Tuesday, January 3, 2012

Google Wallet Hack - Applying Card Emulation Patch to Android 2.3.4_r1 Source Code and Flashing it on Samsung Nexus S


Its 1:14 am and I though of jotting down all those steps which  I have encountered in flashing the Custom images on the Samsung Nexus S in bringing it on the Card Emulation Mode.It is the mode in which the Phoen can emulate as a Card(Credit card ).Thanks tom0rtadelo on xda developer site and his post -> http://forum.xda-developers.com/showthread.php?t=1281946 ( i think his real name is Fernando Miguélez Palomo , I would be glad if I would be corrected here.)
Ok So here are the steps I have followed and able to get the Nexus S in the Card emulation Mode(I dont know if it really is, looking for examples and tests to test this these days)


mkdir ~/bin
PATH=~/bin:$PATH
curl https://dl-ssl.google.com/dl/googlesource/git-repo/repo > ~/bin/repo
chmod a+x ~/bin/repo
mkdir nfc-card-emu
cd nfc-card-emu
repo init -u https://android.googlesource.com/platform/manifest
repo init -u https://android.googlesource.com/platform/manifest -b android-2.3.4_r1
repo sync

Above step will take some 3-4 hours to get the Whole Android tree for 2.3.4_r1.
I am downloading this tree as the NFC Card Emulation patches are available for this only.

you will have this directory -> /Android-2.3.4_r1 under nfc-card-emu after the above step > Android-2.3.4_r1


Downloading the source code : 
Now download the patches from here - > http://forum.xda-developers.com/showthread.php?t=1281946    its name is --> 
File Type: zipgb-2_3_4_r1-patches_nfc-ce_bt-fd-20110929.zip 

Copy this patch in the /Android-2.3.4_r1 folder insid nfc-card-emu  and unzip it using unzip gb-2_3_4_r1-patches_nfc-ce_bt-fd-20110929.zip 


You will get these files  : gb-2_3_4_r1-nfc_ce-bt_fd.patch, gingerbread.bare,gingerbread.bare.orig

You will run these commands from the /Android-2.3.4_r1


All the commands are in blue color
All the output you will get are in brown color
All the rest is in Black

Apply patch using this command : 

sudo patch -p1 < gb-2_3_4_r1-nfc_ce-bt_fd.patch 



patching file external/libnfc-nxp/inc/phDbgTrace.h
patching file external/libnfc-nxp/inc/phNfcConfig.h
patching file external/libnfc-nxp/src/phHal4Nfc_Emulation.c
patching file external/libnfc-nxp/src/phLibNfc_initiator.c
patching file external/libnfc-nxp/src/phLibNfc_SE.c
patching file frameworks/base/core/java/android/bluetooth/BluetoothAdapter.java
patching file frameworks/base/core/java/android/server/BluetoothService.java
patching file packages/apps/Nfc/jni/com_android_nfc.h
patching file packages/apps/Nfc/jni/com_android_nfc_NativeNfcManager.cpp
patching file packages/apps/Nfc/src/com/android/nfc/NfcService.java
patching file packages/apps/Settings/AndroidManifest.xml
patching file packages/apps/Settings/res/values/strings.xml
patching file packages/apps/Settings/res/values-es/strings.xml
patching file packages/apps/Settings/res/xml/nfc_settings.xml
patching file packages/apps/Settings/res/xml/wireless_settings.xml
patching file packages/apps/Settings/src/com/android/settings/bluetooth/BluetoothDiscoverableEnabler.java
patching file packages/apps/Settings/src/com/android/settings/nfc/NfcSettings.java



After that build the Android source tree using these commands :
Do every thing as a root user .

sudo su
password : <your password as root>

source build/envsetup.sh
including device/htc/passion/vendorsetup.sh
including device/samsung/crespo/vendorsetup.sh

. build/envsetup.sh

including device/htc/passion/vendorsetup.sh
including device/samsung/crespo/vendorsetup.sh

lunch
  
You're building on Linux

Lunch menu... pick a combo:
     1. generic-eng
     2. simulator
     3. full_passion-userdebug
     4. full_crespo-userdebug


select 4 as it is for Nexus S


Which would you like? [generic-eng] 4

============================================
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=2.3.4
TARGET_PRODUCT=full_crespo
TARGET_BUILD_VARIANT=userdebug
TARGET_SIMULATOR=false
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm
HOST_ARCH=x86
HOST_OS=linux
HOST_BUILD_TYPE=release
BUILD_ID=GRJ22
============================================


make -j4

at the end you should get this : 

make_ext4fs -l 536870912 -a system out/target/product/crespo/obj/PACKAGING/systemimage_intermediates/system.img out/target/product/crespo/system
Creating filesystem with parameters:
    Size: 536870912
    Block size: 4096
    Blocks per group: 32768
    Inodes per group: 8192
    Inode size: 256
    Journal blocks: 2048
    Label:
    Blocks: 131072
    Block groups: 4
    Reserved block group size: 31
Created filesystem with 540/32768 inodes and 26546/131072 blocks
Install system fs image: out/target/product/crespo/system.img
out/target/product/crespo/system.img+out/target/product/crespo/obj/PACKAGING/recovery_patch_intermediates/recovery_from_boot.p total size is 102413589
Installed file list: out/target/product/crespo/installed-files.txt
you will get the files to be flashed in the folder > /out/target/product/crespo

-rw-r--r-- 1 root root   2973696 2011-12-21 11:49 boot.img
-rw-r--r-- 1 root root    142676 2011-12-21 11:49 ramdisk.img
-rw-r--r-- 1 root root    385840 2011-12-21 11:50 ramdisk-recovery.img
-rw-r--r-- 1 root root   3219456 2011-12-21 11:50 recovery.img
-rw-r--r-- 1 root root 102193012 2011-12-21 12:22 system.img
-rw-r--r-- 1 root root  19247552 2011-12-21 11:39 userdata.img

Also along with these binariees you will get the compiled fastboot in the folder > /out/host/linux-x86/bin/
Put the phone in the fastboot mode and issue these commands.(fast boot mode can be achieved by pressing the power key + volume key UP together)

To flash the above files issue these commands(as root) : 

$ ./out/host/linux-x86/bin/fastboot erase userdata

 erasing 'userdata'...
OKAY [  0.280s]
finished. total time: 0.280s


$ ./out/host/linux-x86/bin/fastboot erase cache

 erasing 'cache'...
OKAY [  2.018s]
finished. total time: 2.019s



$ ./out/host/linux-x86/bin/fastboot flash system out/target/product/crespo/system.img

 sending 'system' (99797 KB)...
OKAY [ 25.889s]
writing 'system'...
OKAY [ 12.442s]
finished. total time: 38.331s

$ ./out/host/linux-x86/bin/fastboot flash userdata out/target/product/crespo/userdata.img

sending 'userdata' (18796 KB)...
OKAY [  4.861s]
writing 'userdata'...
OKAY [  2.008s]
finished. total time: 6.869s


$ ./out/host/linux-x86/bin/fastboot flash boot out/target/product/crespo/boot.img

 sending 'boot' (2904 KB)...
OKAY [  0.754s]
writing 'boot'...
OKAY [  0.385s]
finished. total time: 1.139s


/out/host/linux-x86/bin/fastboot reboot

 rebooting...
finished. total time: 0.001s





Donwload the libpn544_fw.so from here.


There is an error after booting as libpn544_fw.so is not found in the /system/lib and it is unable to load this .so which is necessary for NFC operation.
so to avoid this do this on command prompt :
$  su
#  mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
#  cd system
# chmod 777 lib
#  exit
$ adb push <pat to libpn544_fw.so>  /system/lib

$adb shell
$su
#  cd system
# chmod 755 lib


Once reboot is done you will get the options changed in the NFC Settings as told by Fernando Miguélez Palomo 


These are the videos : 

Before Flashing the patched Android : 



After Flashing the patched Android : 



Plz let me know how  it goes !!!


In case you dont want to download the 2.3.4-r1 source Code , you cab take the images from here --> http://www.sendspace.com/filegroup/QrM1XZxbueqZMsC1bvJ7R%2BYO8SgCItUB


Note : Though the title says a hack but it is not.It was initially i thought that by doing this some one can actually hack the Google wallet.Any way I am not changing the subject line as the steps involved will definitely a step towards the subject of the post in near future.

Thanks Sandeep for Reviewing my blog and pointing out the typos :) !

Rgds,.
Softy



19 comments:

  1. softy, hi! can you give a link to the firmware for Nexus S compiled with this NFC-patch ?
    please !

    ReplyDelete
    Replies
    1. Hi krasnoff,
      You can download it from -> http://source.android.com/source/downloading.html

      Just replace the line :

      repo init -u https://android.googlesource.com/platform/manifest -b android-4.0.1_r1

      with this line

      repo init -u https://android.googlesource.com/platform/manifest -b android-2.3.4_r1

      as the patch is meant for 2.3.4_r1 only.Let me know if you have any trouble I will soon update it with steps for "downloading the source code as well".


      PS : After repo sync it will take around 4-5 hours to download the whole Android tree.
      Let me know how it went.
      Rgds,
      Softy

      Delete
    2. after rebooting the device, the Android system doesn't start. It stucks at black screen saying Google

      Delete
  2. Softy, thank you for your answer.
    Unfortunately, I'm not a ROMs-developer, just a user.
    Install Linux, compile, patch and build the firmware - it is really hard for me.
    When I saw your video with already patched Nexus S, I thought that you have saved firmware files.

    ReplyDelete
  3. Hi krasnoff,
    Oh I see...
    Nevertheless you can visit this group
    https://groups.google.com/forum/#!msg/android-developers/1fw1qfFqpGc/KcK0lxzkjN4J

    there is some guy called Tommy who has developed the ROM for it -> http://dl.dbank.com/c0wutpddbv
    But I am afraid I haven't tested it , you can give it a try and flash it On Nexus S by putting it in the phone's memory(sd card).
    Rgds,
    Softy

    ReplyDelete
  4. I installed it, but in the wireless setting NFC is not active, and when I try to activate it - reports an error.

    Screens:
    http://dl.dropbox.com/u/23068895/_soft/nfc/screenshot-1326891991436.png

    http://dl.dropbox.com/u/23068895/_soft/nfc/screenshot-1326892173065.png

    http://dl.dropbox.com/u/23068895/_soft/nfc/screenshot-1326892181236.png

    http://dl.dropbox.com/u/23068895/_soft/nfc/screenshot-1326892129290.png

    Root - is present and working.

    I am sad now...

    ReplyDelete
    Replies
    1. Hmm I think then the ROM is not correct and has not the necessary changes.If you have a Linux machine , a USB cable to connect phone and fastboot(you can download it from the google) and the images to be flashed(link I have provided above) then I think you can try the above method.
      -softy

      Delete
    2. @Krasnoff !! you still sad ! Any luck with your efforts?
      Rgds,
      Softy

      Delete
  5. Hey friend!

    Thank you for posting this! I think it will come in very handy for me soon. I was wondering if you have heard of any updates for an already patched ROM?

    Also, I'm not sure I understand the part following this line:

    "Donwload the libpn544_fw.so from here."

    First of all, I can't download the file. Second, is this section to be done from the Android command line? I apologise for my ignorance, I've never developed or patched the Android before.

    ReplyDelete
  6. Or better question yet, is it possible for me to ask you to transfer the ROM you've compiled to me? :D You'd have my everlasting gratefulness.

    I'd like to use this as a component of a system I'm building for a project.

    ReplyDelete
  7. @Softy, thank you very much, this desciption was really helpful for us.

    @Lardman64:
    FYI, I successfully downloaded/loaded/tested today the pn544 lib from this page:
    http://goo.im/miui/images/ns/system/vendor/firmware/libpn544_fw.so

    After, you are right, the commands need to be executed from the device shell, so before you use the mount you should use the 'adb shell' command.

    The complete set of commands are as follows:

    $ adb shell
    $ su
    # mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
    # cd system
    # chmod 777 lib
    # exit
    $ exit
    $ adb push ~/Downloads/libpn544_fw.so /system/lib
    $ adb shell
    $ su
    # cd system
    # chmod 755 lib

    ReplyDelete
  8. Hi Softy,

    I am still downloading the source but wondering whether it is possible to set a fix UID for the Nexus? if yes, do you know I should set it?

    Thanks in advance
    Chi

    ReplyDelete
  9. Hi Chi,
    Most welcome ! I didnt get "possible to set a fix UID for the Nexus" . What do you mean by that and why do you need that?
    Rgds,
    Softy

    ReplyDelete
  10. Hi,
    patch works so far, but when I disable NFC to be able to check the "Only Card Emulation" option that option returns to be unchecked when I re-enter the options menu. Is that supposed to happen? When I stay in the NFC Options Menu with Card Emulation checked, the phone's not recognized as a card...
    What am I doing wrong?

    ReplyDelete
  11. Hi,

    Thanks for this post. It is really helpful. The problem I have after patching it is that I cannot enable my bluetooth at all. Have you ever had that problem? Do you know is it because of the patch?

    Thanks
    Heaven

    ReplyDelete
  12. Hi Heaven,
    Which phone you are using.Which Android Version!The patch only modifies the NFC related stuff .Post more logs here !
    rgds,
    Softy

    ReplyDelete
  13. Any chance we could get some fresh links?

    The sendspace link following "Donwload the libpn544_fw.so from" is broken (missing unique ID).

    The sendspace link following "In case you dont want to download the 2.3.4-r1 source Code , you cab take the images from here" is 404 not found.

    ReplyDelete
  14. Hello, I did all the steps and Android works. I also have the card emulation setting but when I place it in front of a card reader I get the SAK 40, not 08 of mifare classic. Is it the same for you?
    I have done everything except the last step of libpn544_fw.so because I did not have the error. Did you emulate a mifare card correctly? Thanks bye

    ReplyDelete
  15. hi..Im college student, thanks for sharing :)

    ReplyDelete