KUbuntu20 环境配置

KUbuntu20 环境配置

安装 proxychains

sudo apt-get install proxychains-ng

修改/etc/proxychains4.conf

1
2
3
4
5
6
7
8
9
10
[ProxyList]

# add proxy here ...

# meanwile

# defaults set to "tor"

socks5  192.168.65.1 1080

安装Qv2ray

snap install 安装Qv2ray

安装vcore版本

https://github.com/v2fly/v2ray-core/releases/download/v4.44.0/v2ray-linux-64.zip

安装 IDE

vscode

snap install code

android studio

snap install android-studio –classic

clion

snap install clion –classic

pycharm-community

snap install pycharm-community –classic

intellij-idea-community

snap install intellij-idea-community –classic

IDA Pro with Wine

https://wiki.winehq.org/Ubuntu_zhcn

https://debugwar.com/article/activate-IDAPython-with-wine-IDA-under-linux

for Kubuntu 20 install winehq

sudo dpkg –add-architecture i386

sudo proxychains wget -nc -O /usr/share/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key

sudo proxychains wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/focal/winehq-focal.sources

sudo proxychains apt update

sudo proxychains apt install –install-recommends winehq-stable

ida python env

https://www.python.org/ftp/python/3.10.2/python-3.10.2-embed-amd64.zip

wine regedit

ida python env pip

https://bootstrap.pypa.io/get-pip.py

wine python.exe get_pip.py

wine python.exe -m pip install keystone-engine

wine python.exe -m pip install six

遇到的问题

sip

ImportError: DLL load failed while importing sip: Module not found.

pip 安装 PyQt5,但是还是会有这个问题,搜索发现

https://github.com/igogo-x86/HexRaysPyTools/issues/48

https://hex-rays.com/blog/ida-7-4-and-python-3-8/

https://iosre.com/t/topic/21033/21

以上解决方法均不能解决问题,尝试使用 7.6 来替换 7.5。

Typora

snap install typora-alanzanattadev

使用直接输入命令 typora-alanzanattadev

安装常用 build 工具

sudo apt install build-essential gcc-multilib g++-multilib

安装和配置 zsh

  • 安装
1
2
3
4
sudo apt install git zsh -y

sh -c "$(wget -O- https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

  • 更改默认 shell 为 zsh

[sudo] chsh -s $(which zsh)

  • 安装常用插件
  • autojump
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
sudo apt install python

# ------ linux -----

proxychains git clone git://github.com/joelthelion/autojump.git

cd autojump

./install.py

vim ~/.zshrc

# 在文件里找到plugins,添加

plugins=(autojump)

# 在文件末尾添加

[[ -s /home/tg/.autojump/etc/profile.d/autojump.sh ]] && source /home/tg/.autojump/etc/profile.d/autojump.sh

source ~/.zshrc

  • zsh-autosuggestions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
proxychains git clone git://github.com/zsh-users/zsh-autosuggestions $ZSH_CUSTOM/plugins/zsh-autosuggestions

vim ~/.zshrc

# 在文件里找到plugins,添加

plugins=(

  autojump

  zsh-autosuggestions

)

source ~/.zshrc

  • zsh-syntax-highlighting
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 安装

proxychains git clone git://github.com/zsh-users/zsh-syntax-highlighting $ZSH_CUSTOM/plugins/zsh-syntax-highlighting

vim ~/.zshrc

# 在文件里找到plugins,添加

plugins=(

  autojump

  zsh-autosuggestions

  zsh-syntax-highlighting

)

source ~/.zshrc

安装和使用 tmux

https://gist.github.com/ryerh/14b7c24dfd623ef8edc7

网络监控和 CPU/内存监控

jnettop/htop

安装 pyenv

https://gist.github.com/cedricbonhomme/ababe00d0a675ea5c69d777276e8f375

编译 aosp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
sudo apt install bison tree

sudo dpkg --add-architecture i386

sudo apt update

sudo apt install libc6:i386 libncurses5:i386 libstdc++6:i386

sudo apt install libxml2-utils

sudo apt install openjdk-8-jdk

sudo apt-get install libncurses5

sudo apt install htop

sudo apt-get install bc bison build-essential ccache curl flex g++-multilib gcc-multilib git gnupg gperf imagemagick lib32ncurses5-dev lib32readline-dev lib32z1-dev libelf-dev liblz4-tool libncurses5 libncurses5-dev libsdl1.2-dev libssl-dev libxml2 libxml2-utils lzop pngcrush rsync schedtool squashfs-tools xsltproc zip zlib1g-dev

For Ubuntu versions older than 20.04 (focal), install also:

  • libwxgtk3.0-dev

While for Ubuntu versions older than 16.04 (xenial), install:

  • libwxgtk2.8-dev

mouxuejie.com/blog/2019-11-17/aosp-setup/

https://mirrors.tuna.tsinghua.edu.cn/help/AOSP/

使用清华源,先下载 repo 工具

1
2
3
4
5
6
7
8
proxychains repo init -u https://mirrors.tuna.tsinghua.edu.cn/git/AOSP/platform/manifest -b android-8.1.0_r1

repo sync

rm -rf .repo

// 打个A

  • 下载驱动
1
2
3
4
5
6
7
8
9
10
https://source.android.com/setup/start/build-numbers#source-code-tags-and-builds



https://developers.google.com/android/drivers



https://developers.google.com/android/drivers#sailfishopm1.171019.011

解压驱动后生成 ventor 目录。

1
2
3
4
5
6
source build/envsetup.sh

lunch(选aosp_sailfish-userdebug)

make -j16

其他错误处理

1
2
export LC_ALL=C

下载sailfish-opm1.171019.011-factory-56d15350并解包,然后解压里面的image-sailfish-opm1.171019.011.zip,将原来的 img 文件全部删除,替换成我们刚刚编译好的 aosp 里的 img,其路径在out/target/product/sailfish,然后重新打包成image-sailfish-opm1.171019.011.zip,刷入即可

记得要使用刚刚编译出来的 aosp 里内置的那个 Fastboot,位置在如下这里

1
2
3
4
5
6
/home/tg/gitsource/repo/build/out/host/linux-x86/bin

...

./flash-all.sh

清理拖拽文件缓存

1
2
3
4
5
6
cd ~/.cache/vmware/drag_and_drop/

du -d 1 -h

rm -rf *

编译 aosp 内核

https://source.android.com/setup/build/building-kernels

https://source.android.com/setup/build/building-kernels-deprecated

  • goldfish 项目包含适用于模拟平台的内核源代码。
  • msm 项目包含适用于 ADP1、ADP2、Nexus One、Nexus 4、Nexus 5、Nexus 6、Nexus 5X、Nexus 6P、Nexus 7 (2013)、Pixel 和 Pixel XL 的源代码,可用作在 Qualcomm MSM 芯片组上开展相关工作的着手点。

找到 aosp 里 kernel 的路径

1
2
3
4
Pixel (sailfish)

Pixel XL (marlin)	device/google/marlin-kernel	android-msm-marlin-3.18-pie-qpr2

改内核过反调试,以 trace pid 为例

事实上,我们可以在设置 > 关于手机 > 内核版本 中直接查看内核版本信息,也可以通过 cat /proc/version 命令查看。内核版本信息的格式为 kernel version-gXXXXXXX,其中 XXXXXXX 部分的值是 git 提交中 的 short commit id 的值(即 kernel version-g

),short commit id 的值为 commit id 值的前 7 位。Nexus 5 设备 Adnroid 4.4.4_r1 版本 AOSP 自带的内核值是`3.4.0-gd59db4e , 并且刷入手机能正常运行。

检出带代码有两种方式(推荐第二种):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
git clone https://aosp.tuna.tsinghua.edu.cn/kernel/msm.git



git checkout 1292056

Updating files: 100% (52159/52159), done.

Note: switching to '1292056'.



You are in 'detached HEAD' state. You can look around, make experimental

changes and commit them, and you can discard any commits you make in this

state without impacting any branches by switching back to a branch.



If you want to create a new branch to retain commits you create, you may

do so (now or later) by using -c with the switch command. Example:



  git switch -c <new-branch-name>



Or undo this operation with:



  git switch -



Turn off this advice by setting config variable advice.detachedHead to false



HEAD is now at 129205686dee qcacld-2.0: wlan host driver upgrade to 4.4.25.047

...

export ARCH=arm64



 export PATH=/home/tg/gitsource/repo/build/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin:$PATH

export CROSS_COMPILE=aarch64-linux-android-

make marlin_defconfig

/home/tg/gitsource/repo/build/kernel/msm/arch/arm64/boot/Image.lz4-dtb就是生成出来的 kernel

1
2
3
4
5
6
7
8
source build/envsetup.sh

lunch(选aosp_sailfish-userdebug)

export TARGET_PREBUILT_KERNEL=/home/tg/gitsource/repo/build/kernel/msm/arch/arm64/boot/Image.lz4-dtb

make -j16

然后可以看到 out 里的 boot.img 已经更新了,重打包刷机即可。

关于过 trace-pid,需要修改的代码在这里

https://github.com/lasting-yang/msm/commit/99ad1405ef0f12d94ca605de4db0b989da3a3b25