Maintaining Android in the enterprise
Risk Management
Fastboot, Flashing, and Recovery Images
Listing 3 shows – in a fast-forward overview – how to flash the device with the free and lean CyanogenMod 10.2. You can do this without Windows and the snazzy installer specially written for this purpose: If you are working on Linux, first upload the image you downloaded from the CyanogenMod website [11] to the smartphone by typing adb push
. Then, grab the basic Google apps (e.g., the Play Store) that are not included in the image. To unlock the bootloader (fastboot oem unlock
) and flash a recovery system (fastboot flash recovery <file>
) we used fastboot; its options are shown in Listing 3.
Listing 3
Flashing with Fastboot
01 [root@pc]# adb push cm-10.2-grouper.zip /sdcard/Download/cm.zip 02 [root@pc]# adb push gapps-jb-20130301-signed.zip /sdcard/Download/gapps.zip 03 [root@pc]# fastboot --help 04 usage: fastboot [ <option> ] <command> 05 06 commands: 07 update <filename> reflash device from update.zip 08 flashall flash boot + recovery + system 09 flash <partition> [ <filename> ] write a file to a flash partition 10 erase <partition> erase a flash partition 11 format <partition> format a flash partition 12 getvar <variable> display a bootloader variable 13 boot <kernel> [ <ramdisk> ] download and boot kernel 14 flash:raw boot <kernel> [ <ramdisk> ] create bootimage and flash it 15 devices list all connected devices 16 continue continue with autoboot 17 reboot reboot device normally 18 reboot-bootloader reboot device into bootloader 19 help show this help message 20 options: 21 -w erase userdata and cache (and format if supported by partition type) 22 -u do not first erase partition before formatting 23 -s <specific device> specify device serial number or path to device port 24 -l with "devices", lists device paths 25 -p <product> specify product name 26 -c <cmdline> override kernel commandline 27 -i <vendor id> specify a custom USB vendor id 28 -b <base_addr> specify a custom kernel base address. default: 0x10000000 29 -n <page size> specify the nand page size. default: 2048 30 -S <size>[K|M|G] automatically sparse files greater than size. 0 to disable 31 32 [root@pc]# fastboot oem unlock 33 [root@pc]# fastboot flash recovery recovery-clockwork-touch-6.0.2.3-grouper.img 34 [root@pc]# adb reboot bootloader 35 [...]
If all of this works, adb reboot
boots the Android device in its plain vanilla state. To save yourself the work of pushing files, check out the sideload
ADB option, with which you can directly load files from your PC to the device. Fastboot is no exception: Often, root privileges are required on the PC. To check whether the tool finds the device, you can type fastboot devices
. Just because adb devices
works does not automatically mean that Fastboot recognizes the device.
Android Reboot from Linux
After rebooting Android, the next task is to select the images you pushed onto the smartphone or tablet and boot from them. Many devices require a wipe of the partitions and caches beforehand – recovery mode provides menu items; you can select them with volume +/- and Off buttons. The Android operating system then initializes. By now, at the latest, all the data previously on the device is deleted. After completing the configuration and restoring your backup, you should now – hopefully – have the desired original, and more secure, state.
Deep Analysis
In the worst case, admins need to investigate an Android device that is probably compromised – or at least its unusual behavior gives reason to suspect a compromise. If you discover suspicious traces with the tools described previously, you will certainly want more details about who infected the tablet – how and when – in addition to reverting to a safe initial state. Popular Linux tools like Sleuth Kit [12] are also useful for Android.
Each operating system stores its configuration details in a typical form; Linux uses readable configuration files, Windows uses the Registry, and Android mainly uses SQLite databases, which are also popular with many desktop programs, such as Firefox. It does not matter whether you run Firefox on Windows, Linux, or OS X, the history is always found in places.sqlite
; only the storage location varies. Google's Android browser stores its history in a file called browser.db
.
Buy this article as PDF
(incl. VAT)