Build Charm from Source
Copyright (c) 2016-2018 University of California, Irvine. All rights reserved.
Authors: Seyed Mohammadjavad Seyed Talebi and Hamid Tavakoli, UC Irvine; Hang Zhang and Zheng Zhang, UC Riverside; Ardalan Amiri Sani, UC Irvine; Zhiyun Qian, UC Riverside
This document is shared under the GNU Free Documentation License WITHOUT ANY WARRANTY. See https://www.gnu.org/licenses/ for details. _____________
Charm facilitates dynamic analysis of device drivers of mobile systems. This document is a toturial to build Charm on Linux.
Please refer to our paper for technical details: USENIX paper
Prerequisites
It is strongly recommended to backup your system before proceeding.
Hardware
You need to access to a linux machine with at least 4GB of RAM and 200GB storage.
Software
The instruction has been tested on a linux server with ubuntu 16.4. you need to install the build essentials for each project prior to build them.
Charm organizaiton
Charm system consists of five main components:
- Phone OS (Lineage OS Android for Bullhead)
- Android emulator
- Host OS (Ubuntu)
- Syzkaller
- VM OS (AOSP Android for goldfish)
In following section we show how to build these components from source. **Note: Please use our exact Naming convention for files and directories. ** first make a directory for Charm project and cd to it.
mkdir Charm && cd Charm
then make a directory for each component of Charm.
mkdir bullhead_lineage
mkdir goldfish_AOSP
mkdir Android_emulator
mkdir Host_Ubuntu
mkdir Syzkaller
build Phone OS
You can skip build process and download a built image from here or you may build from the source as following:
Download source code
Follow the documention for building Lineage OS (version cm-14.1) for bullhead, from here. Note: you need to change these two lines of the documentation:
cd ~/android/lineage
repo init -u https://github.com/LineageOS/android.git -b lineage-15.1
Instead use:
cd Charm/bullhead_lineage
repo init -u https://github.com/LineageOS/android.git -b cm-14.1
Note: It might take a few hours to finish.
Note: Repo needs “python” to run. Python is not installed by default in recent distributions of Ubuntu. install python using: $ sudo apt install python-minimal
Apply changes
Considering you are in Charm/bullhead_lineage/
directory, In order to apply our changes, perform following steps:
cd kernel/lge/bullhead
git remote add charm_origin https://github.com/trusslab/charm_bullhead_kernel.git
git fetch charm_origin
git checkout -b Charm charm_origin/Charm
go back to Charm/bullhead_lineage/
, then:
cd system/core
git remote add charm_origin https://github.com/trusslab/charm_bullhead_core.git
git fetch charm_origin
git checkout -b Charm charm_origin/Charm
go back to Charm/bullhead_lineage/
, then:
cd frameworks/native
git remote add charm_origin https://github.com/trusslab/charm_bullhead_native.git
git fetch charm_origin
git checkout -b Charm charm_origin/Charm
Build
To build the system go back to Charm/bullhead_lineage/
, and run:
source ./build/envsetup.sh
brunch lineage_bullhead-eng
Note: You might need to run export LANG=C
prior bruch command if you are using newer ubuntu distributions for building.
Install on the Phone
After build proccess finshes you need to Install the Android on your phone. Connect your Nexus5x Phone to your system and run:
adb reboot recovery
In recovery menu please select adb-sideload
.
Assuming you are in Charm/bullhead_lineage/
you can reach the OUT directory where all built images are, using:
cd out/target/product/bullhead
You can find the LineageOS installer package under the name lineage-14.1-[DATE]-UNOFFICIAL-bullhead.zip
(in which [DATE] is replaced with date of your build). To install the package on your phone:
adb sideload lineage-14.1-[DATE]-UNOFFICIAL-bullhead.zip
Lineage OS 14-1 for bullhead is compatible with n2g47f vendor image, you might need to update your phone’s vendor image if it has a different image. You can find n2g47f images here. It is recommanded to update radio and bootloader images to n2g47f as well.
_____________
### build Android emulator
#### Download source code
downlaod the source for android emulator from Google. Assume you are in Charm/
directory:
cd Android_emulator
repo init -u https://android.googlesource.com/platform/manifest -b emu-2.4-release
repo sync
Apply changes
then you need to apply Charm changes to the QEMU.
cd external/qemu
git remote add charm_origin https://github.com/trusslab/charm_emulator.git
git fetch charm_origin
git checkout -b Charm charm_origin/Charm
Build
in order to build the emulator:
./android/rebuild.sh
Note: the expected output should look like this:
Configuring build.
Building sources.
Checking for 'emulator' launcher program.
Checking that 'emulator' is a 64-bit program.
Running 64-bit unit test suite.
- android_emu64_unittests
- emugl64_common_host_unittests
- emulator64_libui_unittests
- emulator64_crashreport_unittests
- lib64OpenglRender_unittests
- lib64GLcommon_unittests
Running emugen_unittests.
Running emugen regression test suite.
Running gen-entries.py test suite.
ERROR: Unit test failures: android_emu64_unittests
build Host OS
#### Download source code download the operating systme for the host.
cd Host_Ubuntu
git clone https://github.com/trusslab/charm_host_kernel.git -b Charm
Build
First you need to install the prerequisites:
sudo apt install gawk debhelper libudev-dev pciutils-dev libelf-dev autoconf libtool
Then build the ubuntu using build script.
cd charm_host_kernel
source build.sh
Note: It might take a few hours to finish.
after instalation finishes go back one directory to Charm/Host_Ubuntu/
to install the built Ubuntu on your system:
sudo dpkg -i linux-*4.10.0-28.32*.deb
Update the Grub
You need to ubdate the Grub and reboot your machine and boot the new Ubuntu.
build VM OS
#### Download source code
download the operating systme for the Charm’s VM.
cd goldfish_AOSP
git clone https://github.com/trusslab/charm_emulator_kernel.git -b charm_goldfish_camera
Build
first you need to install prerequisites. install device tree compiler using
sudo apt install device-tree-compiler
Then you need to get the gcc compiler for building the android as following:
cd ~/Charm/goldfish_AOSP
mkdir compiler
cd compiler
git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/x86/x86_64-linux-android-4.9
Then to build the kernel
cd ~/Charm/goldfish_AOSP/charm_emulator_kernel
source build_x86_64.sh
Then you need to download the ramdisk.img, system.img, encryptionkey.img, and the userdata.img and save them in ~/Charm/goldfish_AOSP/
folder.
_____________
Run Charm emulator
First you need to make an Android Virtual Device(AVD) to run the emulator.
Make an AVD
To make an AVD you need to download and install the latest Android Studio first.
Then open Android Studio, enter ‘Cntrl+Shift+a’ to open search menu, then type AVD manager
and open AVD manager.
Select Nexus5x in AVD manager.
In the next step you need to check for the Nougat android and an ABI suitable for your machine.
In the next step name your AVD Nexus_5x_Charm
and set both camera options to None
.
Run Charm emulator using scripts
first you need to download the scripts to run Charm emulator.
cd ~/Charm/
git clone https://github.com/trusslab/charm.git
Then you need to update the scripts using your phone device ID. you can find your phone device ID using:
adb devices
to update the script with your device ID:
cd ~/Charm/charm/scripts
vim charm_run.sh
then edit the DEVICE_ID and run the charm_run.sh
.