逆向-android-rom刷机
刷机
1. 刷机总结
1.1 刷机前的准备
- 一般手机需要解锁,解除屏幕锁
- 解除fastboot使用权限(比如小米)
- 需要正版的twrp,官网上下载 https://twrp.me 。这一点很重要,后期的刷机,刷magisk,刷xposed.都需要借助twrp上下载的recovery镜像
- 下载Rom刷机包,这里提供两个好用的.注意选择手机版本
1.https://download.mokeedev.com/whyred/nightly/file/MK90.0-whyred-201904151652-NIGHTLY
2.https://downloads.aospextended.com/whyred/
1.2 刷机方式
线刷 使用刷机精灵等软件。(bootloader)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16adb reboot bootloader (进入bootloader模式)
fastboot -w flashall
fastboot update XXX.zip
注意重点:
去除校验
# fastboot $* flash crclist `dirname $0`/images/crclist.txt
# if [ $? -ne 0 ] ; then echo "Flash crclist error"; exit 1; fi
# fastboot $* flash sparsecrclist `dirname $0`/images/sparsecrclist.txt
# if [ $? -ne 0 ] ; then echo "Flash sparsecrclist error"; exit 1; fi
去除校验
fastboot --disable-verity --disable-verification flash vbmeta_a images/vbmeta.img
fastboot --disable-verity --disable-verification flash vbmeta_b images/vbmeta.img
fastboot --disable-verity --disable-verification flash vbmeta_system_a images/vbmeta_system.img
fastboot --disable-verity --disable-verification flash vbmeta_system_b images/vbmeta_system.img卡刷(recovery)
1
2
3
4
5# 先刷机前准备
# fastboot flash recovery twrp.img (刷入启动刷机包的镜像)
# fastboot boot <twrp.img>
# adb push rom(rom包) /sdcard/
# 进入recovery模式后刷入镜像(twrp.img),刷入rom刷机包
recovery模式下的rom
pc端rom制作
1. https://github.com/ColdWindScholar/TIK
2. 准备termux
- ssh (adb forward tcp:8022 tcp:8022)(ssh 127.0.0.1 -p 8022)
- pkg install binutils
- 安装依赖 (pkg install openssh libxml2 libxslt libiconv ldd e2fsprogs)
- pkg update upgrade
- [安装内置ubuntu](https://blog.csdn.net/weixin_49966522/article/details/123602528)
3. 解包,替换,打包,刷机
4. 注意清除data分区数据,才能使用 adb 网络调试(原因不明)
5. adb -s 192.168.141.202:7777 shell mkdir -p /sdcard/Download/files
6. adb -s 192.168.141.202:7777 push ~/.../worker-release-unsigned.apk /sdcard/Download/files/worker_hot.jar
7. adb -s 192.168.141.202:7777 reboot
8. adb -s 192.168.141.202:7777 install ~/Work/Document/android_system/z_apk/termux-app_v0.118.0+github-debug_arm64-v8a.apk
9. adb install /Users/eleme/Work/Android/project/frpc_android/app/release/frpc_adnroid-v0.39.1.1.apk
10. https://github.com/wcedla/AndroidApexTools.git apex 工具
termux抓包方案
1. 安装ssh
pkg install openssl
pkg install openssh
ssh-keygen -A
passwd
2. 安装python
pkg install python
pkg install libexpat
pkg install libc++
pkg intall rust
pkg install binutils
pkg install wget
pkg install android-tools
pip install requests
缺少依赖 https://www.bilibili.com/read/cv24517186/
wget https://cdn.jsdelivr.net/gh/liuxsdev/Python-Wheels-for-Termux/Wheels/ruamel.yaml.clib-0.2.7-cp311-cp311-linux_aarch64.whl
pip install ruamel.yaml.clib-0.2.7-cp311-cp311-linux_aarch64.whl
下载 https://mitmproxy.org/downloads/#10.3.1/
wget https://downloads.mitmproxy.org/10.3.1/mitmproxy-10.3.1-py3-none-any.whl
python -m pip install mitmproxy-10.3.1-py3-none-any.whl
# openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer
3. 上传脚本
scp -r -P 8022 /Users/eleme/Work/Python/project/mitm_rom/mitm.sh 127.0.0.1:~
scp -r -P 8022 /Users/eleme/Work/Python/project/mitm_rom/push.sh 127.0.0.1:~
scp -r -P 8022 /Users/eleme/Work/Python/project/mitm_rom/update_script.py 127.0.0.1:~
scp -r -P 8022 /Users/eleme/Work/Python/project/mitm_rom 127.0.0.1:~
scp -r -P 8022 /.mitmproxy 127.0.0.1:
settings put global http_proxy 127.0.0.1:29999
cp mitm_rom/mitm.sh mitm.sh
cp mitm_rom/push.sh push.sh
cp mitm_rom/update_script.py .
chmod +x mitm.sh push.sh
nano .bashrc
1
2
3
4
5
6
7python update_script.py
clear
rm -rf ~/http
mkdir -p ~/http
sshd
nohup ~/mitm.sh &
~/push.sh