(转载)有空整理
2017-06-26 22:28
471 查看
How to Discover Hidden Fastboot Commands
In my quest to discover as much about Android customization as I possibly could, I’ve made many obscure, yet interesting discoveries. I’ve shown you how to accesshidden menus on your device by sifting through all of the hidden application activities on your phone. More recently, I’ve shown you how to access the
hidden hardware diagnostic tool on certain smartphones. Now, I realize that some of you were disappointed in the fact that your smartphone was not covered in the previous article, and I apologize for that.
To make up for it, I’m going to walk you through something far, far more advanced and exciting: dumping your device’s bootloader to discover hidden fastboot commands. This guide, although done on my
Nexus 6P, is most definitely replicable on the majority of smartphones. However, what commands you will have access to will vary significantly between devices. Most commands will not really
help you in any real situation, but nevertheless it’s pretty interesting to dive this deep into your phone’s settings. Let’s get started.
Disclaimer: So long as you know what you’re doing and can follow instructions appropriately, nothing bad should happen to your device. But, we are still messing around with our device partitions and the bootloader, so there is no telling what could happen
if you enter the wrong command. Make sure you have an off-device backup ready!
Preparation
Before we get started, there’s one really, really important thing to note. In order to extract your device’s bootloader, you will need root access on your phone. If you do not have root access, you can continue reading this guide for educational
purposes, but you will not be able to perform any of the necessary commands. Got that? Good. Another prerequisite you will need to meet is ensuring that your computer has all of the proper ADB/fastboot drivers. If you don’t have the ADB/fastboot
binaries, then I recommend installing
Minimal ADB & Fastboot from our forums. As for the drivers, you can grab the necessary drivers for Google Nexus devices
here and for all other devices from
here. How do you know if you’re good to go? Plug in your device, enable USB Debugging under Developer Settings, open up a command prompt, and type:
adb devices
If you see your device’s serial number pop up, then you’ve got the right drivers.
Dumping the Bootloader
Our first step is to open a shell on our device so we can run commands over ADB. It’s best that we run commands over ADB because we’re much more prone to making mistakes when typing on a virtual keyboard, and making mistakes is not something you want to
do here. The first command you should run in your command prompt is:
adb shell
If you see the command prompt change from displaying the ADB binary directory to showing the codename for your Android device, then you’ve successfully entered your device’s local command line shell. Now, in order to access the partitions we need to dump,
you will need superuser access. To do so, type the following:
su
The symbol in front of your device’s codename should change from $ to # indicating that you can now run commands with elevated privileges. Be careful now!
Next, we will figure out the exact location of your device’s bootloade
4000
r image. In order to find the exact directory, we will print out a list of all of the partitions and their directories by name, and look for one in particular called ‘aboot.’
You will need to enter two commands as follows:
cd /dev/block/bootdevice/by-name ls -all
As
you can see above, a giant list of partition directories are printed out. These partitions are sorted by name, so we can easily discern the location of our bootloader partition. In my case, the bootloader, which is ‘aboot’ in the above image,
can be found at /dev/block/mmcblk0p10. This will vary depending on your device, so it’s important that you follow these instructions to figure out the true directory where your bootloader is located. Take note of this directory, however, as
we will reference it in the following command to dump the bootloader:
dd if=/dev/block/{YOUR ABOOT PARTITION} of=/sdcard/aboot.img
Once successful, you should find a file called ‘aboot.img‘ located on the root of your internal storage. Now that we’ve dumped the bootloader, we need to examine it to determine what hidden commands we can find.
Hidden Fastboot Commands and their Uses
You might be familiar with some of the more common fastboot commands, such as fastboot flash
or fastboot boot. There are many more fastboot commands as defined in the
open source fastboot protocol. Here is a list of the fastboot commands available on every device with a bootloader based off of the latest AOSP code:
What’s missing in this list are fastboot oem commands. These commands are specific to Android device manufacturers, and there is no comprehensive list or documentation anywhere for what fastboot oem commands are available.
Now, if your device manufacturer was kind enough to provide a fastboot command that lists all oem commands (try fastboot oem ? and see if that works), then you won’t need to do anything further. If there isn’t any command that prints a list
of available fastboot oem commands, then you’ll need to print a list of strings from the aboot.img and search for the oem commands manually.
‘strings’ is a linux command, the documentation for which is
available here. As you can tell, I’m personally using a Windows machine, so instead I’ve been using a
program that mimics ‘strings’ from Linux. The raw output of the ‘strings’ command on an aboot.img file will be
quite messy, but if you simply CTRL+F for ‘oem’ you should find what you need. If you want to refine your search, you can try this command (for the Windows version I linked):
strings * | findstr /i oem
For the Nexus 6P, I compiled the following list of fastboot oem commands:
fastboot oem unlock-go fastboot oem frp-unlock fastboot oem frp-erase fastboot oem enable reduced-version fastboot oem device-info fastboot oem enable-charger-screen fastboot oem disable-charger-screen fastboot oem enable-bp-tools fastboot oem disable-bp-tools fastboot oem enable-hw-factory fastboot oem disable-hw-factory fastboot oem select-display-panel fastboot oem off-mode-charge enable fastboot oem off-mode-charge disable fastboot oem ramdump enable fastboot oem ramdump disable fastboot oem uart enable fastboot oem uart disable fastboot oem hwdog certify begin fastboot oem hwdog certify close fastboot oem get-imei1 fastboot oem get-meid fastboot oem get-sn fastboot oem get-bsn fastboot oem get_verify_boot_status
Be warned that you should not attempt any of the above commands, or any of the commands that you discover on your device, unless you are willing to accept the risks. There is a reason these commands are hidden from the user.
That being said, I’ve thought of some neat uses for some of these fastboot commands I’ve found (that may or may not be present on your device, so follow the instructions above to check!) that should fancy the most hardcore Android enthusiast. There are two
commands here that could have some practical use.
First up is the fastboot oem (enable|disable)-charger-screen command. What this does is disables the charging screen that pops up when your device is turned off. If you aren’t a fan of the blinding brightness of the charging screen when
your phone is off, then you can disable it via this hidden fastboot command!
Next, there’s the fastboot oem off-mode-charge (enable|disable) command. This command determines whether or not your device will automatically turn on when a power source is detected. By default, it is set to ‘disable.’ I will admit that
this command does not have much use for phones, but if you’re planning on mounting your tablet into your car’s dashboard, you will find this command incredibly useful. You will be able to set your device to immediately power on when the tablet receives power,
such as when your car battery starts up. Conversely, it’s quite easy to power down the tablet when power is lost by using an automation app such as Tasker. This command, by the way, works exactly as written on the
Nexus 7 (2013).
That’s it for this lesson in Android customizability. Share the commands that you discover (ideally in a pastebin link) in the comments below!
相关文章推荐
- VC:CString用法整理(转载)
- [乐意黎转载]GitHub上整理的一些工具集合
- C#正则表达式整理备忘 转载(http://www.cnblogs.com/KissKnife/archive/2008/03/23/1118423.html)
- 常用meta整理[转载]
- 美团大众点评合并:背后技术力量的对比回顾【转载+整理】
- (转载)推荐!国外程序员整理的 C++ 资源大全
- 过年,网上看到一哥们整理的资料,不错!收藏下!有空去看看!
- 【转载并整理】Linux - centOS 6 SVN服务器安装、配置及开机启动
- 转载_【整理】什么是SPI的bitbang / bit bang / bit-bang / bitbanging(转)
- .bashrc VS .bash_profile(转载+整理)
- 转载---ORACLE set和col命令的整理
- 火狐与IE浏览器之间的一些差别收集 转载加整理
- FindBugs规则整理(转载)
- [转载]不同服务器数据库之间的数据操作--复制同步(整理版)
- Oracle技术整理(转载)
- VC 学习过程----vc++学习精髓(收集,整理) 转载自 拼搏之路
- 程序员练级攻略 转载 整理
- VC:CString用法整理(转载)
- 几个主流的Java连接池整理 (转) (2012-01-04 23:48:02)转载▼
- 解决jquery1.9不支持browser对象的问题 (原创与转载综合整理)