The latest posts in full-text for feed readers.
Yesterday I purchased an ebook from buecher.de, Corvus by Neal Stephenson. Apart from the water mark file it contains advertisements that take half of the size of the ebook file.
The DRM-free .epub file is 3.8 MiB in size. It is a zip file, and the unzipped contents are 6 MiB.
There are a lot of files in the folder OEBPS/BICMediaMarketing/, and their size sums up to 2.98 MiB. The non-BIC files are 3.04 MiB. Nearly 50% of the ebook's size are advertisements :(
Similar to ads bloating websites and making them so unusable that we have to use ad blockers, advertisements in ebook files waste bytes on our hard disks and make downloads slower.
I know who get electronic books without adverts: Pirates.
Similar to pirates having a
much better movie experience
than people buying and playing DVDs.
2048 2023-10-12 19:11 OEBPS/BICMediaMarketing/marketing.css 2907 2023-10-12 19:11 OEBPS/BICMediaMarketing/mp1.xhtml 763 2023-10-12 19:11 OEBPS/BICMediaMarketing/lastpage.xhtml 162174 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/253EF476A2ED49549DED6D5B26C0EA1A.xhtml 859 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/336E6DD3E68F4990B1D19F3CA30C4990.xhtml 623 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/6FE2556344D849B281E012E50151547D.xhtml 1112 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/9B8E49F3338942609923919A284CB82E.xhtml 1009 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BAED857E61C049ECB974C479521A9207.xhtml 1025293 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/cover.jpg 748 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/cover.xhtml 2958 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/DA9C6990BEF64CE68BF0407505CF793F.xhtml 484 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/E8719B7E1C4B4C418F61C704A8FD8134.xhtml 721 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/toc.ncx 10054 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/70653622D0534CC6B6C67CBE13E33104.xhtml 1548 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Amazon.gif 1191 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Apple.gif 1397 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Google.gif 10740 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kobo.JPG 2517 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/tolino.gif 20577 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kostenlos_reinlesen.gif 45514 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kostenlos_reinlesen.PNG 60808 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kostenlos_reinlesen_klein.png 8724 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/button--reinlesen--color.png 5155 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/button--zumshop--color.png 46701 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Zur_Bestellung_mit_einem_Klick_50.png 6050 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/button--one-click--color.png 9294 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/Kostenlos_reinlesen2.png 1712 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/BICMediaMarketing/marketing.css 3582 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/153C113ED16D44E4B456D68D5AC45E41.jpg 3914 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/372C80CDB20A44AE86BA05250A1FB430.jpg 3175 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/4451B938ADFD4EA89F1F71CEC775730C.jpg 3172 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/5C5B46C79F5C45128F4142D96EA0DAEA.jpg 9272 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/image/F6C0DD5F607649E282DA83BCBB0D67DA.jpg 77824 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/AGaramondPro-Bold.otf 94208 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/AGaramondPro-Italic.otf 126976 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/AGaramondPro-Regular.otf 73728 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/FuturaLTPro-Book.otf 106496 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/HelveticaLTPro-Oblique.ttf 106496 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/font/HelveticaLTPro-Roman.ttf 16357 2023-10-12 19:11 OEBPS/BICMediaMarketing/9783641300852_shortened/OEBPS/css/idGeneratedStyles.css 37278 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/9783641300852_front.jpg 757076 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/DejaVuSans.ttf 1548 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/Amazon.gif 1191 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/Apple.gif 1397 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/Google.gif 10740 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/Kobo.JPG 2517 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/tolino.gif 20577 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/Kostenlos_reinlesen.gif 45514 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/Kostenlos_reinlesen.PNG 24354 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/mehr_zum_buch.png 8724 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/button--reinlesen--color.png 5155 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/button--zumshop--color.png 9294 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/Kostenlos_reinlesen2.png 145531 2023-10-12 19:11 OEBPS/BICMediaMarketing/BICMediaMarketing/rh_bg640_6.jpg
I chained together some command line tools to get the size.
$ unzip -l Stephenson_Corvus_9783641249878.epub\
| head -n-2 | tail -n +4\
| grep BICMedia\
| sed 's/^ *//' | cut -d' ' -f1\
| xargs | sed 's/ /+/g' | bc
3129777
$ unzip -l Stephenson_Corvus_9783641249878.epub\
| head -n-2 | tail -n +4\
| grep -v BICMedia\
| sed 's/^ *//' | cut -d' ' -f1\
| xargs | sed 's/ /+/g' | bc
3193311
Published on 2024-04-24 in bigsuck, books
Die Leipziger Verkehrsbetriebe verkaufen weiterhin Werbeplätze in den Haltestellendurchsagen der Straßenbahnen, und diese sind viel schlimmer - störender - geworden.
Während es 2021 auf der Linie 10 und 11 vom Hauptbahnhof in Richtung Markkleeberg nur einzelne Werbeplätze waren, ist jetzt bis zum Connewitzer Kreuz fast jede Haltestelle mit Werbung zugepflastert:
Das ganze ist ziemlich nervig und stört sehr beim Lesen.
Published on 2024-04-24 in bigsuck, kundeistkönig
Es ist das Jahr 2024, 26 Jahre nach der Standardisierung von IPv6. Die 1blu RootServer unterstützen kein IPv6, wie auch die meisten anderen Produkte bei 1blu. Traurig.
Der Support meint:
Wir bedauern Ihnen mitteilen zu müssen, dass IPv6 bei Ihrem Produkt aktuell noch nicht unterstützt wird. Unsere Technik arbeitet bereits daran dies zu ermöglichen. Bitte haben Sie Verständnis, dass wir Ihnen jedoch noch keinen genauen Termin nennen können.
Siehe auch:
Published on 2024-03-05 in bigsuck, network
I tried to get a Windows 8.1 system running inside VirtualBox 7.0.12,
but it fails as soon as I install the Guest Additions
.
All Windows updates have been installed. When installing the Guest Additions, there are 4 errors about Windows preventing the installation of unsigned drivers.
After rebooting, Windows sees something is broken and will do an automatic repair, which yields no results. Rebooting does not help, the system is broken beyond repair :(
Bug report: #21979: Installing Guest Additions in Windows 8.1 leads to non-bootable system
Published on 2024-02-05 in bigsuck
Work on my own server for the abandoned PlayJam GameStick micro console continued, and two weeks ago I deemed it good enough to make it public for others to test.
To make sure everything works fine I removed the GameStick host name entries from my local DNS server, factory reset the GameStick and started the initial setup. It all worked fine as expected, but after completing setup the screen went black and stayed that way. Only notifications that a Gamepad was connected/disconnected or the internet connection was established were shown in the bottom right corner. The GameStick did not react to gamepad nor keyboard input.
Since had reinstalled the 2071 firmware as part of my test, I had no access to adb - for that I had to install and start the TOFU media player, install and run my "start adb" plugin. None of this was an option since the main UI ("Console") did not load.
Flashing firmware 2058 gave the same black screen that 2071 showed.
I suspected something to be off with my API and changed the connect API responses to known-to-work versions from git history of the playjam gamestick API code, but that did not help. Minimizing them did not help either.
Next I tried to replace the profile API with a version that I used when I got it working for the first time, but that did also not help.
I also suspected the session IDs to have invalid characters, but changing them did not yield any results. The black screen stayed.
Another thing that the official connect API responses had were UI translation strings, so I integrated them - but no avail.
The first three days of poking in the dark were over.
During development I had collected a number of server responses that were cached on different GameSticks (Toast, Cataphoresis, Ryo, Kazdan, Lee Chapman). I let my server return those files, but the screen still stayed black.
Since I knew that the UI did not show the latest data when they were downloaded from the server, I had to boot the GameStick once to the black screen, wait for it to download all API data, and rebooted again to see if the new data made any difference.
Nothing.
I also replaced the small .jpg profile images with original large .png files.
From previous experiments I knew that OOBE in firmware 2071 did not show the profile image, while 2058 does. So I tried to find out what changed between those two firmware versions: 2058 used the custom JSON handler, while 2071 had completely switched to a Gson to parse and hydrate the API responses.
There were no differences to find in the parsed properties. Day 4 over.
My main problem was that I did not have error logs because the PlayJam developers had disabled adbd on the GameStick. My next idea was to install all the GameStick .apk files inside the Android emulator and see the error in its logs.
Fortunately I could configure a 4.1 Android system for the emulator, start it and install all com.playjam.* apk files that were part of the 2071 firmware. I could start OOBE, but it would hang in the 5th step, the activation. Logs said that it could not obtain the hardware ID which is needed in requests to the API server.
I dived deep into the decompiled code, found out how the GameStick loads its hardware ID, built an Android app that provides a system service that starts on boot and sends out the com.playjam.SYSTEM_INFO intent with a fake hardware ID and firmware version information.
I learned the hard way that building an app with only a service and without any user interface will never be marked as "activated", and thus its services will never be started by the Android system. So I had to build a dummy UI activity that started the service once.
In the end, my service worked and the GameStick apks could fetch the correct API from the server, and OOBE finished.
The Console UI had some errors because certain files and folders were missing in the /data user partition. I copied them over from the firmware image, and the GameStick intro video played!
Unfortunately the UI crashed while the spinner was rotating, because playing a sound did not work in the emulator:
W/AudioPolicyManagerBase( 654): getOutput() could not find output for stream 3, samplingRate 0,format 0, channels 3, flags 0 E/AudioTrack-Java( 2246): [ android.media.AudioTrack ] getMinBufferSize(): error querying hardware W/dalvikvm( 2246): JNI WARNING: JNI method called with exception pending W/dalvikvm( 2246): in Lcom/ideaworks3d/marmalade/LoaderThread;.runOnOSTickNative:()V (GetObjectClass) W/dalvikvm( 2246): Pending exception is: I/dalvikvm( 2246): java.lang.NullPointerException: I/dalvikvm( 2246): at com.ideaworks3d.marmalade.SoundPlayer.start(SoundPlayer.java:75) I/dalvikvm( 2246): at com.ideaworks3d.marmalade.LoaderThread.soundStart(LoaderThread.java:856)
But this was a kind of success: The intro video was not visible on my real factory-reset GameStick.
Day 6 over.
So my GameStick stays completely black but the emulator shows the intro video: I needed to get back to real hardware. One thing I had not yet tried was CFW 1.4, the Custom FirmWare by shanti (GameStickers.net: [ROM] CFW v1.3 - Updated 1.4 is out :D, archived version). It hopefully has adbd enabled, which would give me logs.
I flashed it onto the GameStick, and it booted into a standard Android user interface (the whole point of the firmware was to get an usable Android without any restrictions). Then I installed all the com.playjam.*.apk files and populated /data as I had when using the emulator.
The results were good: OOBE worked, intro video plays, the spinner is visible and then the normal UI starts and is usable - only game images did not load.
But while it was nice that I got the official UI working on custom firmware, I did not find out why the official firmware stayed black.
Day 7 was gone.
When inspecting the CFW 1.4 files I noticed /system/build.prop which contained three additional lines:
persist.service.adb.enable=1 persist.service.debuggable=1 persist.sys.usb.config=mass_storage,adb
If the official firmware had this, I'd get proper error logs and could see the error messages.
I learned that the GameStick firmware .img files are standard Android OTA .zip files and not some custom format.
I also learned that firmware files need to be signed, so I used the standard java method for signing:
$ signapk -a 4 --min-sdk-version 16 --disable-v2 certs/certificate.pem certs/key.pk8 image.tmp.zip image.signed.img
.. but when trying to flash that image I got:
Verifying update package...
Installation aborted.
I tried different parameter combinations (align/noalign, v1/v2) but all failed.
Then I read all 28 pages of the archived CFW thread on gamestickers.net and found someone who asked how the image was signed. shanti had answered:
here is the program I used: "Sign-em! 2.0"
http://forum.xda-developers.com/showthread.php?t=1966007
I got the linux version and found it used signapk.jar. After finding that I saw that it used some internal old Sun Java class sun.misc.BASE64Encoder that was not available anymore in any recent OpenJDK :(
Android system recovery normally only installs firmware images
that have been signed by one of a number of white-listed keys.
The GameStick's recovery seems to allow all properly signed images,
regardless which signing key was used.
This is the reason the CFW was possible at all
- on OUYA, custom firmwares could only be installed when using a
custom bootloader,
but not with the stock recovery that requires firmwares to be signed
by a key that only OUYA possessed.
Then I found the next XDA thread post that linked to HemanthJabalpuri/signapk which contained MinSignApk 1.0 that ran on current Java versions!
I signed my firmware image with MinSignApk, and could flash it!
Update 2023-06: An adbd-enabling firmware image is available at codeberg.org/gamestick-fans/firmware-adb-enabler/
Now that I had flashed my custom firmware 2071+adb I finally saw the errors:
I/ActivityManager( 3509): START {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10000000 pkg=com.playjam.gamestick.console cmp=com.playjam.gamestick.console/.Main u=0} from pid 3754 D/GameStick( 4262): **************************************** D/GameStick( 4262): Failed to create download directory
The directory existed, so I removed it:
$ adb shell rmdir /data/data/com.playjam.consoledev/files/Downloads
Next boot, the GameStick would create the directory, and the following it would complain again. So this was not the problem.
I/ActivityManager( 4479): Displayed com.playjam.gamestick.console/.Main: +313ms (total +1s416ms) W/System.err( 4628): java.io.EOFException W/System.err( 4628): at libcore.io.Streams.readAsciiLine(Streams.java:203)
The firmware update check needs to return its JSON on a single line, otherwise parsing would fail. I modified the server.
D/PlayjamKeyboard( 3685): Starting for type : 0/0 I/marmalade( 4262): PJException error has occurred : 62 c:/_work/dev/marmalade_main/menu_head/src/PNGFile.cpp OpenTextureFile open png Error : empty file name
This finally looked like the real problem. I removed all game information from the API in case the game images were the culprit, as well as the profile images. Still the same error.
Day 8 was over.
The next day I tried more image related changes:
While booting the GameStick I came across a very special error:
W/DatabaseService:ConnectDownloader( 3794): Failed to duplicate connect data for console : /data/GameStick/ConsoleResources/315f7b66-fae7-4ab3-9d46-bf41942694b6.json => /data/GameStickCache/reg_server_response.json
Reading through the source code led to me understanding that process:
The last step failed because downloading fresh data (500 kiB!) was faster than parsing cached data.
This could only happen on my local setup: GameStick's WiFi reception is so bad that I could not use my normal access points. Instead I enable an access point on my laptop whenever I do GameStick development, and the GameStick only needs to transmit data some 30cm to my laptop. Since the API server is running on the same machine, data transmission is much faster than usual, leading to that race condition.
This problem was fixed with a sleep(2) call to slow down the API.
The GameStick still gave the OpenTextureFile error with no hint about the file it tried to read.
I tried my luck, built a 2058 firmware with adbd and did get a more verbose error:
I/marmalade( 5452): PJException error has occurred : 97 c:/_work/dev/marmalade_main/menu_head/src/PNGFile.cpp OpenTextureFile open png Error : Cannot open file raw:///data/GameStickCache/Assets/textures/placeholder3.png
That was very strange. I knew that the firmware image contains nearly 1000 files in the /data folder, and confirmed that this particular file also exists in both 2058 and 2071 firmware files.
It turned out that /data/GameStickCache/Assets/ was completely missing on my device, as well as /data/GameStickCache/Resources/. What the heck?
Now I remembered that when flashing firmware via system recovery, I always do two steps to get a nice clean system:
But the GameStick firmware installation process already populates the user data partition /data/! Wiping user data after installation removes all the asset files that are needed by the console user interface, leaving a broken system.
Now it also made sense that I did not see this problems on the emulator and the CFW setup: I knew those files were missing and had manually copied them from the firmware update into /data.
Day 9 had finally brought relief.
The key takaway is that the PlayJam developers did not follow standard Android conventions and put necessary system data onto the user partition.
When flashing a GameStick, always wipe user data first, and then flash the firmware .img file. Never the other way round.
Published on 2023-06-19 in bigsuck, gamestick
I got a used Blackview BV4900S Android smartphone and wanted to prepare it properly so it can be used.
The Blackview website does not have a download section: I had to contact customer support via e-mail (customerservice1@) to get the firmware file and installation tool.
They sent a link to the firmware file BV4900s_EEA_L620_V1.3_20220518V10 - uploaded to Mega instead of their own website... Another link was for the firmware install tool UpgradeDownload_R26.21.4101.7z. The instructions they sent were for a different tool, though.
The BV4900S has a Spreadtrum Unisoc SC9863A chipset, unlike the BV4900 and BV4900 Pro which both have a MediaTek chipset.
The official tool to flash .pac firmware files on Unisoc phones is SPD Flash Tool, the executable is named UpgradeDownload.exe.
On Windows 7 I had to install the Spreadtrum SPD drivers that I got from AndroidFileHost: SPD_Driver_R4.20.4201.zip. The SPD Flash Tool site has them as well, but their download was abysmal slow.
The official SPD version SPD_Upgrade_Tool_R27.23.1902.zip did not
work on my Windows 7 installation;
it failed with CFWDL-driver error
.
Instead I used the SPD version R26.21.4101 I got from Blackview,
which worked fine.
The installation steps were:
When loading a .pac file, SPD Flash Tool actuall extracts its contents into a subdirectory, in my case PAC_s9863a1h10_DownloadFiles_BV4900s_EEA_L620_V1.3_20220518V10_718_19C9C_0:
boot.img cache.img dtbo.img fdl1-sign.bin fdl2-sign.bin FileList.ini gnssbdmodem.bin gnssmodem.bin odmko.img PackInfo.csv persist.img PM_sharkl3_cm4_v2.bin prodnv.img s9863a1h10.xml SC9600_sharkl3_pubcp_modem.dat sharkl3_cm4.bin sharkl3_pubcp_deltanv.bin sharkl3_pubcp_DM_DSP.bin sharkl3_pubcp_LTEA_DSP.bin sharkl3_pubcp_nvitem.bin sml-sign.bin socko.img super.img teecfg-sign.bin tos-sign.bin u-boot-sign.bin u-boot-spl-16k-sign.bin unisoc_HD_720_1440_24bit.bmp 'unisoc_HD_720_1440_24bit.bmp(1)' userdata.img vbmeta_product.img vbmeta-sign.img vbmeta_system_ext.img vbmeta_system.img vbmeta_vendor.img
s9863a1h10.xml contains the partition list.
Being a cheap chinese smart phone, there is no Lineage OS port for it. So I had to take the stock firmware, but at least wanted root access to I could install an ad blocker.
I wanted to install Magisk to get root. The boot image was extracted by SPD Flash Tool, and the Magisk App was able to patch the boot image. But: Flashing the boot image is not possible.
I found two ways to access fastboot:
Flashing the boot image fails because the boot loader is locked:
$ fastboot flash boot ../magisk_patched-26300_weTYA.img Sending 'boot_a' (65536 KB) FAILED (remote: 'Download is not allowed on locked devices') fastboot: error: Command failed
In Android developer settings I enabled "OEM unlocking" and then tried to unlock the bootloader, but all commands failed:
$ fastboot flashing unlock FAILED (remote: 'Unrecognized command flashing unlock') fastboot: error: Command failed $ fastboot flashing unlock_critical FAILED (remote: 'Unrecognized command flashing unlock_critical') fastboot: error: Command failed $ fastboot getvar unlocked unlocked: no
Other Spreadtrum devices could be unlocked by fetching some token and signing the custom firmware with it. The command does not work on this phone:
$ fastboot oem get_identifier_token ... OKAY [ 0.001s] finished. total time: 0.001s $ fastboot oem invalidcommand ... OKAY [ 0.001s] finished. total time: 0.001s
Blackview support says they do not support unlocking their devices. I asked on XDA for help but don't really expect any outcome.
For now I am stuck; the BV4900S cannot be unlocked.
dmesg output:
usb 1-2: new high-speed USB device number 63 using xhci_hcd usb 1-2: New USB device found, idVendor=18d1, idProduct=4ee8, bcdDevice= 4.04 usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-2: Product: BV4900s usb 1-2: Manufacturer: Chinoe usb 1-2: SerialNumber: BV4900sEEA00001817
usb 1-2: new high-speed USB device number 64 using xhci_hcd usb 1-2: New USB device found, idVendor=1782, idProduct=4ee0, bcdDevice= 4.14 usb 1-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-2: Product: Unisoc Phone usb 1-2: Manufacturer: Unisoc usb 1-2: SerialNumber: BV4900sEEA00001817
Published on 2023-10-22 in android, bigsuck
In 2019 I installed LineageOS 16 on a Xiaomi Mi8 smartphone, and now in 2023 I wanted to upgrade to LineageOS 20 - skipping multiple major versions.
Installing the update to the system partition worked, but the system was broken afterwards.
When booting the first time, it tried to apply migrations: System databases and files in the old format need to be modified so they are structured as the new operating system version expects it. Unfortunately, the LineageOS 20 firmware is not able to upgrade from version 16 - my guess is that the migrations for such "old" versions are missing.
The phone booted to the lock screen, the screen flickered a couple of times and then it rebooted. Repeat forever.
The LineageOS developers do not keep older versions around; so I did not have the chance to first flash version 17, then 18, 19 and at last 20. The only downloadable firmwares were 19 and 20.
In preparation for the update I made two backups:
I booted into the TWRP 3.7.0_9-0 recovery partition with adb reboot recovery. Then I opened the backup settings, selected the boot, system and data partitions and ran
$ adb backup --twrp
Then it took some time while the backup was directly stored on my PC.
While I was in TWRP recovery mode, I pulled all the user files from the phone:
$ adb pull /sdcard
Later I learned that I should have used pull -a to backup the file timestamps as well.
After the upgrade from 16 to 20 failed, I wanted to restore my partition backup so that the phone would be back on Lineage 16. I booted into recovery, probably selected "restore" and then executed this on my PC:
$ adb restore backup.ab
Boot and system partitions got restored, but the data partition failed:
extractTarFork() process ended with ERROR: 255
Running the restoration twice did not make it better. It turned out many other people had the same problem: Team-Win-Recovery-Project #964.
In the end we had to install LineageOS 20 freshly and manually install and setup all the apps that were previously on the phone :( Very big suck.
The failed system restore led to other problems:
Updating the system partitions with files from the official firmware updates with fastboot fails now for some partitions:
$ fastboot flash abl_ab abl.elf Warning: skip copying abl_ab image avb footer (abl_ab partition size: 0, abl_ab image size: 155648). Sending 'abl_ab' (152 KB) OKAY [ 0.014s] Writing 'abl_ab' OKAY [ 0.007s] Finished. Total time: 0.032s
This did not change even after I installed and setup the official MIUI firmware.
When booting into recovery TWRP and selecting "reboot" there, it warns me that No OS Installed! Are you sure you wish to reboot? (even though the OS boots fine).
TWRP does not ask me to unlock the data partition anymore.
I guess this began when I once cancelled the unlock process when TWRP was booted up, but I am not sure.
This means no data recovery with TWRP anymore :(
Published on 2023-10-17 in android, bigsuck
Heizungshersteller Vaillant hat das Netzwerkmodul sensoNET VR 921 im Angebot. Mit ihm soll man auf die Einstellungen und Sensordaten der Wärmepumpe zugreifen können.
Bei der Einrichtung wurde von mir verlangt, eine Handy-App zu installieren, und dem Modul Internetzugriff zu geben.
Aus Sicherheitsgründen möche ich das nicht - wichtige Geräte gehören nicht ins Internet. Also habe ich den Vaillant-Support angeschrieben, wie ich das sensoNET-Modu ohne Internetzugang nutzen und direkt auf dessen Daten zugreifen kann. Die Antwort:
Leider können wir Ihnen keine Lösung anbieten direkt auf die Daten Ihrer Anlage zuzugreifen. Die Nutzung des sensoNET Internetmoduls bedingt immer eine Internetverbindung.
Das heißt, daß die Daten - auch wenn ich mit meinem Handy direkt neben der Heizung stehe und im selben Netzwerk bin wie das Modul - immer über den Vaillant-Server laufen.
Vaillant hat damit direkten Zugriff auf meine eigene private Heizung. Da das VR921 aber auch im Netzwerk hängt, hat Vaillant auch indirekten Zugriff auf alle anderen Geräte, die in meinem Heimnetz erreichbar sind.
Die von mir jetzt genutzte Alternative ist eBUSd, auch wenn ich da noch einiges an Konfigurationsaufwand haben werde.
Published on 2023-06-23 in bigsuck
Es ist das Jahr 2023. Die 1blu RootServer unterstützen kein IPv6, wie auch die meisten anderen Produkte bei 1blu. Traurig.
Der Support meint:
Aktuell wird IPv6 ausschließlich bei den 1blu-vServern unterstützt.
und
Bitte haben Sie Verständnis, dass wir Ihnen jedoch noch keinen genauen Termin nennen können [bis zu dem IPv6 für Sie verfügbar sein wird].
Siehe auch:
Published on 2023-01-26 in bigsuck, network
To get games to unlock on the defunct OUYA gaming console, I wrote an Xposed module that disables encryption for purchase receipt requests and responses that the games send and receive.
While it worked for many games, users reported that Final Fantasy III crashes when my plain-purchases module is enabled. adb logcat shows the following stacktrace:
E/AndroidRuntime: *** FATAL EXCEPTION IN SYSTEM PROCESS: main java.lang.SecurityException: 1466 does not have permission:android.permission.CLEAR_APP_USER_DATA to clear datafor process:de.cweiske.ouya.plainpurchases at android.os.Parcel.readException(Parcel.java:1425) at android.os.Parcel.readException(Parcel.java:1379) at android.app.ActivityManagerProxy.clearApplicationUserData(ActivityManagerNative.java:2889) at com.android.commands.pm.Pm.runClear(Pm.java:1126) at com.android.commands.pm.Pm.run(Pm.java:116) at com.android.commands.pm.Pm.main(Pm.java:75) at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method) at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:235) at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:135) at dalvik.system.NativeStart.main(Native Method)
Final Fantasy 3 is not the only game that shows this behavior; many Square Enix games exhibit this behavior.
FF3 for Android/OUYA contains a native library lib__57d5__.so which seems to be the source of the problem. Fortunately for me, the Xposed author had a look at that library before:
Ok, whatever Final Fantasy does there: It looks like some very dirty coding.
- com/square_enix/android_googleplay/FFIV_GP/MainActivitya loads lib__57d5__.so and then calls native function MainActivityb.a(I)I with some random (?) integer constants
- Actually already the library loading fails because somewhere during the initialization, it calls sh -c pm clear <package> for the Xposed modules, which fails with a permission error and crashes the process
- [...]
To summarize: A strange native library in FF seems to get all /data/app/*-?.apk entries from the memory mapping file and tries to clear the data for them.
So the lib tries to clear the application user data for all apks that somehow linger in the memory of the FF3 game. It does not do this directly, but by opening a shell and using the android package manager command line tool pm:
$ sh -c pm clear packagename
After reading the sources of pm I came to the following call stack:
final fantasy 3 + lib__57d5__.so + sh -c pm clear $package + android.app.ActivityManagerProxy::clearApplicationUserData + ?? IPackageDataObserver - transact(CLEAR_APP_DATA_TRANSACTION) something with binder + ??? PackageManager::clearApplicationUserData() + com.android.server.pm.PackageManagerService::clearApplicationUserData (final String packageName, final IPackageDataObserver observer, final int userId)
The pm cli tool does not directly call the package manager, but - to my limited understanding - uses some Android IPC mechanism to call the one authorative instance of the actual package manager.
At first I wrote an xposed module that hooked into PackageManagerService::clearApplicationUserData and simply said "success" when the data of my own module were to be cleaned:
iPackageDataObserverClass = Class.forName("android.content.pm.IPackageDataObserver");
Class>[] paramTypes = {String.class, boolean.class};
Method onRemoveCompletedMethod = iPackageDataObserverClass.getMethod("onRemoveCompleted", paramTypes);
Object[] params = {packageName, true};
try {
onRemoveCompletedMethod.invoke(observer, params);
//observer.onRemoveCompleted(packageName, true);
} catch (Exception e) {
XposedBridge.log("Observer no longer exists.");
}
}
//end dance
}
}
}
);
}
}]]>
The unaccessible IPackageDataObserver made it a bit hard to call the right methods, but it was still relatively easy. Unfortunately, it did not work at all because it was too late: ActivityManagerProxy.clearApplicationUserData() already does the permission checks!
My goal was to hook into ActivityManagerProxy that does the IPC call to the package manager.
This proved to be extremely hard for me because hooking into command line tools with IXposedHookCmdInit is not supported anymore by Xposed: See XDA: Hook cmds (PM) and the XPosed API changelog for 2.6:
IXposedHookCmdInit is deprecated now, initCmdApps() won't be called anymore unless an undocumented file has been created. Only two modules used it, both got rid of it without any loss of functionality.
Rolling back my OUYA's XPosed from version 2.6.1 (API v31) to 2.5.1 (API v50) worked, but then I faced the most difficult problem: I could not compile the code, because the compileOnly de.robv.android.xposed:api dependency is only available for API version 53 and higher - and 52 was the last one with support for command line tool hooks :/
It took quite some time to find an older XposedBridgeApi jar file, but eventually one turned up: XposedBridgeApi-52.jar. Moving that to the module's lib/ directory let me compile the module with the cli hook! Now I faced a very strange error:
I/Xposed: Running ROM 'JZO54L-OUYA' with fingerprint 'OUYA/ouya_1_1/ouya_1_1:4.1.2/JZO54L-OUYA/1427:user/test-keys' I/Xposed: Loading modules from /data/app/de.cweiske.ouya.plainpurchases-2.apk I/Xposed: Loading class de.cweiske.ouya.plainpurchases.PlainPurchases I/Xposed: java.lang.IllegalAccessError: Class ref in pre-verified class resolved to unexpected implementation at dalvik.system.DexFile.defineClass(Native Method) at dalvik.system.DexFile.loadClassBinaryName(DexFile.java:211) at dalvik.system.DexPathList.findClass(DexPathList.java:315) at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:58) at java.lang.ClassLoader.loadClass(ClassLoader.java:501) at java.lang.ClassLoader.loadClass(ClassLoader.java:461) at de.robv.android.xposed.XposedBridge.loadModule(XposedBridge.java:441) at de.robv.android.xposed.XposedBridge.loadModules(XposedBridge.java:407) at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:121) at dalvik.system.NativeStart.main(Native Method)
The source of the problem was that I moved XposedBridgeApi-52.jar into the lib/ folder, which meant it got compiled into the xposed module jar file. Now on the OUYA, there were suddenly two implementations of the bridge API, and the JVM could not decide which was the right one.
I moved it into a different directory, told gradle/Android Studio to use it for compilation only and could load the mod without problems!
iPackageDataObserverClass = Class.forName("android.content.pm.IPackageDataObserver");
Class>[] paramTypes = {String.class, boolean.class};
Method onRemoveCompletedMethod = iPackageDataObserverClass.getMethod("onRemoveCompleted", paramTypes);
Object[] params = {packageName, true};
try {
onRemoveCompletedMethod.invoke(observer, params);
//observer.onRemoveCompleted(packageName, true);
} catch (Exception e) {
XposedBridge.log("Observer no longer exists.");
}
}
//end dance
}
}
);
}
}]]>
Running pm clear ... from shell as limited user worked flawlessly and gave exit code 0 and no exceptions! Now I had beaten Square Enix! I started Final Fantasy 3 via shell:
$ adb shell am start -n com.square_enix.android_OUYA.FFIII/com.square_enix.FFIII_J.MainActivity
... and FF3 stopped as it had before:
I/Xposed: clearApplicationUserData: de.cweiske.ouya.plainpurchases D/AndroidRuntime: Shutting down VM I/AndroidRuntime: NOTE: attach of thread 'Binder_3' failed D/dalvikvm: JIT code cache reset in 0 ms (86452 bytes 1/0) D/dalvikvm: Debugger has detached; object registry had 1 entries D/Zygote: Process 1572 exited cleanly (1) I/ActivityManager: Process com.square_enix.android_OUYA.FFIII (pid 1572) has died. W/ActivityManager: Force removing ActivityRecord{420f33f0 com.square_enix.android_OUYA.FFIII/com.square_enix.FFIII_J.MainActivity}: app died, no saved state
lib__57d5__.so did not care about pm's exit code, it always stops when it detects that XPosed is running.
I'm very sure that the SecurityException was just a red herring to make people spend time with a pretty difficult problem that has nothing to do with the actual problem.
/me tips his hat to the lib__57d5__.so developers.
Update 2023-01-10: We have a solution.
Published on 2020-02-26 in android, blackbox, bigsuck, ouya