Tuesday, December 30, 2014

Rooting Samsung Galaxy S5 and maintaining KNOX 0x0

I am not responsible for anything that may happen or does happen to your device, as a result of following this tutorial. You are choosing to install this yourself and thus accept any/all risks involved.

What is KNOX

http://www.samsung.com/pl/business/solutions-services/mobile-solutions/security/samsung-knox

In my opinion KNOX has noble goal and the platform itself is helpful for businesses and IT admins.

Sadly current hardware solution comes down to setting flag 0-1, the flag which can be changed only once. In case of unauthorized changes in system it is marked as 0x1 and KNOX platform stops functioning. Still, I can agree with this.

After buying Samsung Galaxy S5 I've come to know about possibility that devices with KNOX flag ``0x1`` will not be fixed by Samsung. So when you flash CyanogenMod (to be precise - during flashing) we can bid farewell to our warranty.

Tripping KNOX 0x1

To my knowledge the bootloader manages KNOX flag (in PC world it would be LILO, GRUP, NTDLR - the program which answers question what to do to start a system.)

In this context Download mode is ran by bootloader too.

Bootloader KNOX checks whatever kernel and recovery (and possibly bootloader itself) are valid. If not - the 0x1 bit is set. There is no possibility to flash custom recovery or kernela, even from download mode.

Help

Without flashing custom recovery there is no possibility for rooting a device. Happily for Samsung Galaxy S5 owners kernel used in stock Roms has a loophole, you could call it a bug even :) Thanks to towelroot and with using accordingly old firmware you still have a way to root your device!

towelroot homepage: https://towelroot.com/

Let's begin

Install towelroot and try to root your device. Next, if you now have:

Device without root

You can find original tutorial at http://forum.xda-developers.com/galaxy-s5/development/rom-neatrom-v1-t2828562

We start at Installation Instructions: If you're coming from a Samsung stock NON-Rooted NG2/NG7/NG9/NH4/NH6/NJ1 ROM (KNOX 0x0). It describes how to flash older firmware which suffers from bug used by towelroot.

Available firmwares: http://samsung-updates.com/device/?id=SM-G900F

In this example I've used G900FXXU1ANCE_G900FXEO1ANC7_G900FXXU1ANCE_HOME.tar.md5, after flashing you can root device with towelroot.

Go to Rooted device below.

Rooted device

Reboot and install SuperSu, after starting it confirm disabling KNOX.

You will have to buy Mobile Odin Pro, it allows to flash firmware in zip form easily without tripping KNOX.

For flashing I've choosen: http://forum.xda-developers.com/galaxy-s5/development/rom-ane4-kitkat-4-4-2-multi-csc-t2813628

Flashing zip file comes down to finding it in Mobile Odin Pro through OTA/Update ZIP. Remember to read installation steps for your choosen ROM, in my case you need to untick Everroot option.

Push Flash Firmware".

After reboot and at the end of system installation, untick Reboot Device. You should be soon in Download Mode.

Firmware update

If your bootloader or modem needs an update you can do it from Download Mode.

Install PC Odin, connect phone in download mode to the PC. Modem add as CP, bootloader as BL. Flash choosen files.

At this moment available were:

  • BL_G900FXXU1ANK7.tar.md5

  • CP_G900FXXU1ANK1.tar.md5

Flashed system was based on ANK7 version so I can assure that flashing bit older CP doesn't change anything.

Finishing

Go to Settings/Security:

  • untick Reactivation lock

  • untick Send security reports

Go to Security policy updates and untick Automatic updates.

The End, you have now a rooted device :)

Removing unnecessary apps

To remove applications listed below I've used System App Remover by Jumobile.

  • Software Update

  • ANT HAL Service

  • ANT Radio Service

  • ANT+ Plugins

  • Application Kontyngent SCloud

  • Beaming Service

  • BlurbCheckout

  • Addon for Samsung Print Services

  • FWUpdate

  • HealthService

  • Samsung Account

  • Additional Module HP Print Service

  • Samsung Settlements

  • S Search

  • S Calendar (12MB)

  • S Calendar (908KB)

  • S Voice

  • Samsung Apps

  • Samsung Celandar SyncAdapter

  • Samsung Cloud Data Relay

  • Samsung Contact SyncAdapter

  • Samsung Galaxy

  • Samsung GALAXY Apps Widget

  • Samsung Link Platform Connectivity

  • Samsung Memo SyncAdapter

  • Samsung Push Service

  • Samsung SBrowser SyncAdapter

  • Samsung SNote3 SyncAdapter

  • Samsung Syncadapters

Sunday, December 28, 2014

Safer and more friendly Brother printer drivers

It is a cleaner way to intall Brother printer drivers for both 32bit and 64bit system (with of without multilib).

Below I describe a way to install Brother driver without obsolete closed-source apps. Ultimately you need only one app from Brother package: br<printer model>filter, where <printer model> is yours printer model, eg mfcj6510dw.

Preparation

mfcj6510dwcupswrapper-3.0.0-1.i386.deb

We only need opt/brother/Printers/<printer model>/cupswrapper/brother_<printer model>_printer_en.ppd file (eg. brother_mfcj6510dw_printer_en.ppd).

You should replace line at the begining of file (in this example, printer model is mfcj6510dw):

*cupsFilter: "application/vnd.cups-postscript 0 brlpdwrappermfcj6510dw"``

Change it to:

*cupsFilter: "application/vnd.cups-postscript 0 /opt/brother/bin/filter_mfcj6510dw"
mfcj6510dwlpr-3.0.0-1.i386.deb

From opt/brother/Printers/<printer model> you need:

  • lpd/br<printer model>filter => move to /opt/brother/Printers/<model>/filter

  • lpd/psconvertij2 => move to /opt/nbrother/bin/

  • inf/ - whole folder contents excluding setupPrintcapij => move to /opt/brother/Printers/<model>/inf/

Directory structure

/opt/brother
├── bin
│   ├── filter
│   ├── filter_mfcj6510dw -> filter
│   └── psconvertij2
├── lib
│   ├── ld-linux.so.2
│   ├── libc.so.6
│   └── libm.so.6
├── lib32 -> lib
├── opt
│   └── brother -> ..
└── Printers
    └── mfcj6510dw
        ├── filter
        └── inf
            ├── brmfcj6510dwfunc
            ├── brmfcj6510dwrc
            ├── ImagingArea
            ├── lut
            │   ├── BRPRI10IA.BCM
            │   ├── BRPRI10IB.BCM
            │   ├── BRPRI10IC.BCM
            │   ├── BRPRI10ID.BCM
            │   ├── BRPRI10IE.BCM
            │   ├── BRPRI10IF.BCM
            │   ├── BRPRI10IG.BCM
            │   ├── BRPRI10IH.BCM
            │   └── BRPRI10II.BCM
            └── paperinfij2

Installation

[x86] For 64bit and 32bit systems [x64] For 64bit systems without multilib

  • kernel - enable ia32 [x64]

  • sudo [x64]

  • chroot [x64]

  • libs [x64]

  • script [x86] [x64]

kernel - ia32 [x64]

Brother's driver is a 32bit application so you need to enable IA32 support in kernel.

Executable file formats / Emulations, IA32 Emulation
sudo [x64]

Sudo installation is needed for running in chroot. I tried to do it with setuid app but CUPS requires appropriate filter permissions (which is essentially Brother driver).

chroot [x64]

As in Directory structure, paths lib, lib32 and opt/brother are required for running chroot.

libs [x64]

To see which libs are needed on 32bit machine run ldd <ścieżka do filtra>:

glorpen@example ../brother $ ldd brmfcj6510dwfilter
    linux-gate.so.1 (0xf779f000)
    libm.so.6 => /lib32/libm.so.6 (0xf7719000)
    libc.so.6 => /lib32/libc.so.6 (0xf756b000)
    /lib/ld-linux.so.2 (0xf77a1000)

Copy given files to destination dir in chroot.

script [x86] [x64]

Create /opt/brother/bin/filter:

#!/bin/sh

DIR="/opt/brother"

PRINTER="$(echo $0 | sed -e 's/.*_//')"

BRCONV="${DIR}/Printers/${PRINTER}/filter"

if [[ -d /usr/lib64  && ! -d /usr/lib32 ]];
then
    BRCONV="/usr/bin/sudo /usr/bin/chroot --userspec=``id -u``:``id -g`` /opt/brother ${BRCONV}"
fi

PSCONV="${DIR}/bin/psconvertij2"

FILE_RC="${DIR}/Printers/${PRINTER}/inf/br${PRINTER}rc"
FILE_PAPERINF="${DIR}/Printers/${PRINTER}/inf/paperinfij2"
FILE_IMAGINGAREA="${DIR}/Printers/${PRINTER}/inf/ImagingArea"

cat | "${PSCONV}" "${FILE_PAPERINF}" "${FILE_RC}" "${FILE_IMAGINGAREA}" | ${BRCONV} -pi "${FILE_PAPERINF}" -rc "${FILE_RC}"

exit $?

Make it executable:

chmod a+x /opt/brother/bin/filter

Next, create symlink filter_mfcj6510dw -> filter

PPD file prepared earlier should point to created by us filter_mfcj6510dw.

CUPS

During printer configuration select our PPD file, that's all, after completing wizard printer should be ready to use.

If printed pages have it top cut off you may edit /opt/brother/Printers/<model>/inf/br<model>dwrc and change line from PaperType=Letter to PaperType=A4.

Simple and predictable Minecraft server

Minecraft in SCREEN session

You can find a few solutions with screen application, with it you can run Minecraft server in background and access game console. Sadly you cannot easily send commands (eg. /stop) to screen session, existing solutions are sometimes complicated and just don't work.

Solutions found by me are just not enough (in my opinion).

To access screen session from another user account firstly you have to configure screen to allow it. Additionally when in screen session you can accidentally close running server by exiting screen. I've also stumbled on problems with double daemonization - init script cannot find Minecraft PID if screen daemonizes itself.

Exemplary server daemon script using screen command:

http://minecraft.gamepedia.com/Tutorials/Server_startup_script

Something better

Main problem to solve was access to game console and safe server shutdown to allow Minecraft save world data. And it also enables logging to system logger!

MiencraftD script: https://github.com/glorpen/gentoo-overlay/blob/master/games-server/minecraft/files/minecraftd.py

Adventages
  • server logs are written to system logs

  • start/stop actions available from command line

  • safe shutdown - it is Minecraft server who determines when to exit

  • game console is available

  • sending server commands from command line

Requirements
  • python 2.7 lub 3.3+

  • python-daemon

  • lockfile

Usage
usage: minecraftd.py [-h] [--instance INSTANCE] {start,shell,stop,cmd} ...

Minecraft server daemonizer

positional arguments:
  {start,shell,stop,cmd}
    start               Starts minecraft daemon for given instance
    shell               Connects to Minecraft shell of given instance
    stop                Stops Minecraft daemon for given instance
    cmd                 Sends command to given instances shell

optional arguments:
  -h, --help            show this help message and exit
  --instance INSTANCE, -i INSTANCE
                        Instance name

Download

This script is part of my portage overlay:

Gentoo overlay: https://github.com/glorpen/gentoo-overlay

Ebuild for Minecraft server: https://github.com/glorpen/gentoo-overlay/tree/master/games-server/minecraft

init.d script for MinecraftD: https://github.com/glorpen/gentoo-overlay/blob/master/games-server/minecraft/files/minecraft.daemon.d

Again, Minecraft server daemonizer: https://github.com/glorpen/gentoo-overlay/blob/master/games-server/minecraft/files/minecraftd.py