22 October 2012

263. Cyanogen mod on Nexus One

Note that you need an unlocked and rooted Nexus One for this. I did this in the past and can barely remember how I did it. So don't ask me. Also, I'm using linux for this, so asking me about OS X or Windows would be doubly unwelcome.

Besides, I'm just following orders: http://wiki.cyanogenmod.com/wiki/Nexus_One:_Full_Update_Guide

0. Back up everything. Root and unlock your Nexus One.
I used Titanium Backup and SMS Backup and Restore to back things up, just in case. Then I connected my phone to my computer and copied everything. I unlocked the boot loader and rooted my phone quite a while ago and so can't remember how it's best done.

Looking at the traces in my system I used bexboot.v2.GRK39F_OTA and I don't remember that it was difficult. Just be aware that everything on your phone WILL BE WIPED. So back stuff up.

cd ~/tmp
wget http://bexboot.googlecode.com/files/bexboot.v2.GRK39F_OTA.zip
unzip bexboot.v2.GRK39F_OTA.zip
cd bexboot.v2.GRK39F_OTA/
chmod +x fastboot-linux

1. Download stuff

 1a. Download the cyanogen mod image: 
wget http://download.cyanogenmod.com/get/jenkins/2857/cm-7.2.0-passion.zip
md5sum cm-7.2.0-passion.zip
0d37cc25fd42b0ad00f87c9e009b7a9c cm-7.2.0-passion.zip
1b. Get the Amon Ra recovery image:
wget http://cmw.22aaf3.com/passion/recovery/recovery-RA-passion-v2.2.1-CM.img 
md5sum recovery-RA-passion-v2.2.1-CM.img 
e8262ae23943ce50fd346001812fae79 recovery-RA-passion-v2.2.1-CM.img
1c. Then get the google apps: 
wget http://cmw.22aaf3.com/gapps/gapps-gb-20110828-signed.zip
md5sum gapps-gb-20110828-signed.zip
1647897d8ac3efb04723d2ad2c361a3f gapps-gb-20110828-signed.zip

This is a good time to move the gapps-gb-20110828-signed.zip and cm-7.2.0-passion.zip files to the root of your SD card.

 2. Edit your /etc/udev/rules.d/51-android.rules
 I changed mine from


SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0666", GROUP="plugdev"


to




SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", MODE="0666", GROUP="plugdev"




since





Bus 001 Device 020: ID 0bb4:0fff HTC (High Tech Computer Corp.) Android Fastboot Bootloader




and did





sudo chmod a+rx /etc/udev/rules.d/51-android.rules
sudo service udev restart




3. Flash

Get
Turn off your phone and plug in the usb cable. Hold down the scroll ball and, while holding it down, turn on your phone. Don't select anything. Instead, on your computer:



./fastboot-linux devices




HT015P801117    fastboot


So far so good!




./fastboot-linux flash recovery recovery-RA-passion-v2.2.1-CM.img 




sending 'recovery' (3380 KB)... OKAY
writing 'recovery'... OKAY




On your phone, select "bootloader" then "recovery", which starts the Android System Recovery  -- look at the bottom of the screen though, where it'll say "Build: RA-passion-v2.2.1"



Scroll (painfully -- it's really unresponsive so don't freak out) using the scroll ball on your phone to "Wipe", then push down the track ball to select it. Then select "Wipe ALL data/factory reset".



You'll then get asked:



Wipe ALL userdata

Press Trackball to confirm.

any other key to abort.

Confirm. You'll get the following messages:



Formatting DATA:...

Formatting SDCARD:.android_secure...

Formatting CACHE:...

Skipping format of /sd-ext.

Userdata wipe complete!

Now press Vol-Down to return to the previous menu, where you select "Flash zip from sdcard". You're now asked whether to choose zip from sdcard or to toggle signature verification. Choose "zip", and select "cm-7.2.0-passion.zip", which will launch the installation.



Once that's done, select "choose zip from sdcard" again and this time pick your gapps-gb-20110828-signed.zip. Once that's installed, hit Vol-Down to go up one level in the menu and select Reboot. You're now done.



In case of trouble:

My system complained here that the gapps file was 'bad', so I went up one menu level and rebooted. Without google apps life is less fun, but I didn't have an SD card reader at hand. Once my (flashy new) system was up I mounted the SD card via USB, and checked the md5sum, which was bad. I put a new copy of the file on the sd card, checked the md5sum (now good), and powered off the phone.

I then powered it on by holding down the trackball while pushing the power button, running "./fastboot-linux flash recovery recovery-RA-passion-v2.2.1-CM.img" on my computer, selecting bootload/recovery, then "flash zip from sdcard", "choose zip from sdcard", selecting "gapps-gb-20110828-signed.zip", and THIS TIME it went fine! Then just hit Vol-Down, select "Reboot system now" and you're done!



All in all, it took a while to prepare everything, but it wasn't as difficult or scary as one would be lead to believe.



The verdict:

I actually don't use my phone much these days, so I can't really tell how 'different' the cyanogen mod really is from my previous android install. But it looks a little bit different, and I seem to have a lot more control over the details, which is nice.











Posted by



at





1 comment:
  



















Labels:
,
,
,
,
















          

        

          

        

20 October 2012


          

        









262. chroot/jail your iceweasel (firefox)










Update: in my youth I thought that chroot=security. I now know better.

http://yarchive.net/comp/linux/chroot.html

http://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells



In other words, don't rely on chroot for security -- it's not meant to be a security tool. I personally use it to browse at work without leaving a too obvious a trail (nothing shady -- part of my job is to apply for permanent jobs, but it is not necessarily in the interest of my current employer to see me succeed. Academia is a weird place.)



Original post:

There are many reasons why you'd want to secure your browser -- ranging from paranoia to justifiable cautiousness (you're probably visiting the wrong kind of sites...).



A chroot environment doesn't make you anonymous -- it just helps sandbox your applications. To protect your anonymity you'll want to prevent your browser from setting cookies, and use a proxy via an ssh tunnel to encrypt your traffic and hide your true IP address. There's no silver bullet for these things.



I've chroot:d things in the past when compiling 32 bit applications on 64 bit machines, but for this guide I'm leaning heavily on this post: https://help.ubuntu.com/community/BasicChroot




sudo apt-get install coreutils debootstrap




Time to get rocking. Be aware that you should have a bit of free space on your target drive.







sudo debootstrap --arch amd64 wheezy /media/chroot/ http://ftp.au.debian.org/debian/




which gets stuff underway:






I: Retrieving InRelease
I: Checking Release signature
I: Valid Release signature (key id 9FED2BCBDCD29CDF762678CBAED4B06F473041FA)
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Checking component main on http://ftp.au.debian.org/debian...
I: Retrieving libacl1
I: Validating libacl1
I: Retrieving apt
[..]
I: Configuring dpkg-dev...
I: Configuring build-essential...
I: Base system installed successfully.




So far, so good.



Create a shell script, e.g. chroot.sh, with the following in it:



xhost +


sudo mount -o bind /proc /media/chroot/proc
sudo cp /etc/resolv.conf /media/chroot/etc/resolv.conf
sudo chroot /media/chroot




Run it everytime you want to enter you chroot environment:


sh chroot.sh




In the chroot shell, do



apt-get install locales sudo vim
echo 'export LC_ALL="C"'>>/etc/bash.bashrc
echo 'export LANG="C"'>>/etc/bash.bashrc
echo 'DISPLAY=:0.0' >> /etc/bash.bashrc
source /etc/bash.bashrc
adduser sandbox
usermod -g sudo sandbox
echo 'Defaults !tty_tickets' >> /etc/sudoers
apt-get install iceweasel
su sandbox
cd ~




Launch iceweasel/firefox:




sandbox@beryllium:/$ firefox





And you're pretty much done.



Next time you want to launch a sandboxed version of firefox just do:





me@beryllium:~$ sh chroot.sh 
access control disabled, clients can connect from any host
root@beryllium:/# su sandbox
sandbox@beryllium:/$ firefox










Posted by



at





No comments:
  



















Labels:
,
,
,
,
,
,
























261. Disable tracker-miner-fs 










Looking at my ~/.local/share/tracker folder I've got 1.5 Gb wasting away. Also, tracker has a way of eating up CPU cycles,. Given that I never do any desktop searches -- I use either 'locate' or 'find' in the terminal and they do exactly what I need -- I don't see much point in allowing tracker to run.



1. If you're in a gui you can run tracker-preferences  and disable the indexing of all folders.



2. To delete existing tracker logs you need to do

tracker-control -r



This kills all running tracker processes and removes the databases.



3. Finally, edit /etc/xdg/autostart/tracker-miner-fs.desktop and tracker-store.desktop and change




X-GNOME-Autostart-enabled=true




to




X-GNOME-Autostart-enabled=false












Posted by



at





8 comments:
  



















Labels:
,
,
















        

      









Subscribe to:
Posts (Atom)