Kubuntu20環境配置

安裝 proxychains

sudo apt-get install proxychains-ng

修改/etc/proxychains4.conf

[ProxyList]

# add proxy here ...

# meanwile

# defaults set to "tor"

socks5  192.168.65.1 1080

安裝 IDE

vscode

snap install code

android studio

snap install android-studio --classic

clion

snap install clion --classic

pycharm-community

snap install pycharm-community --classic

intellij-idea-community

snap install intellij-idea-community --classic

IDA Pro with Wine

https://wiki.winehq.org/Ubuntu_zhcn

https://debugwar.com/article/activate-IDAPython-with-wine-IDA-under-linux

for Kubuntu 20 install winehq

sudo dpkg --add-architecture i386

sudo proxychains wget -nc -O /usr/share/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key

sudo proxychains wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/focal/winehq-focal.sources

sudo proxychains apt update

sudo proxychains apt install --install-recommends winehq-stable

ida python env

https://www.python.org/ftp/python/3.10.2/python-3.10.2-embed-amd64.zip

wine regedit

ida python env pip

https://bootstrap.pypa.io/get-pip.py

wine python.exe get_pip.py

wine python.exe -m pip install keystone-engine

wine python.exe -m pip install six

遇到的問題

sip

ImportError: DLL load failed while importing sip: Module not found.

pip 安裝PyQt5，但是還是會有這個問題，搜索發現

https://github.com/igogo-x86/HexRaysPyTools/issues/48

https://hex-rays.com/blog/ida-7-4-and-python-3-8/

https://iosre.com/t/topic/21033/21

以上解決方法均不能解決問題，嘗試使用7.6來替換7.5。

Typora

snap install typora-alanzanattadev

使用直接輸入命令 typora-alanzanattadev

安裝常用 build 工具

sudo apt install build-essential gcc-multilib g++-multilib

安裝和配置 zsh

• 安裝

sudo apt install git zsh -y

sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

• 更改默認 shell 爲 zsh

[sudo] chsh -s $(which zsh)

• 安裝常用插件
• autojump

sudo apt install python

# ------ linux -----

proxychains git clone git://github.com/joelthelion/autojump.git

cd autojump

./install.py

vim ~/.zshrc

# 在文件裏找到plugins，添加

plugins=(autojump)

# 在文件末尾添加

[[ -s /home/tg/.autojump/etc/profile.d/autojump.sh ]] && source /home/tg/.autojump/etc/profile.d/autojump.sh

source ~/.zshrc

• zsh-autosuggestions

proxychains git clone git://github.com/zsh-users/zsh-autosuggestions $ZSH_CUSTOM/plugins/zsh-autosuggestions

vim ~/.zshrc

# 在文件裏找到plugins，添加

plugins=(

  autojump

  zsh-autosuggestions

)

source ~/.zshrc

• zsh-syntax-highlighting

# 安裝

proxychains git clone git://github.com/zsh-users/zsh-syntax-highlighting $ZSH_CUSTOM/plugins/zsh-syntax-highlighting

vim ~/.zshrc

# 在文件裏找到plugins，添加

plugins=(

  autojump

  zsh-autosuggestions

  zsh-syntax-highlighting

)

source ~/.zshrc

安裝和使用 tmux

https://gist.github.com/ryerh/14b7c24dfd623ef8edc7

網絡監控和 CPU/內存監控

jnettop/htop

安裝 pyenv

https://gist.github.com/cedricbonhomme/ababe00d0a675ea5c69d777276e8f375

編譯 aosp

sudo apt install bison tree

sudo dpkg --add-architecture i386

sudo apt update

sudo apt install libc6:i386 libncurses5:i386 libstdc++6:i386

sudo apt install libxml2-utils

sudo apt install openjdk-8-jdk

sudo apt-get install libncurses5

sudo apt install htop

sudo apt-get install bc bison build-essential ccache curl flex g++-multilib gcc-multilib git gnupg gperf imagemagick lib32ncurses5-dev lib32readline-dev lib32z1-dev libelf-dev liblz4-tool libncurses5 libncurses5-dev libsdl1.2-dev libssl-dev libxml2 libxml2-utils lzop pngcrush rsync schedtool squashfs-tools xsltproc zip zlib1g-dev

For Ubuntu versions older than 20.04 (focal), install also:

• libwxgtk3.0-dev

While for Ubuntu versions older than 16.04 (xenial), install:

• libwxgtk2.8-dev

mouxuejie.com/blog/2019-11-17/aosp-setup/

https://mirrors.tuna.tsinghua.edu.cn/help/AOSP/

使用清華源，先下載 repo 工具

proxychains repo init -u https://mirrors.tuna.tsinghua.edu.cn/git/AOSP/platform/manifest -b android-8.1.0_r1

repo sync

rm -rf .repo

// 打個A

• 下載驅動

https://source.android.com/setup/start/build-numbers#source-code-tags-and-builds



https://developers.google.com/android/drivers



https://developers.google.com/android/drivers#sailfishopm1.171019.011

解壓驅動後生成 ventor 目錄。

source build/envsetup.sh

lunch(選aosp_sailfish-userdebug)

make -j16

其他錯誤處理

export LC_ALL=C

下載sailfish-opm1.171019.011-factory-56d15350並解包，然後解壓裏面的image-sailfish-opm1.171019.011.zip,將原來的 img 文件全部刪除，替換成我們剛剛編譯好的 aosp 裏的 img，其路徑在out/target/product/sailfish,然後重新打包成image-sailfish-opm1.171019.011.zip,刷入即可

記得要使用剛剛編譯出來的 aosp 裏內置的那個 Fastboot,位置在如下這裏

/home/tg/gitsource/repo/build/out/host/linux-x86/bin

...

./flash-all.sh

清理拖拽文件緩存

cd ~/.cache/vmware/drag_and_drop/

du -d 1 -h

rm -rf *

編譯 aosp 內核

https://source.android.com/setup/build/building-kernels

https://source.android.com/setup/build/building-kernels-deprecated

• goldfish 項目包含適用於模擬平臺的內核源代碼。
• msm 項目包含適用於 ADP1、ADP2、Nexus One、Nexus 4、Nexus 5、Nexus 6、Nexus 5X、Nexus 6P、Nexus 7 (2013)、Pixel 和 Pixel XL 的源代碼，可用作在 Qualcomm MSM 芯片組上開展相關工作的着手點。

找到 aosp 裏 kernel 的路徑

Pixel (sailfish)

Pixel XL (marlin)	device/google/marlin-kernel	android-msm-marlin-3.18-pie-qpr2

改內核過反調試，以 trace pid 爲例

事實上，我們可以在設置 > 關於手機 > 內核版本 中直接查看內核版本信息，也可以通過 cat /proc/version 命令查看。內核版本信息的格式爲 kernel version-gXXXXXXX,其中 XXXXXXX 部分的值是 git 提交中 的 short commit id 的值（即 kernel version-g

），short commit id 的值爲 commit id 值的前 7 位。Nexus 5 設備 Adnroid 4.4.4_r1 版本 AOSP 自帶的內核值是`3.4.0-gd59db4e , 並且刷入手機能正常運行。

檢出帶代碼有兩種方式（推薦第二種)：

git clone https://aosp.tuna.tsinghua.edu.cn/kernel/msm.git



git checkout 1292056

Updating files: 100% (52159/52159), done.

Note: switching to '1292056'.



You are in 'detached HEAD' state. You can look around, make experimental

changes and commit them, and you can discard any commits you make in this

state without impacting any branches by switching back to a branch.



If you want to create a new branch to retain commits you create, you may

do so (now or later) by using -c with the switch command. Example:



  git switch -c <new-branch-name>



Or undo this operation with:



  git switch -



Turn off this advice by setting config variable advice.detachedHead to false



HEAD is now at 129205686dee qcacld-2.0: wlan host driver upgrade to 4.4.25.047

...

export ARCH=arm64



 export PATH=/home/tg/gitsource/repo/build/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin:$PATH

export CROSS_COMPILE=aarch64-linux-android-

make marlin_defconfig

/home/tg/gitsource/repo/build/kernel/msm/arch/arm64/boot/Image.lz4-dtb就是生成出來的 kernel

source build/envsetup.sh

lunch(選aosp_sailfish-userdebug)

export TARGET_PREBUILT_KERNEL=/home/tg/gitsource/repo/build/kernel/msm/arch/arm64/boot/Image.lz4-dtb

make -j16

然後可以看到 out 裏的 boot.img 已經更新了，重打包刷機即可。

關於過 trace-pid，需要修改的代碼在這裏

https://github.com/lasting-yang/msm/commit/99ad1405ef0f12d94ca605de4db0b989da3a3b25