdcc.1
00000e0: 2f62 792d 6e61 6d65 2f75 7461 6773 2075 /by-name/utags u
00000f0: 7461 6773 2e62 6163 6b75 703d 2f64 6576 tags.backup=/dev
0000100: 2f62 6c6f 636b 2f70 6c61 7466 6f72 6d2f /block/platform/
0000110: 6d73 6d5f 7364 6363 2e31 2f62 792d 6e61 msm_sdcc.1/by-na
0000120: 6d65 2f75 7461 6773 4261 636b 7570 2063 me/utagsBackup c
0000130: 6f68 6572 656e 745f 706f 6f6c 3d38 4d00 oherent_pool=8M.
First of all I suggest using mkboot(look for it in github) for unpacking and packing boot images.
Very few actual devices use the vanilla mkbootimg, instead they customize it. Marvel and MTK are notorious for modifying the bootloader to load their ugly proprietary boot images.
I would also check if the DTS in the boot image comes as a separate part. If thats the case then you need to make sure you unpack and repack it. I dont think you are doing it now.

how to find which app is listening on port Android

I'm trying to write a port scanner, I managed to get the open ports using sockets.
My problem is how to know which apps are listening on open ports.
Android is based on a Linux kernel, therefore you can do this using the same approach that works under Linux. See https://stackoverflow.com/a/2359643/441899 for a description of how to do that. Additionally you would need to determine from a Linux process what the app running in that process is (see Android - How to get the processName or packageName by using PID? for this). Note that your app would have to be running as root to access the files in /proc that it would need to in order to find this information.
cat /proc/net/tcp
this will give you a list about the android opening ports.e.g.
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 0100007F:13AD 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 3336108 1 0000000000000000 100 0 0 10 0
1: 0100007F:1F90 00000000:0000 0A 00000000:00000000 00:00000000 00000000 10252 0 3579923 1 0000000000000000 100 0 0 10 0
2: 6400A8C0:A90E 6800A8C0:1F90 04 00000001:00000000 00:00000000 00000005 0 0 0 1 0000000000000000 326 4 29 1 5
3: 6400A8C0:A91E 6800A8C0:1F90 04 00000001:00000000 00:00000000 00000005 0 0 0 1 0000000000000000 326 4 29 1 5
4: 6400A8C0:84F2 66DFC2DC:01BB 09 00000001:00000001 00:00000000 00000005 0 0 0 1 0000000000000000 665 4 24 1 5
so we know uid =10252 is the APP listening the port 1F90( which is 8080)
cat /data/system/packages.list | grep 10252 (the pid you found )
com.target.app 10252 0 /data/user/0/com.target.app default:targetSdkVersion=29 3002,3003 0 1
refer to : https://stackoverflow.com/a/38793457/445908

Categories

Resources