RBMware (*.RBM) File Format

January 17, 2018

RBMware is a data analysis software. And the RBM itself is Reliability Based Maintenance. But I don’t want to explain more regarding how to use this software.

This article will focus on how to access the database used in RBMware application, especially the data used by OilAnalysis.exe program.

The database is using *.RBM file extension and it is maintained by one of the sofware component called DAF42.DLL.

In user perspective, the RBM data contains hierarchical format as follows:

Here you can see that there are 5 (five) level of hierarchical data: Database, Area, Equipment, Point and the sample data.

Using low level perspective, the database consists of blocks of 512 bytes size called a Record, and it is usually access using DAF42.DLL’s ReadRecord by assigning the record number.

To access each block based on record number, you can use the (n-1) * 512 formula. For example, when the record number is 0x46 or 70, then (70 – 1) * 512 we get 35328 or 0x8A00 which is the block or physical sector number of the record being accessed.

The database can contain zero or many areas, but how to access the record that contains area information ? This is done by accessing the data at sector 0 which contains data as follows:

So the physical sector for the area records is located at record number 0x46, and when translated to physical sector using the above formula, we get 0x8A00:

You can see that it contains the fix sized long description and short description. Each block can contain maximum of 22 items of long description and short description. So what if there’s more than 22 records of area ? It is maintained using the dword data (green one) that will contain record number of the next area data to be retrieved.

Now each area can have zero or many equipment records. This is done by retrieving dword data marked with yellow color (see above). And it is a collection of intermediate record called stdg (or read as gdts at low level) for each corresponding area.

So, for example when the corresponding block has 3 areas, then the dword collection will has 3 items, each points to associated stdg for the related area.

Let’s traverse to first stdg record for first area which is the record number 0xB6 (182) which is (182 – 1) * 512 = 92672 or 0x16A00:

The dword data mark with red color denotes record number for the equipment block. Let’s perform some calculation on 0xC4 (196) which is (196 – 1) * 512 = 99840 or 0x18600:

It has the same characteristics as area record, so the dword denoted with blue one will point to next equipment record when there are more than certain limits.

To retrieve the point record related to each equipment, you can refer to collection of dwords denoted with yellow color called mcdg or gdcm at low level view. Let’s perform some calculation on 0xC6 (198) which is (198 – 1) * 512 = 100864 or 0x18A00:

The mcdg will contain record number to mpig or gipm (denoted with blue color). 0xE4 (228) which is (228 – 1) * 512 = 116224 or 0x1C600:

The mpig record contains collection of point description record (mpdo or opdm denoted by yellow color) and also point short description (code). For example at record number 0xE8 (232) which is (232 – 1) * 512 = 118272 or 0x1CE00 we have:

Each point has record number (blue color above) that points to dcod or odcd record that contains start (red color below) and end (blue color below) record number for point samples data. For 0xEB (235) which is (235 – 1) * 512 = 119808 or 0x1D400 we have:

From the above structure, the start record number for sample point is located at 0x121 which is (289 – 1) * 512 = 147456 or 0x24000 we have:

From the above point sample data or tddo (oddt) we can retrieve record number for next sample for corresponding point (green color), sample data time stamp (blue color), the sample description (red color) and array of dwords 32 bit float data in the IEEE-754 format that will show up on user perspective as follows:

The dword arrays will corresponds to Analyzing Parameter (AP) that can be customized by the user. For the above example, the AP Set is Aluminum, Antimony, Barium, etc. How each of the dword arrays corresponds to the AP Set ?

Let’s take sample 219 for example:

The floating point 0x40C00000 is floating point for 6 for AP Aluminum, the next one will corresponds to Barium, etc. This correlation can be retrieved using record called apdo or odpa.

The record number for apdo is retrieved from apig or gipa record which is a constant of 12 (0xC). So by passing 0xC to ReadRecord we arrive at apig record as follows:

From the above apig record, the apdo record number is denoted with red color so we have 0xA9 which is (169 – 1) * 512 = 86016 or 0x15000:

Based on these parameter strings, then I can provide corresponding relation between array of values from apdo record to the parameter description.

Based on the above information, it is possible to create an application to provide tree traversing and data access for some necessary purposes.


How to Get Property Name in Compiled Visual Basic Applications

December 19, 2017

Suppose I created a small program in Visual Basic form that contains one button, whose click event is coded as follows:

Then the compiled Visual Basic program for the form’s name assignment above will look like this:

Suppose then I revised the above coding to:

Then the generated program will revised to:

Clearly there’s some mapping between the call offset that is generated and the property name in the source program. So, if I can somehow perform the reverse operation between the call offset to the property name, then I can apply it to the unknown compiled program to determine what kind of the property that the program is accessed.

After performing some detailed analysis, it is revealed that the above offset has some relation to the Dispatch ID and it is processed using VB6.EXE’s unknown interface method.

When I tried to view the interface methods of VB6.EXE using OLEVIEW.exe it is failed to do so, but there’s file called VB6.OLB that can be successfully viewed by OLEVIEW.exe program.

And here is the part of the content that deals with form’s method:

What’s interesting is that it is missing the Dispatch ID that usually exist in regular application’s type library functions. As you can see from the above, the Name property is the first one declared in the method interface, and 0x48 is actually the lowest magic number value.

The next method name can be deduced by adding 0x8 offset to the starting number, so for example above, the value 0x50 will corresponds to Caption property etc.

Using the above fact, then I can create the mapping table between the property and it is calling offset, so that it can be used to deduce the property name that is used from certain unknown applications that is developed using Visual Basic compiler.

How to Install NopCommerce 3.90

November 15, 2017

Since the downloaded 3.90 source from:


Can be compiled using Visual Studio 2013 without any issues, this article will focused on deployment and installation of nopCommerce.

The target server machine is using Windows Server 2012 R2 64 bit and IIS 8.0.

First, create the virtual directory called NoC:

And assigned the proper Application Pool to it:

Then copy the entire compiled version of nopCommerce in D:\Projects\Mvc\NoC\3.90\src\Presentation\Nop.Web to the destination server folder.

Then fire up the browser using this link:

That’s all folks 🙂

Hello World Example of Double Ratchet Algorithm

November 8, 2017

The Double Ratchet is used in many applications to provide secure end-to-end encryption. There are also many documents that try to describe this concept, but in my experience, the more reading it, the more I get confused.

So, I decided to create an example, as a proof of concept about how it works. This example is using Signal’s Curve X25519 key agreement algorithm, and also its related class library for encryption and decryption process.

First, let’s define the test string to be encrypted and decrypted and also create a byte array container for generated key agreement secret for Bob and Alice. In this example, Bob is sending party that will send encrypted “Hello, World” string to Alice:

You can also see, that the sample text is converted to a byte array.

Then, let’s create a bunch of required Bob’s and Alice’s private and public key and other keys required to start up the decryption and encryption process:

Note the KeyPair suffix variable statement above, which means that the generated key will consists of Public Key and Private Key.

Then, compute a sophisticated secret using the above key pair information:

Now, the important step is to derive message key that will be use to encrypt the message:

The calculateDerivedKeys is using Signal’s KDF algorithm and it is from this step that I can create the message key that will be used to encrypt the message. Where transportDetails class is used to create proper padding for the text to be encrypted, depending on KDF version.

Here is the actual encryption process using derived message key:

The encrypted result is stored in ciphertextBody variable.

Now, let’s review the decryption process:

You can see that the recipient side (Alice) perform a similar steps using sending side (Bob) required public key to calculate the message key for decryption process.

The plaintext will contain decrypted text.

Now, what about subsequent sending and receiving ? Do each party have to repeat the above tedious process ? No.

The sending party (Bob) just calculate the next Message Key, encrypt it using this new message key, and the receiving party (Alice) does also the same step and decrypt it using newly created message key:

If I try to decrypt Bob’s second message using Alice’s previous message key, it will result in InvalidMessageException error. The above steps can be repeated as many times as required.

I think that’s the essence of end-to-end encryption because after the initial key exchange, neither party is transmitted risky data over the wire. Also it supports forward secrecy because each encryption and decryption requires unique message keys.

Experiences in Debugging Open Whisper System’s Signal Client APK

October 27, 2017

So, when I try to add a new test variable and perform debugging to the starting activity:


This is the compiled debug version of Open Whisper System’s Signal client APK.

Here is the result.

The anomaly is that even when I already step through the statement at line 74, the inspected variable still show:

“nTest” is not a known variable in the current context.

This is not just newly created variable that I’ve created, but also in all of local variable scope in all existing activities.

I just can only step through the application modules or functions, but can’t inspect its local variables. What kind of debugging activity is that ?

Searching through the internet reveals nothing to shed a light in this situation.

So, I try to perform some analysis by comparing the build.gradle file from the one of sample program that works to the build.gradle that failed.

The build.gradle that has the problem contains minifyEnabled true in the debug configuration. So, by setting it to false and perform recompilation, now I can view the local variable:

I just wondering, is it just accidently or purposely put by the developer of the application ?

Introducing GradleMover Utility

October 26, 2017

In the previous article about methods of compiling Android application using Gradle for offline mode, I’ve describe the manual method to download file and checks for required missing file.

The offline mode is certainly required for development environment behind proxy and certain website that is required dependencies for Gradle compilation is also blocked.

But this proves to be rather tedious and painstaking, because, Gradle only try to find to resolve missing files one at a time. Even using file checking monitor utility, it can be frustrating because Gradle only shows one missing file at a time.

Imagine if the application requires hundreds of file, it will take weeks just to resolve all required missing file.

So, another approach is using un-restricted internet environment for Gradle dependencies resolving process, and then copied all the dependencies already resolved by Gradle to Local Repository to development environment behind proxy.

The GradleMover is used to copy all resolved dependencies by gradle to a permanent local repository for doing offline compilation.

To use this utility, the first step is to copy all the resolved dependencies in gradle cache to a temporary folder, let’s call it D:\temp.

To locate the gradle caches that contains the resolved dependencies, look at the folder that contains files that contains *.pom, *.jar, etc for example in my machine it is located in:

C:\Documents and Settings\xxx\.gradle\caches\modules-2\files-2.1

So then copies all of the content inside this folder to a temporary (D:\temp), and perform command line as follows:

D:\Projects\GradleMover\bin\Debug>GradleMover d:\temp D:\Android\sdk\extras\m2re

Where d:\temp is temporary of gradle caches that contains all resolved dependencies and D:\Android\sdk\extras\m2repository is the local repository

How to Compile Open Whisper Systems’ Signal Client APK

October 25, 2017

This article will explore whether it is possible to do compilation on offline mode using Gradle.

Perform gradle compiler environment check:

Downloading https://services.gradle.org/distributions/gradle-3.3-all.zip

Exception in thread “main” java.net.ConnectException: Connection timed out: conn

Replace the wrapper with gradle-4.0 (newer version).

But now I have:

Starting a Gradle Daemon (subsequent builds will be faster)

FAILURE: Build failed with an exception.

* What went wrong:
A problem occurred configuring root project ‘Client’.
> Could not resolve all files for configuration ‘:classpath’.
> Could not resolve com.android.tools.build:gradle:2.3.0.

Perform revision in D:\Projects\AndroidProgram\Signal\Client\build.gradle:

The above error is gone now, but I have:

IOException: https://dl.google.com/android/repository/addons_list-3.xml
java.net.ConnectException: Connection timed out: connect
IOException: https://dl.google.com/android/repository/addons_list-2.xml
java.net.ConnectException: Connection timed out: connect
IOException: https://dl.google.com/android/repository/addons_list-1.xml
java.net.ConnectException: Connection timed out: connect

This is because the proxy connection denies connection to the above website. So I have to find another method to make it work. More detailed examination of the above download attempt is because the gradle tries to find missing version of Android Build Tools. So perform revision again in build.gradle as follows:

But this time, the gradle taking too long to execute the compilation process.

Using this to see the internal works of gradle:

The reason it is taking very long time is that it is waiting for the refused connection caused by the proxy to:

09:14:56.641 [DEBUG] [org.gradle.api.internal.artifacts.repositories.resolver.DefaultExternalResourceArtifactResolver] Loading https://dl.bintray.com/amulyakhare/maven/com/android/support/appcompat-v7/25.1.0/appcompat-v7-25.1.0.pom

Checking the log to set Maven local repositories:

15:51:55.538 [DEBUG] [org.gradle.api.internal.artifacts.mvnsettings.DefaultLocalMavenRepositoryLocator] No local repository in Settings file defined. Using default path: C:\Users\xxx\.m2\repository

This is because gradle tries to find settings.xml in:

Copy settings.xml from installed maven to this folder. But gradle still tries to find the appcompat-v7-25.1.0.pom using external repository.

Perform revision in D:\Projects\AndroidProgram\Signal\Client\build.gradle:

But, still gradle tries to find appcompat-v7-25.1.0.pom using external repository. So, remark this statement because it is blocked by the proxy:

Now gradle can perform its work without getting restricted. But several dependencies is indeed can not be found:

16:34:39.166 [DEBUG] [org.gradle.api.internal.artifacts.repositories.resolver.ExternalResourceResolver] No meta-data file or artifact found for module ‘com.google.android.gms:play-services-gcm:9.6.1’ in repository ‘maven6’.

16:36:46.053 [DEBUG] [org.gradle.api.internal.artifacts.repositories.resolver.ExternalResourceResolver] No meta-data file or artifact found for module ‘com.google.android.gms:play-services-maps:9.6.1’ in repository ‘maven6’.

The indicator of missing file can be in the form of hanged status as follows:

> Resolve dependencies :compile > play-services-places-9.6.1.pom

Before trying to resolve the above dependency errors, I notice that even with the above command line, gradle still try to print error output in the console. This will create confusion as to whether all the log is indeed written to log file.

So using this command line:

And compare it in the log file, and indeed some of the log file in the console is not get written to log file. Gradle team (if any) should fix it.

Searching through the log debug message also indicated failed git command to get the last timestamp:

13:52:09.475 [DEBUG] [org.gradle.process.internal.DefaultExecHandle] Process ‘command ‘git” finished with exit value -1 (state: FAILED)

Which from D:\Projects\AndroidProgram\Signal\Client\build.gradle using getLastCommitTimestamp as follows:

Since my machine do not have git program installed, I try to obtain it from https://github.com/git-for-windows/git/releases/download/v2.14.2.windows.3/Git-

Then test the command line to get the timestamp:



Disable this command for the time being and replace it with constant Unix TimeStamp.

Then gradle stops at:

Resolve dependencies :_playDebugApk

Using ProcMon to detect missing modules required by gradle:

Reveals that gradle first checks the repository in Android SDK folder, and tries to connect to the internet, which is not allowed using proxy, and it will then try to locate through maven local repository. The transition between first failed remote repository to the local maven repository is taking too long, because it tries to wait for the connection.

There might be some settings in gradle systems that fiddle with the waiting time. I will try to use other approach by moving all the local maven to Android SDK’s folder.

This should be done repeatedly for all stages of dependency resolving process.

This approach is very slow, but the result is a solid availability of local dependencies, so that the compilation still can be executed even when the required version is not available on remote location.

How to Compile Andromax C3Si (NC36B1G) Kernel

October 10, 2017

The purpose of this article is to explore whether it is possible to re-construct the kernel source to be compiled and be able to run in Andromax C3Si phone.

This part of article is to provide necessary steps to create successful compile from vanilla QualComm MSM8610 kernel. The next phase will be to deploy the resulting zImage to an existing boot image of Andromax C3Si (NC36B1G) to see how far the kernel can go.

The first step is to get the workable Stock ROM (or whatever ROMs that can be booted successfully). And at the time of writing this article, the ROM from:


Is already tested and proves to be bootable and work without error (bootloops, etc). Using Carliv Image Kitchen, the working boot.img is extracted and content of extracted files is examined and analyzed.

The boot.img-dt file is moved to D:\Projects\AndromaxC3si\Device to be converted back to *.dtc file to get some insights about the device tree used.

Now perform some series of data transformation as follows:

D:\Projects\AndromaxC3si\Device>split-appended-dtb boot.img-dt
Found 1 appended dtbs, please check the output.


D:\Projects\AndromaxC3si\Device>dtc -I dtb -O dts -o AndromaxC3si.dts dtbdump_1.
Warning (reg_format): “reg” property in /i2c@f9924000/nfc-nci@e has invalid leng
th (4 bytes) (#address-cells == 2, #size-cells == 1)
Warning (avoid_default_addr_size): Relying on default #address-cells value for /
Warning (avoid_default_addr_size): Relying on default #size-cells value for /i2c

Ignore the warning for the time being. You can refer to my previous article about dtb transformation if you are curious about how to create those executable files.

There’s also the file called kernel. When I try to examine the format, it is also have QCDT signature in it. So let’s perform split again. But… I have:

D:\Projects\AndromaxC3si\Device>split-appended-dtb kernel
ERROR: Appended Device Tree Blob not found!

Leave it for a while.

Now perform symbols checking by importing symbols from working phone:

This will be handy as a reference to be compared to the compiled version of kernel, what kind of functions that is unique inside the working kernel.

Check whether compiled kernel support in-kernel configuration:

shell@HS8610QC:/ $ cat /proc/config.gz
/system/bin/sh: cat: /proc/config.gz: No such file or directory

Retrieve kernel to be compiled from:


Retrieve toolchain from:


Then, perform configuration as follows:

D:\Projects\AndromaxC3si\Kernel>make msm8610_defconfig

But the windows crash miserably.

After close examination, the command line should be this one:

D:\Projects\AndromaxC3si\Kernel>make V=1 CROSS_COMPILE=C:/NDK/toolchains/arm-201
3q3/bin/arm-none-eabi- msm8610_defconfig

Because there’s no default settings in the makefile. But I have:

*** Can’t find default configuration “arch/x86/configs/msm8610_defconfig”!
make[1]: *** [msm8610_defconfig] Error 1
make: *** [msm8610_defconfig] Error 2


D:\Projects\AndromaxC3si\Kernel>make V=1 CROSS_COMPILE=C:/NDK/toolchains/arm-20
3q3/bin/arm-none-eabi- ARCH=arm msm8610_defconfig

I have:

scripts/kconfig/conf –defconfig=arch/arm/configs/msm8610_defconfig Kconfig
arch/arm/configs/msm8610_defconfig:235:warning: unexpected data
arch/arm/configs/msm8610_defconfig:253:warning: override: reassigning to symbol
# configuration written to .config

There’s some warning, but leave it for a while. Perform compile:

D:\Projects\AndromaxC3si\Kernel>make V=1 CROSS_COMPILE=C:/NDK/toolchains/arm-201
3q3/bin/arm-none-eabi- ARCH=arm

But again, windows crash miserably.

Perform revision in:


You can see what kind of revision by reading about compiling Samsung GT-S5360 article in this blog.

Re-compile again, but I have:

/bin/sh scripts/checksyscalls.sh /d/Projects/AndromaxC3si/Kernel/scripts/gcc-w
rapper.py C:/NDK/toolchains/arm-2013q3/bin/arm-none-eabi-gcc -Wp,-MD,./.missing-
syscalls.d -nostdinc -isystem c:/ndk/toolchains/arm-2013q3/bin/../lib/gcc/arm-n
one-eabi/4.7.4/include -I/d/Projects/AndromaxC3si/Kernel/arch/arm/include -Iarch
/arm/include/generated -Iinclude -include /d/Projects/AndromaxC3si/Kernel/inclu
de/linux/kconfig.h -D__KERNEL__ -mlittle-endian -Iarch/arm/mach-msm/include -Wal
l -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -W
error-implicit-function-declaration -Wno-format-security -fno-delete-null-pointe
r-checks -O2 -marm -fno-dwarf2-cfi-asm -fstack-protector -mabi=aapcs-linux -mno-
thumb-interwork -funwind-tables -D__LINUX_ARM_ARCH__=7 -march=armv7-a -msoft-flo
at -Uarm -Wframe-larger-than=1024 -fomit-frame-pointer -g -Wdeclaration-after-st
atement -fno-strict-overflow -fconserve-stack -D”KBUILD_STR(s)=#s” -D”KBUILD_
make[1]: *** [missing-syscalls] Error 1
make: *** [prepare0] Error 2

Revert changes to (i.e. restore from original source):


Re-compile and I get another windows crash.

Using this command line construct:

D:\Projects\AndromaxC3si\Kernel>make V=1 CROSS_COMPILE=C:/NDK/toolchains/arm-201
3q3/bin/arm-none-eabi- ARCH=arm > myTesting.txt

Will yield the error result without windows crashing:

close failed in file object destructor:
sys.excepthook is missing
lost sys.stderr
make[1]: *** [init/main.o] Error 1
make: *** [init] Error 2

Removing reference to D:\Projects\AndromaxC3si\Kernel\scripts\gcc-wrapper.py in D:\Projects\AndromaxC3si\Kernel\Makefile:

Still cause windows to crash. But using re-direction construct get some different error:

init/main.c:76:0: fatal error: when writing output to : Invalid argument
compilation terminated.
make[1]: *** [init/main.o] Error 1
make: *** [init] Error 2

More detailed analysis reveals some issue in Windows OS in that it can not process pipe command inside make script such as this:

So the genksyms.exe do not get the required input and causes the compiler to crash.

Perform changes inside D:\Projects\AndromaxC3si\Kernel\scripts\Makefile.build as follows:


Then for cmd_modversions:

So, that it removes the temporary file (*.tmp) created from previous make command. After the above revision, the genksyms works correctly now, but I have:

arch/arm/mach-msm/smd_init_dt.c:24:25: fatal error: smd_private.h: No such file or directory
compilation terminated.
make[1]: *** [arch/arm/mach-msm/smd_init_dt.o] Error 1
make: *** [arch/arm/mach-msm] Error 2

This is because the compiler breaks at:

cc -Wp,-MD,arch/arm/mach-msm/.smd_init_dt.o.d -nostdinc -isystem c:/ndk/toolcha
ins/arm-2013q3/bin/../lib/gcc/arm-none-eabi/4.7.4/include -Id:/Projects/Andromax
C3si/Kernel/arch/arm/include -Iarch/arm/include/generated -Iinclude -include d:
/Projects/AndromaxC3si/Kernel/include/linux/kconfig.h -D__KERNEL__ -mlittle-endi
an -Iarch/arm/mach-msm/include -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
-fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno-form
at-security -fno-delete-null-pointer-checks -O2 -marm -fno-dwarf2-cfi-asm -fstac
k-protector -mabi=aapcs-linux -mno-thumb-interwork -funwind-tables -D__LINUX_ARM
_ARCH__=7 -march=armv7-a -msoft-float -Uarm -Wframe-larger-than=1024 -fomit-fram
e-pointer -g -Wdeclaration-after-statement -fno-strict-overflow -fconserve-stack
MODNAME=KBUILD_STR(smd_init_dt)” -c -o arch/arm/mach-msm/.tmp_smd_init_dt.o arch
arch/arm/mach-msm/smd_init_dt.c:24:25: fatal error: smd_private.h: No such file
or directory
compilation terminated.

The required file does exist in D:\Projects\AndromaxC3si\Kernel\arch\arm\mach-msm. But why the compiler do not find it ?

Compared it with successful compile such as D:\Projects\AndromaxC3si\Kernel\arch\arm\mach-msm\smd_debug.c, It declares as:

Where as the failed one:

Let’s perform revise and re-compile. It is a success. Perform other changes regarding this issue in:


Let’s perform long compile again:

D:\Projects\AndromaxC3si\Kernel>make V=1 CROSS_COMPILE=C:/NDK/toolchains/arm-201
3q3/bin/arm-none-eabi- ARCH=arm 2> myError.txt

After a some long compilation process, now I have:

ls: /drivers/gud/MobiCoreDriver/platforms: No such file or directory
In file included from drivers/gud/MobiCoreDriver/logging.c:21:0:
drivers/gud/MobiCoreDriver/main.h:24:22: fatal error: platform.h: No such file or directory
compilation terminated.
make[2]: *** [drivers/gud/MobiCoreDriver/logging.o] Error 1
make[1]: *** [drivers/gud] Error 2
make: *** [drivers] Error 2

Which is caused by compiler break at:

cc -Wp,-MD,drivers/gud/MobiCoreDriver/.logging.o.d -nostdinc -isystem c:/ndk/to
olchains/arm-2013q3/bin/../lib/gcc/arm-none-eabi/4.7.4/include -Id:/Projects/And
romaxC3si/Kernel/arch/arm/include -Iarch/arm/include/generated -Iinclude -inclu
de d:/Projects/AndromaxC3si/Kernel/include/linux/kconfig.h -D__KERNEL__ -mlittle
-endian -Iarch/arm/mach-msm/include -Wall -Wundef -Wstrict-prototypes -Wno-trigr
aphs -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration -Wno
-format-security -fno-delete-null-pointer-checks -O2 -marm -fno-dwarf2-cfi-asm –
fstack-protector -mabi=aapcs-linux -mno-thumb-interwork -funwind-tables -D__LINU
X_ARM_ARCH__=7 -march=armv7-a -msoft-float -Uarm -Wframe-larger-than=1024 -fomit
-frame-pointer -g -Wdeclaration-after-statement -fno-strict-overflow -fconserve-
stack -DNDEBUG -Idrivers/gud -Wno-declaration-after-statement -Idrivers/gud/Mobi
CoreDriver/platforms/ -Idrivers/gud/MobiCoreDriver/public -Idrivers/gud/MobiCore
KernelApi/include -Idrivers/gud/MobiCoreKernelApi/public -DMODULE -D”KBUILD_ST
cDrvModule)” -c -o drivers/gud/MobiCoreDriver/.tmp_logging.o drivers/gud/MobiCor
In file included from drivers/gud/MobiCoreDriver/logging.c:21:0:
drivers/gud/MobiCoreDriver/main.h:24:22: fatal error: platform.h: No such file o
r directory
compilation terminated.

With error(s) as follows:

ls: /drivers/gud/MobiCoreDriver/platforms: No such file or directory
In file included from drivers/gud/MobiCoreDriver/logging.c:21:0:
drivers/gud/MobiCoreDriver/main.h:24:22: fatal error: platform.h: No such file or directory
compilation terminated.
make[2]: *** [drivers/gud/MobiCoreDriver/logging.o] Error 1
make[1]: *** [drivers/gud] Error 2
make: *** [drivers] Error 2

Which is caused by presence of backslash in the directory, confirmed by test command in bash shell as follows:

Revise the make file script in D:\Projects\AndromaxC3si\Kernel\drivers\gud\Makefile from:

Revise it to:

Re-compile again, and I have:

In file included from drivers/video/msm/mdss/mdss_mdp_trace.h:255:0,
from drivers/video/msm/mdss/mdss_mdp.c:60:
include/trace/define_trace.h:79:43: fatal error: ./mdss_mdp_trace.h: No such file or directory
compilation terminated.
make[4]: *** [drivers/video/msm/mdss/mdss_mdp.o] Error 1
make[3]: *** [drivers/video/msm/mdss] Error 2
make[2]: *** [drivers/video/msm] Error 2
make[1]: *** [drivers/video] Error 2
make: *** [drivers] Error 2

Copy required file mdss_mdp_trace.h and mdss_mdp.h to D:\Projects\AndromaxC3si\Kernel\include\trace.

Perform re-compile again, and I have:

sound/soc/codecs/msm8x10-wcd-tables.c:13:35: fatal error: msm8x10_wcd_registers.h: No such file or directory
compilation terminated.
make[3]: *** [sound/soc/codecs/msm8x10-wcd-tables.o] Error 1
make[2]: *** [sound/soc/codecs] Error 2
make[1]: *** [sound/soc] Error 2
make: *** [sound] Error 2

Same as the above case, perform revision on the source in D:\Projects\AndromaxC3si\Kernel\sound\soc\codecs\msm8x10-wcd-tables.c, by changing the include statement.

Re-compile again, now I have:

sound/soc/msm/msm8x10.c:29:40: fatal error: qdsp6v2/msm-pcm-routing-v2.h: No such file or directory
compilation terminated.
make[3]: *** [sound/soc/msm/msm8x10.o] Error 1
make[2]: *** [sound/soc/msm] Error 2
make[1]: *** [sound/soc] Error 2
make: *** [sound] Error 2

Perform revision in D:\Projects\AndromaxC3si\Kernel\sound\soc\msm\msm8x10.c, include statement revision.


sound/soc/msm/qdsp6v2/rtac.c:29:21: fatal error: q6voice.h: No such file or directory
compilation terminated.
make[4]: *** [sound/soc/msm/qdsp6v2/rtac.o] Error 1
make[3]: *** [sound/soc/msm/qdsp6v2] Error 2
make[2]: *** [sound/soc/msm] Error 2
make[1]: *** [sound/soc] Error 2
make: *** [sound] Error 2

Perform revision in D:\Projects\AndromaxC3si\Kernel\sound\soc\msm\qdsp6v2\rtac.c.

There are no more issues after that and the resulting zImage is located at D:\Projects\AndromaxC3si\Kernel\arch\arm\boot, ready for deployment.

This completes the first stage of Andromax C3Si (NC36B1G) kernel reconstruction activity. But I will stop for now 🙂

Experiences in Using Open Whisper Systems’ Signal (TextSecure) Server

October 3, 2017

Let’s perform some checks on available parameter for this server:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar
usage: java -jar TextSecureServer-1.65.jar
[-h] [-v]

positional arguments:
available commands

optional arguments:
-h, –help show this help message and exit
-v, –version show the application version and exit

Let’s see what kind of output we get when use the check parameter.

First, see the help info about check parameter:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar check -h config/textse
usage: java -jar TextSecureServer-1.65.jar
check [-h] [file]

Parses and validates the configuration file

positional arguments:
file application configuration file

optional arguments:
-h, –help show this help message and exit

Now runs it:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar check config/textsecur
config/textsecure.yml has an error:
* Failed to parse configuration at: testDevices; Can not deserialize instance
of java.util.ArrayList out of START_OBJECT token
at [Source: N/A; line: -1, column: -1] (through reference chain: org.whispersys

Let’s add test device (although the reason is not clear at this time) in D:\Projects\AndroidProgram\Signal\Server\config\TextSecure.yml as follows:

Re-run, but still has the same error. Change it again to:

This time, there are no error, but also no output. But, upon more close examination, the output is actually resides in the log file (D:\tmp\textsecureshserver.log) as follows:

INFO [2017-09-29 02:18:18,936] io.dropwizard.cli.CheckCommand: Configuration is OK

Hmm, nice.

Now for directory command:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar directory -h config/te
usage: java -jar TextSecureServer-1.65.jar
directory [-h] [file]

Update directory from DB and peers.

positional arguments:
file application configuration file

optional arguments:
-h, –help show this help message and exit

Now, let’s run directory command:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar directory config/texts

Log file info as follows:

WARN [2017-09-29 02:22:12,800] org.whispersystems.textsecuregcm.workers.DirectoryCommand: Directory Exception
! java.lang.NullPointerException: null
! at org.whispersystems.textsecuregcm.workers.DirectoryCommand.run(DirectoryCommand.java:67)
! at org.whispersystems.textsecuregcm.workers.DirectoryCommand.run(DirectoryCommand.java:43)

Peform debug as follows:

D:\Projects\AndroidProgram\Signal\Server>java -Xdebug -Xrunjdwp:transport=dt_soc
ket,server=y,address=8880,suspend=y -jar target\TextSecureServer-1.65.jar direc
tory config/textsecure.yml
Listening for transport dt_socket at address: 8880

After firing up NetBeans to connect to the program, the result as follows:

Checking the dbConfig variable, reveals it is a null, which means the getReadDataSourceFactory fails to get the required class instance. Checking to the source of this class, suggested that the application tries to read data from another data source and perform update to destination data.

So, I decided to leave it for a while.

Let’s examine accountdb parameter:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar accountdb
too few arguments
usage: java -jar TextSecureServer-1.65.jar
accountdb [-h] {migrate,status} …

Run database migrations tasks

positional arguments:

optional arguments:
-h, –help show this help message and exit

Let’s use status argument:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar accountdb status confi
Validation Error:
Validation Failed:
1 changes have validation failures
columnDataType is required for addNotNullConstraint on mssql, migratio

Perform changes to D:\Projects\AndroidProgram\Signal\Server\src\main\resources\accountsdb.xml as follows:

Now, recompile and re-run. I have this time:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar accountdb status confi
5 change sets have not been applied to textsecure@jdbc:sqlserver://:
mnEncryptionSetting=Disabled;applicationName=Microsoft JDBC Driver for SQL Serve

Let’s use:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar accountdb migrate conf

But I have:

Migration failed for change set migrations.xml::2::matt:
Reason: liquibase.exception.DatabaseException: Column, parameter, or variab
le #9: Cannot find data type json. [Failed SQL: ALTER TABLE [dbo].[accounts] ADD
[data] [json]]

After perform some analysis, it is found that my current Microsoft SQL Server construct is not supporting json data type, and also each commands inside the accountsdb.xml script is heavily utilize the PostgreSQL Syntax and facillity.

So, I decided to install and use PostgreSQL instead. Good bye MS SQL Server.

Download from:


Installation in C:\PostgreSQL

Database initialization:

C:\PostgreSQL\bin>initdb c:\postgresql\data

But I have:

Install Visual C++ Redistributable Packages for Visual Studio 2013 from:


Re-run the above command line program, now it is run successfully.

Activate the server, but now I have:

C:\PostgreSQL\bin>postgres -D c:\postgresql\data
Execution of PostgreSQL by a user with administrative permissions is not
The server must be started under an unprivileged user ID to prevent
possible system security compromises. See the documentation for
more information on how to properly start the server.

So using:


Again, in postgres user windows, but I have:

C:\PostgreSQL\bin>postgres -D c:\postgresql\data
PANIC: could not open control file “global/pg_control”: Permission denied

Perform add permission with full control for C:\PostgreSQL to postgres user. Re-run the above command and I now have:

C:\PostgreSQL\bin>postgres -D c:\postgresql\data
LOG: database system was shut down at 2017-10-02 13:51:22 +07
LOG: MultiXact member wraparound protections are now enabled
LOG: database system is ready to accept connections
LOG: autovacuum launcher started

Now, for the client command to list databases:

C:\PostgreSQL\bin>psql -l
psql: FATAL: role “postgres” does not exist

Remove the data folder that was created previously and perform initdb under newly created postgres user. Now the command runs successfully:

C:\PostgreSQL\bin>psql -l
List of databases
Name | Owner | Encoding | Collate | Ctype
| Access privileges
postgres | postgres | WIN1252 | English_United States.1252 | English_United S
tates.1252 |

Another command to display current user status and capabilities:

C:\PostgreSQL\bin>psql -c “\du”
List of roles
Role name | Attributes | Member
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}

Seems PostgresSQL is running fine now. Let’s creates the required databases for TextSecure Server:

C:\PostgreSQL\bin>createdb accountsdb

C:\PostgreSQL\bin>createdb messagedb

Let’s focus again to the TextSecure server itself.

Perform changes to D:\Projects\AndroidProgram\Signal\Server\config\TextSecure.yml:

Re-run this command:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar accountdb status confi

But again I have:

ERROR [2017-10-02 08:52:14,820] org.apache.tomcat.jdbc.pool.ConnectionPool: Unable to create initial connections of pool.
! java.lang.ClassNotFoundException: org.postgresql.Driver
! at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
! at java.lang.ClassLoader.loadClass(ClassLoader.java:424)

This is because the dependency is set to Microsoft SQL Server in the previous session in an attempt to use SQL Server as data source, which do not have features in PostgreSQL such as json, array data type, etc.

So revert back to using jdbc class for PostgreSQL in D:\Projects\AndroidProgram\Signal\Server\pom.xml:

Perform re-compile and re-run, I have:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar accountdb status confi
Connection to :5432 refused. Check that the hostname and port are co
rrect and that the postmaster is accepting TCP/IP connections.

Perform modification in C:\PostgreSQL\data\postgresql.conf:

Then in c:\PostgreSQL\data\pg_hba.conf:

But in the client now I have:

It says:

psql: FATAL: password authentication failed for user “postgres”

In the server log, I have as follows:

FATAL: password authentication failed for user
DETAIL: User has no password assigned.
Connection matched pg_hba.conf line 84: “host all all md5”

Revert md5 back to trust in the above pg_hba.conf. Re-start the server and login into PostgreSQL and perform command as follows:

Change back trust back to md5 in the above pg_hba.conf, stop and re-start the server again. This time, the password scheme works correctly in psql:

Now let’s re-run the TextSecure server:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar accountdb status confi
5 change sets have not been applied to postgres@jdbc:postgresql://:5

Seems to be working now. Let’s do this one:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar accountdb migrate conf

No error and by examining the log file, I have:

INFO [2017-10-03 08:11:48,091] liquibase: migrations.xml: migrations.xml::5::moxie: Columns timestamp(bigint) added to pending_devices
INFO [2017-10-03 08:11:48,101] liquibase: migrations.xml: migrations.xml::5::moxie: ChangeSet migrations.xml::5::moxie ran successfully in 83ms

Checking into the PostgreSQL server:

So far so good. Now this one:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar messagedb migrate conf

Also no error:

INFO [2017-10-03 08:26:25,984] liquibase: messagedb.xml: messagedb.xml::4::moxie: Custom SQL executed
INFO [2017-10-03 08:26:25,986] liquibase: messagedb.xml: messagedb.xml::4::moxie: ChangeSet messagedb.xml::4::moxie ran successfully in 19ms
INFO [2017-10-03 08:26:25,995] liquibase: Successfully released change log lock

TextSecure server now has database and tables to be worked upon. The next phase would be to create the client to interact with this server.

How to Compile and Run Open Whisper Systems’ Signal Server (Part 3)

September 29, 2017

Last time when try to run the server, I got Multiple exceptions. From the log file it is found:

WARN [2017-09-28 02:02:11,451] org.whispersystems.textsecuregcm.metrics.NetworkSentGauge: NetworkSentGauge
! java.io.FileNotFoundException: \proc\net\dev (The system cannot find the path specified)
! at java.io.FileInputStream.open0(Native Method)
! at java.io.FileInputStream.open(FileInputStream.java:195)
! at java.io.FileInputStream.(FileInputStream.java:138)
! at java.io.FileReader.(FileReader.java:72)
! at org.whispersystems.textsecuregcm.metrics.NetworkGauge.getSentReceived(NetworkGauge.java:16)
! at org.whispersystems.textsecuregcm.metrics.NetworkSentGauge.(NetworkSentGauge.java:19)
! at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:270)
! at org.whispersystems.textsecuregcm.WhisperServerService.run(WhisperServerService.java:111)
! at io.dropwizard.cli.EnvironmentCommand.run(EnvironmentCommand.java:43)
! at io.dropwizard.cli.ConfiguredCommand.run(ConfiguredCommand.java:85)
! at io.dropwizard.cli.Cli.run(Cli.java:74)
! at io.dropwizard.Application.run(Application.java:89)
! at org.whispersystems.textsecuregcm.WhisperServerService.main(WhisperServerService.java:276)

This is the Linux style to get network statistics. So, for windows environment, the coding inside this class should be modified using equivalent netstat -e command to obtain the necessary data.

Let’s re-compile and run again. But again I get alpn error just as in previous article. Upon some checking, it is found that the alpn-boot-8.1.11.v20170118.jar is missing in target folder. Seems that maven deletes this file when compilation process finished.

So, I decided to move this class to alpn folder and perform running as follows:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar server config/textsecu
Multiple exceptions

To my surprise, although I already modify the source, this error below persist:

WARN [2017-09-28 06:38:21,293] org.whispersystems.textsecuregcm.metrics.NetworkSentGauge: NetworkSentGauge
! java.io.FileNotFoundException: \proc\net\dev (The system cannot find the path specified)
! at java.io.FileInputStream.open0(Native Method)
! at java.io.FileInputStream.open(FileInputStream.java:195)
! at java.io.FileInputStream.(FileInputStream.java:138)
! at java.io.FileReader.(FileReader.java:72)
! at org.whispersystems.textsecuregcm.metrics.NetworkGauge.getSentReceived(NetworkGauge.java:16)

After some checking, it is realized the source is modified in duplicated NetBeans project for the purpose of debugging, where as the original folder is not get modified. For the moment, just copy the source content to the one in used.

Let’s now focus on Multiple exceptions exception error that is triggred from:

! at org.eclipse.jetty.server.Server.doStart(Server.java:419)
! … 7 common frames omitted
! Causing: org.eclipse.jetty.util.MultiException: Multiple exceptions

Which may caused by connection error to postgre:

! Causing: org.postgresql.util.PSQLException: Connection to localhost:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
! at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:239)

Since our infrastructrure already have MS SQL instead of PostgreSQL, I try to change the configuration in TextSecure.yml as follows:

And perform necessary user and database setup in MS SQL.

This time, the error is different:

ERROR [2017-09-28 07:02:56,113] org.apache.tomcat.jdbc.pool.ConnectionPool: Unable to create initial connections of pool.
! java.lang.ClassNotFoundException: com.microsoft.jdbc.sqlserver.SQLServerDriver
! at java.net.URLClassLoader.findClass(URLClassLoader.java:381)

Add dependency in D:\Projects\AndroidProgram\Signal\Server\pom.xml:

Re-compile but I still have:

ERROR [2017-09-28 07:34:50,826] org.apache.tomcat.jdbc.pool.ConnectionPool: Unable to create initial connections of pool.
! java.lang.ClassNotFoundException: com.microsoft.jdbc.sqlserver.SQLServerDriver
! at java.net.URLClassLoader.findClass(URLClassLoader.java:381)

Checking the class binary, and I realized that the class name should be: com.microsoft.sqlserver.jdbc.SQLServerDriver.

Ok, let’s try again:

D:\Projects\AndroidProgram\Signal\Server>java -Xbootclasspath/p:alpn\alpn-boot-8
.1.11.v20170118.jar -jar target\TextSecureServer-1.65.jar server config/textsecu
Multiple exceptions

Still a same error here, but let’s examine the log file:

ERROR [2017-09-28 07:42:12,557] org.apache.tomcat.jdbc.pool.ConnectionPool: Unable to create initial connections of pool.
! java.sql.SQLException: Driver:SQLServerDriver:3 returned null for URL:jdbc:microsoft:sqlserver://xxx:1433;DatabaseName=accountsdb
! at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:329)
! at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:203)

Revise the URL prefix to:


Now I have:

ERROR [2017-09-28 07:53:26,338] org.apache.tomcat.jdbc.pool.ConnectionPool: Unable to create initial connections of pool.
! com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user ‘textsecure’. Reason: The password of the account must be changed. ClientConnectionId:64be0383-755a-401a-a4f4-696e47d82c7f
! at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.java:258)
! at com.microsoft.sqlserver.jdbc.TDSTokenHandler.onEOF(tdsparser.java:256)

But when I try to un-check the password expiration policy, I have:

Well, I just perform manual password change on MS SQL Client console. There are no more exit of the loop, but there are many warning error such as these in the log file:

WARN [2017-09-28 08:07:13,082] org.whispersystems.textsecuregcm.providers.RedisClientFactory: Error connecting
! java.net.ConnectException: Connection refused: connect
! at java.net.DualStackPlainSocketImpl.connect0(Native Method)

Copy executable from Redis-x64-3.2.100.zip to D:\Projects\AndroidProgram\Signal\Server\redis

Then, on another command prompt box:

[364] 28 Sep 16:29:58.727 # Warning: no config file specified, using the default
config. In order to specify a config file use redis-server /path/to/redis.conf

There are no more redis connection error now in the log file. Server seems to be working now.