Skip to content

Instantly share code, notes, and snippets.

@steadfasterX

steadfasterX/guide.md

Last active December 5, 2024 19:35
Show Gist options
  • Save steadfasterX/aed2a1f397e387bd6efa01990aec761f to your computer and use it in GitHub Desktop.
Save steadfasterX/aed2a1f397e387bd6efa01990aec761f to your computer and use it in GitHub Desktop.
Download ZIP
adb_boot_debug
Raw
guide.md

Here are 3 ways to allow debugging on boot by connecting to adb. This is often called "insecure adb" - while it is not as "insecure" as you might think 😉

STEP 1

Prepare authorization

Since A7 you have to authorize your adb server which either requires to add your adb pub key into the ramdisk (directly on / ) or you must put it in /data/misc/adb/adb_keys, e.g when in recovery. Details here. This method will not work on FDE encrypted devices though. for this you need to mod the boot.img (see "Option A: Modding an existing boot.img").

important is that it has to have proper label and permission set. e.g when in recovery:

FORMAT(!) DATA in recovery!
REBOOT from recovery into recovery afterwards!
then go on:

adb push ~/.android/adbkey.pub /tmp/
adb shell
mkdir -p /data/misc/adb/

mv /tmp/adbkey.pub /data/misc/adb/adb_keys 
chcon u:object_r:adb_keys_file:s0 /data/misc/adb/adb_keys
chown system:shell /data/misc/adb/adb_keys 
chmod 640 /data/misc/adb/adb_keys

STEP 2

Choose an option and follow

Option A (RECOMMENDED): Modding an existing boot.img / default.prop

System As Root (SAR)

if the OS build implements system_as_root the most easiest way is to:

  1. boot into a custom recovery with adb shell access (e.g. TWRP)
  2. mount /system
  3. change default.prop in /system

There is no need to do anything else here. Here a way to achieve this easily. It assumes that your system partition was mounted to /system_root:

cp /system_root/default.prop /system_root/default.prop.orig

for i in ro.adb.secure ro.secure ro.debuggable persist.service.adb.enable persist.service.debuggable persist.sys.usb.config;do
    grep -q $i /system_root/default.prop
    if [ $? -ne 0 ];then
        echo "$i=undefined" >> /system_root/default.prop
    fi
done
sed -i 's/^ro.adb.secure.*/ro.adb.secure=0/g;s/^ro.secure.*/ro.secure=0/g;s/^ro.debuggable.*/ro.debuggable=1/g;s/^persist.service.adb.enable.*/persist.service.adb.enable=1/g;s/^persist.service.debuggable.*/persist.service.debuggable=1/g;s/^persist.sys.usb.config.*/persist.sys.usb.config=adb/g' /system_root/default.prop
for i in ro.adb.secure ro.secure ro.debuggable persist.service.adb.enable persist.service.debuggable persist.sys.usb.config;do grep $i /system_root/default.prop;done

Once booted you can check if they got set properly by e.g.:

getprop | grep -E "ro.adb.secure|ro.secure|ro.debuggable|persist.service.adb.enable|persist.service.debuggable|persist.sys.usb.config"

Non - System As Root (SAR)

if the OS build does NOT implement system_as_root you could unpack/repack your boot.img by one of:

Whatever you use - try this first: unpack -> repack -> flash (so without any modifications).

if that does not boot anymore use another tool. e.g. if AIK does not work try another one before going on.

default.prop (on some OS versions this might be named "build.prop" instead):
------------------------
ro.adb.secure=0
ro.secure=0
ro.debuggable=1
persist.service.adb.enable=1
persist.service.debuggable=1
persist.sys.usb.config=adb

# if that does not work try: persist.sys.usb.config=mtp,adb

!!! IMPORTANT: !!!
remove ANY other line which contains one of settings above

Here are some lines making the above easy when on Linux. I assume that you are in the same directory as the unpacked default.prop:

for i in ro.adb.secure ro.secure ro.debuggable persist.service.adb.enable persist.service.debuggable persist.sys.usb.config;do
    grep -q $i default.prop
    if [ $? -ne 0 ];then
        echo "$i=undefined" >> default.prop
    fi
done
sed -i 's/^ro.adb.secure.*/ro.adb.secure=0/g;s/^ro.secure.*/ro.secure=0/g;s/^ro.debuggable.*/ro.debuggable=1/g;s/^persist.service.adb.enable.*/persist.service.adb.enable=1/g;s/^persist.service.debuggable.*/persist.service.debuggable=1/g;s/^persist.sys.usb.config.*/persist.sys.usb.config=adb/g' default.prop
for i in ro.adb.secure ro.secure ro.debuggable persist.service.adb.enable persist.service.debuggable persist.sys.usb.config;do grep $i default.prop;done

Once booted you can check if they got set properly by e.g.:

getprop | grep -E "ro.adb.secure|ro.secure|ro.debuggable|persist.service.adb.enable|persist.service.debuggable|persist.sys.usb.config"

authorize your PC with ADB

within your unpacked boot.img put your adb key directly into the root of the RAMDISK (details here) as follows:

cp ~/.android/adbkey.pub <PATH-TO-RAMDISK-ROOTDIR>/adb_keys

in case of AIK this would be:

cp ~/.android/adbkey.pub <path>/AIK-Linux/ramdisk/adb_keys

repack the boot.img and flash

Option B: when on A12

when on a12 (and likely later) and you just wanna enable adb logcat during build (not truly insecure, its more like half-insecure): https://github.com/crdroidandroid/android_build/commit/a9f4cd5493ead4134aba6e17e80c81eb104cdf43

for a full insecure (i.e allowing adb root and then e.g. adb shell dmesg during boot) use one of the other options.

Option C: Enable during build

Within your android source directory (replace <ROM> with the vendor path of your ROM you building for. e.g vendor/lineage/config/common.mk)

sed -i "s/secure=./secure=0/g" build/core/main.mk
sed -i "s/secure=./secure=0/g" vendor/<ROM>/config/common.mk
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment