安裝 proxychains
sudo apt-get install proxychains-ng
修改/etc/proxychains4.conf
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5 192.168.65.1 1080
安裝 IDE
vscode
snap install code
android studio
snap install android-studio --classic
clion
snap install clion --classic
pycharm-community
snap install pycharm-community --classic
intellij-idea-community
snap install intellij-idea-community --classic
IDA Pro with Wine
https://wiki.winehq.org/Ubuntu_zhcn
https://debugwar.com/article/activate-IDAPython-with-wine-IDA-under-linux
for Kubuntu 20 install winehq
sudo dpkg --add-architecture i386
sudo proxychains wget -nc -O /usr/share/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key
sudo proxychains wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/focal/winehq-focal.sources
sudo proxychains apt update
sudo proxychains apt install --install-recommends winehq-stable
ida python env
https://www.python.org/ftp/python/3.10.2/python-3.10.2-embed-amd64.zip
wine regedit
ida python env pip
https://bootstrap.pypa.io/get-pip.py
wine python.exe get_pip.py
wine python.exe -m pip install keystone-engine
wine python.exe -m pip install six
遇到的問題
sip
ImportError: DLL load failed while importing sip: Module not found.
pip 安裝PyQt5,但是還是會有這個問題,搜索發現
https://github.com/igogo-x86/HexRaysPyTools/issues/48
https://hex-rays.com/blog/ida-7-4-and-python-3-8/
https://iosre.com/t/topic/21033/21
以上解決方法均不能解決問題,嘗試使用7.6來替換7.5。
Typora
snap install typora-alanzanattadev
使用直接輸入命令 typora-alanzanattadev
安裝常用 build 工具
sudo apt install build-essential gcc-multilib g++-multilib
安裝和配置 zsh
- 安裝
sudo apt install git zsh -y
sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
- 更改默認 shell 爲 zsh
[sudo] chsh -s $(which zsh)
- 安裝常用插件
- autojump
sudo apt install python
# ------ linux -----
proxychains git clone git://github.com/joelthelion/autojump.git
cd autojump
./install.py
vim ~/.zshrc
# 在文件裏找到plugins,添加
plugins=(autojump)
# 在文件末尾添加
[[ -s /home/tg/.autojump/etc/profile.d/autojump.sh ]] && source /home/tg/.autojump/etc/profile.d/autojump.sh
source ~/.zshrc
- zsh-autosuggestions
proxychains git clone git://github.com/zsh-users/zsh-autosuggestions $ZSH_CUSTOM/plugins/zsh-autosuggestions
vim ~/.zshrc
# 在文件裏找到plugins,添加
plugins=(
autojump
zsh-autosuggestions
)
source ~/.zshrc
- zsh-syntax-highlighting
# 安裝
proxychains git clone git://github.com/zsh-users/zsh-syntax-highlighting $ZSH_CUSTOM/plugins/zsh-syntax-highlighting
vim ~/.zshrc
# 在文件裏找到plugins,添加
plugins=(
autojump
zsh-autosuggestions
zsh-syntax-highlighting
)
source ~/.zshrc
安裝和使用 tmux
https://gist.github.com/ryerh/14b7c24dfd623ef8edc7
網絡監控和 CPU/內存監控
jnettop/htop
安裝 pyenv
https://gist.github.com/cedricbonhomme/ababe00d0a675ea5c69d777276e8f375
編譯 aosp
sudo apt install bison tree
sudo dpkg --add-architecture i386
sudo apt update
sudo apt install libc6:i386 libncurses5:i386 libstdc++6:i386
sudo apt install libxml2-utils
sudo apt install openjdk-8-jdk
sudo apt-get install libncurses5
sudo apt install htop
sudo apt-get install bc bison build-essential ccache curl flex g++-multilib gcc-multilib git gnupg gperf imagemagick lib32ncurses5-dev lib32readline-dev lib32z1-dev libelf-dev liblz4-tool libncurses5 libncurses5-dev libsdl1.2-dev libssl-dev libxml2 libxml2-utils lzop pngcrush rsync schedtool squashfs-tools xsltproc zip zlib1g-dev
For Ubuntu versions older than 20.04 (focal), install also:
libwxgtk3.0-dev
While for Ubuntu versions older than 16.04 (xenial), install:
libwxgtk2.8-dev
mouxuejie.com/blog/2019-11-17/aosp-setup/
https://mirrors.tuna.tsinghua.edu.cn/help/AOSP/
使用清華源,先下載 repo 工具
proxychains repo init -u https://mirrors.tuna.tsinghua.edu.cn/git/AOSP/platform/manifest -b android-8.1.0_r1
repo sync
rm -rf .repo
// 打個A
- 下載驅動
https://source.android.com/setup/start/build-numbers#source-code-tags-and-builds
https://developers.google.com/android/drivers
https://developers.google.com/android/drivers#sailfishopm1.171019.011
解壓驅動後生成 ventor 目錄。
source build/envsetup.sh
lunch(選aosp_sailfish-userdebug)
make -j16
其他錯誤處理
export LC_ALL=C
下載sailfish-opm1.171019.011-factory-56d15350
並解包,然後解壓裏面的image-sailfish-opm1.171019.011.zip
,將原來的 img 文件全部刪除,替換成我們剛剛編譯好的 aosp 裏的 img,其路徑在out/target/product/sailfish
,然後重新打包成image-sailfish-opm1.171019.011.zip
,刷入即可
記得要使用剛剛編譯出來的 aosp 裏內置的那個 Fastboot,位置在如下這裏
/home/tg/gitsource/repo/build/out/host/linux-x86/bin
...
./flash-all.sh
清理拖拽文件緩存
cd ~/.cache/vmware/drag_and_drop/
du -d 1 -h
rm -rf *
編譯 aosp 內核
https://source.android.com/setup/build/building-kernels
https://source.android.com/setup/build/building-kernels-deprecated
- goldfish 項目包含適用於模擬平臺的內核源代碼。
- msm 項目包含適用於 ADP1、ADP2、Nexus One、Nexus 4、Nexus 5、Nexus 6、Nexus 5X、Nexus 6P、Nexus 7 (2013)、Pixel 和 Pixel XL 的源代碼,可用作在 Qualcomm MSM 芯片組上開展相關工作的着手點。
找到 aosp 裏 kernel 的路徑
Pixel (sailfish)
Pixel XL (marlin) device/google/marlin-kernel android-msm-marlin-3.18-pie-qpr2
改內核過反調試,以 trace pid 爲例
事實上,我們可以在設置 > 關於手機 > 內核版本 中直接查看內核版本信息,也可以通過 cat /proc/version 命令查看。內核版本信息的格式爲 kernel version-gXXXXXXX,其中 XXXXXXX 部分的值是 git 提交中 的 short commit id 的值(即 kernel version-g
),short commit id 的值爲 commit id 值的前 7 位。Nexus 5 設備 Adnroid 4.4.4_r1 版本 AOSP 自帶的內核值是`3.4.0-gd59db4e , 並且刷入手機能正常運行。
檢出帶代碼有兩種方式(推薦第二種):
git clone https://aosp.tuna.tsinghua.edu.cn/kernel/msm.git
git checkout 1292056
Updating files: 100% (52159/52159), done.
Note: switching to '1292056'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 129205686dee qcacld-2.0: wlan host driver upgrade to 4.4.25.047
...
export ARCH=arm64
export PATH=/home/tg/gitsource/repo/build/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin:$PATH
export CROSS_COMPILE=aarch64-linux-android-
make marlin_defconfig
/home/tg/gitsource/repo/build/kernel/msm/arch/arm64/boot/Image.lz4-dtb
就是生成出來的 kernel
source build/envsetup.sh
lunch(選aosp_sailfish-userdebug)
export TARGET_PREBUILT_KERNEL=/home/tg/gitsource/repo/build/kernel/msm/arch/arm64/boot/Image.lz4-dtb
make -j16
然後可以看到 out 裏的 boot.img 已經更新了,重打包刷機即可。
關於過 trace-pid,需要修改的代碼在這裏
https://github.com/lasting-yang/msm/commit/99ad1405ef0f12d94ca605de4db0b989da3a3b25