kk Blog —— 通用基础


date [-d @int|str] [+%s|"+%F %T"]
netstat -ltunp
sar -n DEV 1

G9300 ROM包相关及降级原理-BL, 刷机流程

https://zhuanlan.zhihu.com/p/102050317

http://romup.com/

https://www.sammobile.com/samsung/galaxy-s7/firmware/SM-G9300/CHC/download/G9300ZCU2BRD1/216945/

https://www.netded.com/a/jishuyingyong/2016/0305/31324.html

能否降级原理 就是看BL(bootloader版本)

1
2
3
4
5
6

2018-10-16   8.0.0   G9300ZCS3CRI1
2018-09-02    8.0.0   G9300ZCU3CRH1
2018-08-06    8.0.0   G9300ZCU3CRG3
2018-06-26    8.0.0   G9300ZCU2CRF5
2018-04-25    7.0 G9300ZCU2BRD1
2018-01-17    7.0 G9300ZCU2BQL3

看中间的 S3, U3, U2, 其中 S3=U3。数字不能下降,数字相同的可以降级,例如从 G9300ZCU2CRF5(8.0.0) 降到 G9300ZCU2BRD1(7.0)

刷 TRWP 和 root

原始来源是这里 https://dl.twrp.me/heroqltechn/ ???

G9300_twrp-3.0.2-0-heroqltechn.img.tar

SuperSU-v2.82.zip

https://build.nethunter.com/android-tools/no-verity-opt-encrypt/

https://www.muzisoft.com/shuaji/223499.html

先刷 TWRP 再刷 supersu。supersu 也会去除 verity,不需要再刷 no-verity-opt-encrypt

解决wifi无法保存密码 或 多次尝试才能打开 的情况

https://forum.xda-developers.com/samsung-a-series-2017/how-to/guide-fix-bluetooth-losing-pairings-t3798262

Fix_Bluetooth.zip

https://github.com/Magisk-Modules-Repo/libsecure_storage

https://github.com/rovo89/Xposed/issues/294

1
2
3
4
5
6
7

$ vim /system/build.prop
ro.securestorage.support=true 改成 ro.securestorage.support=false

$ cp Fix_Bluetooth/system/lib/libsecure_storage.so   /system/vendor/lib/libsecure_storage.so
$ cp Fix_Bluetooth/system/lib64/libsecure_storage.so /system/vendor/lib64/libsecure_storage.so

修改后的明文密码保存在 data/misc/wifi/wpa_supplicant.conf

file_contexts.bin和file_contexts转换

https://github.com/rkhat2/android-rom-repacker/releases/tag/android-7-v3

android-rom-repacker-20180401-610b6d2.tar.gz

1
2
3

./sefcontext_decompile file_contexts.bin -o file_contexts

./sefcontext_compile file_contexts -o file_contexts.bin_new

第三方 ROM

http://blog.sina.com.cn/s/blog_6de000c20102z9ur.html

http://rom.tomatolei.com/g9300.html

可能有用

https://android.stackexchange.com/questions/69954/how-to-unpack-and-edit-boot-img-for-rom-porting

http://i.lckiss.com/?p=1345

制作卡刷 ROM

META-INF.tar

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

$ cat META-INF/com/google/android/updater-script
ui_print("+------------start--------------+");

#ifelse(is_mounted("/system"), unmount("/system"));
#ui_print("+------------umount /system--------------+");

#format("ext4", "EMMC", "/dev/block/bootdevice/by-name/system");
#run_program("/sbin/sleep", "2");
#ui_print("+------------format /system--------------+");

#mount("ext4", "EMMC", "/dev/block/bootdevice/by-name/system", "/system");
#ui_print("+------------mount /system--------------+");

package_extract_file("system.img", "/dev/block/bootdevice/by-name/system");
ui_print("+------------copied /system--------------+");

ui_print("Done!");

解压 META-INF.tar,编辑 system.img,将 META-INF 和 system.img 一起打包成 zip,卡刷。

BUG:刷完后需要进官方recovery再执行一些升级操作,但是改了system后,官方recovery会校验失败,导致升级失败,会在设置里出现多余内容。。。

试了第三方的ROM可以升级,所以单纯删除system.img的一些东西还是不够的

刷机流程

1. crom1.0.8.apk 解锁手机bootloader

2. 刷rom, G9300ZCU2BRD1_G9300CHC2BRD1_CHC

3. 刷kernel, my-7.0.0-9350-boot-mptcp.tar

4. 刷recovery, twrp-3.2.1-0-heroqltechn.img.tar

5. 进入recovery, 刷root, SuperSU-v2.82.zip

6. ROM 简化命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

set -x

mount -o rw,remount /system

rm -rf /system/app/AllshareFileShare
rm -rf /system/app/AllshareMediaShare
rm -rf /system/app/ApexService
rm -rf /system/app/BBCAgent
rm -rf /system/app/Bluetooth
rm -rf /system/app/BluetoothMidiService
rm -rf /system/app/BluetoothTest
rm -rf /system/app/BookmarkProvider
rm -rf /system/app/CoreApps_SDK_2017
rm -rf /system/app/GearManagerStub
rm -rf /system/app/HongbaoAssistant
rm -rf /system/app/Kaiti
rm -rf /system/app/KnoxAppsUpdateAgent
rm -rf /system/app/KnoxAttestationAgent
rm -rf /system/app/KnoxFolderContainer2
rm -rf /system/app/KnoxRemoteContentsProvider
rm -rf /system/app/KnoxSetupWizardClient
rm -rf /system/app/KnoxSwitcher
rm -rf /system/app/Miao
rm -rf /system/app/MirrorLink
rm -rf /system/app/MobilePrintSvc_Samsung
rm -rf /system/app/MoreServices
rm -rf /system/app/QuickConnect
rm -rf /system/app/RemoteControl
rm -rf /system/app/SamsungDLPService
rm -rf /system/app/SBrowser_5.0
rm -rf /system/app/SearchBoxBaidu_OPEN_V8.0
rm -rf /system/app/SecurityLogAgent
rm -rf /system/app/ShaoNv
rm -rf /system/app/ShareLink
rm -rf /system/app/SmartSwitchAgent
rm -rf /system/app/SPrintSpooler7
rm -rf /system/app/UniversalMDMClient
rm -rf /system/app/Weather2017_SE
rm -rf /system/app/WeatherWidget2017_SE
rm -rf /system/app/WeChatWifiService
rm -rf /system/container/ContainerAgent2
rm -rf /system/container/KnoxBBCProvider
rm -rf /system/container/KnoxBluetooth
rm -rf /system/container/KnoxKeyguard
rm -rf /system/container/KnoxShortcuts
rm -rf /system/container/KnoxTrustAgent
rm -rf /system/container/resources
rm -rf /system/container/SharedDeviceKeyguard
rm -rf /system/dummy/OnlineMusicChinaDummy
rm -rf /system/dummy/SecEmail_N
rm -rf /system/dummy/SHealth5
rm -rf /system/dummy/SRoaming_v11_N
rm -rf /system/preload/GalaxyCare_CHN_Deletable
rm -rf /system/preload/MM_Phone_V5.0_M
rm -rf /system/preload/mm_safe_5.0_M
rm -rf /system/preload/OnlineMusicChina
rm -rf /system/preload/SamsungOnlineVideo
rm -rf /system/preload/SAssistant_downloadable
rm -rf /system/preload/SecEmail_N_R
rm -rf /system/preload/SHealthDeletable5.9
rm -rf /system/preload/SmartSwitch
rm -rf /system/preload/SRoaming_v12_N_Deletable
rm -rf /system/priv-app/Alipay_Service
rm -rf /system/priv-app/DiagMonAgent
rm -rf /system/priv-app/FotaAgent
rm -rf /system/priv-app/GalaxyApps_3xh
rm -rf /system/priv-app/GalaxyAppsWidget_Phone_Hero
rm -rf /system/priv-app/GalaxyThemes
rm -rf /system/priv-app/GameHome
rm -rf /system/priv-app/GameTools
rm -rf /system/priv-app/GearManager
rm -rf /system/priv-app/HancomOfficeEditor
rm -rf /system/priv-app/HealthService
rm -rf /system/priv-app/KLMSAgent
rm -rf /system/priv-app/NetworkLocation_Autonavi
rm -rf /system/priv-app/NSFusedLocation_v2.2
rm -rf /system/priv-app/OfflineNetworkLocation_Baidu
rm -rf /system/priv-app/RNB
rm -rf /system/priv-app/RNBShell
rm -rf /system/priv-app/SamsungAccount_Dream
rm -rf /system/priv-app/SamsungBilling
rm -rf /system/priv-app/SamsungCloud
rm -rf /system/priv-app/SamsungPayStub
rm -rf /system/priv-app/SamsungUpdates
rm -rf /system/priv-app/SEMFactoryApp
rm -rf /system/priv-app/SKMSAgent
rm -rf /system/priv-app/SOAgent
rm -rf /system/priv-app/SPPPushClient_Prod
rm -rf /system/priv-app/VRSetupWizardStub

rm -rf /system/priv-app/SmartManager_v5_DeviceSecurity

rm -rf /system/hidden/Common_app/*

rm -rf /data/misc/profiles/cur/0/com.mobilesrepublic.sohu.launcher
rm -rf /data/misc/profiles/ref/com.mobilesrepublic.sohu.launcher
rm -rf /data/data/com.mobilesrepublic.sohu.launcher
rm -rf /data/app/com.mobilesrepublic.sohu.launcher-1
rm -rf /data/user_de/0/com.mobilesrepublic.sohu.launcher

rm -rf /data/data/com.sec.android.app.SecSetupWizard/shared_prefs/chn.BaiduLocationActivity.xml
rm -rf /data/data/com.speedsoftware.rootexplorer/shared_prefs
rm -rf /data/media/0/Android/data/com.baidu.searchbox_samsung


cp Fix_Bluetooth/system/lib/libsecure_storage.so   /system/vendor/lib/libsecure_storage.so
cp Fix_Bluetooth/system/lib64/libsecure_storage.so /system/vendor/lib64/libsecure_storage.so

cp build.prop /system/build.prop

TIME-WAIT

1. tw_reuse,tw_recycle 必须在客户端和服务端 timestamps 开启时才管用

1

cat /proc/sys/net/ipv4/tcp_timestamps

2. tw_reuse 只对客户端起作用

开启后超过1s的time-wait sk被reuse, 如下代码。否则inet_hash_connect会继续尝试寻在可用端口。

tcp_v4_connect() -> inet_hash_connect() -> __inet_check_established() -> twsk_unique() -> tcp_twsk_unique()

vim net/ipv4/tcp_ipv4.c

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

int tcp_twsk_unique(struct sock *sk, struct sock *sktw, void *twp)
{
        const struct tcp_timewait_sock *tcptw = tcp_twsk(sktw);
        struct tcp_sock *tp = tcp_sk(sk);

        if (tcptw->tw_ts_recent_stamp &&
            (twp == NULL || (sysctl_tcp_tw_reuse &&
                             get_seconds() - tcptw->tw_ts_recent_stamp > 1))) {
                tp->write_seq = tcptw->tw_snd_nxt + 65535 + 2;
                if (tp->write_seq == 0)
                        tp->write_seq = 1;
                tp->rx_opt.ts_recent       = tcptw->tw_ts_recent;
                tp->rx_opt.ts_recent_stamp = tcptw->tw_ts_recent_stamp;
                sock_hold(sktw);
                return 1;
        }

        return 0;
}

3. tw_recycle 和 TCP_TIMEWAIT_LEN

tw_recycle 对客户端和服务器同时起作用,有两个作用:
a) 开启后在 3*RTO 后回收 sk。没开启在 TCP_TIMEWAIT_LEN = 60 后回收 sk。
b) tcp会缓存每个连接最新的时间戳,后续请求中如果时间戳小于缓存的时间戳,相应的数据包会被丢弃。如果多个客户端在NAT后面就会出问题。

有些内核删除了b功能,如tlinux。 https://github.com/torvalds/linux/commit/4396e46187ca5070219b81773c4e65088dac50cc

最新的内核删除了a、b两个功能,且 TCP_TIMEWAIT_LEN 不可配置。。。

4. tcp_max_tw_buckets

1

cat /proc/sys/net/ipv4/tcp_max_tw_buckets

time-wait sk 的最大数量。

设置成0就部不分配time-wait sk,只回一个ack,如果ack丢了下次就只能回rst了,测试的时候可以用。

5. 服务端处于 time-wait 时收包处理

TIME_WAIT状态下对接收到的数据包如何处理

centos 设置默认启动内核

https://www.4spaces.org/centos7-change-kernel-order/

查看当前默认启动内核

1

grub2-editenv list

查看所有内核

1
2

cat /boot/grub2/grub.cfg | grep menuentry
menuentry 'CentOS Linux (3.10.0-693.5.2.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-693.el7.x86_64-advanced-a5c5c2e2-9baf-46e5-9703-ee9d6b421f66' {

设置新的启动内核

1

grub2-set-default 'CentOS Linux (3.10.0-693.5.2.el7.x86_64) 7 (Core)'