mcr at sandelman.ca
Fri, 25 Jun 2010
Android G1 broken Home button: software issue?
About 10 days ago my Android G1 (running on http://www.WINDmobile.ca) turned itself into a unitasking iPhone. The HOME key stopped working. I figured it was dirt in the case or something... until...
On the Android the HOME key, pushed once, brings you back to the main screen. If you hold it down, then it acts like a task bar (ALT+TAB for any windows readers) and lets you select a running app to switch to.
I realized that the screen would stop locking too! No pocket phone calls, but some actual pocket web surfing and the like. Very annoying.
I had been running http://www.cyanogenmod.com 4.2 on the phone since I started carrying a G1 in January. (I switched from the Rogers Dream to the T-Mobile Dream to get the right radio for WIND in April. I did that with a nandroid backup and restore...)
I was not running APPS2SD before, I had a 4G microSD card, which will plenty big for apps, since Meaghan's new phone needed an uSD card for her MPs, we each got 8G uSD cards. I meant to partition the 8G, flash up to CM 5.0 and run apps2sd.
I started this yesterday with a wonder... since booting with HOME key down is how you get into the recovery image... was I screwed if my HOME key was broken? MIRACLE, it works.
Yesterday, I did a nandroid backup on the 4G uSD card, and then did a factory wipe/reset. SURPRISE. HOME key works. It was somehow a software issue!
I then took the 4G uSD card, inserted it into my laptop, did a tar.gz copy of the contents of the disk, and then inserted the 8G uSD. I partitioned it as 2G for /sdcard, 1.5G (advice from google/forums) for apps, and a 4.5G ext3 partition for... other stuff. Since these partitions can show up on a laptop/etc.
I'll put some "away" SSH keys on it, and likely put some other stuff that never needs to be seen by a windows computer (which I don't own). I'm thinking about putting a copy of QEMU on the windows drive, along with a live x86 image, and maybe I can mount the ext3fs there directly? What happens if I put a copy of MSDOS.COM on it, or install grub on it... can I boot a random x86 PC from my phone right into Linux?
So I restored the /sdcard image from my tar.gz copy. I then discovered that my phone has already been DangerSPL'ed... nice. Thanks to the ebay guy that I bought it from... too bad he won't return my emails, because I'd thank him directly again.
CM5.0.8 installed, mostly without a problem. First app I re-installed was NewsRob and ConnectBot.
I found that I couldn't install apps however! I hooked up adb and found that the package manager couldn't create directories. It died with:
Couldn't create temp file for downloaded package file
After some investigation (including grep'ing the source tree), I found that my /data/app was a symlink to /system/sd/app, which didn't exist. I pointed the second place to /sd-ext, and commented on IRC. Nope, don't do that. Instead, /data/app needs to be recreated:
rm /data/app /data/app-private mkdir /data/app /data/app-private chown system:system /data/app /data/app-private
Hurray for Cyanogen!
posted at: 12:58 | path: /android | permanent link to this entry
Wed, 06 Jan 2010
At http://www.credil.org/ we had to deal with some code that was not yet GPL compliant, fixing bugs (removing features!) from a .so file that we had. We had some of the source code, but not enough to recompile it.
We needed to disable certain calls, so we disassembled the object file with objdump -d. We then reviewed the code, looked for the calls we wanted to remove, which are "bl" instructions.
../../prebuilt/linux-x86/toolchain/arm-eabi-4.3.1/bin/arm-eabi-objdump -d libmyso.so >libmyso.S
All branch instructions are conditional, but one valid condition is "branch always" (and link, which means it's a subroutine). See: http://www.peter-cockerell.net/aalp and http://www.peter-cockerell.net/aalp/html/frames.html, section C which is at: http://www.peter-cockerell.net/aalp/html/app-c.html
Just look, if we change 'e' to 'f', it becomes Branch Never! We tried that.
Oops, this doesn't work. Peter Cockerell's book (from 1987) documents ARMv3, and we are up to ARMv9. It seems that his bit pattern now means to branch, and change to THUMB mode... The clue that this is what happens is that when we disassembled the result we saw "blx", but the real clue was that the offset was no longer "place", instead was "place+2". Thumb instructions are 16-bit big.
See http://www.keil.com/support/man/docs/armasm/armasm_cihfddaf.htm for details of BLX.
So, how to create a NOP? We didn't see an official one. Some googling revealed that "MOV R0 R0" is a good choice.
http://www.keil.com/support/man/docs/armasm/armasm_cjafcggi.htm
To assemble this:
First nibble is 0b1110 (15, 0xE) for "Always".
Second nibble is 0b0001 (1, 0x1), for 00, Immediate bit = 0, first bit of opcode is 1. (The Opcode is 0b1101 (14, 0xD) for MOV)
Third nibble is 0b1010 (10, 0xA), three bits of opcode, S bit set to 0.
Fourth nibble is 0x0000 (R0), and Fifth nibble is 0x0000 (R0).
The last 12 bits are 0.
The result is: 0b1110 0001 1010 0000 0000 0000 0000 0000. Or 0xE1A00000.
We didn't realize that the Android phones are in big-endian mode, so when we searched for the right instructions to change, we did not find them.
When you objdump a .so file, it's mapped directly, so the offsets that objdump products are actual file offsets.
posted at: 03:11 | path: /android | permanent link to this entry
Fri, 06 Nov 2009
dumping list of active services
From the shell of your rooted android phone run:
# dumpsys activity.services
Currently running services:
activity.services
-------------------------------------------------------------------------------
DUMP OF SERVICE activity.services:
Services in Current Activity Manager State:
Active services:
* ServiceRecord{43a3dca0 com.android.inputmethod.latin/.LatinIME}
intent={act=android.view.InputMethod cmp=com.android.inputmethod.latin/.LatinIME}
packageName=com.android.inputmethod.latin
processName=com.android.inputmethod.latin
permission=android.permission.BIND_INPUT_METHOD
baseDir=/system/app/LatinIME.apk/system/app/LatinIME.apk dataDir=/data/data/com.android.inputmethod.latin
app=ProcessRecord{43a3e670 660:com.android.inputmethod.latin/10002}
isForeground=false lastActivity=-296633
startRequested=false startId=0 executeNesting=0 executingStart=-296565 crashCount=0
totalRestartCount=0 restartCount=0 restartDelay=0 restartTime=-296633 nextRestartTime=-329523
* IntentBindRecord{43a3e110}:
intent={act=android.view.InputMethod cmp=com.android.inputmethod.latin/.LatinIME}
binder=android.os.BinderProxy@4392a698
requested=true received=true hasBound=true doRebind=false
* Client AppBindRecord{43a3e288 ProcessRecord{439c0190 572:system/1000}}
Per-process Connections:
ConnectionRecord{43a3e400 com.android.inputmethod.latin/.LatinIME:@43a3da60}
All Connections:
ConnectionRecord{43a3e400 com.android.inputmethod.latin/.LatinIME:@43a3da60}
Connection bindings to services:
* ConnectionRecord{43a3e400 com.android.inputmethod.latin/.LatinIME:@43a3da60}
binding=AppBindRecord{43a3e288 com.android.inputmethod.latin/.LatinIME:system}
conn=android.app.ActivityThread$PackageInfo$ServiceDispatcher$InnerConnection@43a3da60 flags=0x1
If you run it without any arguments, you get a big huge dump of all sorts of interesting things. I do not yet know how to get it to give me a list of just the services that have registered themselves, or are actively running.
posted at: 13:46 | path: /android | permanent link to this entry
