Reply
Thread Tools
javispedro's Avatar
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#31
Originally Posted by rainisto View Post
Well, if you boot to Open Mode with stock kernel, you still need to insmod module in order to make aegis less strict (I've written my module originally for open mode stock kernel). Its only when you boot to open mode with Aegis cracked kernel when things are easier.
Good point indeed, I forgot that I do enable the fake seal bit patch. Other than that I never found any reason for the other changes -- dbus-server (imho one of the most annoying) stops doing credential checks just because of the openmode flag, and for the other few processes there's FIXED_ORIGIN. Just installing anything is usually enough for develsh to "Recover" the * token set.

Originally Posted by rainisto View Post
Open mode is future proof, yes, most likely it will not get blocked. But Open Mode has a disadvantage in the fact that CAL nand area is always read-only. So unless you rewrite all the system modules that use CAL to not to use it (and as most of the services using cal are not open sourced) then you will never have 100% matching functionality to Closed Mode phone while being Open Mode.
One question: why do you mention CAL here? Is the libcal stuff stored in whatever BB5 uses as storage now? All of the kernel-addressable NAND is certainly fully writable in any mode (but in closed mode you need at least one of sys_module or a GRP I forgot about) and in fact one of the glaring points where a N9/50 can be relatively easily bricked.

I think that those apps just refuse to run when openmode is detected. For the simple checks, a simple workaround can be used; if they really use BB5 features it might actually be impossible, but the fact that it is impossible is exactly the reason why open mode will be allowed for the foreseeable future.

Fortunately, it seems that the number is much lower than I expected.

Originally Posted by rainisto View Post
But we do not live in perfect world... and most likely A, B, C or D will never happen. But you can always hope for the miracle.
Any of those solutions implies keeping the device in "closed mode", so it would defeat the DRM parts of Aegis, and I've already deduced that is not going to happen.
Yes, every Nokian has been very quick to say that Aegis is not for DRM, but I've seen plenty of indications that at least some people in there still think that is the case (e.g. drive, odnp stuff) because they are going way more than necessary for just say protecting your past gps fixes from prying eyes, and because of the reluctance of the remaining developers to share information.

I do have a few proposals too:
- Make dbus-server not automatically ignore credentials on unclean boots, but rather make it listen to a env var like the dpkg script does. Same for other apps. This way you can enable credential enforcing even in unclean boots if you wish.
- The other extreme: fix all the apps that are expecting armed aegis protected storage, so that they also work even if it is missing (even if it means storing data in $HOME).

The first might probably happen, the second will certainly not.

Last edited by javispedro; 2012-03-08 at 12:06.
 
qole's Avatar
Moderator | Posts: 7,109 | Thanked: 8,820 times | Joined on Oct 2007 @ Vancouver, BC, Canada
#32
Hi guys, this Aegis talk is fascinating stuff, but I think it is best posted in the Nokia & Aegis thread or even the Inception thread.
__________________
qole.org --- twitter --- Easy Debian wiki page
Please don't send me a private message, post to the appropriate thread.
Thank you all for your donations!
 
Posts: 245 | Thanked: 915 times | Joined on Feb 2012
#33
Originally Posted by qole View Post
Hi guys, this Aegis talk is fascinating stuff, but I think it is best posted in the Nokia & Aegis thread or even the Inception thread.
Back to the chroot-related issue - did you try the capability dropping arrangement I mentioned earlier? That should get things operating in the normal (non-root) case.
 
Posts: 466 | Thanked: 418 times | Joined on Jan 2010
#34
Originally Posted by mrsellout View Post
Which model/where did you order it from? I'm after one so any recommendations would be most welcome.
http://www.amazon.com/gp/product/B00...00_i00_details

That's the one right there.

I believe there is a thread floating around here somewhere dealing with bluetooth keyboards that I posted that on.

slaapliedje
 

The Following User Says Thank You to slaapliedje For This Useful Post:
Posts: 23 | Thanked: 11 times | Joined on Nov 2011
#35
hi guy, manage to chroot now.

1. using inception opensh to mount
2. exit to close mode
2. use javispedro's modhash.py to hash the image /bin/sh
3. chroot /img /bin/sh
4. done.

Thanks guy.!!
 

The Following 2 Users Say Thank You to z720 For This Useful Post:
Posts: 92 | Thanked: 16 times | Joined on Jun 2011 @ Sacramento, CA USA
#36
Originally Posted by z720 View Post
hi guy, manage to chroot now.

1. using inception opensh to mount
2. exit to close mode
2. use javispedro's modhash.py to hash the image /bin/sh
3. chroot /img /bin/sh
4. done.

Thanks guy.!!
Seems like a basic 4step process, but you lost me...how did you do it again?
 
ibrakalifa's Avatar
Posts: 1,583 | Thanked: 1,203 times | Joined on Dec 2011 @ Everywhere
#37
its more fun to see how it will be work rather than some gays that wants whatsapp thing, go go go, nice work here, and surprisingly this thread get less attention than the 'wazzap', sigh
__________________
~$
~#
 
Posts: 92 | Thanked: 16 times | Joined on Jun 2011 @ Sacramento, CA USA
#38
.....so only gays want WhatsApp?

I just want a semi-noob step-by-step on how to get OpenOffice to work..
 
Posts: 23 | Thanked: 11 times | Joined on Nov 2011
#39
Originally Posted by vzp916 View Post
Seems like a basic 4step process, but you lost me...how did you do it again?
basically you need to have linux.img (it can be debian, ubuntu,bt5 & etc) google it.

copy the img to your home folder (/home/user/MyDocs/)
then download HarmChom.tgz from 1st page - Thanks to qole
extract it to your home folder, then you shoud see HarmChom folder.
Copy src/bin/* to /bin/, chmod +x after copied to /bin.
You might want to edit .chroot file as well (refer to page 1).

For close kernel need to edit below line.
Edit the /bin/debian, goto line 72 change it to "sh /bin/qchroot"
edit /bin/qchroot, goto line 37 add "sh" as well.

once done above follow the simple 4 steps previously.

You should able to mount linux.img
 

The Following User Says Thank You to z720 For This Useful Post:
javispedro's Avatar
Posts: 2,355 | Thanked: 5,249 times | Joined on Jan 2009 @ Barcelona
#40
Originally Posted by z720 View Post
2. use javispedro's modhash.py to hash the image /bin/sh
You will still not be able to run anything other than sh (also, it's binhash the one you want to use, modhash is for kernel modules ).

For chroot you either need unseal.ko or a fully aegis-neutering openmode kernel.
 
Reply

Tags
chroot, debian, harmattan

Thread Tools

 
Forum Jump


All times are GMT. The time now is 17:43.