incomplete analysis of adb protocol
来源:互联网 发布:淘宝推广视频百度云 编辑:程序博客网 时间:2024/05/20 21:45
I am using the source code of version 4.2.2 as example, which is also what my Nexus 4 is running on.
reference adb source code: https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/adb/
another helpful article: http://blog.csdn.net/liranke/article/details/4999210
1. how does adb communicate with debugger
For the overview, visit: https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/adb/OVERVIEW.TXT
adb has 3 components:
(1) adb daemon (adbd): running like a ghost or daemon on the very low level of android system. It listens to the debug port and communicates with jdwp.
(2) adb server: running on the pc side, listens to the client command via local tcp packets, and communicates with adbd via tcp/ip or usb.
(3) adb client: this is the commandline based adb tool in android sdk. When the client starts, it tries to communicate with the adb server, and creates one if it isn't running.
(4) ddms: another type of adb client which also communicates with the adb host, but with gui and other functionalities designed to assist the debugger.
(5) debugger: user-friendly debugger, such eclipse
|--------------| |--------------------------------------------------------|
| (device) | | (pc) |---> adb client |
| adbd |<--->| adb server <---|---> ddms <---> debugger |
|--------------| |--------------------------------------------------------|
2. enabling adbd
In release mode, adbd is disabled by default.
https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/rootdir/init.rc, line 397.
# adbd is controlled via property triggers in init.<platform>.usb.rcservice adbd /sbin/adbd class core socket adbd stream 660 system system disabled seclabel u:r:adbd:s0# adbd on at boot in emulatoron property:ro.kernel.qemu=1 start adbd
When the user enables the usb debugging, somehow the following code is executed:
https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/init/init.c, line 89.
void notify_service_state(const char *name, const char *state){ char pname[PROP_NAME_MAX]; int len = strlen(name); if ((len + 10) > PROP_NAME_MAX) return; snprintf(pname, sizeof(pname), "init.svc.%s", name); property_set(pname, state);}
And the init.svc.adbd property is set to 1.
3. communication port
Both adbd and server use prot 5037 to communicate, except that when adbd and server are both running on the same device, adb server uses 5038 instead.
https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/adb/adb.h, line 425.
#if ADB_HOST_ON_TARGET/* adb and adbd are coexisting on the target, so use 5038 for adb * to avoid conflicting with adbd's usage of 5037 */# define DEFAULT_ADB_PORT 5038#else# define DEFAULT_ADB_PORT 5037#endif
4. authentication
https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/adb/adb.c, line 1120.
property_get("ro.adb.secure", value, "0"); auth_enabled = !strcmp(value, "1"); if (auth_enabled) adb_auth_init();
It seems that starting from 4.2.2, for security reason, the ro.adb.secure property is readonly and cannot be modified by setprop, or manually modifying /default.prop, whether rooted or not, unless you modify the boot image to override its readonly property. (See http://stackoverflow.com/questions/15225991/android-4-2-2-rsa-disabling).
to be continued ...
- incomplete analysis of adb protocol
- BlueROV-14: Analysis of Communication Protocol MAVlink
- Meta-analysis [incomplete]
- Mac OS X:Analysis of the Use of the Boot Server Discovery Protocol in NetBoot
- 读《An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol》
- Promela BCL-6 B4.0 Protocol [Incomplete]
- adb protocol failure
- analysis of wait_event_interruptible()
- analysis of wake_up_interruptible()
- analysis communication of ucenter
- Infinispan Analysis of Distribution
- Analysis of DefaultConsistentHash.java
- The analysis of suse_register
- Analysis of pNFS
- Analysis of 【Dropout】
- Winpcap学习笔记(1)--,Protocol Analysis
- Winpcap学习笔记(1)--,Protocol Analysis
- Winpcap学习笔记(1)--,Protocol Analysis
- redmine
- 查看项目中使用的struts版本
- codeigniter 使用swfupload出现302解决方法。
- HDU 3496 Watch The Movie (二维背包+01背包)
- 七、android文件读写操作 总结
- incomplete analysis of adb protocol
- 线程安全的单例模式(面试必备点)
- HDU 2147 kiki's game 解题报告
- 解决android.os.NetworkOnMainThreadException
- 出栈序列的可能性判定问题(PAT1051)
- 16Khz音频定时触发采样DMA存储过程
- killall(1) - Linux man page
- Java布局管理器(六)SpringLayout布局管理
- 易语言教程整理