LightBlog

mercredi 28 septembre 2016

How to Discover Hidden Fastboot Commands

In my quest to discover as much about Android customization as I possibly could, I’ve made many obscure, yet interesting discoveries. I’ve shown you how to access hidden menus on your device by sifting through all of the hidden application activities on your phone. More recently, I’ve shown you how to access the hidden hardware diagnostic tool on certain smartphones. Now, I realize that some of you were disappointed in the fact that your smartphone was not covered in the previous article, and I apologize for that.

To make up for it, I’m going to walk you through something far, far more advanced and exciting: dumping your device’s bootloader to discover hidden fastboot commands. This guide, although done on my Nexus 6P, is most definitely replicable on the majority of smartphones. However, what commands you will have access to will vary significantly between devices. Most commands will not really help you in any real situation, but nevertheless it’s pretty interesting to dive this deep into your phone’s settings. Let’s get started.

Disclaimer: So long as you know what you’re doing and can follow instructions appropriately, nothing bad should happen to your device. But, we are still messing around with our device partitions and the bootloader, so there is no telling what could happen if you enter the wrong command. Make sure you have an off-device backup ready!


Preparation

Before we get started, there’s one really, really important thing to note. In order to extract your device’s bootloader, you will need root access on your phone. If you do not have root access, you can continue reading this guide for educational purposes, but you will not be able to perform any of the necessary commands. Got that? Good. Another prerequisite you will need to meet is ensuring that your computer has all of the proper ADB/fastboot drivers. If you don’t have the ADB/fastboot binaries, then I recommend installing Minimal ADB & Fastboot from our forums. As for the drivers, you can grab the necessary drivers for Google Nexus devices here and for all other devices from here. How do you know if you’re good to go? Plug in your device, enable USB Debugging under Developer Settings, open up a command prompt, and type:

adb devices

adb-devices

If you see your device’s serial number pop up, then you’ve got the right drivers.


Dumping the Bootloader

Our first step is to open a shell on our device so we can run commands over ADB. It’s best that we run commands over ADB because we’re much more prone to making mistakes when typing on a virtual keyboard, and making mistakes is not something you want to do here. The first command you should run in your command prompt is:

adb shell

If you see the command prompt change from displaying the ADB binary directory to showing the codename for your Android device, then you’ve successfully entered your device’s local command line shell. Now, in order to access the partitions we need to dump, you will need superuser access. To do so, type the following:

su

The symbol in front of your device’s codename should change from $ to # indicating that you can now run commands with elevated privileges. Be careful now!

adb-shell

Next, we will figure out the exact location of your device’s bootloader image. In order to find the exact directory, we will print out a list of all of the partitions and their directories by name, and look for one in particular called ‘aboot.’ You will need to enter two commands as follows:

cd /dev/block/bootdevice/by-name
ls -all

adb-partitionsAs you can see above, a giant list of partition directories are printed out. These partitions are sorted by name, so we can easily discern the location of our bootloader partition. In my case, the bootloader, which is ‘aboot’ in the above image, can be found at /dev/block/mmcblk0p10. This will vary depending on your device, so it’s important that you follow these instructions to figure out the true directory where your bootloader is located. Take note of this directory, however, as we will reference it in the following command to dump the bootloader:

dd if=/dev/block/{YOUR ABOOT PARTITION} of=/sdcard/aboot.img

adb-dump-bootloader

Once successful, you should find a file called ‘aboot.img‘ located on the root of your internal storage. Now that we’ve dumped the bootloader, we need to examine it to determine what hidden commands we can find.


Hidden Fastboot Commands and their Uses

You might be familiar with some of the more common fastboot commands, such as fastboot flash or fastboot boot. There are many more fastboot commands as defined in the open source fastboot protocol. Here is a list of the fastboot commands available on every device with a bootloader based off of the latest AOSP code:

fastboot-aosp

What’s missing in this list are fastboot oem commands. These commands are specific to Android device manufacturers, and there is no comprehensive list or documentation anywhere for what fastboot oem commands are available. Now, if your device manufacturer was kind enough to provide a fastboot command that lists all oem commands (try fastboot oem ? and see if that works), then you won’t need to do anything further. If there isn’t any command that prints a list of available fastboot oem commands, then you’ll need to print a list of strings from the aboot.img and search for the oem commands manually.

‘strings’ is a linux command, the documentation for which is available here. As you can tell, I’m personally using a Windows machine, so instead I’ve been using a program that mimics ‘strings’ from Linux. The raw output of the ‘strings’ command on an aboot.img file will be quite messy, but if you simply CTRL+F for ‘oem’ you should find what you need. If you want to refine your search, you can try this command (for the Windows version I linked):

strings * | findstr /i oem

For the Nexus 6P, I compiled the following list of fastboot oem commands:

fastboot oem unlock-go
fastboot oem frp-unlock
fastboot oem frp-erase
fastboot oem enable reduced-version
fastboot oem device-info
fastboot oem enable-charger-screen
fastboot oem disable-charger-screen
fastboot oem enable-bp-tools
fastboot oem disable-bp-tools
fastboot oem enable-hw-factory
fastboot oem disable-hw-factory
fastboot oem select-display-panel
fastboot oem off-mode-charge enable
fastboot oem off-mode-charge disable
fastboot oem ramdump enable
fastboot oem ramdump disable
fastboot oem uart enable
fastboot oem uart disable
fastboot oem hwdog certify begin
fastboot oem hwdog certify close
fastboot oem get-imei1
fastboot oem get-meid
fastboot oem get-sn
fastboot oem get-bsn
fastboot oem get_verify_boot_status

Be warned that you should not attempt any of the above commands, or any of the commands that you discover on your device, unless you are willing to accept the risks. There is a reason these commands are hidden from the user.

That being said, I’ve thought of some neat uses for some of these fastboot commands I’ve found (that may or may not be present on your device, so follow the instructions above to check!) that should fancy the most hardcore Android enthusiast. There are two commands here that could have some practical use.

First up is the fastboot oem (enable|disable)-charger-screen command. What this does is disables the charging screen that pops up when your device is turned off. If you aren’t a fan of the blinding brightness of the charging screen when your phone is off, then you can disable it via this hidden fastboot command!

Next, there’s the fastboot oem off-mode-charge (enable|disable) command. This command determines whether or not your device will automatically turn on when a power source is detected. By default, it is set to ‘disable.’ I will admit that this command does not have much use for phones, but if you’re planning on mounting your tablet into your car’s dashboard, you will find this command incredibly useful. You will be able to set your device to immediately power on when the tablet receives power, such as when your car battery starts up. Conversely, it’s quite easy to power down the tablet when power is lost by using an automation app such as Tasker. This command, by the way, works exactly as written on the Nexus 7 (2013).


That’s it for this lesson in Android customizability. Share the commands that you discover (ideally in a pastebin link) in the comments below!

Thanks to XDA Senior Recognized Developer Dees_Troy for his assistance in the making of this article!



from xda-developers http://ift.tt/2df7f44
via IFTTT

Aucun commentaire:

Enregistrer un commentaire