On 08/25/2017 10:07 AM, Alex wrote:
Following up on my previous post on setting up Android 6.0 as a Qubes HVM for app debugging purposes, I'm fixing some of the things that were left unsolved, namely: * screen goes to unrecoverable standby after little time * fix vga settings in grub config * enable adb via tcp * allow VNC connections First, we fix the screen timeout. That's relatively easy: * Open Settings * Go to "About Tablet" * Tap 8 times over the build number (until you're a developer) * Go back to settings * Go to newly added "Developer Options" * Enable "Stay awake" Then we need to setup TCP connection to our work appvm (or the one in which Android Studio is installed and will be used). These steps are adapted from qubes-os.org/doc/firewall * Gather IP addresses (qubes ones) for work and android-6 * Open a shell in sys-firewall [sys-fw]$ sudo iptables -I FORWARD 2 -s <workIP> -d <andIP> -j ACCEPT [sys-fw]$ sudo iptables -I FORWARD 2 -s <andIP> -d <workIP> -j ACCEPT * Open a shell in work appVM [work]$ sudo iptables _I INPUT -s <andIP> -j ACCEPT * Firewall in Android-x86 already allows connections, so test: [work]$ ping <andIP> [android-terminal-emulator]$ ping <workIP> * Should be able to ping. If this is the case, follow instructions in qubes-os.org/doc/firewall to ensure persistence of these settings in both work appVM and sys-firewall. Now we can configure the ADB TCP port for remote debugging: * inside Android open the terminal emulator again if closed [android-terminal-emulator]$ su [android-terminal-emulator]# setprop service.adb.tcp.port 5555 [android-terminal-emulator]# stop adbd [android-terminal-emulator]# start adbd * check from work appVM (Android studio and the tools should have already been installed, so that you have "adb" available) [work]$ adb connect <andIP>:5555 * Should say "connected to 10.137.xx.yy:5555" If this is the case, you now have a friendlier connection for your system! Now our Android HVM will have to be booted from dom0 command line, but we can make it easier by persisting the vga= config in grub. To do that, we must restart Android and: * from the GRUB menu select the second line (Debug Mode) * boot will stop at a temporary root MirBSD Korn shell * give it a couple of Enter keys to clear logs out of the way * now type: [android]# mount -o rw,remount /mnt [android]# cd /mnt/grub [android]# vi menu.lst * edit the file as to append the VGA parameter * press "i", move the cursor, add text * save and quit * press Esc, then type ":wq" * exit the shell TWICE and android will try to complete its boot * but because we did not set the "vga" parameter in the debug line, it will most likely fail * kill the VM from VM Manager Now we can start the android vm with a relatively easy dom0 command, it will automatically and quickly boot to a relatively usable android (sometimes some google background service will crash) with no problems with screen timeouts. The only problem remaining is the mouse, that can be bypassed with a VNC connection. Problem is, our Android is x86 and most VNC servers out there are for ARM devices. There is an x86 build of android-vnc-server at http://xmodulo.com/how-to-run-vnc-server-on-android-x86.html but it has not PIE enabled (some exploit protection) so Marshmallow will refuse to load it. Now you have TWO paths available: one is * download the android-vnc-server project * update it and compile it for x86 with PIE * load it into our HVM and use it to connect the other is * patch the /system/bin/linker executable in Marshmallow to avoid PIE check * load the already compiled assembly found at previous link * use it to connect I went through the second path, since I'm more of a reverse engineer than a library archaeologist, and really don't like the idea of trying to compile things from the past with obscure (to me) options. I found a nice explanation at https://forum.xda-developers.com/google-nexus-5/development/fix-bypassing-pie-security-check-t2797731/page13#127 about a guy that did exactly this patch for Android 5.1. Following his steps I disassembled /system/bin/linker from our Marshmallow HVM and found that the 4 bytes to patch for the check are at 0xD25A (file offset): they start with 0x0F 0x85. Patch the 4 bytes with four NOPs (0x90), save, and replace the linker with your patched version. * put the new linker in /storage/emulated/0/linker_new * restart the Android HVM in Debug mode again * once there the layout of the FS is completely different * find linker_new inside /mnt/android-6.0-r1/data/media/0/ * copy it over to /android/system/bin * chmod it to 755 * exit TWICE from the MirBSD shell and kill HVM * start android normally (via the qvm-start custom command, as usual) * push droidvnc_x86 you downloaded from the link above into the VM [work]$ adb push droidvnc_x86 /storage/emulated/0/ [work]$ adb shell [adb]$ su [adb]# mv /storage/emulated/0/droidvnc_x86 /system/bin/ [adb]# chmod 755 /system/bin/droidvnc_x86 [adb]# droidvnc_x86 * if everything is ok, you will see the messages Initializing VNC server: width: 1024 height: 768 bpp: 32 port: 5901 Initializing server... 25/08/2017 11:35:27 Listening for VNC connections on TCP port 5901 25/08/2017 11:35:27 Listening for HTTP connections on TCP port 5801 25/08/2017 11:35:27 URL http://localhost:5801 Now you can connect via any VNC client (say, remmina?), tweak the connection quality settings, and use your Android HVM to debug apps! Some more issues you may find: * Network is connected via cable, and Android knows it, not via WiFi adapters. Apps may get this situation wrong. * You cannot obviously multitouch via VNC. You could not either via normal HVM screen. * Application may sporadically crash, and this is an x86 machine: many native apps are compiled for ARM devices only, with all due consequences. * You will have to start the VM via the dom0 shell command, until I get to understand how to avoid having the XML overwritten by VM Manager when starting from there. Hope somebody finds this useful
NICE! Thank You! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9ab1268e-2150-7dde-e482-5756a55a6dbd%40gmail.com. For more options, visit https://groups.google.com/d/optout.