This is an old revision of the document!


depends on:
interested: ruza
software license:
hardware license:
status: alive and kicking

Research Wishlist

  • application compatibility mechanism in Market, howto fake compatibility, what is based on
  • USB HID keyboard support, howto enable
  • find realy secure “app lock” application, try to circumvent its security mechanism, find application we can trust or research why its not possible to trust any of those apps

Android OS

Reverse engineering

Speeding up the android emulator

Cool appz

Cool soft




  • mtd0 handles miscellaneous tasks
  • mtd1 holds a recovery image
  • mtd2 contains boot partition
  • mtd3 contains system files
  • mtd4 holds cache
  • mtd5 holds user data


  • /system/media/bootanimation.zip /system/bin/bootanimation

Jak se dostat do nastaveni i kdyz to UI neumoznuje

./adb shell am start -a android.intent.action.MAIN -n com.android.email/.Settings


Random MAC

echo 00:50:`expr $RANDOM % 89 + 10`:`expr $RANDOM % 89 + 10`:`expr $RANDOM % 89 + 10`:`expr $RANDOM % 89 + 10`

Know Your Exploits

  • GingerBreak, Exploid, RageAgainstTheCage

Android source


GPLv2 Android

Android Open Accessory Development Kit

Android Open Accessory Development Kit is available in brmlab

Hands-On with the Android Open Accessory Development Kit

Vyzaduje Platform 2.3.3, API Level 10, na Android telefonu

Dropad A8/Heropad



  • utv210_root.tgz. rozbalit na interni sd kartu.
  • vypnout tablet
  • vyndat externi sd kartu (ta co je ve slotu zvenku), jinak zustane flashovani viset na obrazku Tuxe
  • stisknout Menu (M) a Power (C-)


Unbrick Android tablet


  1. Download HerotabC8_V2.2_2011_03_01.zip or Haipad_M7_0831_android2.3 Rooted.zip. (tested by ruza)
  2. Take out the internal 4GB microSD and wipe it clean: dd if=/dev/zero of=/dev/sdX bs=512KB count=4 No need to do anything further, i.e. create partition or format.
  3. Put the internal 4GB microSD back into the tablet.
  4. Extract the contents of the ZIP. With u-boot-sd.bin from the ZIP, use dd to dump it onto an external microSD. I used a 2GB card for this. dd if=/path_to_bin/u-boot-sd.bin of=/dev/sdX
  5. Copy the entire contents of the ZIP to the largest partition of the external microSD. It was the only automatically mounted partition when I replugged the card into Ubuntu.
  6. I had to do these steps as recommended in the first post: rm -R utscript_sd && cp utscript utscript_sd (I didn't do it initially and after the recovery flash, my tablet couldn't boot w/o the external microSD)
  7. Insert the external microSD into your tablet. Now, both microSDs are inside the tablet.
  8. Press power and “M” button simultaneously. It should boot up and begin recovery. After that is done, you may remove your external microSD and proceed as your wish.
what we've learned: Power On switch functionality is dependent on internal SD content. (even if device seems to be bricked)


Wi-Fi sudenly stopped working

  • logcat show error mesage:
E/WifiHW  (  ): Unable to open connection to supplicant on "/data/system/wpa_supplicant/wlan0":\\
No such file or directory will appear. 
  • recreate /system/etc/wifi/wpa_supplicant.conf:
ctrl_interface=DIR=/data/system/wpa_supplicant GROUP=wifi

more info about Android WPA supplicant

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki