December 2014 – Aaron Hastings

Updating to Android 5.0.1 on rooted Nexus 5

OTA (over-the-air) updating in rooted Nexus land has never been the most elegant process. But, prior to Android 5.0 Lollipop, at least it worked as expected, with the main irk being that you’d need to re-root your device afterwards.

While trying to update to Android 5.0.1 on my rooted Nexus 5 via OTA today, I discovered that things are now even less clear-cut and that the update itself will now fail during the recovery phase. Thankfully, there’s a (relatively) pain-free way of getting around this, providing your comfortable with fastboot at the command line.

This guide presumes you’re using either Linux or Mac, with the appropriate Android tools (adb and fastboot) installed, although the Windows method should be much the same. For the purposes of this example, I’ll assume this is the Android 5.0.1 update for Nexus 5 (hammerhead-lrx22c), but the instructions should be similar for future releases.

Note: This will not wipe your device. However, it is always a good idea to back up, as things can always go wrong.

First, download the appropriate Android factory image from the Google Developers site. Uncompress the archive, as well as the archive contained within it, as below:

$> tar -zxf hammerhead-lrx22c-factory-0f9eda1b.tgz $> cd hammerhead-lrx22c $> unzip image-hammerhead-lrx22c.zip

Next, make sure your device is in fastboot mode (hold VolUp, VolDown and Power button from a powered-off device). Verify your device can be picked up by running fastboot devices, then run the following commands:

$> fastboot flash radio radio-hammerhead-m8974a-2.0.50.2.22.img $> fastboot reboot-bootloader $> fastboot flash recovery recovery.img $> fastboot flash boot boot.img $> fastboot flash system system.img

If all goes well, your device will be flashed with the latest version of Android.

Bonus – re-root your device: grab the appropriate version of CF-Auto-Root for your device, extract it and run the correct root script contained within. Your device will need to be in fastboot mode for this to work.

Credit to /u/laxor09 on Reddit for much of this information.

Who’s trying to break in to your Linux box?

Fun with pipes! Just a quick Bash snippet for getting a good look at who’s attempting to log in to your Linux or other standard GNU system:

#shell> lastb -w | sort | awk '{print $1, "\t", $3}' | uniq | less

Here’s a quick summary of what’s going on here:

lastb reads and echoes the contents of the failed login database, generally located at /var/log/btmp. The -w flag just ensures it doesn’t ellipse or otherwise cut-off the username field.

sort very simply sorts the output of lastb alphabetically.

This awk snippet prints the 1st and 3rd columns of the sorted lastb output, which are username and source address respectively, separating them with a tab for ease of reading.

uniq gets rid of any duplicate entries, but only if they are on adjacent lines. This is another reason we used sort earlier.

Finally, less is just a decent file reader. Feel free to replace with output redirection to a file.

And the output. IP addresses randomised to defend the privacy of my attackers:
123456 89.101.45.51 123 89.101.45.51 1 63.200.120.14 2014 63.200.120.14 2015 63.200.120.14 2 63.200.120.14 aaa 63.200.120.14 aaron 63.200.120.14 aa 63.200.120.14 abc123 17.252.186.40 abc123 42.22.165.211 abc123 mail2.example.website.ru

…plus your typical number of root, admin, test, oracle and mysql attempts. Can’t quite explain the xxxxxxxxxxxxxxxxxx attempt though.