Install Google Play Store on a rooted Amazon Fire TV 2!

This is a cross-post on my personal blog from my threads posted on AFTVNews and on xda-developers.

For those of you who’ve followed the instructions here to get GApps working on a rooted Fire TV 2, but have been frustrated that it won’t work, I figured out what was missing.  It appears the issue is that the newer releases of Open Gapps isn’t installing everything that it’s supposed to be installing. So this guide lays the foundation of everything you need to get to make it work, but there are some additonal steps to take and additional files to sideload to finish the job and get the Play Store running on your Fire TV 2.

First, instead of downloading a -leanback verison of the Play Store, download the newest one that has the [8] designation stating that it’s for Android TV. This is ideal for the Fire TV – for me, it works great. At the time of writing the version I used was Google Play Store 7.5.08.M-xhdpi [8], only a few days old. You also don’t run into the issue of some services not working because the .apk has been resigned.

Secondly, you’ll need some additional tools:
lzip, which you can download here (Windows, other versions are available here – to make it work easier I copied lzip.exe to C:\windows\system32)
7zip, which you can download here (choose the version of your choice, if you’re using Linux you don’t need it since you can just use tar)

Follow the guide up to step 8 and then stop. Before you proceed you’ll need to sideload the missing files.

First, on your PC, extract the Open Gapps .zip file. Inside it go into the Core folder. In here are two apps that are missing that are in .lz format: gmscore-arm64.tar.lz and gsflogin-all.tar.lz. This is where you open a command line and navigate to where you have extracted your Gapps folder. Use lzip.exe to extract the files:

C:\AndroidSDK\platform-tools\open_gapps-arm64-5.1-nano-20170218\Core>lzip -d gmscore-arm64.tar.lz

C:\AndroidSDK\platform-tools\open_gapps-arm64-5.1-nano-20170218\Core>lzip -d gsflogin-all.tar.lz

C:\AndroidSDK\platform-tools\open_gapps-arm64-5.1-nano-20170218\Core>

If it works properly you won’t see any other feedback. Now you have the same two files, but now they’re .tar files. Use 7-zip to extract them – I just right-clicked on them in Windows Explorer, selected “7zip -> Extract here” for each one. Now you have two folders named gmscore-arm64 and gsflogin-all.

Inside those folders you need the following files:

\gsflogin-all\nodpi\priv-app\GoogleLoginService\GoogleLoginService.apk
\gmscore-arm64\nodpi\priv-app\PrebuiltGmsCore\PrebuiltGmsCore.apk
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libAppDataSearch.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libNearbyApp.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libWhisper.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libconscrypt_gmscore_jni.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libgcastv2_base.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libgcastv2_support.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libgmscore.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libgoogle-ocrclient-v3.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libjgcastservice.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libleveldbjni.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libsslwrapper_jni.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libtango_utility_lib.so
\gmscore-arm64\common\priv-app\PrebuiltGmsCore\lib\arm64\libwearable-selector.so

Sideload all of them to your Fire TV, the same as you did in step 8 for Phonesky.apk.

Now, continue with step 9. When you get to step 12, I’ll bet that there isn’t a /system/priv-app/Phonesky/Phonesky.apk file to delete, and when you try to do step 13 you’ll get an error saying that the directory doesn’t exist. That’s because Open Gapps didn’t install it at all in the first place! Time to make the directories yourself so that you can upload the files. Perform these commands:

mkdir /system/priv-app/Phonesky
mkdir /system/priv-app/GoogleLoginService
mkdir /system/priv-app/PrebuiltGmsCore
mkdir /system/priv-app/PrebuiltGmsCore/lib
mkdir /system/priv-app/PrebuiltGmsCore/lib/arm64

Now, just like step 12, copy all of the files to their proper locations:

cp /sdcard/Phonesky.apk /system/priv-app/Phonesky/
cp /sdcard/GoogleLoginService.apk /system/priv-app/GoogleLoginService/
cp /sdcard/PrebuiltGmsCore.apk /system/priv-app/PrebuiltGmsCore/
cp /sdcard/libAppDataSearch.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libNearbyApp.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libWhisper.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libconscrypt_gmscore_jni.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libgcastv2_base.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libgcastv2_support.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libgmscore.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libgoogle-ocrclient-v3.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libjgcastservice.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libleveldbjni.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libsslwrapper_jni.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libtango_utility_lib.so /system/priv-app/PrebuiltGmsCore/lib/arm64/
cp /sdcard/libwearable-selector.so /system/priv-app/PrebuiltGmsCore/lib/arm64/

Now, do step 14 to change the permissions for all of them:

chmod 644 /system/priv-app/Phonesky/Phonesky.apk
chmod 644 /system/priv-app/GoogleLoginService/GoogleLoginService.apk
chmod -R 644 /system/priv-app/PrebuiltGmsCore/

(The difference in the last one gets all of the files at once, rather than you having to do them individually.)

Now, continue with Step 15 to cleanup the files you uploaded. From here on out it should be smooth sailing. When I rebooted and opened up the Play Store (I used ES File Explorer, but you can sideload AppStarter if you’d like) it popped right up and let me log in! I used the “adb shell input tap 1800 1000” command to do the phantom mouse click referred to in step 3.

I’ve successfully downloaded and run games purchased. Play Games works and my cloud saves from my phone sync to the Fire TV! I had trouble getting Play Music to work, though, not sure what’s up with that, but I’ll figure it out later. Hope this helps y’all out!

To give credit where credit is due, the two posts I got the information from to piece together what was missing were:

http://stackoverflow.com/questions/34291902/android-studio-emulator-does-not-come-with-play-store-for-api-23
https://groups.google.com/forum/#!topic/android-rpi/vH_xwFFjOVM

My apologies for those of you who aren’t rooted, can’t root, and find this information useless.  🙁

Adding an SSL certificate for Cisco SG series switches

This has been beating me over the head for ages, so now that I finally made it work, I decided I best share it with the masses to hopefully help others who’ve similarly had issues.

I own and use a Cisco SG200-26 switch at home.  A bit of overkill for a home network, but it works great and I love the functionality it gives me.  However, when accessing the switch to do any sort of configuration, I was always annoyed by the certificate errors when accessing it via HTTPS.  No matter how I tried to get a valid certificate on there, I kept getting errors.  After much researching and desk head banging I finally found a way to get a signed SHA2 cert to install using OpenSSL.

If you have your own CA, hopefully this will help you get your certificate to work.  Otherwise, you should be able to use your CA of choice.  (Edit: references to previously recommended CA removed.)

First, forget using the CSR generated by the switch.  The CA I used won’t accept it and I gave up on trying to figure out what was wrong with the format.  Use OpenSSL to generate your own key and a CSR for the switch.

(Edit: you HAVE to use a 2048 bit key. A 4096 bit key won’t paste into the web interface.)

$ openssl req -new -sha256 -newkey rsa:2048 -nodes -out yourdomain.csr -keyout yourdomain.key -subj "/C=[Insert country here]/ST=[Insert state here]/L=[Insert city here]/O=example.com/CN=yourserver.example.com"

Log in, use the CSR and get your shiny new certificate.  Save it to your PC.

Now you’ve got to format the private key to match what Cisco is looking for on the switch.  If you look at the key generated it starts out something like this:

-----BEGIN PRIVATE KEY-----
MI...
(a whole bunch of text)
...M=
-----END PRIVATE KEY-----

Cisco won’t take it.  You’ve got to convert it to PEM.  So do this:

$ openssl rsa -in yourdomain.key -outform pem > yourdomain.pem
writing RSA key

Take a look at your new key, and now you’ll see this:

-----BEGIN RSA PRIVATE KEY-----
MI...
(a whole bunch of text that looks different)
...7D
-----END RSA PRIVATE KEY-----

THIS private key will work.  Now you need your public key.  So do this:

$ openssl rsa -in yourdomain.pem -pubout > yourdomain.pub
writing RSA key

So now you have your shiny public key ready to go:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5Q21pIa/5C2IXIgQw9Z
iWn63D9K2iNNAR/FSnP+tjyhp+6bHRQOs8FyQLOfiBZR8DW72aqrbFD7cUYgX0Iv
JgpdjWLSxJXi/hbi9rDQFMHAe3qqPn104CaDfxnv7hOfR3+ct9sdCAB/ChoIVCEp
GCn9dRwlEVi1DZ8sN5tVH0/wwqW7MfxPdPuyfqjc/ZoPobVUtq/ovyQi1IaMUFKV
dlXlJ9XQcpZDz6pwEb4ji3E2fMA1gMcO38hX7BV0S0xrTqAB++9gP3MMCu4ZlKFh
ei9q4E1M6psTWnYIgNOo5NMk7tJP1O0Cc6REOV7bft8y0TqZ4qsza+K1Ow6GgYEL
vwIDAQAB
-----END PUBLIC KEY-----

However – and I know this is crap – this public key won’t work either.  I give all the credit to this guy who spelled out the reasoning and how to fix this.  It’s really very simple.  You delete the first 32 characters and add “RSA” in front of public.

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A  <-- 1st 32 characters to delete
MIIBCgKCAQEAo5Q21pIa/5C2IXIgQw9Z
iWn63D9K2iNNAR/FSnP+tjyhp+6bHRQOs8FyQLOfiBZR8DW72aqrbFD7cUYgX0Iv
JgpdjWLSxJXi/hbi9rDQFMHAe3qqPn104CaDfxnv7hOfR3+ct9sdCAB/ChoIVCEp
GCn9dRwlEVi1DZ8sN5tVH0/wwqW7MfxPdPuyfqjc/ZoPobVUtq/ovyQi1IaMUFKV
dlXlJ9XQcpZDz6pwEb4ji3E2fMA1gMcO38hX7BV0S0xrTqAB++9gP3MMCu4ZlKFh
ei9q4E1M6psTWnYIgNOo5NMk7tJP1O0Cc6REOV7bft8y0TqZ4qsza+K1Ow6GgYEL
vwIDAQAB
-----END PUBLIC KEY-----

-----BEGIN RSA PUBLIC KEY-----  <-- RSA added
MIIBCgKCAQEAo5Q21pIa/5C2IXIgQw9Z
iWn63D9K2iNNAR/FSnP+tjyhp+6bHRQOs8FyQLOfiBZR8DW72aqrbFD7cUYgX0Iv
JgpdjWLSxJXi/hbi9rDQFMHAe3qqPn104CaDfxnv7hOfR3+ct9sdCAB/ChoIVCEp
GCn9dRwlEVi1DZ8sN5tVH0/wwqW7MfxPdPuyfqjc/ZoPobVUtq/ovyQi1IaMUFKV
dlXlJ9XQcpZDz6pwEb4ji3E2fMA1gMcO38hX7BV0S0xrTqAB++9gP3MMCu4ZlKFh
ei9q4E1M6psTWnYIgNOo5NMk7tJP1O0Cc6REOV7bft8y0TqZ4qsza+K1Ow6GgYEL
vwIDAQAB
-----END RSA PUBLIC KEY-----  <-- RSA added

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAo5Q21pIa/5C2IXIgQw9ZiWn63D9K2iNNAR/FSnP+tjyhp+6bHRQO
s8FyQLOfiBZR8DW72aqrbFD7cUYgX0IvJgpdjWLSxJXi/hbi9rDQFMHAe3qqPn10
4CaDfxnv7hOfR3+ct9sdCAB/ChoIVCEpGCn9dRwlEVi1DZ8sN5tVH0/wwqW7MfxP
dPuyfqjc/ZoPobVUtq/ovyQi1IaMUFKVdlXlJ9XQcpZDz6pwEb4ji3E2fMA1gMcO
38hX7BV0S0xrTqAB++9gP3MMCu4ZlKFhei9q4E1M6psTWnYIgNOo5NMk7tJP1O0C
c6REOV7bft8y0TqZ4qsza+K1Ow6GgYELvwIDAQAB
-----END RSA PUBLIC KEY-----

The final product!  I went ahead and reformatted mine so that the length of each line was consistent.  I didn’t know how picky the switch was going to be when I imported it, so I figured why bother chancing it.

ANYWAY, now you’re ready to go into your switch settings and import your certificate and your keys!

Cisco SG200-26 Configuration

To add the cert, go under Security, then SSL Server, then SSL Server Authentication Settings.  This will pop up where you can insert your certificate into one of two places.  (You can already see mine!)  Click a check box for the one you want to replace, then click “Import Certificate…”

Cisco SG200-26 SSL Certificate Import

Enable Import RSA Key-Pair, then click the radio button next to Plaintext for your Private Key (since that’s how it’s stored).  Copy and paste your certificate (the one thing you didn’t have to mess with!) and the public and private keys that we made.  Click Apply.  Now click the radio button next to the number of the certificate slot you used where it says “SSL Active Certificate Number”.  Save your config.  DONE.  Now you’re secured, no more annoying messages, everyone’s happy.

I hope that someone finds this helpful!  Thanks Cisco for making such easy to work with gear! /sarcasm

My Windows 10 Upgrade (EASY!)

So I thought I’d do a quick writeup before going to bed to detail my experience with upgrading to Windows 10.

Butt cheeks were clenched.

Butt cheeks were clenched.

First, I got impatient waiting for Windows Update to get around to doing it for me, so I followed these instructions (so kindly provided by Microsoft) to use the pre-downloaded files to make an ISO that you can then burn to a DVD or make a flash drive.  Your PC is domain joined?  Remove it from the domain, but be advised that your domain profile won’t be there after you upgrade – you’ll have to tweak settings and fix apps that were installed to be user specific.  I didn’t have much issue with mine.  Your files haven’t downloaded yet, you say?  Then follow these instructions (so kindly provided by Reddit) to get the download going early.  Didn’t reserve your copy?  Well, then you probably don’t want to upgrade right now anyway.  😉

I made a USB drive and ran setup from it.  I did a full upgrade, keeping all documents and apps.  I had to click to accept that I was losing Windows Media Center.  *sadface*  During one of the reboots it seemed to get stuck in a loop – I hit the reset button and it loaded up normally after that.  The only issue I ran into after getting to the desktop and rejoining my domain was connecting my domain account to my Microsoft account – the only way I was able to get it to work was by running Cortana’s setup.  The option in the control panel didn’t work.  After that, it was a matter of running Steam and resetting it to load with my new profile and installing new graphics card drivers.  My Hyper-V VMs booted up normally and are working as intended.

I know I don’t have a lot of details to share, but seriously… it was that easy. Don’t be afraid.  Take the plunge and get rid of that Windows 8.1 crap on your machine.

win10 done

Welcome!

the froWelcome to my blog!  I am glad you somehow found my little site.  I apologize for the flashy layout and the cool yet flaky animation that doesn’t seem work consistently.  Simon (http://www.killswtch.net/) did an awesome job making this theme and from you can see from his own blog and current layout he’s clearly much more talented than I am.  However, I like a dark background and colors, so until I can bribe someone into helping me make something that’s more my own (*cough*AMETHYST*cough*) this will do.

Here you will find a hodgepodge of things relating to topics that interest me.  I’m a hardware tech by trade and by hobby, so I’m going to attempt to document my projects (and try to go back and document past ones, as well) here.  I like to game, so you may find game related articles as well, but I don’t take much time for it these days.  Random pieces from the real world (music, movies and politics) may also rear their heads, but only if something really resonates with me where I feel moved to publicly write about it.  For now you can see that this is a black hole as far as linking and sharing a bunch of other crap is concerned, but I will be linking to other blogs so long as they’re not spawn of spam.