Kubuntu20环境配置
安装 proxychains
sudo apt-get install proxychains-ng
修改/etc/proxychains4.conf
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5 192.168.65.1 1080
安装 IDE
vscode
snap install code
android studio
snap install android-studio --classic
clion
snap install clion --classic
pycharm-community
snap install pycharm-community --classic
intellij-idea-community
snap install intellij-idea-community --classic
IDA Pro with Wine
https://wiki.winehq.org/Ubuntu_zhcn
https://debugwar.com/article/activate-IDAPython-with-wine-IDA-under-linux
for Kubuntu 20 install winehq
sudo dpkg --add-architecture i386
sudo proxychains wget -nc -O /usr/share/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key
sudo proxychains wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/focal/winehq-focal.sources
sudo proxychains apt update
sudo proxychains apt install --install-recommends winehq-stable
ida python env
https://www.python.org/ftp/python/3.10.2/python-3.10.2-embed-amd64.zip
wine regedit
ida python env pip
https://bootstrap.pypa.io/get-pip.py
wine python.exe get_pip.py
wine python.exe -m pip install keystone-engine
wine python.exe -m pip install six
遇到的问题
sip
ImportError: DLL load failed while importing sip: Module not found.
pip 安装PyQt5,但是还是会有这个问题,搜索发现
https://github.com/igogo-x86/HexRaysPyTools/issues/48
https://hex-rays.com/blog/ida-7-4-and-python-3-8/
https://iosre.com/t/topic/21033/21
以上解决方法均不能解决问题,尝试使用7.6来替换7.5。
Typora
snap install typora-alanzanattadev
使用直接输入命令 typora-alanzanattadev
安装常用 build 工具
sudo apt install build-essential gcc-multilib g++-multilib
安装和配置 zsh
- 安装
sudo apt install git zsh -y
sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
- 更改默认 shell 为 zsh
[sudo] chsh -s $(which zsh)
- 安装常用插件
- autojump
sudo apt install python
# ------ linux -----
proxychains git clone git://github.com/joelthelion/autojump.git
cd autojump
./install.py
vim ~/.zshrc
# 在文件里找到plugins,添加
plugins=(autojump)
# 在文件末尾添加
[[ -s /home/tg/.autojump/etc/profile.d/autojump.sh ]] && source /home/tg/.autojump/etc/profile.d/autojump.sh
source ~/.zshrc
- zsh-autosuggestions
proxychains git clone git://github.com/zsh-users/zsh-autosuggestions $ZSH_CUSTOM/plugins/zsh-autosuggestions
vim ~/.zshrc
# 在文件里找到plugins,添加
plugins=(
autojump
zsh-autosuggestions
)
source ~/.zshrc
- zsh-syntax-highlighting
# 安装
proxychains git clone git://github.com/zsh-users/zsh-syntax-highlighting $ZSH_CUSTOM/plugins/zsh-syntax-highlighting
vim ~/.zshrc
# 在文件里找到plugins,添加
plugins=(
autojump
zsh-autosuggestions
zsh-syntax-highlighting
)
source ~/.zshrc
安装和使用 tmux
https://gist.github.com/ryerh/14b7c24dfd623ef8edc7
网络监控和 CPU/内存监控
jnettop/htop
安装 pyenv
https://gist.github.com/cedricbonhomme/ababe00d0a675ea5c69d777276e8f375
编译 aosp
sudo apt install bison tree
sudo dpkg --add-architecture i386
sudo apt update
sudo apt install libc6:i386 libncurses5:i386 libstdc++6:i386
sudo apt install libxml2-utils
sudo apt install openjdk-8-jdk
sudo apt-get install libncurses5
sudo apt install htop
sudo apt-get install bc bison build-essential ccache curl flex g++-multilib gcc-multilib git gnupg gperf imagemagick lib32ncurses5-dev lib32readline-dev lib32z1-dev libelf-dev liblz4-tool libncurses5 libncurses5-dev libsdl1.2-dev libssl-dev libxml2 libxml2-utils lzop pngcrush rsync schedtool squashfs-tools xsltproc zip zlib1g-dev
For Ubuntu versions older than 20.04 (focal), install also:
libwxgtk3.0-dev
While for Ubuntu versions older than 16.04 (xenial), install:
libwxgtk2.8-dev
mouxuejie.com/blog/2019-11-17/aosp-setup/
https://mirrors.tuna.tsinghua.edu.cn/help/AOSP/
使用清华源,先下载 repo 工具
proxychains repo init -u https://mirrors.tuna.tsinghua.edu.cn/git/AOSP/platform/manifest -b android-8.1.0_r1
repo sync
rm -rf .repo
// 打个A
- 下载驱动
https://source.android.com/setup/start/build-numbers#source-code-tags-and-builds
https://developers.google.com/android/drivers
https://developers.google.com/android/drivers#sailfishopm1.171019.011
解压驱动后生成 ventor 目录。
source build/envsetup.sh
lunch(选aosp_sailfish-userdebug)
make -j16
其他错误处理
export LC_ALL=C
下载sailfish-opm1.171019.011-factory-56d15350并解包,然后解压里面的image-sailfish-opm1.171019.011.zip,将原来的 img 文件全部删除,替换成我们刚刚编译好的 aosp 里的 img,其路径在out/target/product/sailfish,然后重新打包成image-sailfish-opm1.171019.011.zip,刷入即可
记得要使用刚刚编译出来的 aosp 里内置的那个 Fastboot,位置在如下这里
/home/tg/gitsource/repo/build/out/host/linux-x86/bin
...
./flash-all.sh
清理拖拽文件缓存
cd ~/.cache/vmware/drag_and_drop/
du -d 1 -h
rm -rf *
编译 aosp 内核
https://source.android.com/setup/build/building-kernels
https://source.android.com/setup/build/building-kernels-deprecated
- goldfish 项目包含适用于模拟平台的内核源代码。
- msm 项目包含适用于 ADP1、ADP2、Nexus One、Nexus 4、Nexus 5、Nexus 6、Nexus 5X、Nexus 6P、Nexus 7 (2013)、Pixel 和 Pixel XL 的源代码,可用作在 Qualcomm MSM 芯片组上开展相关工作的着手点。
找到 aosp 里 kernel 的路径
Pixel (sailfish)
Pixel XL (marlin) device/google/marlin-kernel android-msm-marlin-3.18-pie-qpr2
改内核过反调试,以 trace pid 为例
事实上,我们可以在设置 > 关于手机 > 内核版本 中直接查看内核版本信息,也可以通过 cat /proc/version 命令查看。内核版本信息的格式为 kernel version-gXXXXXXX,其中 XXXXXXX 部分的值是 git 提交中 的 short commit id 的值(即 kernel version-g
),short commit id 的值为 commit id 值的前 7 位。Nexus 5 设备 Adnroid 4.4.4_r1 版本 AOSP 自带的内核值是`3.4.0-gd59db4e , 并且刷入手机能正常运行。
检出带代码有两种方式(推荐第二种):
git clone https://aosp.tuna.tsinghua.edu.cn/kernel/msm.git
git checkout 1292056
Updating files: 100% (52159/52159), done.
Note: switching to '1292056'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 129205686dee qcacld-2.0: wlan host driver upgrade to 4.4.25.047
...
export ARCH=arm64
export PATH=/home/tg/gitsource/repo/build/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin:$PATH
export CROSS_COMPILE=aarch64-linux-android-
make marlin_defconfig
/home/tg/gitsource/repo/build/kernel/msm/arch/arm64/boot/Image.lz4-dtb就是生成出来的 kernel
source build/envsetup.sh
lunch(选aosp_sailfish-userdebug)
export TARGET_PREBUILT_KERNEL=/home/tg/gitsource/repo/build/kernel/msm/arch/arm64/boot/Image.lz4-dtb
make -j16
然后可以看到 out 里的 boot.img 已经更新了,重打包刷机即可。
关于过 trace-pid,需要修改的代码在这里
https://github.com/lasting-yang/msm/commit/99ad1405ef0f12d94ca605de4db0b989da3a3b25
