安卓开发中的 Context

在安卓当中,Context 几乎是无处不在的,每一个 Activity 是一个 Context,每一个 Service 也是一个 Context。

但是如果你新起了一个线程的话,你需要显式地把 Context 传递进去。


public class DumpLocationLog extends Thread {
    LocationManager lm;
    LocationHelper loc;
    public DumpLocationLog(Context context) {
        loc = new LocationHelper();
        lm = (LocationManager) context.getSystemService(Context.LOCATION_SERVICE);
    public void run() {
        lm.requestLocationUpdates(LocationManager.GPS_PROVIDER, 1000L, 500.0f, loc);

然后使用这个线程的时候,把 this,也就是一个 context 的实例传递进去

new DumpLocationLog(this);

if you are in a fragment, use getAcitvity()

if you are in an anoynmous onclicklistener, this is MainActivity.this

为安卓编译 64 位的 dropbear

如何使用 dropbear

这里主要是需要在安卓上生成 host key,以及把自己的公钥传到安卓上

dropbearkey -t rsa -f /data/local/dropbear_host_key # 在安卓上生成 key
adb push ~/.ssh/ /data/local/authorized_keys # 在宿主机把自己的密钥传过去
dropbear -F -E -r /data/local/dropbear_host_key -A -N root -C jk -R /data/local/authorized_keys # 按照给定的 key 启动 dropbear
dropbear -P /data/local/ -r /data/local/dropbear_host_key -A -N root -C jk -R /data/local/authorized_keys # 以 daemon 形式启动 dropbear

如何为 64 位的安卓机器编译 dropbear


addnewvar("LD_LIBRARY_PATH", "/system/lib");


addnewvar("LD_LIBRARY_PATH", "/system/lib64");

使用 AIL 把 dropbear 添加为服务

service sshd /system/xbin/dropbear -s
   user  root
   group root


如何重启 adb(wifi)

setprop service.adb.tcp.port 5555
stop adbd
start adbd

关闭 ssh key 验证

Host *
    StrictHostKeyChecking no

mount -o remount,rw /system



安卓的 AsyncTask

asynchronusally run task without explicitly creating thread.



Here is an example of subclassing:

private class DownloadFilesTask extends AsyncTask<URL, Integer, Long> {
    protected Long doInBackground(URL... urls) {
        int count = urls.length;
        long totalSize = 0;
        for (int i = 0; i < count; i++) {
            totalSize += Downloader.downloadFile(urls[i]);
            publishProgress((int) ((i / (float) count) * 100));
            // Escape early if cancel() is called
            if (isCancelled()) break;
        return totalSize;

    protected void onProgressUpdate(Integer... progress) {

    protected void onPostExecute(Long result) {
        showDialog("Downloaded " + result + " bytes");

Once created, a task is executed very simply:

new DownloadFilesTask().execute(url1, url2, url3);

template parameters can be Void, Void, Void


SSL Pinning 与破解

什么是 SSL Pinning

To view https traffic, you could sign your own root CA, and perform mitm attack to view the traffic. HPKP (http public key pinning) stops this sniffing by only trust given CA, thus, your self-signed certs will be invalid. To let given app to trust your certs, you will have to modify the apk file.

How to break it?

Introducing Xposed

decompile, modify and then recompile the apk file can be very diffcult. so you’d better hook to some api to let the app you trying to intercept trust your certs. xposed offers this kind of ability. moreover, a xposed module called JustTrustMe have done the tedious work for you. just install xposed and JustTrustMe and you are off to go. Here are the detaild steps:

  1. Install Xposed Installer

for android 5.0 above, use the xposed installer.

NOTE: 对于 MIUI,需要搜索 Xposed 安装器 MIUI 专版。

  1. Install Xposed from xposed installer, note, you have to give root privilege to xposed installer

  2. Install JustTrustMe

Android am 命令

am is short for activity manager, which is used to start and stop activity in android.

basic syntax

start an activity

you can get the activity name by decompiling the apk and view the androidmanifest.xml file

am start -n <package_name>/<activity_name> [parameters]
am start -n

stop an activity

am force-stop

download from here:, basically it’s an electorn app

How it works

How to crack it

chrome 插件
/Users/USERNAME/Library/Application Support/Google/Chrome/Profile 1/Extensions

function e() {
this.licensed = false;
this.licenseCached = false

changed to true


let’s assume /system is the rom folder

| Partition | Explanation |
| ———– | ———————– |
| /boot | kernel & Co. |
| /cache | app cache |
| /data | user data partition¹ |
| /data/data | app data¹ |
| /dev | devices, virtual fs |
| /mnt/asec | encrypted apps (App2SD) |
| /mnt/emmc | internal sdcard³ |
| /mnt/sdcard | external sdcard³ |
| /proc | process information² |
| /recovery | used in recovery mode |
| /system | system ROM (read-only) |

/data and /data/data

These are in most cases two separate partitions, but there might be cases where this is handled otherwise. One thing they have in common (add /cache here as well): they get wiped on a factory-reset, while the other partitions are usually left untouched by that.

| Directory | Explanation |
| —————— | ———————————————————– |
| /data/anr | traces from app crashes (App Not Responding) |
| /data/app | .apk files of apps installed by the user |
| /data/backup | Googles Cloud-Backup stuff |
| /data/dalvik-cache | optimized versions of installed apps¹ |
| /data/data | app data² |
| /data/local | temporary files from e.g. Google Play³ |
| /data/misc | system configuration (WiFi, VPN, etc.) |
| /data/system | more system related stuff (certs, battstat) |
| /data/tombstones | more crash stuff (“core dumps”) |
| /data/user | multi-user support, /data/user/0 is a symlink to /data/data |



cross compiling on android

basic knowledge

first, we need a cross compiler, which you can download from the source or somewhere.

second, when we use gcc to build stuff, actually we are implicitly linking to the stdlib of c, if we are cross compiling programs for another platform, then we need another platform’s filesystem to be accessible to us. However, we only need the target’s /usr directory, because that’s where the header files lives in.

we place target’s header files in a directory called sysroot, and gcc supports the argument --sysroot

gcc config parameters

| options  | explaination                                     |
| -------- | ------------------------------------------------ |
| --build  | the machine which you build on                   |
| --host   | the machine which your binary will be running on |
| --target | the machine that GCC will produce code for       |

| --build | --host | --target | result        |
| ------- | ------ | -------- | ------------- |
| -       | -      | -        | native        |
| -       | -      | x        | cross complie |

Argument --target makes sense only when building compiler (e.g. GCC).

How to

Let’s assume you have directory called ~/x-compile

  1. You have your tool-chain installed, that it is the correct tool-chain and the PATH environment variable is correctly set, so that the cross-compiler and all other cross-tools binaries can be called from any folder.
  2. You have the sysroot installed in ~/x-compile/sysroot
  3. Your code depends on a library for which you have the source code in ~/x-compile/depsrc/
  4. You have the source code to be cross-compiled in ~/x-compile/src

  5. compile you dependency lib, if your dependency lib don’t need stdlib

./configure CC=arm-linux-gnueabihf-gcc --prefix=~/x-compile/deps --host=arm-linux-gnueabihf
make install

if your dependency needs system libs, then you need --sysroot as below

  1. compile your program

compile python on android

在安卓上编译 python

compiling 2.7.2

Cross compiling Python for Android

another tutorial

best tutorial


very confusing, the second answer is better