Google Wallet Hack - Applying Card Emulation Patch to Android 2.3.4_r1 Source Code and Flashing it on Samsung Nexus S

Its 1:14 am and I though of jotting down all those steps which  I have encountered in flashing the Custom images on the Samsung Nexus S in bringing it on the Card Emulation Mode.It is the mode in which the Phoen can emulate as a Card(Credit card ).Thanks tom0rtadelo on xda developer site and his post -> http://forum.xda-developers.com/showthread.php?t=1281946 ( i think his real name is Fernando Miguélez Palomo , I would be glad if I would be corrected here.)

Ok So here are the steps I have followed and able to get the Nexus S in the Card emulation Mode(I dont know if it really is, looking for examples and tests to test this these days)

mkdir ~/bin

PATH=~/bin:$PATH

curl https://dl-ssl.google.com/dl/googlesource/git-repo/repo > ~/bin/repo

chmod a+x ~/bin/repo

mkdir nfc-card-emu

cd nfc-card-emu

repo init -u https://android.googlesource.com/platform/manifest

repo init -u https://android.googlesource.com/platform/manifest -b android-2.3.4_r1

repo sync

Above step will take some 3-4 hours to get the Whole Android tree for 2.3.4_r1.

I am downloading this tree as the NFC Card Emulation patches are available for this only.

you will have this directory -> /Android-2.3.4_r1 under nfc-card-emu after the above step > Android-2.3.4_r1

Downloading the source code : 

Now download the patches from here - > http://forum.xda-developers.com/showthread.php?t=1281946    its name is --> 

gb-2_3_4_r1-patches_nfc-ce_bt-fd-20110929.zip

Copy this patch in the /Android-2.3.4_r1 folder insid nfc-card-emu  and unzip it using unzip gb-2_3_4_r1-patches_nfc-ce_bt-fd-20110929.zip 

You will get these files  : gb-2_3_4_r1-nfc_ce-bt_fd.patch, gingerbread.bare,gingerbread.bare.orig

You will run these commands from the /Android-2.3.4_r1

All the commands are in blue color

All the output you will get are in brown color

All the rest is in Black

Apply patch using this command : 

sudo patch -p1 < gb-2_3_4_r1-nfc_ce-bt_fd.patch 

patching file external/libnfc-nxp/inc/phDbgTrace.h
patching file external/libnfc-nxp/inc/phNfcConfig.h
patching file external/libnfc-nxp/src/phHal4Nfc_Emulation.c
patching file external/libnfc-nxp/src/phLibNfc_initiator.c
patching file external/libnfc-nxp/src/phLibNfc_SE.c
patching file frameworks/base/core/java/android/bluetooth/BluetoothAdapter.java
patching file frameworks/base/core/java/android/server/BluetoothService.java
patching file packages/apps/Nfc/jni/com_android_nfc.h
patching file packages/apps/Nfc/jni/com_android_nfc_NativeNfcManager.cpp
patching file packages/apps/Nfc/src/com/android/nfc/NfcService.java
patching file packages/apps/Settings/AndroidManifest.xml
patching file packages/apps/Settings/res/values/strings.xml
patching file packages/apps/Settings/res/values-es/strings.xml
patching file packages/apps/Settings/res/xml/nfc_settings.xml
patching file packages/apps/Settings/res/xml/wireless_settings.xml
patching file packages/apps/Settings/src/com/android/settings/bluetooth/BluetoothDiscoverableEnabler.java
patching file packages/apps/Settings/src/com/android/settings/nfc/NfcSettings.java

After that build the Android source tree using these commands :
Do every thing as a root user .

sudo su

password : <your password as root>

source build/envsetup.sh

including device/htc/passion/vendorsetup.sh

including device/samsung/crespo/vendorsetup.sh

. build/envsetup.sh

including device/htc/passion/vendorsetup.sh

including device/samsung/crespo/vendorsetup.sh

lunch

  

You're building on Linux

Lunch menu... pick a combo:

     1. generic-eng

     2. simulator

     3. full_passion-userdebug

     4. full_crespo-userdebug

select 4 as it is for Nexus S


Which would you like? [generic-eng] 4

============================================
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=2.3.4
TARGET_PRODUCT=full_crespo
TARGET_BUILD_VARIANT=userdebug
TARGET_SIMULATOR=false
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm
HOST_ARCH=x86
HOST_OS=linux
HOST_BUILD_TYPE=release
BUILD_ID=GRJ22
============================================

make -j4

at the end you should get this : 

make_ext4fs -l 536870912 -a system out/target/product/crespo/obj/PACKAGING/systemimage_intermediates/system.img out/target/product/crespo/system
Creating filesystem with parameters:
    Size: 536870912
    Block size: 4096
    Blocks per group: 32768
    Inodes per group: 8192
    Inode size: 256
    Journal blocks: 2048
    Label:
    Blocks: 131072
    Block groups: 4
    Reserved block group size: 31
Created filesystem with 540/32768 inodes and 26546/131072 blocks
Install system fs image: out/target/product/crespo/system.img
out/target/product/crespo/system.img+out/target/product/crespo/obj/PACKAGING/recovery_patch_intermediates/recovery_from_boot.p total size is 102413589
Installed file list: out/target/product/crespo/installed-files.txt

you will get the files to be flashed in the folder > /out/target/product/crespo

-rw-r--r-- 1 root root   2973696 2011-12-21 11:49 boot.img

-rw-r--r-- 1 root root    142676 2011-12-21 11:49 ramdisk.img

-rw-r--r-- 1 root root    385840 2011-12-21 11:50 ramdisk-recovery.img

-rw-r--r-- 1 root root   3219456 2011-12-21 11:50 recovery.img

-rw-r--r-- 1 root root 102193012 2011-12-21 12:22 system.img

-rw-r--r-- 1 root root  19247552 2011-12-21 11:39 userdata.img

Also along with these binariees you will get the compiled fastboot in the folder > /out/host/linux-x86/bin/

Put the phone in the fastboot mode and issue these commands.(fast boot mode can be achieved by pressing the power key + volume key UP together)

To flash the above files issue these commands(as root) : 

$ ./out/host/linux-x86/bin/fastboot erase userdata

 erasing 'userdata'...
OKAY [  0.280s]
finished. total time: 0.280s

$ ./out/host/linux-x86/bin/fastboot erase cache

 erasing 'cache'...
OKAY [  2.018s]
finished. total time: 2.019s

$ ./out/host/linux-x86/bin/fastboot flash system out/target/product/crespo/system.img

 sending 'system' (99797 KB)...
OKAY [ 25.889s]
writing 'system'...
OKAY [ 12.442s]
finished. total time: 38.331s

$ ./out/host/linux-x86/bin/fastboot flash userdata out/target/product/crespo/userdata.img

sending 'userdata' (18796 KB)...
OKAY [  4.861s]
writing 'userdata'...
OKAY [  2.008s]
finished. total time: 6.869s


$ ./out/host/linux-x86/bin/fastboot flash boot out/target/product/crespo/boot.img

 sending 'boot' (2904 KB)...
OKAY [  0.754s]
writing 'boot'...
OKAY [  0.385s]
finished. total time: 1.139s

/out/host/linux-x86/bin/fastboot reboot

 rebooting...
finished. total time: 0.001s




Donwload the libpn544_fw.so from here.


There is an error after booting as libpn544_fw.so is not found in the /system/lib and it is unable to load this .so which is necessary for NFC operation.
so to avoid this do this on command prompt :
$  su
#  mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
#  cd system
# chmod 777 lib
#  exit
$ adb push <pat to libpn544_fw.so>  /system/lib

$adb shell
$su
#  cd system
# chmod 755 lib


Once reboot is done you will get the options changed in the NFC Settings as told by Fernando Miguélez Palomo 

These are the videos : 

Before Flashing the patched Android : 

http://youtu.be/vMD06uRQaQI

After Flashing the patched Android : 

http://www.youtube.com/watch?v=WyriHAcXBLw&feature=youtu.be

Plz let me know how  it goes !!!


In case you dont want to download the 2.3.4-r1 source Code , you cab take the images from here --> http://www.sendspace.com/filegroup/QrM1XZxbueqZMsC1bvJ7R%2BYO8SgCItUB

Note : Though the title says a hack but it is not.It was initially i thought that by doing this some one can actually hack the Google wallet.Any way I am not changing the subject line as the steps involved will definitely a step towards the subject of the post in near future.

Thanks Sandeep for Reviewing my blog and pointing out the typos :) !

Rgds,.

Softy

Creatign two threads to display the task bar and do the background processing..

..under construction......

Some Questions Compilation

Hi
here is my effort to compile few interview questions being asked in one of the susidiary of a top notch Phone making MNC..

Delegates in C#
uart baud rate y 115200, why these numbers why not some other..
udev, interface ..
hw/sw flow control in uart
programm to dlete a node, a loong node w/o any temporary variable
work queue, tasklets
system v ipc
send messg and post messge in system v ipc
pasing by pointer and refernce in c
where does the arguments of a funtion gets stored in memory (bss or stack)
why the irqs are diabled at boot loader stage
inhritance and polymorphism in c++, virtual functions, what is copy constructor and what is singleton class.
volatile?is it a storage class or compiler directive
way to pass signals in process
how the memory can be allocated in kernel w/o malloc,kalloc, vmalloc - ans get pages , oage level apis ,
mmap ??
memory map and io mapped io
main()
{

fork();
printf("abc")

}
how many times abc will be printed?what if fork is used three times
what is daemon , how it is created and destroyed, thier role
question aabout projects..
version of .NET , why 3.5 why not 2.0
win ce questions if you know
how many bits /per pixel were there in the monochrome lcd we use in the driver
whatis input sub sytem
what is proc file system , there use
what is /etc/fsstab what is /etc/rc.d used for, why ?
assembly level programmin , you know?what?where have you used?
synchronisation primitives
what is atomic_t variables
which is better mutex or atomic_t>?why?
what are spinlocks..
IDES used for development..
your interesets, i have written blogging
mobile phones,
what is the gps latitudde /longitude of bangalore??
what is almanac data in gps
output of ++*p, precedence of * over /....

1. ARM-- prefetch abort-- who sets the permission.. if processor, then why processor can't access the instruction

how the processor returns from supervisor mode to user mode. If user application calls system call to go into kernel mode, how the transition happens in ARM and how it gets back to user.


2. I2C-- The I2C core is currently handling i2c_write() from EEPROM and RTC is trying write on i2c bus, how the core handles this condition.

before i2c_write should it always check for bus busy, and wait in a while loop.
i2c adapter driver vs i2c client driver. Function calls in linux for both

3. LCD-- what are the layers in video linux,
what are the function calls in linux for LCD,
how the mapped memory from user goes into LCD controller.
how data from LCD contoller goes to user mode.
how LCD controller gets the video data from user.
if user calls mmap, how the kernel gets the arguments from user.
what mmap does.
In which part of the memory the user video data resides and where the kernel mapped video data resides.

4. What is the address space of linux kernel.

5. examples of volatile where u used it. how to use volatile in hardware registers, write the C code for it. how does ioremap() works. how the device register memory gets mapped into linux kernel address space.

6. Describe the boot steps. In which part of the memory the kernel resides. Which flash u used in your system. How linux boots from flash memory.

Tryst with Hawkboard - Day 1

..Saurav brought one hawkboard last to last night..out of sheer adrenaline push amidst his fellow coleegaues and ordered me to book the 11-1 am slot for our"only new found love - Linux/Android".And whats the use w/o a hw board if linux has to be waken up ..so it came witha grand entry for INR ****..yeh it was close to four dgits.So worth head banging for such a time slot ..
What we did in this slot :

Our ijob was to connect the board with serial port and get it booted and see the hawkboard prompt on our host machine..that was our moment of glory..as if we had discovered America..
We had a serial to USB converter and we connected it on our laptop as our laptops doesn't supports the serial port(all it has was a good for nothing never usable VGA parallel port)We tried , get it connected , some baud rate and serial port configuration on the hyperterminal , some button pressing, we got nothinng....again some change in configuration here and there googling and found the same state...still nothing...we went to the another pre historic desktop and planned to give up the USB converter and use directly the serial cable ..and blaaahhhhhhhhhhhhhh....got the hawkboard screen display on hyperterminal....we feel ecstatic...now get it done on the USB serial converter on our laptop...
Opened minicom and set its port by .dev/ttyUSB01 and yes we were able to get it briught up using the serial port as well !!

C Post

This is my compilation of some C questions I have googled and gathered from the web.



(1) unsigned int x = -1; x >>= 2 .What will the value of X?

Value of X will be --> UINT_MAX ( Maximum int Value in the System)
UINT_MAX is defined in the <limits.h>


Therefore :
 x >>= 2 = Integral part of (UINT_MAX/4 (a>>b = a /2^b))

UINT_MAX is also equal to the 0xFFFFFFFF ( that is size of Intezer on a system*2 times F ) 
For example if the size of Intezer is 4 bytes(32 bit) the value of Max int = (2^32) -1
This solution can also be made to find out the size of an intezer on a machine.But for that you have to store the bigger values like 4294967295((2^32) -1)
Alternate way to find out the Size of Intezer is  to find the difference between the &(x) and &(x++) .


(2) Accessing a function Pointer via Structure - Hidden OOPS ?


#include<stdio.h>
void (*funcPtr)();
typedef struct test
{
int x;
char y;
void (*ptr)();

}tstruct;
void show()
{
printf("Demoi \n");
}
void main()
{
tstruct z;
z.x = 100;
z.y = 900;
z.ptr = show;
z.ptr();


}

This programm shows some hidden feature of how OOPs can be implemented using the C.If we assign x as n boolean flag for accessing the function pointed to by the ptr variable , I am sure we can do some OOP stuff here with this code.

(3) What is the structure of the programme in the memory?



More ...to be contniued..!

And finalyy got Nokia N900 !!

..well its been 2 yrs at nokia..and Nokia has given me for all those valuable effortless, bugless contribution I have made to the society via Nokia..reallly!!! Nossss its just a policy..we get a new phone for ervy two years completeion and a new laptop for evry three yr completeion..i hope I am not befriending wikileaks here...HR are you listening...!! Kidding....this is the first resistive Touch , MMS less, 3.5 g, 5 mxpl, 28 gb memory, --LINUXXXXXXX based mobile phone..yeah its the maemo from Nokiee..in the smart phone segment..(ya you got me right I am boasting implicitly for my not-so-usefull-googlish-skill )..pretty good descent digg-me-more device ..first and the last of Nokia's Linux tryst in the smart phone cateogary ..in the class of.embedded device..last because now maemo will come with meego..(truly speaking not an embedded device as I can open an Xterminal and use it for building any other application using some not-so-junk linux shell..and if I can use it for that how it could be the embedded device..need to revise my definition of ED..).It didnt get much good appreciation from the user community...though the developer/testers/debuggers community boasted it most..the commercialization of an open source is the crux of the blog...maemo, meego(maemo+goblin) and of course our anti-nokiee community(android folowers) share the 90% of the the Mobile OS code)...all seems to be the same... who will win..is the question ..whose answer lies totalyy on the consumer..that means the UI...that means teh -the application --that means(TM) -framework- Qt or XYZt(possible for anti-nokia)-TM- commercialization of APplication framework consultant-TM-..list is short...!!

N9.....





so where do I go from here...!!

IKU - Dummy UI looks

Profile Id for assisted mode

In the assisted mode the contactor needs to know the contact number of the target which can be achieved by scanning for the Target’s profile Id which is the registered user for the CCA application, using BT.The scanning result will give the Profile ID which can be send to the CCA server for further processing. Target column on the UI shows the Profile Picture and the Profile Id column shows the Profile Id of the mobile owner, so that the contactor may come to know the profile Id of the Target which he can send to the CCA server.

Profile Id:

Profile Id is the uniquie Id for identifying the Phone using this application.

G(a,b,c) will be an algorithm which will generate a (profile Id) string Pattern which will have the information of Phone’s Profile.This will help contactor to identify the Profile Id of the target which he will send to the CCA server for discovering the common contacts.The contactor’s application will give him The UI shown above, with the profile Id of the target, which he will send to the CCA server.

G(a,b,c) =

a = Phone number

b = IMEI number

c = 48 bit BT MAC address

This is one proposal for an Algorithm:

The last 3 bits of component (b, c) and full 10 bits of Phone number are combined together and a string pattern is generated, which will be the profile Id and can be sent to the CCA server

e.g. if a = 919008025304

b = 354552017299159

c = 00:62:25:25:1A:4B

G(a,b,c) = 159-0A-4B-919008025304

The CCA server will then maps the profile Id with the profile Id in the database wether it is registered or not, if yes it will search for the corresponding number and send the result back to the contactor