I'm trying to set iptables parameters on startup by adding a line into /system/init.rc. However, this doesn't work as the iptables will show no filters in the default table after a reboot even though the line is present. Can someone explain why? Am I missing something or going about this the wrong way?
count the same question..
Any clues here?
Related
I have been trying to spoof my mac address on my phone. I am a pen tester so please don't lecture me on the ethics behind this because I know. It is very simple to do on linux, so I thought it would be possible on Android.
I installed busybox and terminal emulator and ran the su command. So far, i can run 'busybox ip link set eth0 address XX:XX:XX:XX:XX:XX' 'busybox ip link set eth0 broadcast XX:XX:XX:XX:XX:XX'. Everytime I do this, it changes the mac address, but breaks the wifi functionality. The only way to fix the wifi was to disable, then re-enable it, but that resets the wifi. I was wondering if we could colaborate on this and maybe get somewhere.
I have also seen this somewhere, but am not sure if it will work.
ip link set address NEWMAC dev eth0
Sorry for digging out this old thread, but I was trying the same and failing in the same way as you were.
The only difference is, I do not change the broadcast address, because imo this should remain on "all FF" (please tell me, why the broadcast should be set to the new MAC).
If I change it and fire up 'ip link show eth0', it shows the changed MAC.
The settings menu still shows the real MAC.
As in your case, the WiFi-connection (naturally) terminates (the router (access point) cannot know about the change). If I try to reconnect to the router, I get the error that my password is wrong. When checking the router's log, I see an entry about a failed connection attempt from the changed MAC address.
The only explanation I have is that the WPA2 encryption somehow incorporates the actual "real" MAC address so the encryption fails and as a consequence the connection is refused.
So-far, I haven't tried it without encryption.
Another question would be, what exactly is executed, when you activate WIFI on the phone? Which script?
I know that the network device (in my case "eth0") is created at this point.
If WIFI is down, no such device exists.
I would suspect some script that creates the interface, activates it and starts a demon that handles the connection stuff.
Maybe it would help to inject the spoof code after the interface was created, but before it is activated? So-far, I couldn't identify the correct script/command. Does anyone know?
Knowing the command that creates the network interfaces would also help when searching for the script.
Does any one have a list of AT Terminal commands for the Captivate? that would be just swell
I asked for them on the Samsung website and they thought it was a feature I wanted added to the phone, they had no clue
I have looked on a lot of forms for other phones and over 1/2 the commands don't work on the Captivate :'(
I was looking on some general AT forms and found two different commands to connect the phone to the network but they returned with errors, I tried to post the AT commands here but since I'm new it will not let me post them because it thinks they are links.
I'm confused, are you talking about AT modem stuff like AT&F&C1&D2?
ivioo said:
Does any one have a list of AT Terminal commands for the Captivate? that would be just swell
Click to expand...
Click to collapse
Not quite sure what you are talking about. The only phones I have seen w/ AT commands are Motorola's, using RSD and F&B3 etc. Are you talking about those??
They are probably asking about the AT command set for the 3G modem in the captivate for use for tethering.
This is what I had been using for tethering on my N95 with AT&T medianet. (/etc/ppp/ppp.conf on freebsd -- this will be somewhat different in Linux land) I have not tried the same commands with the captivate yet to see if they work. This at least lists the AT commands. Of course, '\' is line continuation.
Code:
medianet:
set device /dev/cuaU0
set phone "*99***1#"
set authname "[email protected]"
set authkey "CINGULAR1"
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
\"\" AT OK-AT-OK ATQ0V1E1S0=0&C1&D2+FCLASS=0 OK \
AT+CGDCONT=1,\\\"IP\\\",\\\"wap.cingular\\\" OK \
AT+COPS? OK \
\\dATDT\\T TIMEOUT 40 CONNECT"
add default HISADDR
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
EDIT: Just tested it on the captivate, connects to medianet just fine. Yay for tethering on JH7
othermark said:
They are probably asking about the AT command set for the 3G modem in the captivate for use for tethering.
This is what I had been using for tethering on my N95 with AT&T medianet. (/etc/ppp/ppp.conf on freebsd -- this will be somewhat different in Linux land) I have not tried the same commands with the captivate yet to see if they work. This at least lists the AT commands. Of course, '\' is line continuation.
Code:
medianet:
set device /dev/cuaU0
set phone "*99***1#"
set authname "[email protected]"
set authkey "CINGULAR1"
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
\"\" AT OK-AT-OK ATQ0V1E1S0=0&C1&D2+FCLASS=0 OK \
AT+CGDCONT=1,\\\"IP\\\",\\\"wap.cingular\\\" OK \
AT+COPS? OK \
\\dATDT\\T TIMEOUT 40 CONNECT"
add default HISADDR
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
EDIT: Just tested it on the captivate, connects to medianet just fine. Yay for tethering on JH7
Click to expand...
Click to collapse
Sorry for the late reply
Yes I'm looking for the AT command set for the 3G modem in the captivate. I'm trying to use the program "Tera Term VT" on windows 7 computer (for some reason Microsoft decided to not include Hyper Terminal with the win 7 OS) and I'm kind of new to the whole commands for the terminal.
I can get the commands that start with "AT" to be recognized with the terminal but I don't know what to do with the "set" and "\" commands since I'm not using freebsd.
What I posted is the ppp.conf configuration segment for the userspace ppp program on FreeBSD.
The 'set' commands setup the configuration for ppp to talk to the modem and establish the ppp channel, even the 'set dial' segment (which you're interested in) has a special format/meaning to ppp.
A line by line explanation can be found here.
To make it even less understandable, the 'dial' string is in the chat format. Lol. Seriously not for the feint of heart technical reading, however this is what we had to deal with in the old days to get internet access...
Basically what you're seeing in the dial string is a string to send and then a expected response. There is a prelude of strings that the modem may generate, as well as how long to wait at the end. All the
Code:
'\\\'
strings are escapes and certain strings like
Code:
'\d' '\T'
have special meaning in the chat syntax.
Hello Hackers!
I know enough about shell scripts and networking that I was able to create a script that connects to a WiFi network from your remembered networks and enables NAT from hosts on the WiFi network to the 4G LTE data connection.
All you have to do after it's ready is either change the gateway on any PC on the network to the IP address of your phone or add a static route for a specific destination to route to your phone's IP address.
This script requires root access and a way to run shell scripts. I use the SManager app to run it, you just have to make sure it's set to run as root.
If you have a data connection other than 4G LTE then I expect it will most likely have a different interface, you will have to use OS Monitor to see which interface it uses then modify this script to use that interface.
There are a couple issues that I have with it. One is sometimes I have to run it a couple times before DHCP will work and the other issue is the WiFi seems to lag badly causing the internet to perform much slower than it should. Can someone have a look please?
If you make changes to the script then make sure you convert it to UNIX format or SH won't read it correctly. If you have Linux on your PC you can use the command "fromdos" to convert it.
I have attached a zip file with both the on and off scripts below. If anyone has more experience than I and would like to improve it then please let me know and I will include the improvements. :highfive:
Thank you!
How can be connectivity check adjusted / disabled for A12?
My phone reports "connected without internet" due to firewall setup.
On my other devices it was possible to disable the connectivity check using these steps: https://github.com/ukanth/afwall/issues/761
It doesn't work for Samsung Galaxy A12 with Android 10.
It wouldn't bother me since actually all aps and services which matter can access everything what is needed but since Android thinks there is no internet, it stops synchronisation with my Radicale server (used instead of google services).
Update 19.4.2021:
Check is handled by UID 1000. Now it needs port 443 to be opened. Packing the connectivity check nontransparently together with so many other services within single encrypted channel doesn't help to build bonds of trust between user and vendor to say the least.
fixapixa said:
How can be connectivity check adjusted / disabled for A12?
My phone reports "connected without internet" due to firewall setup.
On my other devices it was possible to disable the connectivity check using these steps: https://github.com/ukanth/afwall/issues/761
It doesn't work for Samsung Galaxy A12 with Android 10.
It wouldn't bother me since actually all aps and services which matter can access everything what is needed but since Android thinks there is no internet, it stops synchronisation with my Radicale server (used instead of google services).
Update 19.4.2021:
Check is handled by UID 1000. Now it needs port 443 to be opened. Packing the connectivity check nontransparently together with so many other services within single encrypted channel doesn't help to build bonds of trust between user and vendor to say the least.
Click to expand...
Click to collapse
Maybe I'm seeing but this should be handled in afwall. You can whitelist the needed port by using a script:
Essentially you just put this in a custom script (inside AFWall): $IPTABLES -A "afwall" -p udp --dport 53 -j ACCEPT
Hope it helps.
It_ler said:
Maybe I'm seeing but this should be handled in afwall. You can whitelist the needed port by using a script:
Essentially you just put this in a custom script (inside AFWall): $IPTABLES -A "afwall" -p udp --dport 53 -j ACCEPT
Hope it helps.
Click to expand...
Click to collapse
Well, port 53 is not enough any more. Port 443 can pack too many other unrelated services so it would be handy to have a way to disable connectivity check altogether.
Hello,
Service: Tmobile, Phone: Pixel 3a, rooted, Magisk
I'm able to setup my Tmobile phone's hotspot and share data to my devices. However, it's limited to ~0.5Mpbs. I've found many guides, Magisk modules, etc. I managed to get my Laptop/PC to get over this throttle limit by:
*Using the "VPN Hotspot" app which masks the laptops data so it looks like its coming from the phone
*Set TTL on Laptop/PC to 65
Issue: I can't set the TTL on many devices that connect so they still get throttled. Using an app like "TTL Editor" doesn't work (it fails), because I'm guessing I don't have the requirements: "Kernel support for Netfilter TTL packet mangling for your kernel (xt_HL.ko)" https://play.google.com/store/apps/details?id=org.segin.ttleditor&hl=en_US&gl=US
I tried stock ROMs Android 10 & 11. I also tried LineageOS18.1 which mentions this module so was hoping it would work: https://github.com/LineageOS/android_kernel_google_msm-4.9/search?q=xt_HL , but perhaps more needs to be done? I ran into things like iptables patch-o-matic https://netfilter.org/projects/patch-o-matic/index.html, not sure if this is needed, but cant find any info on how to even patch if that's needed.
CMD:
su iptables -t mangle -A POSTROUTING -j TTL --ttl-set 64
Error: iptables v1.8.4 (legacy) unknown option "--ttl-set"
Doesnt do anything either:
echo "65" > /proc/sys/net/ipv4/ip_default_ttl
I have career in computing/dev, but my Linux is limited & have never compiled a Kernel. I found this: https://wiki.lineageos.org/devices/sargo/build but if I even got that far and was able to succeed, I'm not sure how to add this module - or if that's even what I need.
Any help or a clue would be much appreciated!
Some info for anyone that comes across this: https://forum.xda-developers.com/t/...-tether-lineageos-18-1.4295601/#post-86183959