├── scripts
    ├── runadb.sh
    ├── arch_chroot.sh
    ├── arch_start.sh
    └── startterm.sh
├── imgs
    └── arch.jpg
├── misc
    ├── 0x009600e100420024.mbn
    ├── sshd_config
    ├── user-mapping.xml
    └── iptables.rules
├── LICENSE
└── README.md


/scripts/runadb.sh:
--------------------------------------------------------------------------------
1 | setprop service.adb.tcp.port 5555
2 | adbd
3 | 


--------------------------------------------------------------------------------
/imgs/arch.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chin123/archlinux-4044C/HEAD/imgs/arch.jpg


--------------------------------------------------------------------------------
/misc/0x009600e100420024.mbn:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/chin123/archlinux-4044C/HEAD/misc/0x009600e100420024.mbn


--------------------------------------------------------------------------------
/misc/sshd_config:
--------------------------------------------------------------------------------
1 | Port 2022
2 | HostKey /root/.ssh/id_rsa
3 | UsePrivilegeSeparation no
4 | PidFile /root/sshd.pid
5 | 


--------------------------------------------------------------------------------
/scripts/arch_chroot.sh:
--------------------------------------------------------------------------------
 1 | # create the sdcard mountpoint
 2 | mkdir /mnt/sdcard
 3 | 
 4 | # assuming sdcard is mounted at /dev/block/mmcblk1, check and change accordingly
 5 | mount -t ext4 -o rw,exec /dev/block/mmcblk1p2 /mnt/sdcard
 6 | export mnt=/mnt/sdcard/arch
 7 | 
 8 | # mount linux essentials to our chroot environment
 9 | # NOTE: only necessary one time after mounting sd card
10 | mount -o bind /dev $mnt/dev
11 | mount -t devpts devpts $mnt/dev/pts
12 | mount -t proc none $mnt/proc
13 | mount -t sysfs sysfs $mnt/sys
14 | 
15 | # export environmental variables for our chroot
16 | export PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:$PATH
17 | export TERM=xterm
18 | export HOME=/root
19 | export USER=root
20 | 
21 | # chroot into arch
22 | chroot $mnt /bin/bash
23 | 


--------------------------------------------------------------------------------
/misc/user-mapping.xml:
--------------------------------------------------------------------------------
 1 | <user-mapping>
 2 |     <authorize
 3 |             username="admin"
 4 |             password="<redacted>"
 5 |             encoding="md5">
 6 |             <connection name="localhost">
 7 |                     <protocol>vnc</protocol>
 8 |                     <param name="hostname">localhost</param>
 9 |                     <param name="port">5901</param>
10 |                     <param name="password"><!--redacted--></param>
11 |             </connection>
12 |             <connection name="arch">
13 |                     <protocol>ssh</protocol>
14 |                     <param name="hostname">localhost</param>
15 |                     <param name="port">2022</param>
16 |                     <param name="username">chinmaya</param>
17 |                     <param name="password"><!--redacted--></param>
18 |             </connection>
19 |     </authorize>
20 | </user-mapping>
21 | 


--------------------------------------------------------------------------------
/scripts/arch_start.sh:
--------------------------------------------------------------------------------
 1 | # create the sdcard mountpoint
 2 | mkdir /mnt/sdcard
 3 | 
 4 | # assuming sdcard is mounted at /dev/block/mmcblk1, check and change accordingly
 5 | mount -t ext4 -o rw,exec /dev/block/mmcblk1p2 /mnt/sdcard
 6 | export mnt=/mnt/sdcard/arch
 7 | 
 8 | # mount linux essentials to our chroot environment
 9 | # NOTE: only necessary one time after mounting sd card, can be moved to a
10 | # different startup script
11 | mount -o bind /dev $mnt/dev
12 | mount -t devpts devpts $mnt/dev/pts
13 | mount -t proc none $mnt/proc
14 | mount -t sysfs sysfs $mnt/sys
15 | 
16 | # export environmental variables for our chroot
17 | export PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/bin:$PATH
18 | export TERM=xterm
19 | export HOME=/root
20 | export USER=root
21 | 
22 | # execute a few commands in the chroot
23 | chroot $mnt /bin/bash -x <<'EOF'
24 | bash /root/startterm.sh
25 | EOF
26 | 
27 | # start adbd
28 | sh /data/local/runadb.sh
29 | 


--------------------------------------------------------------------------------
/scripts/startterm.sh:
--------------------------------------------------------------------------------
 1 | # here is where you start all the services you need
 2 | 
 3 | # removing where I usually put my logs
 4 | rm /root/vncstatus.log
 5 | touch /root/vncstatus.log
 6 | 
 7 | echo "setup started"
 8 | 
 9 | # kill all services, so this functions as a restart script.
10 | echo "killing services..."
11 | /usr/share/tomcat8/bin/shutdown.sh
12 | vncserver -kill :1
13 | vncserver -kill :2
14 | 
15 | # remove temp files created by vncserver, incase of an unexpected shutdown
16 | rm -rf /tmp/.X1*
17 | 
18 | # kill all services running.
19 | pkill -9 Xvnc
20 | pkill -9 guacd
21 | pkill -9 sshd
22 | echo "done."
23 | 
24 | # hacky, but eh
25 | sleep 1
26 | 
27 | echo "setup firewall..."
28 | iptables-restore < /root/iptables.rules
29 | ip6tables-restore < /root/iptables.rules
30 | echo "done." >> /root/vncstatus.log
31 | echo "starting services..."
32 | vncserver
33 | /sbin/sshd -f /root/sshd_config
34 | /usr/share/tomcat8/bin/startup.sh
35 | guacd start
36 | echo "starting irc..."
37 | cd /root/qwebirc
38 | python2 run.py -p 8000
39 | 
40 | # you can add any other services you want to run here, modify as you like
41 | 
42 | echo "setup finished"
43 | 


--------------------------------------------------------------------------------
/misc/iptables.rules:
--------------------------------------------------------------------------------
 1 | # taken from https://superuser.com/a/1341430
 2 | *filter
 3 | 
 4 | # drop forwarded traffic. you only need it of you are running a router
 5 | :FORWARD DROP [0:0]
 6 | 
 7 | # Accept all outgoing traffic
 8 | :OUTPUT ACCEPT [623107326:1392470726908]
 9 | 
10 | 
11 | # Block all incoming traffic, all protocols (tcp, udp, icmp, ...) everything.
12 | # This is the base rule we can define exceptions from.
13 | :INPUT DROP [11486:513044]
14 | 
15 | # do not block already running connections (important for outgoing)
16 | -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
17 | 
18 | # do not block localhost
19 | -A INPUT -i lo -j ACCEPT
20 | 
21 | # do not block icmp for ping and network diagnostics. Remove if you do not want this
22 | # note that -p icmp has no effect on ipv6, so we need an extra ipv6 rule
23 | -4 -A INPUT -p icmp -j ACCEPT
24 | -6 -A INPUT -p ipv6-icmp -j ACCEPT
25 | 
26 | # allow some incoming ports for services that should be public available
27 | # enable the ports you deem are safe here
28 | #-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
29 | #-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
30 | #-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
31 | 
32 | # commit changes
33 | COMMIT
34 | 
35 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 | Creative Commons Legal Code
  2 | 
  3 | CC0 1.0 Universal
  4 | 
  5 |     CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
  6 |     LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
  7 |     ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
  8 |     INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
  9 |     REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
 10 |     PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
 11 |     THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
 12 |     HEREUNDER.
 13 | 
 14 | Statement of Purpose
 15 | 
 16 | The laws of most jurisdictions throughout the world automatically confer
 17 | exclusive Copyright and Related Rights (defined below) upon the creator
 18 | and subsequent owner(s) (each and all, an "owner") of an original work of
 19 | authorship and/or a database (each, a "Work").
 20 | 
 21 | Certain owners wish to permanently relinquish those rights to a Work for
 22 | the purpose of contributing to a commons of creative, cultural and
 23 | scientific works ("Commons") that the public can reliably and without fear
 24 | of later claims of infringement build upon, modify, incorporate in other
 25 | works, reuse and redistribute as freely as possible in any form whatsoever
 26 | and for any purposes, including without limitation commercial purposes.
 27 | These owners may contribute to the Commons to promote the ideal of a free
 28 | culture and the further production of creative, cultural and scientific
 29 | works, or to gain reputation or greater distribution for their Work in
 30 | part through the use and efforts of others.
 31 | 
 32 | For these and/or other purposes and motivations, and without any
 33 | expectation of additional consideration or compensation, the person
 34 | associating CC0 with a Work (the "Affirmer"), to the extent that he or she
 35 | is an owner of Copyright and Related Rights in the Work, voluntarily
 36 | elects to apply CC0 to the Work and publicly distribute the Work under its
 37 | terms, with knowledge of his or her Copyright and Related Rights in the
 38 | Work and the meaning and intended legal effect of CC0 on those rights.
 39 | 
 40 | 1. Copyright and Related Rights. A Work made available under CC0 may be
 41 | protected by copyright and related or neighboring rights ("Copyright and
 42 | Related Rights"). Copyright and Related Rights include, but are not
 43 | limited to, the following:
 44 | 
 45 |   i. the right to reproduce, adapt, distribute, perform, display,
 46 |      communicate, and translate a Work;
 47 |  ii. moral rights retained by the original author(s) and/or performer(s);
 48 | iii. publicity and privacy rights pertaining to a person's image or
 49 |      likeness depicted in a Work;
 50 |  iv. rights protecting against unfair competition in regards to a Work,
 51 |      subject to the limitations in paragraph 4(a), below;
 52 |   v. rights protecting the extraction, dissemination, use and reuse of data
 53 |      in a Work;
 54 |  vi. database rights (such as those arising under Directive 96/9/EC of the
 55 |      European Parliament and of the Council of 11 March 1996 on the legal
 56 |      protection of databases, and under any national implementation
 57 |      thereof, including any amended or successor version of such
 58 |      directive); and
 59 | vii. other similar, equivalent or corresponding rights throughout the
 60 |      world based on applicable law or treaty, and any national
 61 |      implementations thereof.
 62 | 
 63 | 2. Waiver. To the greatest extent permitted by, but not in contravention
 64 | of, applicable law, Affirmer hereby overtly, fully, permanently,
 65 | irrevocably and unconditionally waives, abandons, and surrenders all of
 66 | Affirmer's Copyright and Related Rights and associated claims and causes
 67 | of action, whether now known or unknown (including existing as well as
 68 | future claims and causes of action), in the Work (i) in all territories
 69 | worldwide, (ii) for the maximum duration provided by applicable law or
 70 | treaty (including future time extensions), (iii) in any current or future
 71 | medium and for any number of copies, and (iv) for any purpose whatsoever,
 72 | including without limitation commercial, advertising or promotional
 73 | purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
 74 | member of the public at large and to the detriment of Affirmer's heirs and
 75 | successors, fully intending that such Waiver shall not be subject to
 76 | revocation, rescission, cancellation, termination, or any other legal or
 77 | equitable action to disrupt the quiet enjoyment of the Work by the public
 78 | as contemplated by Affirmer's express Statement of Purpose.
 79 | 
 80 | 3. Public License Fallback. Should any part of the Waiver for any reason
 81 | be judged legally invalid or ineffective under applicable law, then the
 82 | Waiver shall be preserved to the maximum extent permitted taking into
 83 | account Affirmer's express Statement of Purpose. In addition, to the
 84 | extent the Waiver is so judged Affirmer hereby grants to each affected
 85 | person a royalty-free, non transferable, non sublicensable, non exclusive,
 86 | irrevocable and unconditional license to exercise Affirmer's Copyright and
 87 | Related Rights in the Work (i) in all territories worldwide, (ii) for the
 88 | maximum duration provided by applicable law or treaty (including future
 89 | time extensions), (iii) in any current or future medium and for any number
 90 | of copies, and (iv) for any purpose whatsoever, including without
 91 | limitation commercial, advertising or promotional purposes (the
 92 | "License"). The License shall be deemed effective as of the date CC0 was
 93 | applied by Affirmer to the Work. Should any part of the License for any
 94 | reason be judged legally invalid or ineffective under applicable law, such
 95 | partial invalidity or ineffectiveness shall not invalidate the remainder
 96 | of the License, and in such case Affirmer hereby affirms that he or she
 97 | will not (i) exercise any of his or her remaining Copyright and Related
 98 | Rights in the Work or (ii) assert any associated claims and causes of
 99 | action with respect to the Work, in either case contrary to Affirmer's
100 | express Statement of Purpose.
101 | 
102 | 4. Limitations and Disclaimers.
103 | 
104 |  a. No trademark or patent rights held by Affirmer are waived, abandoned,
105 |     surrendered, licensed or otherwise affected by this document.
106 |  b. Affirmer offers the Work as-is and makes no representations or
107 |     warranties of any kind concerning the Work, express, implied,
108 |     statutory or otherwise, including without limitation warranties of
109 |     title, merchantability, fitness for a particular purpose, non
110 |     infringement, or the absence of latent or other defects, accuracy, or
111 |     the present or absence of errors, whether or not discoverable, all to
112 |     the greatest extent permissible under applicable law.
113 |  c. Affirmer disclaims responsibility for clearing rights of other persons
114 |     that may apply to the Work or any use thereof, including without
115 |     limitation any person's Copyright and Related Rights in the Work.
116 |     Further, Affirmer disclaims responsibility for obtaining any necessary
117 |     consents, permissions or other rights required for any use of the
118 |     Work.
119 |  d. Affirmer understands and acknowledges that Creative Commons is not a
120 |     party to this document and has no duty or obligation with respect to
121 |     this CC0 or use of the Work.
122 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # archlinux-4044C
  2 | 
  3 | ## What is this?
  4 | * A guide with accompanying scripts to get a working arch linux chroot on the
  5 | [Alcatel 4044C](https://www.amazon.com/Alcatel-QuickFlip-Unlocked-Extrenal-Bluetooth/dp/B07PHTYGY7), a $40 flip phone with 4G and wifi support. It comes with [KaiOS](https://en.wikipedia.org/wiki/KaiOS), a linux based mobile operating system.  
  6 | * This guide should work for any Android/KaiOS device in general, although
  7 | you might have to modify the scripts to tailor them to your device.  
  8 | * This is one of many possible ways to get an arch chroot working, but given how little this method requires (just the ability to use EDL to modify partitions), it should be applicable to the most number of devices.
  9 | 
 10 | ## What we're going for
 11 | ![Terminal emulator on the 4044C](imgs/arch.jpg)  
 12 | This is [Apache Guacamole](https://guacamole.apache.org/) loaded on the default KaiOS browser, running an ssh session logged in to the arch linux chroot.  
 13 | Here's a video of me executing some commands on the device: https://www.youtube.com/watch?v=gze_Acba490
 14 | 
 15 | ## Prerequisites
 16 | * An alcatel 4044C or similar device.
 17 | * A micro SD card to store arch linux. I recommend atleast an 8 GB one to be 
 18 |   comfortable, although the rootfs is only about 500MB, so you could probably make 
 19 |   it work with any size larger than that.
 20 | * A computer and usb cable
 21 | * Prerequisite reading: (we will be using
 22 | information learned from all of these in the guide)
 23 | 	1. [Bananahackers page on EDL mode on kaiOS
 24 | 	devices](https://sites.google.com/view/bananahackers/development/edl)
 25 | 	2. [Bananahackers page on the alcatel
 26 | 	OT-4044](https://sites.google.com/view/bananahackers/devices/alcatel-ot-4044)
 27 | 	3. [Bananahackers page on recovery mode image
 28 | 	modification](https://sites.google.com/view/bananahackers/root/recovery-mode)
 29 | * Prerequisite downloads: (clone/download these to keep them handy)
 30 | 	- https://github.com/andybalholm/edl _(required to read and write device partitions)_
 31 | 	- `adb` _(required to have a root shell on the device)_
 32 | 	- http://fl.us.mirror.archlinuxarm.org/os/ArchLinuxARM-armv7-latest.tar.gz
 33 | 	_(required, the arch linux armv7 rootfs)_
 34 | 	- Android NDK _(required if you want to compile the code yourself. Trust me for
 35 | 	  some reason? You can download the pre-compiled binaries below)_.
 36 | 	- https://github.com/ubiquiti/dropbear-android, _(required to obtain initial shell access outside recovery mode)_.
 37 | 	- https://github.com/sjitech/android-gcc-toolchain _(optional, makes it easier
 38 | 	  to compile dropbear-android)_
 39 | 	- [Apache Guacamole](https://guacamole.apache.org/) _(required to have a
 40 | 	web-based terminal emulator on the device)_
 41 | 	- https://github.com/chin123/guacamole-client _(optional, my fork of the
 42 | 	guacamole client with support for full screen and a more minimal on screen
 43 | 	keyboard suitable for flip phones)_
 44 | * Know that this will void your warranty.
 45 | 
 46 | ## Precompiled binaries
 47 | Trust me for some reason? Don't want to setup the NDK?
 48 | I've uploaded the pre-compiled binaries for `dropbear`, `adbd`, `busybox`, and
 49 | `zip`
 50 | [here](https://drive.google.com/file/d/1pI6-l8gDL28ZQwmpMaoP_Iv16rKpjAD_/view?usp=sharing).
 51 | 
 52 | ## Figure out a way to read and write to partitions
 53 | If you have root access and adb already working you're done here. However, the
 54 | alcatel 4044C comes with adb over USB blocked, and I could never figure out how
 55 | to get it to work. However, it is easy to enter download mode on the 4044C: turn
 56 | off the phone, and hold both volume buttons. With the usb cable connected to the
 57 | computer, insert it to the phone while you are pressing both volume buttons. It
 58 | should vibrate and display a warning about entering download mode. At this
 59 | point, release the down volume button and wait until the screen turns black. You
 60 | have now entered qualcomm EDL (emergency download) mode. [(Credit to luxferre
 61 | for discovering this)](https://groups.google.com/forum/#!topic/bananahackers/2bMtsPpdo5I).
 62 | You can now use EDL tools to read and write to the device partitions on
 63 | the 4044C. [This](https://github.com/andybalholm/edl) specific fork of
 64 | edl tools worked on the 4044C, along with the firehose file in
 65 | `misc/0x009600e100420024.mbn` however it might not for you. Read the
 66 | [bananahackers
 67 | page](https://sites.google.com/view/bananahackers/development/edl) about
 68 | EDL to learn more about edl and firehose files and how to use it on your
 69 | device.  
 70 |   
 71 | ## Backup!
 72 | Once you have successfully been able to read partition data from your device,
 73 | **backup all of your partitions**. It is invaluable to have a working backup of
 74 | all your partitions, especially the recovery, boot, system, userdata, and
 75 | custpack partitions. If you ever screw up, you can just flash back to a working
 76 | state. Backup regularly and you can have a bit more confidence while hacking.
 77 | 
 78 | ## Modify recovery image
 79 | First, we will want adb shell access in the recovery. This will let us have
 80 | direct shell access into the device, so that we don't have to keep flashing
 81 | whole system partitions. Follow the guide in [prerequisite
 82 | reading (3)](https://sites.google.com/view/bananahackers/root/recovery-mode) and
 83 | install adb in your recovery partition. Reboot into recovery and you should have
 84 | full root shell access, however only in recovery mode. I was able to use `adb
 85 | shell` after selecting the `mount system` option in recovery mode.
 86 | 
 87 | ## Install dropbear, adbd in the system partition
 88 | Once you have adb access in recovery, you will be able to remount the system
 89 | partition as read/write to modify it, using a command like:
 90 | ```
 91 | mount -t ext4 -o rw,remount /system
 92 | ```
 93 | Either compile or download the dropbear-android binary. Create the required keys
 94 | as described in the dropbear-android README, and place the dropbear binary in
 95 | `/system/bin/dropbear`. Also, place the rooted `adbd` binary in
 96 | `/system/bin/adbd`. You can obtain `adbd` from the [gerdaOS repo
 97 | here](https://gitlab.com/project-pris/system/-/blob/master/src/boot/8110/root/sbin/adbd)
 98 | (yeah, you need to download a random binary from a stranger, but what can you
 99 | do? I didn't bother trying to compile adbd). It would also be nice to place
100 | busybox at `/system/bin/busybox` if you dont have busybox there already.
101 | Now all that's left to do is to start the dropbear binary at boot. A simple way
102 | to do this is to just add the following command to the end of
103 | `/system/bin/b2g.sh`, just before the last line `exec $COMMAND_PREFIX
104 | "$B2G_DIR/b2g"`, because at this point network access is already established:
105 | ```
106 | /system/bin/dropbear -A -N root -C supersecurepassword -r /system/dropbear_rsa_host_key -r /system/dropbear_dss_host_key -p 10022 2> /data/dropbear_err.txt
107 | ```
108 | This will let you ssh into your device from your computer as so:
109 | ```
110 | ssh root@<ip addr> -p 10022 "sh"
111 | ```
112 | with password `supersecurepassword`.
113 | NOTE: you cannot just ssh in and expect a shell, because you will
114 | end up facing this error:
115 | ```
116 | PTY allocation request failed on channel 0
117 | shell request failed on channel 0
118 | ```
119 | I didn't really do a lot of investigation as to why this happens, because I
120 | literally only use this to start adb. Running `sh` as the command in ssh will
121 | open a simple stdin/stdout interface with the shell. You can now start adb over
122 | tcp as so:
123 | ```
124 | setprop service.adb.tcp.port 5555
125 | adbd
126 | ```
127 | Wait for a couple of seconds, and you will be able to connect to your phone like
128 | this:
129 | ```
130 | adb connect <device ip addr>:5555
131 | adb shell
132 | ```
133 | You now have a functional shell! You can use all the regular shell tools, pass
134 | files to and from your device with `adb push`/`adb pull`, and edit files with
135 | `busybox vi`! Now would be a good time to take another system backup.
136 | 
137 | ## Setting up arch linux
138 | Get an SD card and format it with ext4 (or any other file system which supports
139 | symlinks I guess). Extract the arch linux arm rootfs you downloaded earlier into
140 | the sd card, and pop it into your phone. I have a bunch of helper scripts in
141 | `scripts/` which you can use to mount arch linux (specifically `arch_chroot.sh`
142 | to get an arch linux shell, and `arch_start.sh` to just execute a script in the
143 | arch linux chroot). The TLDR is: mount the sd card with rw and exec permissions,
144 | mount the necessary device files, and chroot in. Credit to [this blog
145 | post](https://thomaspolasek.blogspot.com/2012/04/arch-linux-lxde-w-xorg-mouse-keyboard_16.html)
146 | which helped me with this process. Chroot in, and you should have a basic bash
147 | shell in arch. Congratulations, the hard part is now over!
148 | 
149 | ## Getting pacman to work, downloading packages, all that fun stuff
150 | systemd manages `/etc/resolv.conf` by default, but we don't have systemd here,
151 | so just delete `/etc/resolv.conf` which is just a symlink and place this in
152 | instead:
153 | ```
154 | nameserver 8.8.8.8
155 | nameserver 4.2.2.2
156 | ```
157 | Or any other DNS server you like.  
158 | Start off by doing a quick `pacman -Syy`, and try updating all the packages with
159 | `pacman -Syu` to see if it works.
160 | By default, I was unable to install anything with pacman because it kept
161 | complaining about the GPG keys not being trustable. I fixed this by following
162 | [the pacman package signing troubleshooting tips in the arch
163 | wiki](https://wiki.archlinux.org/index.php/Pacman/Package_signing#Troubleshooting).
164 | You should now be able to install arbitrary packages from the arch repos. If
165 | not, the arch wiki is your friend, and should help you resolve any problem
166 | related to pacman.
167 | 
168 | ## Setting up sshd, vncserver, guacamole
169 | Now that you've got the arch basics setup, this part should be easy. I have a
170 | simple `sshd` config in `misc/sshd_config`, but you can modify it any way you
171 | like. You can also setup a vnc server, i used tigerVNC. Read the guacamole
172 | documentation and setup guacamole on arch, preferably with apache tomcat. I have
173 | an example `user-mapping.xml` file in `misc/user-mapping.xml` which you can base
174 | yours off of. The default apache guacamole client works well, but could be a bit
175 | better for flip phones. I modified the default layout and merged a full-screen
176 | option patch, you can find my fork
177 | [here](https://github.com/chin123/guacamole-client). But you're free to use the
178 | default one too, it works well, but you'll miss out on scrolling because there's
179 | no way to drag or use `Shift+PgUp/Dn` in the kaiOS browser. I haven't gotten
180 | full screen to work yet, because I dont know how to open the guacamole menu in
181 | the KaiOS browser, but it does work on desktops for what its worth.  
182 | You can see the script `scripts/startterm.sh` for an example on how to start
183 | tomcat with guacamole too. I am assuming you have some familiarity with the
184 | command line and starting and stopping services so I'm not going to go into much
185 | detail here, just read the documentation and my scripts and adjust as you
186 | please. (Disclaimer: the quality of my scripts are debatable, created over a few
187 | sleepless nights).
188 | 
189 | ## You're done!
190 | Open up the kaiOS browser, and go to `localhost:8080/guacamole` and you should
191 | be able to login and open a terminal emulator. Have fun!
192 | 
193 | ## Some notes and warnings
194 | You can automate everything above using an app, but this is left as an exercise
195 | to the reader. Hint: read the source code of some of the apps included in your
196 | device, located at `/custpack/webapps/`, and some 3rd party apps such as
197 | [Luxferre's adb root for the
198 | 4044](https://groups.google.com/d/msg/bananahackers/2bMtsPpdo5I/ML4KockxBAAJ) to
199 | figure out how to run arbitrary commands from an app.  
200 |   
201 | Please note that you are running an arch linux chroot with root access easily
202 | accessible over wifi. If you plan on taking your phone outside your house and
203 | connecting to untrusted wifi networks, you'll probably want to setup a firewall.
204 | There is a simple iptables rules file located in `misc/` which you can use.
205 | 
206 | ## Questions?
207 | If anything is unclear, or you find a mistake, feel free to open up a github
208 | issue or PR!
209 | 
210 | ## License
211 | The code and this guide is licensed under CC0.
212 | 


--------------------------------------------------------------------------------