Subscribe via Email

Subscribe via RSS/JSON


Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan


A post on Android, AOSP, Custom ROMs, Bootloader, Recovery, etc

While not sysadmin related, this is a long post I wrote today on Google+ and figured I must put a copy of it elsewhere too.

Been meaning to write a post on Android past few days, so here goes …

Modern phones are like computers. Similar to how computers have an OS (Windows, Linux, Mac etc) phones have a firmware (also called ROM). The names firmware and ROM are misleading. They are just legacy hangups from an era when the phone OS was basic and you rarely flashed (installed) a new OS or updated it. So although we still call it firmware or ROM, it’s actually an OS. In the case of Android, an OS based on Linux.

The Android OS is built by Google. Each release is named after a pastry. So you have Jelly Bean, Ice Cream Sandwich, Gingerbread, Eclair, and so on. With each new release Google usually also releases the source code to the OS. This open source release is called the Android Open Source Project (AOSP). Enthusiasts around the world take this AOSP release and make their own modifications. Since these are custom Android OSes, they are usually simply called custom ROM. The result is AOSP based firmware such as CyanogenMod, Carbon, AOKP, Paranoid Android, and so on. Most of these contain many more features than stock Android, as well as performance hacks and such. So they are quite popular among Android geeks.

Apart from the AOSP Google also releases its OS to partners such as Samsung, Sony Ericsson, LG, HTC, etc. They take the OS, add their own customization and tweaks, drivers for their hardware, additional software that differentiates their products from others, and (in the past but not so much now) useless “bloatware” software. Once upon a time this was the only way to get Android. You buy a phone from these partners and use their modified version of Android. So Google started creating its own brand of hardware, under the name Nexus. These are devices made by a partner such as HTC, Samsung, or LG, but built according to specs from Google (I think) and more importantly they come with “pure” Android. That is, Android the way Google intended it to be – without any additions or subtractions from the hardware partners. USually you have one Nexus phone a year.

Nexus devices are thus popular with those who want a pure Android experience. They are also not so popular with the general public as most people like the extra software and features provided by the non-Nexus-but-modified-Android phones. Plus Google doesn’t market the Nexus device much (though in recent past it has) and they are usually low in specs compared to the competition (though that too has changed in the recent past). Nexus devices have an advantage over other devices in that since they run pure Android they are the first to get Google’s new Android releases. Other phones take longer as Samsung or Sony or what-have-you must take the released Android, make their changes, customize the UI, test, etc before releasing to the public. Moreover, it is not in their best interests to let you have the greatest and latest Android release on their yesteryear handsets – even though it may work perfectly well – and so they may not even release the latest Android for the phone you have. (A good example being the Samsung Galaxy S II which can easily run Android 4.2 – as seen by the fact that it runs CyanogenMod 10 – but Samsung hasn’t officially released Android 4.2 for this device).

Yet another advantage of the Nexus devices is that since they are designed to run pure Android, they will run all AOSP based firmwares without any issue. On the other hand, devices created by other manufacturers could be made to run – provided the volunteers have the time and inclination to do so, and there’s enough demand for it, etc. Thus, for instance, you do have CyanogenMod builds for Samsung Galaxy S II, but you don’t have the latest CyanogenMod builds for Sony Ericsson Xperia Arc S (even though both were released around the same time). Some custom firmware may have builds for one device, but not for another – it all depends on the interest of the volunteers and demand from their target audience.

The reason devices by other manufacturers have sketchy support is to do with drivers. Drivers are blobs of code that tell the OS how to interact with a piece of hardware. The OS talks to the hardware through drivers, and that in turns depends on the phone manufacturer (whether they provide drivers, whether people know what hardware is being used, etc).

Back to the OS. As I said above Android is the OS that runs on your phone. Now, an OS is something that’s stored on the phone’s “disk” (not exactly the correct term here, hence the double quotes, but you get the point). When the phone is off and you power it on, something has to load this OS into the phone’s memory so it run and be “self initialized”. This “something” is required in the case of computers too – when you turn on your machine, there is a piece of software that loads first and asks you whether you want to load Windows 8 or Windows XP – assuming you have both OSes installed on your machine – or just goes ahead and launches one of these OSes if you only have one installed. This software is called a bootloader and the process of loading an OS via a bootloader is known as bootstrapping. (It comes from the idea that say you are sitting on a floor and want to get up but you can’t just push your hands down and lift yourself up. (Just assume you can’t for this example sakes. That’s how a phone/ computer OS is. It is sitting in the disk and needs to get up, but can’t do it on its own). What would you do? You are wearing boots (coz that’s how you are!) and these boots have bootstraps (the little piece sticking out at the top back of the boot) so you hold these bootstraps and pull yourself up – thus getting up on your own without any external help. Thus came about the name bootstrapping. And from there came the word bootloader).

So anyways, phones have a bootloader, which is what loads the OS into phone memory when you power it on. On computers (typically) bootloaders are free to load whatever OS you tell it to – so that’s why you can multiboot Windows, Linux, multiple versions of these, etc pretty easily. But on Android phones the bootloader is typically locked. Why? Coz that’s how phone manufacturers are. They don’t want you booting other OSes on their phones and writing to protected parts of the system (and maybe they have some others┬áreasons too based on how the contract system of phones work in the US and other parts of the world, I don’t know) – so if you have a Samsung Galaxy S II (say) you can’t just go ahead and install CyanogenMod on it as the bootloader is locked and it won’t be able to boot CyanogenMod for you! I am not very familiar how one used to unlock bootloaders in the past, but nowadays most phone manufacturers let you request for an unlock key from their website and then you can use a piece of software provided by Google to unlock the bootloader. (Another advantage of using Nexus devices is that unlocking their bootloader is a straightforward process – just type a command and you are done!)

Apart from the ROM and bootloader, another piece of software Android phones have is called recovery. Think of it like your computers’ BIOS, though it is not really like that. Or maybe a better way to think of it would be like a separate partition/ disk on your computer that contains a bare minimum OS that only lets you do basic stuff like backup/ restore your data and install/ upgrade your main OS. Most computers don’t have such a software as computers have CD-drives and USB disks and geeky chaps who want to do similar operations on computers just put in a Live-CD or USB and boot into an alternate OS to do their deeds. But phones don’t have such a luxury and so come with the recovery software installed onto it.

The recovery that usually comes with phones is pretty bare. There exist third party recovery software – notably ClockworkMod Recovery (and its touch enabled variant ClockworkMod Recovery Touch) and TeamWin Recovery Project (TWRP) (which is touch enabled by default). If you want to install a new ROM on your phone, you definitely need one of these recovery software. There are couple of ways to install a custom recovery and the process is pretty straightfoward. You don’t even need an unlocked bootloader to install a custom recovery, though if you plan on installing a custom ROM later you do need an unlocked bootloader. Some methods of installing a custom recovery require an unlocked bootloader, while others require a rooted phone.

Which brings us to the question of what is a rooted phone. You see, by default your phone OS lets you do things on it as a regular user. Again, it’s similar to how computers operate. Taking the case of Windows for instance: in the past, with Windows XP, when you logged in to the system chances are you had full rights to the OS and could do pretty much anything with it – install software, devices, and even viruses. Nowadays, though, Windows (Vista onwards) logs you in as a regular user and usually prompts you for an administrator username/ password when you are trying to do things like install apps. This is because Windows is more security conscious nowadays and doesn’t give you full rights by default. It logs you in as a user and only gives you elevated rights if you are authorized for it. Phone OSes are similar. By default they log you in as a user and you can do most tasks – including install apps – but if you want to tamper with the OS itself (such as install software that installs a custom recovery!) you need elevated rights. Problem is, Android and its variants (and also iOS etc) usually actively deny giving you elevated rights and so you need to do things to break the locks that prevent you from doing so. This process is known as rooting, and a phone that is thus “broken” is known as a rooted phone. (The term comes from Unix, where the user with full control over the system has username “root”. Since Android and iOS and based on Linux and BSD, which have Unix roots, the name stuck on. As an aside, on Windows the user with full access is known as “administrator”. And it’s as a homage to these that Harold Finch, of the TV show “Person of Interest”, worked under the username “admin” (short of “administrator”) while the girl who was trying to hack into the machine worked under the username “root”).

There is no one-size-fits-all method for rooting your Android phone. Since rooting depends on exploiting bugs in the OS to give you more rights, it depends on the version of the OS on the phone and also whether its pure Android or modifed by the phone manufacturers, etc. Nexus phones usually have it very easy – and there’s even a “Nexus Root Toolkit” software that easily roots the phone for you. For other phones a quick Google search usually turns up ways to root them. (By the way, this is what “jailbreaking” an iPhone entails. You exploit bugs in iOS to gain root access, and then you modify the OS to let you install your tweaks etc. That word is a homage to FreeBSD, a branch of BSD that the Mac OS X is based on).

Custom ROMs such as CyanogenMod etc are rooted by default. So once you install one of these there’s no separate need to root the phone. And if your aim is to replace the stock firmware with a custom one, there’s no need to root it either. Simply unlock the bootloader, install a custom recovery, and install the custom ROM. A good thing about Android is that you don’t need to root the phone or unlock the bootloader (or install a custom ROM) if all you are interested in is general customizing. You can easily theme the phone, make changes to your notification bar, install non-Play Store apps – all by default. This is unlike iOS where you can’t even change the theme or install non-App Store apps and so jail breaking is necessary even for those “basic” things. On Android you do all this only if you really like to play around with your phone (or your phone manufacturer isn’t updating it with newer firmware and so you want to switch to a custom ROM).

The rabbit hole doesn’t stop here actually. Most people go ahead and change the kernel too of their ROM. The kernel – as its name suggests (a kernel is the seed inside the nut of most plants, so it’s like the core-most thing of a plant) – is the core component of an OS. It is the actual bit of code in the OS that interfaces with the hardware (via drivers) on one side, and the OS & user applications on the other. With Android, you can change the kernel too – many people do this to get better performance out of their phone or for some feature only offered by a custom kernel. Installing a new kernel is quite straightforward – similar to how you would install a custom ROM.

And that’s it.

This post should have given you a high level overview of custom ROMS and rooting etc in terms of Android. One last thing to keep in mind is that if you are installing a custom ROM you must also install Google Apps (Gapps) separately. Once upon a time custom ROMs included the “Google for Android” software such as Gmail, Calendar, Search, Google+, Play Store, etc. Then due to licensing issues they stopped including these by default, so nowadays one must download the Gapps package separately, along with the custom ROM. They are usually found in the same place one downloads a custom ROM from, as there is (usually) a version of Gapps for each version of the custom ROM. In theory you can install a custom ROM without Gapps – leaving you unable to install any Google for Android apps or even access the Play Store – but it’s possible if you want it that way (just download the install files for packages you want and install yourself).

Print Management console to manage printers

Discovered the Print Management console today. Wonder how I missed it so far! It’s such a useful tool when you have many print servers and would like to manage them all. Moreover, if your print server is a Server Core install, then using the console definitely beats typing the commands and scripts that are provided by default to manage the print server on Server Core.

Couple of things as a note to myself:

  1. A 64-bit server requires 64-bit drivers to be installed. This was surprising to me. Always thought 32-bit drivers were ok even if the OS is 64-bit. But no, that won’t do for printers. You have to install the 64-bit drivers, but you can install additional drivers – that are 32-bit – for clients and such. So in a way, yes, a 64-bit server can have 32-bit drivers installed, but only as an additional set of drivers.
  2. When managing remote servers it’s better to add the drivers first using this console and then adding the printer. If you try adding drivers when adding printer, the dialog box showing progress tends to freeze and you might think everything’s stuck.
  3. It is better to add both the 64-bit and 32-bit (if you require) drivers to the server, and then add the printer. If you add the 64-bit driver first, then add printer, and then add the 32-bit drivers via the additional drivers dialog box, it gets added but trying to open the printer again gives errors that your client machine needs to have 32-bit drivers. (This is on a Windows 7 client managing a Server Core 2008 R2 machine so could just be a bug with my setup). So best to add all drivers first to the server, and then add printer.
  4. If you already added 32-bit and 64-bit drivers to the Print Management console, then when adding a new printer the 32-bit drivers are automatically picked up as additional drivers. No need to select them manually.
  5. Additional drivers can be added by opening the printer properties, going to the sharing tab, and selecting ‘Additional Drivers’. But like I said above, better to just add these additional drivers first itself by going to the ‘Drivers’ menu in the Print Management console.

Find the computer from where an AD account is locked out

I want to find out where from a user account is locked out in my domain.

The manual way to do this would be to open up Event Viewer, scan the event logs on the DC for event ID 4740, open it up and see the message to identify the machine from where this account was locked out. But using PowerShell we can obviously automate this way easily!

First things first: how to scan the event logs using PowerShell? You can use either of Get-EventLog or Get-WinEvent. The former only works on the classic event logs while the latter works on both the classic and newer event logs such as those found in Windows Vista and later. I find the latter faster too, so let’s use that. Here’s me running that cmdlet to filter the security logs for event ID 4740 on a remote DC:

There’s only one event here so the details of that are returned. It gives us all the info we need at a glance: user name “User01” is locked thanks to a bad password attempt from the computer “MANGO”.


Now let’s go about making this prettier and better.

In the code above I am specifying the domain controller to query. That’s only helpful if I have an idea of the machine or site the user is trying to login to, and so know the domain controller responsible for that site. A better approach would be to query the domain controller with the PDC Emulator FSMO role for event ID 4740. This DC is the one that eventually processes the account lockout requests for all accounts in the domain.

The cmdlet Get-ADDomainContoller gives you the domain controller of the site you are in. Adding the switch -Filter * gives you all the domain controllers in the domain. And piping this through a where-object to filter out the domain controller with the “PDC Emulator” FSMO role gives you the domain controller we are interested in. Like thus:

The snippet above returns an object for the DC with the PDC Emulator role, to extract just the name do thus:

Next, let’s go about presenting the output above in a tidier format.

One thing to note is that all the info we want is in a property called Message.

So one option would be to do some fancy filtering using foreach-object like thus:

This will list out the multiple lockout entries with the timestamp on top in red.

A better option, however, is to use the Properties property, which is an array containing exactly the info we want as values.

Format-Table is your friend here:

A one line code that’s way better than opening Event Viewer and filtering through the logs manually.

And if you want to filter by the locked out status of a specific $user, pipe the output through a where-object like thus:

Finding all processes on a remote computer that belong to a particular user

Say you want to find all processes on a machine belonging to a particular user. This is the reverse of what we tried earlier – getting the owner of a particular process.

Here’s a one-liner to do that:

Of course replace $computer and $user appropriately.

Killing a process on a remote computer using PowerShell

Killing a process on a local computer is easy.



You get the idea …

But neither of these work on a remote computer!

The stop-process cmdlet doesn’t support the -ComputerName switch, so the second method doesn’t even work remotely. The third method fails with an error Stop-Process : Feature is not supported for remote machines and the first method fails with an error Exception calling "Kill" with "0" argument(s): "Feature is not supported for remote machines.".

So it’s back to our old friend WMI for killing processes on remote computers. The objects returned via WMI contain a Terminate method which we can make use of:

The snippet above terminates all processes with the name “notepad” on the remote computer “mango”.

If you are curious about what other methods are available when dealing with the Process class using WMI, do the following:

Removing the first four characters in an array in PowerShell

Looking at my site stats I saw someone had reached this blog via the above query. Here’s a quick one liner on how to do it:

Assuming an array of strings $array, do the following:

That’s all!

You can also do the following (probably more readable):

Warning: There are probably better/ more efficient ways to do this as I am just a beginner to PowerShell.

What I do is (a) for each element of the array (b) extract a sub-string starting from the 5th place (strings start from 0, hence SubString(4) stands for “extract everything from the 5th character”) and (c) put it back into the array. Rather than keep a counter I just use the IndexOf method to find the index of the element we are looking – this is required so I can replace the element at that index with the extracted text.

If you don’t care about putting the extracted text back into the array it’s even more straight-forward:

Finding a process owner using PowerShell

The get-process cmdlet can be used to view processes. It works remotely too via the -ComputerName switch and for Unix aficionados there’s a handy ps alias. So it’s very easy to do something like the below to list all “explorer.exe” process on a remote computer “mango”.

The problem arises when you want to find the owner of such processes. Oddly enough the process objects returned by get-process don’t have a property or method to find the owner info so we have to resort to WMI to find that. Specifically, the WMI class Process.

Reformulating the above example in terms of WMI, we have the following:

The output returned via WMI looks different compared to the output returned via get-process. If you pipe this output through the get-member cmdlet you’ll see there’s a method that lets you get the process owner.

The GetOwner method is what we are interested in. Invoke it thus:

The method returns a list of properties, of which the User property is what we are after. So here’s how we extract just that in a one-liner.