[HACK] 2nd-init

**Skrilax_CZ** · 10-11-2010, 01:37 AM

This is mainly for ROM developers - allows you to "restart" init process with your custom binary and custom rc scripts. Technically using code injection the code to call "execve("/init", {"/init", NULL**, environ);" is injected and the environ variables are read from /proc/1/environ by the binary.

It has to be combined with the "sh hijack". Info & download is here:
2ndinit [And Developers]

So Milestone XT720 users will soon get a "bootstrap" version of Open Recovery

**89luca89** · 10-20-2010, 08:22 AM

Hi Skirlax, I wuould love to have more delucidations about the 2nd-init and the sh hijack (of wich I've didn't find anything)
Now, I'm interested on creating a custom init.rc for my Rom, but where to start?
In what does it differ from the Ramdisk method of dexter? (in both good and bad way)

Would love to have some informations because I'm very intrested in this type of hack, and maybe some links or file example wuould help me

Thx a lot for your time

**Skrilax_CZ** · 10-20-2010, 11:22 AM

It's a "evolution" of that method (that was being used by dext3r and nadlabak in older CM) - so no cons.

What they did was starting the "init" instance for a second time - thus there were two init instances; the original one "frozen" and the second one doing the job. What you call "Ramdisk method" - this is nothing else than replacing the init, init.rc, etc. from the signed ramdisk image. 2nd-init only changes the way how the new init is called - which is by injecting code to the original init basically to restart itself (look on execve manual) - but if you replaced it, it will restart into the new one.

"sh hijack" - in init process, a script is called in very early stage (called "init" as well) - basically it calls /system/bin/sh. Now the "sh" doesn't have to be the shell, it can be your own program which will do the necessary things to call 2nd-init and ensures that future calls to sh are handled normally (mounts sh to the real shell binary). An example is shown in the newest CM.

**89luca89** · 10-20-2010, 11:33 AM

oh MANY thanks

Now I'm starting to understand something xD I'll read execve manual ASAP;
Just a curiosity, INIT calls /system/bin/sh, But when I create a rom,The backup will not contain /system/bin (and even /sbin) so how can I call a Custom sh? (I mean, I have to create a Rom by update.zip or there is another method)?

**Skrilax_CZ** · 10-22-2010, 11:19 AM

The /system partition can be fully customised. Thus you can have your own /system/bin/sh.

**89luca89** · 10-22-2010, 11:56 AM

But I mean, I do not know how to create an update.zip installation for a Rom, so I use Nandroid, and nandroid does not backup /system/bin part!!

**Skrilax_CZ** · 10-22-2010, 12:37 PM

It does back it up.

**89luca89** · 10-22-2010, 01:03 PM

ok nice,
I',ll try to boot a sh hijack with the original init.rc with just a line or 2 modded only to see how it goes

**NeoBeZ** · 11-11-2010, 08:28 AM

what about open recovery for XT720 ?

P.S sorry for my english

**Skrilax_CZ** · 11-13-2010, 04:09 PM

The 1.46 will be released also for the XT720.

**NeoBeZ** · 11-14-2010, 12:19 AM

It is possible at least approximate date of release?

**Skrilax_CZ** · 11-17-2010, 02:39 PM

Posted testing version.

**NeoBeZ** · 11-18-2010, 01:28 AM

thank you!!!

Thread: [HACK] 2nd-init

LinkBack

Thread Tools

Display

[HACK] 2nd-init

6 Users Say Thank You to Skrilax_CZ For This Useful Post

The Following User Says Thank You to Skrilax_CZ For This Useful Post:

LinkBacks (?)

Motorola Milestone XT720 -

Posting Permissions