End of studies' project based on "Android platform based linux kernel rootkit".
- Ubuntu 12.04
- Android SDK
- Kernel tree from here
- Using Android NDK / Google toolchain
There are two version presented to flash the kernel:
- Create a device with avdmanager
./android create avd -n <avd_name> -t 1 - Clone the Google Git of Goldfish
- Add Android NDK to the PATH
export PATH=$PATH:<NDK_PATH>/android-ndk-r8-crystax/toolchains/arm-linux-androideabi-4.6/prebuilt/linux-x86_64/bin - Modify Makefile of Goldfish with
ARCH := armandCROSS_COMPILE := arm-linux-androideabi- - Run
make goldfish_defconfigfor Android 2.0 ormake goldfish_armv7_defconfigfor Android 4.0. - Then
make menuconfig - Enable the
loadable module support, alsoForced module loading,Module unloadingandForced module unloadingin it. - Run the emulator
./emulator -avd <avd_name> -kernel <zImage_path>/zImage &
- Create a device with avdmanager from android sdk (e.g: Nexus S with Android 2.3)
- Run the emulator:
emulator @Nexus_S -show-kernel - Extract the config from the emulated device
adb pull /proc/config.gz . - Extract the config file
- Edit the file for modules support. Change '# CONFIG_MODULES is not set' to CONFIG_MODULES=y
- Compile Android kernel with modules support and your new .config
- Run the emulator with the new zImage:
emulator @Nexus_S -kernel path/to/zImage -show-kernel -verbose
Note: when compiling you may have to '[N/y/?]'.
Forced module loading (MODULE_FORCE_LOAD) [N/y/?] (NEW) y
Module unloading (MODULE_UNLOAD) [N/y/?] (NEW) y
Forced module unloading (MODULE_FORCE_UNLOAD) [N/y/?] (NEW) y
Module versioning support (MODVERSIONS) [N/y/?] (NEW) y
Source checksum for all modules (MODULE_SRCVERSION_ALL) [N/y/?] (NEW) yEverything else is 'N'.
Usually, the device is read-only. Here is a quick tip.
$ adb shell
# mount -o rw,remount rootfs /
# chmod 777 /mnt/sdcard