Motorola Droid 3
Hacking

Setting Up Dropbear

Summarizing the CyanogenMod wiki page on SSH:

• It's assumed that you have your personal private and public SSH keys. If not, the wiki page shows how to create them. Copy the public key to any convenient location on the phone, like the SDcard.

• Use your favorite hacking tool, like ADB or the terminal app. If you have not set up ADB to always run as root, use su to get root. All of the files below should be owned by root. Your umask is 000, so be sure to fix the modes of the files created. Create /data/dropbear (mode 755) and /data/dropbear/.ssh (mode 700).

• Copy (or append) your public key to authorized_keys in this dir (mode 600).

• Generate the host key(s):

  • dropbearkey -t rsa -s 2048 -f /data/dropbear/dropbear_rsa_host_key
  • dropbearkey -t dss -f /data/dropbear/dropbear_dss_host_key

  The page says dss, not dsa; it has a fixed size of 1024 bits.

• Determine the IP address of your phone. Determine the interface names by either of: ls /sys/class/net or cat /proc/net/dev. On the Dream, wireless is tiwlan0 while the cellular data interface is rmnet0, 1 or 2 (guess which). These names vary between devices. Now do ifconfig tiwlan0 to get the IP address. If the phone is napping it may have shut off WiFi; if so, wake it up. This could be a problem: make sure the phone doesn't go to sleep while you're trying to get work done.

• Manual operation of Dropbear for testing. Run dropbear with these command line options: -s = no passwords accepted, publickey only. -v = verbose output, -F = no daemon, stay in foreground. It will use the default key files, which are the ones you just created.

• Now try to slogin as root to your phone (using the IP address found two steps back).

  slogin root@192.168.0.205

  For me it worked the first time, with much verbosity in the debug output. If the sending host already has a (different) host key in ~/.ssh/known_hosts, you will get a nasty message, including the line number. Get rid of the obsolete key and try again. You need to log in as root rather than yourself because yourself has no account (i.e. known loginID) on the phone.

• For normal operation you can start it when needed by just dropbear -s. Recommended to redirect stdin-stdout-stderr because otherwise it holds open your TTY and you can't exit from the ADB shell until you kill Dropbear.

• To make it start at boot, do this:

  • mount -o remount,rw /system

  • Append this stanza to /etc/init.local.rc (actually in /system/etc):

    # start Dropbear (ssh server) service on boot
    service sshd /system/xbin/dropbear -s
        user  root
        group root
        oneshot
    

  • This done, Dropbear starts at boot, and I can execute commands and get a shell session on it, using its IPv6 (or IPv4) address, just like a normal host. Yay!

Recovering After Data Wipe

Since this is an alpha version of CyanogenMod-9, I'm going to be installing new versions every week or two, and every one that I've had so far has required wiping the data partition. Here I make a plan for restoring my configuration afterward. You did make a complete backup of /data, didn't you?

It's not a good idea to blindly restore everything, which would be the same as not wiping data at all. You need to restore selectively.

Immediate Setup

• Turn on Menu -> Developer Options -> USB Debugging. This is required before you can use ADB.

• Restore all the downloaded (non-included) apps, with their data. I have a script to restore the apps. Run it as root, because Android sets weird permissions preventing an ordinary user from reading the data to be restored. The following apps are/were in /data/app but were already installed (in CM9-01-12); these were skipped by the script.

  • com.android.vending-1.apk
  • com.android.vending-2.apk
  • com.google.earth-1.apk
  • com.koushikdutta.rommanager-2.apk

• Selectively restore data for apps with APK files in /system/app. 21 of 93 apps were restored. Run it as root, because Android sets weird permissions preventing an ordinary user from reading the data to be restored. Oops, at least one of the selected apps makes the UI crash, causing a bootloop. Symptom: within about 10-15 secs the phone reboots. You can unlock the lock screen (still reboots). You have just enough time to long-press the power button, select power off, and confirm it.

  Recovering from the bootloop: I drastically pruned the set of apps that were restored (successfully), to just 7 or 93.

  • com.android.browser (this did not restore my bookmarks as I had hoped.)
  • com.android.deskclock (this did not restore my alarms as I had hoped.)
  • com.android.keychain
  • com.android.providers.calendar
  • com.android.providers.contacts
  • com.android.contacts
  • com.google.android.calendar

  One of these two was the culprit causing the bootloop:

  • com.android.providers.telephony
  • com.android.phone

• Set up wi-fi. I can't find the file that stores the wi-fi connection information. I did find the Bluetooth info, but there is a fix for Bluetooth problems in this image, so I'm reluctant to touch the data.

  • /data/data/com.android.settings/shared_prefs/bluetooth_settings.xml
  • /data/data/com.android.settings/shared_prefs/bluetooth_phonebook_permission.xml
  • /data/data/com.android.bluetooth

• Restore Dropbear. See the instructions above, but you can just copy the data. However, ADB does not set the source permissions at all, so you have to use tar, like this. Run as root, so you have permission to read the secret key.

  
  touch /tmp/dropbear.tar
  chmod 600 /tmp/dropbear.tar
  cd /backupdir/data
  tar cf /tmp/dropbear.tar dropbear
  adb push /tmp/dropbear.tar /tmp/dropbear.tar
  adb shell # Now executing on the phone
  cd /data
  tar xpf /tmp/dropbear.tar

  Selection

  Install

  Features

  Apps

  Hacking

  Top