[ See full list of commands here ] New versions of Android have been nothing but disastrous for those of us who still want to use our phone as a general purpose computer. The stuff Google introduces under the guise of security;while providing dubious security benefits at best;just so coincides with making rooting harder and harder. Magisk startup process is already super complex;involving mount trickery and hot patching of fstab file and init binary to sidestep all of the "security" obstacles. And it's not getting any better... My advice? Get a phone that can run Ubuntu Touch: https://devices.ubuntu-touch.io/ Linux Deploy and Termux are partially broken since Android 10;and broken even more in Android 11. Linux Deploy is no longer maintained and missing newer distros;but we'll sidestep that and get a copy of Ubuntu 21.04 running. ! Installing into /data --- Since Android 10;Linux Deploy seems to lose track of the loop device after a while;preventing you from shutting down the container cleanly. We'll be installing Linux directly into a folder on /data partition to avoid using an image file. On one hand this does make backups harder;on the other hand it removes the overhead of an ext4 filesystem in the image. ! What is Ubuntu Base? --- Ubuntu Base is a small (27.1 MB) distribution of Ubuntu that is intended to run in chroot containers. It lacks its own init system;which is arguably its main advantage (Ubuntu uses systemd). It comes with a fully functioning APT;so you can extend it to a full Ubuntu system;should you need to. We'll use Linux Deploy to unpack it into /data/linux. ! Sneaking inside the container --- Open up Termux and run this: ``` su chroot /data/linux /bin/su - ``` The first one will give you a root shell in Termux. You will see a "Grant root?" popup if this is the first time you're doing it. The second will bring you inside the container;but with all the wrong environment. The third one will execute the SetUser binary from within the container (Real path /data/linux/bin/su) and ask it to reset the environment (The - argument). It will launch Ubuntu's bash and set up all the environment variables. ! Android Permission System --- Pretty much the only Android-specific thing Linux Deploy does is to populate the file /etc/group with Android-specific group IDs. Each ID grants a specific permission. Without them;the user will not be able to use the feature in question. We are interested in `aid_inet` in particular;because we have no network access without it. ! Allowing APT to use networking --- ``` usermod -g aid_inet _apt ``` This will switch _apt primary group to aid_inet. For some reason adding it as a secondary group using `useradd _apt aid_inet` /will not work/. It is possible that APT drops all secondary groups with a `setgroups(0;NULL)` call but I can't be sure without digging into the source code. UPDATE: I went and checked the source code and that's almost exactly what it does! In file apt-pkg/acquire.cc at line 632 it calls `setgroups(1;[_apt gid from /etc/passwd])`. Offending code first appeared in 2015. Adds little security but almost breaks compatibility with Android! Now;at last;we can run `apt update` ! If you messed up --- If you messed up;run `rm -rf /data/linux`. It will nuke the folder and you can start over from scratch. ! Building and installing latest QEMU --- Let's install the dependencies ``` apt install build-essential automake apt install python3 git libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev ``` It's all mostly the same;but QEMU has adopted a new "ninja" build system since then;which is honestly just bad. Sure;you can just install it from apt now;but that wasn't always the case. If you're ever going to use a custom build system;bundle the sources and the shell script to build it. `apt install ninja-build` Download the sources;v6.0.0 branch: `git clone git://git.qemu.org/qemu.git --branch=v6.0.0 --depth=1` Oh;and QEMU also relies on git submodules now :( You will see it start downloading something when we proceed with the build. Let's also try to enable Link-Time Optimizations and add `-mcpu`;may win us just a hair more speed. Do beware that neither of those optimizations will affect the quality of the recompiled output;only maybe speedup the recompiler (TCG) itself. ``` mkdir build cd build ../configure --target-list=i386-softmmu --enable-lto --extra-cflags="-mcpu=cortex-a76.cortex-a55+crc+crypto" ```;Science & Technology
Book Details
...
Download learning
video(s) to your Internet-in-a-Box
Description:
[ See full list of commands here ] New versions of Android have been nothing but disastrous for those of us who still want to use our phone as a general purpose computer. The stuff Google introduces under the guise of security;while providing dubious security benefits at best;just so coincides with making rooting harder and harder. Magisk startup process is already super complex;involving mount trickery and hot patching of fstab file and init binary to sidestep all of the "security" obstacles. And it's not getting any better... My advice? Get a phone that can run Ubuntu Touch: https://devices.ubuntu-touch.io/ Linux Deploy and Termux are partially broken since Android 10;and broken even more in Android 11. Linux Deploy is no longer maintained and missing newer distros;but we'll sidestep that and get a copy of Ubuntu 21.04 running. ! Installing into /data --- Since Android 10;Linux Deploy seems to lose track of the loop device after a while;preventing you from shutting down the container cleanly. We'll be installing Linux directly into a folder on /data partition to avoid using an image file. On one hand this does make backups harder;on the other hand it removes the overhead of an ext4 filesystem in the image. ! What is Ubuntu Base? --- Ubuntu Base is a small (27.1 MB) distribution of Ubuntu that is intended to run in chroot containers. It lacks its own init system;which is arguably its main advantage (Ubuntu uses systemd). It comes with a fully functioning APT;so you can extend it to a full Ubuntu system;should you need to. We'll use Linux Deploy to unpack it into /data/linux. ! Sneaking inside the container --- Open up Termux and run this: ``` su chroot /data/linux /bin/su - ``` The first one will give you a root shell in Termux. You will see a "Grant root?" popup if this is the first time you're doing it. The second will bring you inside the container;but with all the wrong environment. The third one will execute the SetUser binary from within the container (Real path /data/linux/bin/su) and ask it to reset the environment (The - argument). It will launch Ubuntu's bash and set up all the environment variables. ! Android Permission System --- Pretty much the only Android-specific thing Linux Deploy does is to populate the file /etc/group with Android-specific group IDs. Each ID grants a specific permission. Without them;the user will not be able to use the feature in question. We are interested in `aid_inet` in particular;because we have no network access without it. ! Allowing APT to use networking --- ``` usermod -g aid_inet _apt ``` This will switch _apt primary group to aid_inet. For some reason adding it as a secondary group using `useradd _apt aid_inet` /will not work/. It is possible that APT drops all secondary groups with a `setgroups(0;NULL)` call but I can't be sure without digging into the source code. UPDATE: I went and checked the source code and that's almost exactly what it does! In file apt-pkg/acquire.cc at line 632 it calls `setgroups(1;[_apt gid from /etc/passwd])`. Offending code first appeared in 2015. Adds little security but almost breaks compatibility with Android! Now;at last;we can run `apt update` ! If you messed up --- If you messed up;run `rm -rf /data/linux`. It will nuke the folder and you can start over from scratch. ! Building and installing latest QEMU --- Let's install the dependencies ``` apt install build-essential automake apt install python3 git libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev ``` It's all mostly the same;but QEMU has adopted a new "ninja" build system since then;which is honestly just bad. Sure;you can just install it from apt now;but that wasn't always the case. If you're ever going to use a custom build system;bundle the sources and the shell script to build it. `apt install ninja-build` Download the sources;v6.0.0 branch: `git clone git://git.qemu.org/qemu.git --branch=v6.0.0 --depth=1` Oh;and QEMU also relies on git submodules now :( You will see it start downloading something when we proceed with the build. Let's also try to enable Link-Time Optimizations and add `-mcpu`;may win us just a hair more speed. Do beware that neither of those optimizations will affect the quality of the recompiled output;only maybe speedup the recompiler (TCG) itself. ``` mkdir build cd build ../configure --target-list=i386-softmmu --enable-lto --extra-cflags="-mcpu=cortex-a76.cortex-a55+crc+crypto" ```;Science & Technology