'컴맹의 컴퓨터 이야기/커널'에 해당되는 글 2

  1. 2012.04.19 [루팅] 갤탭 루팅하기
  2. 2009.06.30 [커널] iptables-tng

[루팅] 갤탭 루팅하기

2012. 4. 19. 20:40 | Posted by 꿈꾸는코난

업무상 필요에 의해 사용중인 갤탭 10.1을 루팅해 보기로 했다.

테스트 용도로 사용하기 위해서...

처음 해 보는 거라 좀 헤매긴 했지만 마무리 짓고 나니 잘 했다는 생각이 든다.

 

1. 준비 단계

   -. Superoneclick

      일반적인 안드로이드폰 루팅을 위해서는 Superoneclick 이라는 툴을 사용한다.

      나도 이 툴을 다운받아 몇번을 시도했지만 제대로 진행되지 않았다.

      하다 하다 갤탭 툴인 삼성 Kies까지 깔아서 테스트 해 봤지만 역시나 실패했다.

      좀 더 인터넷을 뒤지다 발견한 방법이...

2. 실제 루팅 단계

   -. Samsung_Galaxy_Tab_10.1_root

      이 파일을 갤탭에 넣고 부팅해서 설치해 주면 된다.

      1) 먼저 위 파일을 갤탭 Download 디렉토리에 넣은다.

      2) 갤탭을 끈다.

      3) 전원버튼과 볼륨 다운 버튼을 동시에 눌러 부팅을 시킨다.

      4) 갤탭에서 두개의 아이콘이 나올 때 왼쪽 리커버리 모드인 아이콘을 선택해서

          리커버리 모드로 진입한다.

      5) apply update from SD card를 선택하고 아까 넣은 파일을 선택한다.

          그리고 전원버튼을 누르면 자동 설치된다.

      6) Reboot system now를 선택하여 자동 리부팅시킨다.

      7) 메인화면 Super user라는 안드로이드 해적이 나타났는지 확인한다.

          눈에 잘 띄지 않을 수 있으므로 잘 확인한다.

 

http://blog.naver.com/PostView.nhn?blogId=fogml1222&logNo=30121175692

 

위 블로그에서 많은 도움을 받았다.

 

3. 백트랙 설치

 

http://cafe.naver.com/nsis/61019

 

위 링크를 참조하면 쉽게 백트랙을 설치할 수 있다.

근데 문제가 위 링크에서 설명한 대로 할 경우 install.sh 실행시 "cp" 명령이 없기 때문에

제대로 수행되지 않는다는 것이다.

echo "BackTrack v0.9 for 'Samsung Galaxy S2'"
echo "This process does NOT damage Android OS!"
echo "modified by nanum.info@gmail.com"
export bboxpath=/data/local/tmp/bt5/busybox
echo " "
echo ">> Creating necessary directories"
mkdir /data/local/bt5
mkdir /data/local/tmp/bt5
echo " "
echo ">> Copying files to '/data/local/tmp/bt5/'"
cp busybox > /data/local/tmp/bt5
echo " "
echo ">> Checking premissions of busybox"
chmod 755 /data/local/tmp/bt5/busybox
chown root /data/local/tmp/bt5/busybox
echo " "
echo ">> Remounting system as R/W"
$bboxpath mount -o remount,rw /system
echo " "
echo ">> Cleaning up old files"
$bboxpath rm /system/bin/startbt
$bboxpath rm /system/bin/stopbt
echo " "
echo ">> Copying files to '/system/bin/'"
$bboxpath cp -f startbt /system/bin
$bboxpath cp -f stopbt /system/bin
echo " "
echo ">> Checking premissions of copied files"
$bboxpath chmod 755 /system/bin/startbt
$bboxpath chmod 755 /system/bin/stopbt
echo " "
echo ">> Remounting system as R/O"
$bboxpath mount -o remount,ro /system
echo " "
echo "BackTrack 5 is now configured!"
echo "[ BackTrack 5 Install Complete ]"
echo " "
echo "to Start BackTrack type 'startbt' (without the quotes)"

그래서 위에 있는 부분을

cat busybox > /data/local/tmp/bt5/busybox

이렇게 살포시 바꿔주면 잘 된다.

그리고 하나 더...

위 링크 대로 할 경우 최종적으로 백트랙 수행되는 해상도가 갤럭시S2 해상도에 맞추어 동작하기 때문에 아주 조그만하게 보이게 된다.

이때 이 파일에 있는 내용을 아래대로 수정해 주면 된다.

/data/local/bt5/root/bin/ui

if [ `pgrep Xtighvnc` ]

then

      echo "VNC SERVER Already runing"

else

       rm /tmp/.X11-unix/X1

       rm -rf /tmp/.X1-lock

#       vncserver -geometry 800x480    #  갤S2 해상도

         vncserver -geometry 1280x800  #  갤탭 10.1 해상도

fi

이렇게 하면 나중에 vnc 접속을 하면 화면 가득한 UI를 볼 수 있다.

'컴맹의 컴퓨터 이야기 > 커널' 카테고리의 다른 글

[커널] iptables-tng  (0) 2009.06.30

[커널] iptables-tng

2009. 6. 30. 16:40 | Posted by 꿈꾸는코난

 

 iptables-TNG ( The Next Generation of iptables)
 
 An environment that can use from different packet 
 classification algorithm (eg. tuple) to support large rulesets (more than 10,000 rules)
 for high bandwidth networks.
 
 Licence: GNU GPLv2
 Author: hamid jafarian (hm.t.) <hamid.jafarian@gmail.com>
 Author: maryam geranian <m.geranian@gmail.com>


 Contents

1. Introduction
2. New Code
3. Some Features
4. Classifiers
    4-1. linear classifier
    4-2. tuple cassifier
    4-3. url classifier
5. TODO list
6. Opportunitis


1. Introduction:

In This version I tried to create the ability of Interactivity beside the ability of using Multiple And Different Classification Algorithms  for every chain. In this version one chain (e.g. OUTPUT in filter) Can Use from "linear Classifier" (like of current version) and other chain (e.g. FORWARD in filter) can use from "tuple".

Implementation of Classification Algorithms Is like of Matches and Targets but they don’t have any User Space implementation (only one (or more) module).

An Important feature in this version is "Ranking". All of the rules base on their locations
(is defined in the "iptables" command when user add a rule) in the list of the rules of a Chain, get a Rank. Thus hashing the rules doesn't create any problem because the algorithm must test the rule with lowest rank from the rules that may match the packet. Thus the users can sit and think; "the rules are stored sequentially and also processed sequentially (like of current version)".

   
2. New Code:
   
In this version I was used "link list"s in the kernel, instead of continues memory (in the current version) for rule storage and also defined many useful and important structures for "Table", "Chain" and....
This code is different completely and also easy to understand absolutely.

New "iptables" command syntax has been not changed. "iptables-save" and "iptables-restore" are adopted.
You can use and develop "matches" and "targets" like before.
   

3. Some Features:

       1. All Chains can get Policy:
          Against the Current Version, the User Chains Like of Built-in Chains can get olicy.

       2. All Chains can be used as Target:
          you can use from every chain to reference to them as a Rule Target. against the 
          current Version that you should use only from User Chains as Target.

       3. All Chains have reference number:
          this define the number of references to the chain (i.e. number of rules that use it
          as Target). At deletion time, this num ber must be zero (if not and you try to
          delete the chain; you will receive an error message from IPtables).

       4. RETURN can be Rule Target:
          like of Current Version, in the called chains (Child Chains: referenced as a target
          in one of the rules of Parent Chain), cause to return to the caller (Parent Chain)
          and In the built chains, the Chain Policy will be used for the matched packet.

       5. RETURN can be Chain Policy:
          Against the Current Version. In the called chains (Child Chains) this cause to
          return to the caller (Parent Chain) but in the Built-in Chains, this means DROP.

       6. You can change Chain Classifier:
          With -C option in the iptables command. for example: iptables -C INPUT tuple.
          You can do this every time. by this option, base on the number of rules in the
          chains;
          you can select best Classification Algorithm for that chain and force it to use that.

       7. pkt_tables namespace and framework
          using pkt_tables namespace and create a common framework for all of the
          *tables.


4. Classifiers

    To now, we developed three classifiers for iptablestng:"linear", "tuple" and "url".

    4-1: linear classifier
          This is not a new approuch in rule search, like before he search rules
          sequentially from first to last.
          this is implemented for compatibility and also is appropriate for chains with few
          rules.

    4-2: tuple classifeir
          this classifier, classifies packets base on their source/destination addresses. He
          uses src/dst ips in the iptables rules to store them in his hash tables. then when
          packets are recived, he retrive the addresses and search the rules that match
          the packet.
          The key note is that: this classifier is appropriate for rules that have source or
          destination IP.

          change classifier to tuple:     # iptables -C INPUT tuple

    4-3: url classifier
          Filter "http" packets base on their domain name may be one of administrators
          interests.
          To now there are many user space applications that can do it. but doing this idea
          in the kernel in a modular and flexible enviornment is new.
          By IPtables-tng we can implement and use new classifiers for special porposes.
          "url classifier" is an special porpose classifier that may be used to filter "http"
          packets base on "HOST" field value in the "http request" packet.

      4-3-1: Use instructions:
          To fiter domain names, after installation of patches(read INSTALL file for more
          info):
              1- first: change the classifier of your chain to the "url":
                   # iptables -C YOUR_CHAIN_NAME url
              2- second: add rules with domain names: e.g. to filter www.xxx.com
                   # iptables -A YOUR_CHAIN_NAME -m url --url www.xxx.com -j DROP
         
         NOTE:
              1- this classifier doesn't support rule deletion (iptables -D).
                  you can use -F to flush the chain.
              2- he only matches "request" packets. target is triggerd on this packets.
              3- he verfies the rule header (source/des IPs & ...) and also other matches to
                  match the packet.
              4- "url" matched is used to tranfer urls to kernel and he dose nothing with
                  packets.
         
      4-3-2: Implementaion notes:
          he uses combination of Boolm Filter & hash tables.
      
5- TODO list

    In progress work is focused on use of RCU for rule managemnt activities (search,
    add, remove) instead of use of spin locks.
    Also the next step will be use of NetLink for user/kernel communication(God Willing).
    Implementation of new way to send classifier data (like urls for url classifier) instead
    of using matches and also new aprouches to retrive data from packets are our goles.

6. Opportunities :

       1. Upgrade IP6tables:
          We can use from this implementation to upgrade ip6tables. The structures and
          functions that is used in this implementation are general.
   
       2. Implement More Classification Algorithms:
          We can implement other Classification Algorithms for iptables e.g. HiCuts.

'컴맹의 컴퓨터 이야기 > 커널' 카테고리의 다른 글

[루팅] 갤탭 루팅하기  (0) 2012.04.19
이전 1 다음