作者:张华 发表于:2017-06-23
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本版权声明
( http://blog.csdn.net/quqi99 ) ##
I have two Meizu MX4 ubuntu cellphones, now I will re-install Flyme or native google android on them. All softwares can be downloaded from the link: https://pan.baidu.com/s/1bpo0xbx
1, Start MX4 Ubuntu, and enable ‘Developer Mode’ from ‘System Setting -> About Cellphone’ menu.
2, Install the tools adb and fastboot from the link http://esausilva.com/wp-content/plugins/cimy-counter/cc_redirect.php?cc=platform-tools-linux&fn=http://esausilva.com/misc/android/platform-tools-linux.tar.gz
export PATH=/bak/java/platform-tools:$PATH
3, Make sure your cellphone can connect to compute (Ubuntu) via USB and adb
$ sudo lsusb |grep Meizu
Bus 003 Device 010: ID 2a45:0c02 Meizu Corp. MX Phone (MTP & ADB)
$ cat /etc/udev/rules.d/51-android.rules
SUBSYSTEM=="usb", ATTR{idVendor}=="2a45", MODE="0666", SYMLINK+="android_adb"
$ cat ~/.android/adb_usb.ini
2a45
$ sudo udevadm control --reload-rules && sudo udevadm trigger
$ adb kill-server && adb start-server
$ adb devices
List of devices attached
75HABLMCYUR3 device
$ sudo apt-get install go-mtpfs mtp-tools gmtp
$ sudo mtp-detect
libmtp version: 1.1.10
Listing raw device(s)
Device 0 (VID=2a45 and PID=0c02) is a Meizu MX Phone (MTP+ADB).
Found 1 device(s):
Meizu: MX Phone (MTP+ADB) (2a45:0c02) @ bus 3, dev 10
4, Brush the thirty party recovery. Shutdown your cellphone, and press POWER + VOL-DOWN to enter fastboot mode. Use usb to connect cellphone and compute, than run:
hua@node1:/bak/tools/mx4 $ fastboot flash recovery recovery.img
sending 'recovery' (10000 KB)...
OKAY [ 0.506s]
writing 'recovery'...
OKAY [ 0.410s]
finished. total time: 0.916s
5, Press POWER + VOL-UP to enter above recoerty, and Click ‘Install Zip -> Install zip from sideload’, then run:
hua@node1:/bak/java/platform-tools$ adb sideload update.zip
sending: 'sideload' 100%
NOTE: if you want to install raw google android, just run ‘adb sideload cm-13.0-20160820-UNOFFICIAL-mx4.zip’ instead.
6, Reboot the cellphone. OK.
附录 - 小米手机线刷开发版/国际版
现在, 小米不再允许行货和国际版互刷ROM, 它加入了防回滚保护(Anti-Rollback Protection)机制. 这意味着,如果手机当前处于较高的MIUI版本,降级刷机大概率会变砖。实测发现,行货机刷国际版ROM将卡死在Recovery界面,显示“this MIUI version can’t be installed on this device”。当然,想要绕过官方的限制也有办法,前提是解锁bootloader,然后用TWRP、fastboot或者MiFlash刷机。使用MiFlash时切记勾选“Clean All”,不要选“clean all and lock”。如果你不幸刷在国际版和国行版ROM之间刷机成砖,只有进入EDL(紧急下载)模式自救。然而,EDL模式仅对极为有限的小米账号开放权限。本文测试的手机是mi note lte不再之列.
1, 下载dev rom是virgo_images_5.12.4_20151126.0000.5_4.4_cn_eb14b0eb8d.tgz (http://pan.baidu.com/s/1bfGxVg). rom里的内容如下:
NOTE: 这步应该在解锁, 以及在开发模式打开充许OEM之后运行
$ ls virgo_images_5.12.4_20151126.0000.5_4.4_cn
flash_all.bat flash_all_except_data_storage.bat flash_all_except_data_storage.sh flash_all_except_storage.bat flash_all_except_storage.sh flash_all.sh images misc.txt
$ ls virgo_images_5.12.4_20151126.0000.5_4.4_cn/images/
8974_msimage.mbn cache.img emmc_appsboot.mbn gpt_backup0.bin gpt_main0.bin MPRG8974.mbn patch0.xml rawprogram0.xml rpm.mbn sdi.mbn tz.mbn
boot.img dummy.img flash.xml gpt_both0.bin misc.img NON-HLOS.bin persist.img recovery.img sbl1.mbn system.img userdata.img
$ cat flash_all.sh
fastboot $* getvar product 2>&1 | grep "^product: *MSM8974$"
if [ $? -ne 0 ] ; then echo "Missmatching image and device"; exit 1; fi
fastboot $* getvar board_version 2>&1 | grep "^board_version: *5.[^5]"
if [ $? -ne 0 ] ; then echo "Missmatching board version"; exit 1; fi
fastboot $* flash tz `dirname $0`/images/tz.mbn
fastboot $* flash dbi `dirname $0`/images/sdi.mbn
fastboot $* flash sbl1 `dirname $0`/images/sbl1.mbn
fastboot $* flash rpm `dirname $0`/images/rpm.mbn
fastboot $* flash aboot `dirname $0`/images/emmc_appsboot.mbn
fastboot $* erase boot
fastboot $* erase DDR
fastboot $* flash misc `dirname $0`/images/misc.img
fastboot $* flash modem+modem1 `dirname $0`/images/NON-HLOS.bin
fastboot $* flash system+system1 `dirname $0`/images/system.img
fastboot $* flash cache `dirname $0`/images/cache.img
fastboot $* flash userdata `dirname $0`/images/userdata.img
fastboot $* flash recovery `dirname $0`/images/recovery.img
fastboot $* flash boot+boot1 `dirname $0`/images/boot.img
fastboot $* reboot
2, 手机通过MTP模式连接电脑, 通过lsusb找到设备号为: Bus 003 Device 029: ID 2717:0360
3, adb连接手机
# sudo apt-get install android-tools-adb android-tools-fastboot
$ cat /etc/udev/rules.d/51-android.rules
SUBSYSTEM=="usb", ATTR{idVendor}=="2717", MODE="0666", SYMLINK+="android_adb"
sudo udevadm control --reload-rules && sudo udevadm trigger
adb kill-server && adb start-server
sudo mtp-detect
$ adb devices
List of devices attached
d6b38a3a device
如果不出来, 是需要 狂按"设置我的设备 -> 全部参数 -> MINU版本"进入开发者模式, 然后"设置 -> 更多设置 -> 开发者选项"打开USB调试"和"FASTBOOT刷机模式"
4, 和Meizu是一样的, 也是音量下+电源键进入fastboot模式, 不连电脑,音量下+电源键长按进入fastboot,USB线连接电脑. 注: 同样, 也是音量上+电源键可安装第三方recovery, 见 [5].
5, 刷机
chmod +x flash_all.sh
./flash_all.sh
#./flash_all_except_storage.sh #clean cache, but not clean data
6, 继续root, 刷机成功之后, 已经是开发版, 进入手机,安全中心 -> 授权管理 -> ROOT,反复确认后,手机会下载对应的ROOT包安装后重启。机后,安全中心 -> 授权管理已经可以进入. 这时候就可以使用’adb root’了.
注: 遗憾地是, 机子刚好音量下键损坏, 这样借助如刷机精灵里的实用工具进入fastboot或recovery模式. 好吧, 又得整到windows上了. 照着文档[4]. (注: 其实不用转到windows, 直接在linux下使用"adb reboot bootloader"也可以重启至fastboot模式"
1, 安装小米助手, 当手机连上win7电脑时会自动安装驱动 - http://zhushou.xiaomi.com/
2, 安装线刷工具 - http://bigota.d.miui.com/tools/MiPhone20141107.exe
3, 线刷包解压 - http://pan.baidu.com/s/1bfGxVg
4, 安装刷机精灵, 使用里面的fastboot实用工具根本无法进入fastboot, 所以直接采用刷机精灵的一键刷机功能上传线刷包线刷. 但出错了, 说是刷入的版本比机子已有的版本低会线刷失败.
5, 但上一步一键刷机功能代替音量减键成功让手机进入了fastboot模式, 所以此时切换成小米的刷机工具再试, 结果小米的刷机工具也有bug, 报找不到远程分区.
6, 试图找到小米原生的线刷包恢复, 但官网上找不着.
7, 还好, 手机进入fastboot模式之后, 没有刷机成功, 只要手机还有电, 再重启还是进入的是flashboot模式, 这样避免了坏的音量键及进不了系统. 继续找啊找试啊试, 终于发现这个包是好的(Xiaomi_Mi_Note_LTE_V9.5.1.0.MXEMIFA_20180406.0000.00_Global_6.0_XFT.zip, https://firmwarefile.com/xiaomi-mi-note-lte )
8, 这个网站(https://xiaomiflashtool.com/)下载的最新的xiaomiflashtool反而不行说找不着设备. 注: 这个tool也可在driver菜单自动安装驱动.
9, 这样成功换上了Xiaomi_Mi_Note_LTE_V9.5.1.0.MXEMIFA_20180406.0000.00_Global_6.0_XFT.zip, 这似乎是国际稳定版哦.
如何将国际稳定版转成国际开发版呢? 再线刷一遍. 这次都在linux下进行.
1,Install Global Developer ROM for Redmi Note 4G
# search in google by 'eveloper bigota.d.miui.com redmi note 4g -stable', and download fastboot rom - https://c.mi.com/thread-510369-1-0.html
#NOTE: this recovery - http://bigota.d.miui.com/7.11.6/miui_MINoteGlobal_7.11.6_ce58816710_6.0.zip
wget http://bigota.d.miui.com/7.11.6/virgo_global_images_7.11.6_20171106.0000.00_6.0_global_be457b58a3.tgz
tar -xf virgo_global_images_7.11.6_20171106.0000.00_6.0_global_be457b58a3.tgz
cd virgo_global_images_7.11.6_20171106.0000.00_6.0_global
adb reboot bootloader
chmod +x flash_all.sh
./flash_all.sh
运行./flash_all.sh相当于:
#https://blog.csdn.net/quqi99/article/details/51636869
fastboot flash boot boot.img
fastboot flash recovery recovery.img
fastboot erase system
fastboot flash system system.img
#fastboot flash userdata userdata.img
#fastboot flash cache cache.img
2, Custom TWRP for Xiaomi Redmi Note 4G (twrp-3.3.1-0-dior.img - https://twrp.me/xiaomi/xiaomiredminote4gsinglesim.html),
注: 目前小米也关闭了解锁功能(https://www.miui.com/unlock/index.html)不允许行货和国际版互刷ROM, 小米增加了一段区域对照码, 想绕开限制, 只有先不互刷先解锁(即国行版先刷国内ROM骗过解锁), 然后再用TWRP, fastboot或mifalsh刷机.
但mi note lte无须解锁, 因为’fastboot oem device-info’显示’Device unloced: true"
$ adb reboot bootloader
$ fastboot oem device-info
...
(bootloader) Device tampered: true
(bootloader) Device unlocked: true
(bootloader) Charger screen enabled: false
(bootloader) Display panel:
OKAY [ 0.006s]
finished. total time: 0.006s
继续刷TWRP:
wget https://dl.twrp.me/dior/twrp-3.3.1-0-dior.img
adb reboot bootloader #enter fastboot mode
#fastboot devices #just for case when locking BL lock
# fastboot flash unlock unlock.key #if need to unlock, eg https://www.techmesto.com/guide-unlock-bootloader-nokia-android-phones/
#fastboot oem unlock
fastboot flash recovery twrp-3.3.1-0-dior.img
fastboot reboot
但是上面刷了之后不work, 刷了TWRP之后’adb reboot recovery’进入的还是Mi-Recovery 2.0.1模式, 官网说:
https://twrp.me/xiaomi/xiaomiredminote4gsinglesim.html
Note many devices will replace your custom recovery automatically during first boot. To prevent this, use Google to find the proper key combo to enter recovery. After typing fastboot reboot, hold the key combo and boot to TWRP. Once TWRP is booted, TWRP will patch the stock ROM to prevent the stock ROM from replacing TWRP. If you don't follow this step, you will have to repeat the install.
但运行完’fastboot reboot’再按音量上键+电源键根本就进不了recovery模式, 可能是我的音量键有问题的原因吧. 此路不通.这个网页说:
https://www.reddit.com/r/Xiaomi/comments/bdurg8/replace_mi_recovery_with_twrp/
With the new protection you need to boot from adb to twrp, by fastboot boot twrp.img. When boot in twrp transfer the image and flash inside from twrp. Now, it will reboot on TWRP recovery.
所以我们可以先’fastboot boot’来启动TWRP, 再将TWRP持久化. 但是试了很多多twrp版本都报下列错"dtb not found".
$ fastboot boot twrp-3.3.1-0-dior.img
downloading 'boot.img'...
OKAY [ 0.433s]
booting...
FAILED (remote: dtb not found)
finished. total time: 0.449s
无奈下载网页(http://en.miui.com/thread-213264-1-1.html) 或这个网页(http://en.miui.com/thread-628692-1-1.html)上提到的twrp均可成功.
fastboot boot twrp.img
但语言却不是英语看不懂啊, 没办法, 只好在网上找一个有图的, 照着大致的位置点了.
上面需要事先将supersu下载放到手机上, 注意: 只有/sdcard/Download是可写的. (其他目录需要root权限运行"adb remount #mount -o remount,rw /system"才行".
adb push SR5-SuperSU-v2.82-SR5-20171001224502.zip /sdcard/Download/
这样就完成了在不替换现有的mi-recovery的情况下同时又使用TWRP安装supersu, 可参考 - https://in.c.mi.com/thread-79402-1-1.html
3, 可选 - 本来正常情况TWRP能直接flash的话, 应该可以这样安装supersu的
adb reboot recovery #enter recovery mode
adb sideload adb sideload SR5-SuperSU-v2.82-SR5-20171001224502.zip
4, 安装必要的软件
# use adb via wifi
/su/bin/su root
setprop service.adb.tcp.port 5555
setprop persist.adb.tcp.port 5555
start adbd
adb connect 192.168.99.249:5555
adb install Complete\ Linux\ Installer_v3.0\ BETA_apkpure.com.apk
adb shell
su
# grep 'system' /proc/mounts
mount -o rw,remount -t ext4 /dev/block/platform/msm_sdcc.1/by-name/system /system
# ssh server - by install SSHDroid and use supersu to give it root
# ssh client
ln -s /data/data/berserker.android.apps.sshdroid/dropbear/ssh /system/bin/ssh
chmod o+rx /system/bin/ssh
# key
cd /data/data/berserker.android.apps.sshdroid/dropbear/
./dropbearkey -t rsa -f ../home/.ssh/id_rsa > ../home/.ssh/id_rsa.pub
cd /data/data/berserker.android.apps.sshdroid/home
echo 'ssh hua@t440p -i ~/.ssh/id_rsa' > ./ssht440p.sh
sh ssht440p.sh
# use vi in adb shell, we don't need to add busybox prefix in ssh
busybox vi /etc/hosts
20230915更新 - n1box上的ssh的问题(ssh server可以安装simpledroid, 默认端口是2222),当从n1box通过dropbear通过 ssh 登录 其他ubuntu机器时可能需要做以事情:
su && mount -o remount,rw /system && mount -o remount,rw /data
echo '192.168.99.186 t440p' >>/etc/hosts
#/system/etc/dropbear/.ssh and /data/user/0/org.galexander.sshd/files/.ssh
find / -name '.ssh' |less
#the ssh home is /data/user/0/org.galexander.sshd/files/.ssh after installing simpledroid
dropbearkey -t rsa -s 2048 -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
cat /data/user/0/org.galexander.sshd/files/.ssh/id_rsa.pub
#fix 'No matching algo hostkey' when ssh to t440p from n1box
echo "KexAlgorithms diffie-hellman-group1-sha1" |sudo tee -a /etc/ssh/sshd_config
echo "HostKeyAlgorithms +ssh-rsa" |sudo tee -a /etc/ssh/sshd_config
echo "PubkeyAcceptedAlgorithms +ssh-rsa" |sudo tee -a /etc/ssh/sshd_config
sudo systemctl restart ssh
chmod 600 /data/user/0/org.galexander.sshd/files/.ssh/id_rsa
ssh hua@t440p -i ~/.ssh/id_rsa
5, run ubuntu 18.04 on android by using linuxdeploy
#run ubuntu 18.04 on android by using linuxdeploy
#https://www.maketecheasier.com/install-ubuntu-on-android-linux-deploy/
wget https://github.com/meefik/busybox/releases/download/1.30.1/busybox-1.30.1-41.apk
adb install busybox-1.30.1-41.apk #install into /system/xbin
wget https://github.com/meefik/linuxdeploy/releases/download/2.4.0/linuxdeploy-2.4.0-251.apk
adb install linuxdeploy-2.4.0-251.apk
adb install vnc_viewer_remote_desktop.apk
#enter linuxdeploy
telnet 192.168.99.249 5023
#but hit the error: chroot: can't execute '/bin/su': No such file or directory
/su/bin/su root
/data/user/0/ru.meefik.linuxdeploy/files/bin/linuxdeploy shell
mkdir /data/local/mnt/{dev,sys,proc}
#for d in dev sys proc; do mount -o bind /$d /data/local/mnt/$d; done
#umount /data/local/mnt/{dev,proc,sys}
chroot /data/local/mnt/ /bin/pwd
ls /data/local/mnt/bin/su
上面的chroot错误实际上是image文件没有创建的原因
ls /data/data/ru.meefik.linuxdeploy/files/config/linux.conf
rm -rf /sdcard/linux.img
vi /data/user/0/ru.meefik.linuxdeploy/files/include/bootstrap/rootfs/deploy.sh
20230915更新 -
对于n1box,得选arm64, 同时默认镜像存储在外置存储usb里,而我们又没插usb, 盒子自己的/storage/emulated/有空间,但是android都是基于应用的沙盒所以即使是用root用户不用su的话也是无权访问它的,只能针对每个应用如linuxdeploy
20191012更新
架构使用armhf,源使用http://mirrors.ustc.edu.cn/ubuntu-ports/时可以进入debootstrap了, 但是在lsb_base这步总是出错, 怀疑是科大的源有问题, 所以换成腾讯的源https://mirrors.cloud.tencent.com/ubuntu-ports/后可以debootstrap成功, 但是在chroot /data/local/mnt bin/su - root -c 'DEBIAN_FRONTEND=nointeractive apt-get install -yfq --no-install-recommends dbus'这步也是相当地慢(才0.10k/s),不得已, 又退回使用http://ports.ubuntu.com/ubuntu-ports/, 然后就成功了, 在手机上通过‘ssh ubuntu@localhost’登录bionic。
1, 但ubuntu里的chrome仍然无法在外面使用,而使用android版本的chrome又无法打开SF(需要设置浏览器中的查看桌面版网页,但仍然无法选择sf owner), 试试microsoft edge
2, 下面adb或者ssh两种方式连接手机
/su/bin/su root
setprop service.adb.tcp.port 5555
setprop persist.adb.tcp.port 5555
start adbd
adb connect 192.168.99.249:5555
adb devices
3, 手机外接大屏幕的话,采用android中的”无线投屏"或者在连接好adb之后运行“sudo snap install --channel=edge scrcpy && scrcpy --fullscreen --show-touches --bit-rate 2M --max-size 800" (注:若电脑的scrcpy容器是黑屏的话是因为手机是黑屏的)
若手机未root的话, 可以这个投屏:
将手机与电脑连接至相同wifi 记录WLAN设置中手机的IP地址
连接数据线并允许调试
终端执行 adb tcpip 5555 并在手机上点击“ 确定 ” ( 即在手机上开启5555端口 )
终端执行 adb connect [手机IP]:5555 并在手机上点击“ 确定 ”( 此处可用 adb devices 检查连接情况 )
拔掉数据线
终端执行 adb reconnect offline 强制未授权设备重新连接
终端执行 adb connect [手机IP]:5555 重新进行连接 ( 此处可用 adb devices 检查连接情况 )
scrcpy --fullscreen --show-touches --bit-rate 2M --max-size 800
想用声音的话, 可结合usbaudio - https://github.com/rom1v/usbaudio , 但是似乎usbaudio不支持android 8.1以上版本了
root redmi4x - 20200618更新
安装要用到的软件
1, xiaomi redmi 4x usb driver (Universal ADB Driver V6.0.zip - https://www.skyneel.com/xiaomi-usb-driver)
2, xiaomi redmi 4x unlock bootloader (miflash_unlock-en-4.5.514.47.zip - https://en.miui.com/unlock/)
3, xiaomi redmi 4x TWRP recovery (twrp-3.3.1-0-santoni.img - https://www.skyneel.com/supersu-zip-app)
4, xiaomi redmi 4x supersu (UPDATE-SuperSU-v2.82-20170528234214.zip - https://www.skyneel.com/supersu-zip-app)
5, xiaomi redmi 4x adb/fast-boot tool (platform-tools_r30.0.2-windows.zip - https://developer.android.com/studio/releases/platform-tools)
6, [option] mi flash (https://www.skyneel.com/xiaomi-mi-flash-tool)
unlock bootloader
#https://www.skyneel.com/unlock-bootloader-xiaomi-devices
1, 打开开发者模式, 并在开发者模式中打开USB调试, 并同时打开充许OEM解锁
2, 先关机,USB线连上, 然后长按音量下+电源键进入fastboot模式, ( 注: 音量上+电源键是安装第三方recovery)
3 , 并用这个手机的小米帐号登录后解锁手机。
注: 目前小米也关闭了解锁功能(https://www.miui.com/unlock/index.html)不允许行货和国际版互刷ROM, 小米增加了一段区域对照码, 想绕开限制, 只有先不互刷先解锁(即国行版先刷国内ROM骗过解锁), 然后再用TWRP, fastboot或mifalsh刷机. 见我之前的一篇博客.
mi note lte无须解锁, 因为’fastboot oem device-info’显示’Device unloced: true"
redmi 4x采用此段方法解锁
flash TWRP
1, usb连接手机,并在手机上点击信任后, 就可以使用adb命令了
D:\>adb devices
List of devices attached
aa89d2927d93 device
2, 进入bootloader模式: adb reboot bootloader
3, 因为上面我们已经unlock bootloader了, 所以'fastboot devices'能看到东西
E:\tools\redmi4x>fastboot devices
aa89d2927d93 fastboot
4, fastboot.exe flash recovery twrp-3.3.1-0-santoni.img - fastboot.exe flash recovery twrp-3.3.1-0-santoni.img
5, fastboot reboot
6, 刷TWRP成功后, 再使用'adb reboot recovery'命令(相当于音量上+电源键的recovery模式)就能看到TWRP界面了, 而不是mi-recovery 3.0了
但上面recovery twrp-3.3.1-0-santoni.img刷了之后不work, 进入的还是mi-recovery, 这时就又相当于我之前的一篇博客遇到的问题了(https://blog.csdn.net/quqi99/article/details/73613138), 所以得在不替换现有的mi-recovery的情况下同时又使用TWRP(fastboot boot twrp-3.3.1-0-santoni.img)安装supersu(可参考 - https://in.c.mi.com/thread-79402-1-1.html)
完整步骤:
1, set up adb
sudo apt-get install android-tools-adb android-tools-fastboot
sudo bash -c 'cat > /etc/udev/rules.d/51-android.rules' << EOF
EOF
sudo udevadm control --reload-rules && sudo udevadm trigger
adb kill-server && adb start-server
sudo mtp-detect
adb devices
2, enable developer mode, and enable usb debugging and OEM unlock in developer mode
3, unlock bootloader in the page https://www.miui.com/unlock/index.html
4, install global developer firmware because supersu can only be used in developer version
#click 'Global -> Fast boot Developer' in https://mifirm.net/model/santoni.ttt to find download link
axel http://bigota.d.miui.com/9.6.27/santoni_global_images_9.6.27_20190627.0000.00_7.1_global_67dc2b29e2.tgz
tar -xf santoni_global_images_9.6.27_20190627.0000.00_7.1_global_67dc2b29e2.tgz
adb reboot bootloader
cd santoni_global_images_9.6.27_20190627.0000.00_7.1_global_67dc2b29e2 && ./flash_all.sh
5, then repeat the step 2 in new global deveoper version
6, copy supersu into your cellphone
adb push UPDATE-SuperSU-v2.65-20151226141550.zip /sdcard/Download/
adb shell -- ls /sdcard/Download/
7, boot from twrp instead of mi-recovery temporaily one time to install supersu
adb reboot bootloader
fastboot oem device-info #double confim uncloked=true
fastboot boot twrp-3.3.1-0-santoni.img
#then install supersu from the GUI, or
adb sideload adb sideload UPDATE-SuperSU-v2.65-20151226141550.zip
8, use supersu
adb root
/su/bin/su root
setprop service.adb.tcp.port 5555
setprop persist.adb.tcp.port 5555
start adbd
adb connect 192.168.99.249:5555
adb devices
set dns
root@virgo:/ # setprop net.dns2 203.25.216.xx
root@virgo:/ # getprop net.dns2
203.25.216.xx
但不知道为什么, 在刷了supersu之后, 总是进不了系统, 估计是twrp有问题吧, 所以只得回到 non-root global developer version
nokia8s
原来想通过下列方法root nokia8s的,结果失败了,原因是无法解锁.nokia没有提供官方的解锁方法,网上有要钱的解锁方法,也有通过ntool解锁的方法但我试了一下失败了.
20230605更新:最后通过这个网页解锁了: https://zhuanlan.zhihu.com/p/506224370 , 但解锁后安装TWRT时无法进入界面。我们root的目的只是想通过无线的方式使用scrcpy,在android 11以上有无线调试好办,但nokia8s是android9, 最后通过’adb tcpip’可以不需要root来修改adb端口(但每次开机得通过线连接后做运行一次它). iphone投屏到ubuntu可使用uxplay ,见: https://blog.csdn.net/quqi99/article/details/89297246
adb tcpip 5555
adb connect 192.168.2.123:5555
scrcpy --fullscreen --show-touches --bit-rate 2M --max-size 800 -s 192.168.2.212:5555
scrcpy --fullscreen --show-touches --bit-rate 2M -s 192.168.2.212:5555
# first use adb to connect nokia8s
$ adb devices
List of devices attached
A1NGA5G811800660 device
# install TWRP bootloader, but it failed with 'waiting for any device', so need to unclock
$ adb reboot bootloader
$ fastboot oem device-info
...
(bootloader) Verity mode: true
(bootloader) Device unlocked: false
(bootloader) Device critical unlocked: false
(bootloader) Charger screen enabled: true
OKAY [ 0.001s]
finished. total time: 0.001s
$ fastboot devices
A1NGA5G811800660 fastboot
$ fastboot oem unlock
...
FAILED (remote: Flashing Unlock is not allowed
)
finished. total time: 0.000s
# need to charge for unlock - https://www.mobifreedom.net/unlocking-code-for-nokia-8_sirocco?cs=true&imei=&country=china&network=null&getp=y
fastboot flash recovery ./TWRP-3.1.1/recovery.img
# upload supersu into /sdcard/Download
adb push BETA-SuperSU-v2.68-20160228150503.zip /sdcard/Download
20220301 - redmi 7 安装global stable + TWRP + Magisk
目前redmi 7的版本是miui 12.5, 小米团队已经停止开发版本的工作所以root就不用想了,国际版的版本也不高。
还不如就装一个欧版(xiaomi.eu)吧 - https://www.dianshouit.com/thread-689.htm
1, 打开开发者模式
设置"我的设备 -> 全部参数 -> MINU版本"进入开发者模式, 然后在"设置 -> 更多设置 -> 开发者选项”
中打开"OEM解锁“与“USB调试"与"FASTBOOT刷机模式"(如果有的话)
2, Ubuntu上安装adb环境[1],并且找根线手机连接电脑, 使用"adb devices"命令确认
sudo apt-get install android-tools-adb android-tools-fastboot
sudo bash -c 'cat > /etc/udev/rules.d/51-android.rules' << EOF
SUBSYSTEM=="usb", ATTR{idVendor}=="0e8d", ATTR{idProduct}=="201c", MODE="0660", OWNER="hua"
EOF
sudo udevadm control --reload-rules && sudo udevadm trigger
adb kill-server && adb start-server
sudo mtp-detect
adb devices
3, 确认是否需要解锁BL,进入fastboot模式,使用"fastboot oem device-info"命令若看到
Device unlocked=false, 那是需要申请解锁。
adb reboot bootloader
fastboot oem device-info
fastboot reboot
4, 申请解BL锁前须插SIM卡,并登录xiaomi帐号,然后在”开发者选项 -> 设备解锁状态"中将设备与帐号绑定。
5, 申请解锁(http://www.miui.com/unlock/download.html),需要windows下安装解锁工具。
先在ubuntu上用"adb reboot bootloader"进入bootloader模式(或者在手机关机状态下按音量下+电源
键进入bootloader模式再连接手机,然后再将线从ubuntu机器改连windows机器, 最后使用安装解锁工具并用它解锁。
6, 解锁后,重新设置手机进入后要重新打开开发者模式。
7, 刷机前先安装TWRP,以防止刷机的意外
**20220305更新**,安装了TWRP重启又被官方recovery覆盖,是因为安装TWRP后需要在"高级 -> 签名boot"这样能防止覆盖.如xiaomi8安装win11需手机里安装parted为分区(esp->fat32, pe->fat32, win->ntfs, userdata->ext4)(网上搜索'小米8刷入win11就是一部高配版掌上电脑(非虚拟机)'这篇写的比较详细
redmi 7 - https://twrp.me/xiaomi/xiaomiredmi7.html
other versions - https://androidfilehost.com/?w=files&flid=50678
adb reboot bootloader
# make sure you are using chrome rather than wget to download to avoid ‘dtb not found’
fastboot flash recovery ./twrp-3.6.0_9-0-onclite.img
千万注意点一: 此时直接'fastboot reboot'重新机器再运行"adb reboot recovery"会进入到官方recovery
此时初次必须在运行fastboot reboot看到刚一关机后, 立马同时按下电源键和音量+键
(长按音量下+电源键进入fastboot模式, 音量上+电源键是安装第三方recovery),不要松开,等待手机震动后
松开开机按键音量先不放手,这样才能进刚刷的recovery,否则进入的是官方recovery.
然后确保首次刷入recovery,进入TWRP recovery后,选择高级 -> ROOT系统,不然开机会自动还原官方recovery(其实上面初次进入的步骤做了即可)
注意点二: 进行TWRP会提示输入密码,这个密码是用于强制对data分区进行加密的(设置-密码隐私与安全
-系统安全-加密与凭据-加密手机里可以看到设备加密了),网上说的什么屏锁密码哦, 要先reset所有数据
(fastboot format userdata && fastboot format cache && fastboot reboot)哦, 都试过了,都不对.
它好像是随机生成的,根本无法使用密码解锁。也试过了在TWRP中重新格式化data分区,一样不行.
实在不清楚如何取消强制加密. 无法解密的结果将是无法看到放/sdcard/download目录的东西。
无奈, 我们先可以点'Cancel'先进入TWRP页面。
8, 刷机, 欧版已有GSM框架 - https://xiaomirom.com/rom/redmi-7-onclite-europe-fastboot-recovery-rom/#
刷机前记得先到到TWRP中备份boot与system, data可选, 这样如果刷机包有问题的话,可以选择恢复原来的boot
tar -xf onclite_eea_global_images_V11.0.3.0.QFLEUXM_20210730.0000.00_10.0_eea_245b62ccb2.tgz
cd onclite_eea_global_images_V11.0.3.0.QFLEUXM_20210730.0000.00_10.0_eea_245b62ccb2
adb reboot bootloader
./flash_all.sh
#./flash_all_except_storage.sh #clean cache, but not clean data
初次进入欧版系统时必须得联网通过谷歌验证
欧版系统就带了GSM了,还有一种更手工的方法 - https://www.quarkay.com/sometime/543/miui12-5-install-google-framework
9, 安装Magisk代替SuperSU - https://myphoneupdate.com/root-redmi-7/
从 Magisk 22 开始,不再区分刷写用的 .zip 包与安装管理器用到的 .apk 应用安装包,二者合一且只有后缀的区别,默认提供 .apk 包,更改后缀为 .zip 后即可被刷写。所以既要刷zip, 又要安装apk
wget https://github.com/topjohnwu/Magisk/releases/download/v24.1/Magisk-v24.1.apk
mv Magisk-v24.1.apk Magisk-v24.1.zip
adb push ./Magisk-v24.1.zip /sdcard/Download/
adb reboot recovery
注意点一,上面的data目录强制加密在TWRP中无法解密的问题会造成无法读取/sdcard/Download目录.
adb push到/external_sd又会有限制问题.实际上我是通过读卡器先将Magisk放到外置SD卡.
但这样还是读不到,后来将TWRP从3.3升级到3.6.0_9-0就读到了.
注: 这块只读是/system的只读,和/data应该没关系,应该是在TWRP中得加载/system分区
更方便的是采用adb sideload, 须先到recovery中在'高级 -> sideload'开启sideload server
adb reboot recovery
mv Magisk-v24.1.apk Magisk-v24.1.zip
adb sideload ./Magisk-v24.1.zip
adb reboot
然而进系统后, 点击Magisk图标会显示下载Magisk失败主, 根据(https://blog.csdn.net/weixin_42529328/article/details/112290463)
的说法,需要先手动下载安装MagiskManager来避免下载失败
# https://www.coolapk.com/apk/com.topjohnwu.magisk
adb install ./Magisk-v24.1-104033-o_1fqg9dm7las119kn7bu4r61ugj13-uid-238725.apk
在使用 Magisk 的过程中,可能会出现了 App 闪退或拒绝启动,可以尝试使用 Magisk Hide 来针对
这些 app 隐藏 Magisk 的存在。而如果你因为安装了未知模块而翻车无法顺利进入系统,请先冷静下来:
解决此类问题有一个万能的命令adb wait-for-device shell magisk --remove-modules
如何使用Magisk呢? 例如运行adb shell, 然后再运行'su -', 在弹出框给它root权限即可.
10, 有了root权限之后,可以删除/system/app里一些内置系统应用的,见 - https://www.quarkay.com/sometime/543/miui12-5-install-google-framework
11, SSH server与SSH client
在手机上安装SimpleSSHD并启动它,这将产生: /data/user/0/org.galexander.sshd/files/dropbear_ecdsa_host_key
然后将电脑上的id_rsa.pub放到手机上的/data/user/0/org.galexander.sshd/files/authorized_keys
然后就可以使用 ssh -p2222 root@192.168.2.75 登录了
但找不着CLI版的ssh client, 所以还是得回到dropbear(只能用它的旧版本了).
用dropbear作ssh server, 在电脑的/etc/ssh/ssh_config追加一行:
KexAlgorithms +diffie-hellman-group1-sha1 , 然后ssh root@192.168.2.75时的默认密码为admin
用dropbear作ssh client,
ln -s /data/data/berserker.android.apps.sshdroid/dropbear/ssh /system/bin/ssh
chmod o+rx /system/bin/ssh
cd /data/data/berserker.android.apps.sshdroid/dropbear/
./dropbearkey -t rsa -f ../home/.ssh/id_rsa > ../home/.ssh/id_rsa.pub
cd /data/data/berserker.android.apps.sshdroid/home
echo 'ssh hua@t440p -i ~/.ssh/id_rsa' > ./ssht440p.sh
sh ssht440p.sh
12, 定制/etc/hosts
adb shell
su
mount --remount / -w
adb shell "su -c 'date;'"
busybox vi /etc/hosts
108.177.97.188 mtalk.google.com
64.233.177.188 alt7-mtalk.google.com
142.250.138.188 alt2-mtalk.google.com
74.125.137.188 alt1-mtalk.google.com
64.233.188.188 mtalk.google.com
142.250.10.188 alt5-mtalk.google.com
13, 做了上面的遇到了一个严重问题, 进入"开发者模式"界面闪退, 这样无法使用adb. 可能是由magst造成的,幸好安装了ssh, 还能ssh进去并su, 就是adb没法用了.
[1] https://blog.csdn.net/quqi99/article/details/73613138
20220317 - 小娱刷机
网线接电脑与lan口,拨电源,按reset键,插电源,十秒后松Reset, 输入192.168.1.1进入breed页面, 在"固件更新"选择固件更新(选择默认设置)即可.
注: 刷同类型固件需先恢复出厂设置(在"恢复出厂设置"中的固件类型选Config区(公版)即可.
然后进192.168.1.1 (root/admin),
opkg update时需放开对 downloads.pangubox.com 的网络限制, 另外需将/etc/opkg/distfeeds.conf里的20.01替换成19.02(19.02的软件都是使用openssl1.0编译的,20.01用的是openssl 1.11所以所有和openssl相关的软件可能运行不了,但网上找不着对应的软件源,可能需要自己编译)
配置samba(http://192.168.1.1/cgi-bin/luci/admin/nas/samba): sda1 /mnt/sda1 root 0777 0666
smbclient -L 192.168.1.1 -U root%<password>
smbclient //192.168.1.1/sda1 -U admin%<password> -c "ls"
sudo mount -t cifs -o username=hua,password=password,uid=$(id -u),gid=$(id -g),forceuid,forcegid //192.168.99.190/share /mnt/share
想要改成交换机的话直接将lan网口设置成静态IP如192.168.99.190, 然后disable掉lan口上的dhcp, 要本机能连网的话还得设置默认路由和dns
对于openwrt上的samba在client中映射出来的用户总是root (即使openwrt端不用root改用hua也是一样的), 在mount命令中添加'uid=1000,forceuid,gid=1000,forcegid'可映射到hua,但对autofs没效,后来发现原来是要添加nounix
opkg install shadow-common && opkg install shadow-useradd
useradd hua && touch /etc/samba/smbpasswd && smbpasswd -a hua
sudo mount -t cifs -o username=hua,password=password,uid=$(id -u),gid=$(id -g),forceuid,forcegid //192.168.99.190/share /mnt/share
#autofs
mnt/share -fstype=cifs,rw,username=hua,password=password,rw,rsize=61568,uid=1000,forceuid,gid=1000,forcegid,nounix,file_mode=0777,dir_mode=0777 ://xiaoyu/share
20220713
adb shell pm uninstall --user 0 com.google.android.gms
adb shell pm uninstall --user 0 com.android.vending
adb shell pm uninstall --user 0 com.google.android.gsf
adb shell pm list packages |grep google
#adb shell pm disable-user com.huawei.powergenie
adb shell pm uninstall --user 0 com.huawei.powergenie
#adb shell cmd package install-existing com.huawei.powergenie
Referebce
[1] https://news.mydrivers.com/1/596/596856.htm
[2] http://en.miui.com/thread-140154-1-1.html
[3] http://www.miui.com/thread-9286730-1-1.html
[4] https://mrxn.net/other/xiaominote-shuaji.html
[5] http://en.miui.com/forum.php?mod=viewthread&tid=279802
[6] http://www.miui.com/thread-9286730-1-1.html
[7] https://www.getdroidtips.com/custom-rom-redmi-note-4g/
[8] https://www.getdroidtips.com/official-twrp-recovery-for-xiaomi-redmi-note-4g/
[9] https://mi-globe.com/miui-firmware-rom-builder/
[10] https://xiaomi.eu/community/threads/9-8-15.51822/
[11] https://aubykhan.wordpress.com/2013/07/21/android-tip-boot-into-twrp-or-cwm-recovery-without-flashing/
[11] https://qc5.androidfilehost.com/dl/hhcuqmQO_jb6GzZK8aDvbw/1566669181/24421527759888026/TWRP_virgo.zip
扫一扫
291
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
