Being a fan of Linux, and an Ubuntu user, I guess I thought Android was going to be a lot more openly tweakable, but from looking over these threads it looks like it's actually not that easy to do things that I would have assumed would be easily accessible tweaks... like theme/appearance/fonts/icons, etc... In fact it looks like some pretty intense hacking is going on with slow progress in bypassing , etc...
Maybe I'm not understanding correctly. I don't have the G1, but my girlfriend does and I've been enjoying it from over her shoulder... I guess I just expected something more 'open' along the lines of what I've become used to with Ubuntu.
I kind thought Android would be to iPhone, what Linux OS is to Apple OS, but it definitely doesn't seem like that's the case. It seems like Android is just as locked down as iPhone but with fewer apps and not-as-slick interface for the same price as an iPhone.
I had been thinking about getting this phone... maybe I just need to wait for more apps to come out?
Any thoughts?
As of right now we do have a little more opensource than anything else. And like all new software it will take time to learn what to do. Obviously people didn't get Mac OS 3 and immediatly know how to hack it so they could do things they weren't meant to do. And of course same goes with mobile phones. When WM5 came out they had to learn about the new OS and it takes awhile.
So far the freedom we have already surpasses that of any other. We have internet sharing (for those with root) that is far better than the old USB or BluetoothPAN method(which btw is going to be a new profile, it is in the source)
I am willing to bet that as soon as it hits 1.0 that we will see it go entirely open with the ability to flash the rom and all.
That makes sense... I just have to be patient Thanks for the reply!
Open source != open system.
Open source means just that... you can see the source code. That's it. It doesn't imply or confer any other right of access, and with most open source licenses the licensor (Google & HTC) is free to build closed systems just as locked down as one based on proprietary code. Many commercial systems (Android included) are underpinned by open source code for cost savings or stability/security reasons.
Edit:
what Linux OS is to Apple OS
Click to expand...
Click to collapse
That's comparing apples to oranges. Linux is not an operating system; it is an open source kernel on which an operating system can be built.
Fact of the matter is, OS X's Mach kernel is partially descendant from BSD, so you could say the center of OS X is open source as well. More info at wikipedia's Darwin entry. For being a "fan of Linux" you don't seem to understand some of the core principles.
If I am not mistaken Mac's are unix based right? many the kernel is similar to linux... which is why the filesystem structure is similar as well.
But you are correct open source means you can see the source... but usually when someone can see the source they find a way to get around security holes that lock down the system.
With open source and developers an open system is possible. And we already know we can do it because we have modified the updates that are sent which change the system files. so all you need to do is put a new boot.img and a new recovery.img and replace the root system directory... before you know it you can have this running any version of android and/or anything else that will run on an ARM6 device.
Don't make it so complex. It's meaningless to play the words game.
To make it simple:
As a developer, on G1, we are not able to do what we can do on a linux PC, and that was my understanding about the open source smartphone OS.
To be practical, for the same project I ported for Android, Windows Mobile and iPhone, I would say: Windows Mobile is the most open one (friendly) for developer. You can even make your own driver on it. So I would say Windows Mobile = smart version of Windows Desktop. But I cannot say Android = smart version of linux.
I really hope Google can push a little bit to the carriers to open the root for us. Android really needs to be more developer friendly. Otherwise, it is hard to compete with iPhone, since the key part of Andorid was "openess".
jashsu said:
Open source != open system.
Open source means just that... you can see the source code. That's it. It doesn't imply or confer any other right of access, and with most open source licenses the licensor (Google & HTC) is free to build closed systems just as locked down as one based on proprietary code. Many commercial systems (Android included) are underpinned by open source code for cost savings or stability/security reasons.
Edit: That's comparing apples to oranges. Linux is not an operating system; it is an open source kernel on which an operating system can be built.
Fact of the matter is, OS X's Mach kernel is partially descendant from BSD, so you could say the center of OS X is open source as well. More info at wikipedia's Darwin entry. For being a "fan of Linux" you don't seem to understand some of the core principles.
Click to expand...
Click to collapse
As a developer, on G1, we are not able to do what we can do on a linux PC, and that was my understanding about the open source smartphone OS.
Click to expand...
Click to collapse
It's like you've never even heard of embedded linux before. Show me where on the G1 advertising or packaging it claims to be a Linux PC.
To be practical, for the same project I ported for Android, Windows Mobile and iPhone, I would say: Windows Mobile is the most open one (friendly) for developer. You can even make your own driver on it. So I would say Windows Mobile = smart version of Windows Desktop. But I cannot say Android = smart version of linux.
Click to expand...
Click to collapse
WM gives the developer deeper system access. That's awesome for developers maybe, but calling it a "smart" is probably going a bit too far.
I really hope Google can push a little bit to the carriers to open the root for us. Android really needs to be more developer friendly. Otherwise, it is hard to compete with iPhone, since the key part of Andorid was "openess".
Click to expand...
Click to collapse
Android's security framework design is solely Google's responsibility. Tmo doesn't even remotely factor into it. If you don't like the default Android system lockdown then download the codebase and compile it yourself without the security settings. Security is there to prevent neophytes from opening shell and f__king their phones up.
jashsu said:
Android's security framework design is solely Google's responsibility. Tmo doesn't even remotely factor into it. If you don't like the default Android system lockdown then download the codebase and compile it yourself without the security settings. Security is there to prevent neophytes from opening shell and f__king their phones up.
Click to expand...
Click to collapse
And run it, how?
From my understanding, the only way to get a firmware onto the phone ATM is from the recovery menu, which will only install signed updates from Google. Yes, we've got a way around that for now, but it requires root access.
How would you install a self compiled version of Android onto the G1 on the official RC30?
Gary13579 said:
And run it, how?
From my understanding, the only way to get a firmware onto the phone ATM is from the recovery menu, which will only install signed updates from Google. Yes, we've got a way around that for now, but it requires root access.
How would you install a self compiled version of Android onto the G1 on the official RC30?
Click to expand...
Click to collapse
No clue. I'd probably do it with a Freerunner or something that is specifically designed as an open system. The recovery menu is not the only way to write to internal memory; i'm sure the HTC bootloader has some provision for usb access.
You have all of the Android operating system at your disposal in the form of source code (provided you agree to the license). If you want to write/port low level drivers for it go right ahead. You just can't run it on the G1. They chose to lock down the Android implementation on G1 and you're dissatisfied with that. That's like being dissatisfied that a house has locks on it when the architect gave away the blueprints and floor plans for free.
jashsu said:
That's like being dissatisfied that a house has locks on it when the architect gave away the blueprints and floor plans for free.
Click to expand...
Click to collapse
Except when you buy a house, they generally give you the keys.
Gary13579 said:
Except when you buy a house, they generally give you the keys.
Click to expand...
Click to collapse
Yeah I know, it's a flawed analogy.
If you want to have free reign over your Android, I suggest you get a Neo Freerunner to play with. I say play because the open source portion of Android is missing a lot of closed source Google added value apps (Maps, Gmail, etc) that define the G1. Also the porting process is still ongoing.
Android's security framework design is solely Google's responsibility. Tmo doesn't even remotely factor into it. If you don't like the default Android system lockdown then download the codebase and compile it yourself without the security settings. Security is there to prevent neophytes from opening shell and f__king their phones up.[/QUOTE said:
Stop playing the work game and understand the simple Thing that Developers want full Access to device in order to build Software Beyond Generalised Application, like bluetooth drivers, codecs, themes, different home shell the way we do in Windows Mobile
You said take OpenSource and Customise the OS by bypassing some security for shell access. Now Lets understand 98 % device get automatically f**ked with RC30 and there is no Reversal!!! If you can build any Customised Android Package which can bypasss Security for shell access and also Bypass Signature checking just do it for me so i can Revert to Shell Access from f**king RC30.
Click to expand...
Click to collapse
hetaldp said:
Stop playing the work game and understand the simple Thing that Developers want full Access to device in order to build Software Beyond Generalised Application, like bluetooth drivers, codecs, themes, different home shell the way we do in Windows Mobile
You said take OpenSource and Customise the OS by bypassing some security for shell access. Now Lets understand 98 % device get automatically f**ked with RC30 and there is no Reversal!!! If you can build any Customised Android Package which can bypasss Security for shell access and also Bypass Signature checking just do it for me so i can Revert to Shell Access from f**king RC30.
Click to expand...
Click to collapse
98% of G1s might get derooted with RC30, but guess what? 99% of users don't need root or don't care. Tmo and HTC didn't build the G1 as a device for devs to hack and play with. That's why its a subsidized $179 phone and your unlimited dataplan is $25.
99% Percent people dont want it but if we develop some Application which is beyond the SDK thing we must have to have root access to all device in order to Install it.
Adobe is releasing Flash Plugins for Browser lets see they can do it by just releasing APK Package in Market or a Pushed OTA Update. If Adobe requires OTA Update then Smaller Company and Developers see hard time to develop such Extension without Googles Permission.
Just make your Science clear before commenting it
hetaldp said:
99% Percent people dont want it but if we develop some Application which is beyond the SDK thing we must have to have root access to all device in order to Install it.
Click to expand...
Click to collapse
Of course. I am just saying that there is a sense among some people that they are entitled to root access simply because G1 is built on Linux. You are not entitled to anything of the sort. If root is important to you then sell your G1 to someone who doesn't care about root (there are a lot of these people) and buy a Freerunner.
Every OpenMoko phone I have seen looks like they are competing for ugliest phone ever. I know the G1 isn't that pretty, but oh my god, I would be embarassed to carry that in my pocket.
I already own more then 6 Smartphone. And i don't use G1 also becuase of Microsoft Exchange things. I dont have any Complaint for Exchange Connectivity.
Here the Question is how can i develop some more powerful Application / extension / core Part and Distribute it across all G1 users the way we do it in Windows.
This means my core Application can run in free Runner (OpenMoko) but it will not be available in G1 user group. There will be handfull user who may use free Runner but its not my Market. I require bigger community to sell the Software buddy.
Here the Question is how can i develop some more powerful Application / extension / core Part and Distribute it across all G1 users the way we do it in Windows.
Click to expand...
Click to collapse
If you need to get below the VM on stock ota G1 then most likely your product will need to become a part of the Android platform (meaning open sourcing). The integrity of the os and user data is one of the main reasons the Android sdk only supports the VM.
I'll be interested to see how Adobe's flash implementation for G1 works. Flash is closed source, and Google has explicitly stated that the entire Android platform is open source. My guess is they will patch the Browser to accept signed binary plugins. Perhaps Google's signature will require a peek at the source. I'm only speculating though...
Yeah using SDK we can only Develop Application which run itself in the Sandbox cna they can communication with other Application using intents, you can share Data using content Provider, share the Setting using Preference. We can develop some services in apps to handle Asynchronous process.
We we ca not do is recompile the Whole Modded Source, replace or test drivers, codec, low level binaries.
The SDK is fairly powerful out off the Box for Standalone things. !
Thats why i have made a different demand to google in this thread
http://forum.xda-developers.com/showthread.php?t=444893
The only thing tmobile is worried is tethering, as they give unlock code after every 90% day Subsidized Handset unlocking is not a big worry for them.
Just think If you want to develop On Screen keyboard it require more powerful access to core system and its beyond Google Sandbox approach.
jashsu said:
It's like you've never even heard of embedded linux before. Show me where on the G1 advertising or packaging it claims to be a Linux PC..
Click to expand...
Click to collapse
Show me where did I say Android = a linux pc. Same, I didn't say Windows Mobile = Windows XP/Vista.
I hate to play the word game.
jashsu said:
WM gives the developer deeper system access. That's awesome for developers maybe, but calling it a "smart" is probably going a bit too far..
Click to expand...
Click to collapse
That's why I thought very high with Android. But the limited development access makes it worse than WM.
jashsu said:
Android's security framework design is solely Google's responsibility. Tmo doesn't even remotely factor into it. If you don't like the default Android system lockdown then download the codebase and compile it yourself without the security settings. Security is there to prevent neophytes from opening shell and f__king their phones up.
Click to expand...
Click to collapse
Could you please show us how to get the root from the f__king rc30?
Do you rebuild the whole linux on your pc if you just want to make a simple application?
Hello All,
I originally posted this question in the Android general forum but I didn't get any traction so I'm posting here in the hopes of finding some folks in the community with ideas for this project. I work for a not-for-profit children's hospital. The idea is to create a patient entertainment system (think the LodgeNET style systems in hotel rooms) using less expensive and more open hardware/software. We've purchased a few Android based set top boxes such as the EnjoyTV (I'd post the link but it won't let me) and have managed to get them configured the way we want.
The situation we're struggling with now is managing 200+ of these boxes out in the field. I have a few ideas but no one here really with the Android experience to bounce them off of.
Some thoughts:
- We would like to be able to completely reset the device to 'factory' defaults when patients leave rather than worry about locking down the devices too much.
- We would need the defaults to be our configuration, specific applications installed and perhaps even some hospital branding involved.
- I know I can reconfigure the ADB daemon on the device to listen on the ethernet port as opposed to USB.
- In doing so there is no security but I can handle security in the network layer using ACLs etc.
- I should then be able to use remote ADB commands to reset the device which I can script but what will get reset? Will my cusotmizations/apps go away? Will I have to compile a custom ROM?
- Is there a better direction to go in entirely?
Any help or even just a jab in the right directly would be GREATLY appreciated, both by myself and the kids who will benefit while they're here.
Hi,
I think you need MDM solution.
Ideally you might want to get Device admin rights and then reset it from remote easily.
I'm interested by the recently fixed path traversal vulnerability in the VolumeManager::createAsec() function.
Though it seems to be a well known issue for peoples in the field, my entry point was the article "Local root vulnerability in Android 4.4.2", available at blog.cassidiancybersecurity.com: as I'm learning, and know the right way to learn isn't to only read but also to practice, I felt it could be a good exercise to implement an exploit that leverage this vulnerability to get a "root shell".
AFAIK:
On Android 4.4+, to get a useful "root shell" does not mean just to acquire ruid=euid=0 and spawn /system/bin/sh, due to SE Linux restrictions: this requires to setup some kind of su system daemon, that will execute su client requests in a privileged context.
A common way to get this system daemon running privileged enough is to have it started by the kernel as a response to a hot plug event, which involves writing to /sys/kernel/uevent_helper
The API related to the vulnerability (VolumeManager/IMountService) isn't published to user applications, which should rather rely upon the StorageManager system service or the media framework
Getting the su daemon/client programs should be quite easy (a classic shell bind/reverse tcp daemon and a netcat client will be ok for the PoC, though local adb usage would benefit from using un*x domain sockets instead of inet ones).
But, starting from the beginning, I need to find a way to trigger the vulnerability, which I haven't achieved yet: that's why I'm here, hoping someone will be both clever and charitable enough to give a few clues.
The material at hand till now:
The article from cassidiancybersecurity.
The working exploit from jcase (Pie for Motorola devices): thanks to him, I can use a temporary root shell, which helps a lot to see what's happening; it's also there that I've borrowed the /sys/kernel/uevent_helper trickery
SDK/AOSP source code (notably VolumeManager.h/cpp, CommandListener.h/cpp, IMountService.java, MediaFormat.java)
SDK/NDK documentation
I've tried to access the IMountService API through a reference I fetch with something equivalent to:
Code:
IMountService service =
IMountService.Stub.asInterface(ServiceManager.getService("mount"));
I say "something equivalent to" because the API is not public and you have to use reflection.
The acquired proxy seems ok, but invoking the API leads to errors related to missing ASEC_CREATE or MOUNT_UNMOUNT_FILESYSTEMS system permissions/capabilities. Trying to directly write to the IPC un*x sockets also lead to permission errors, which is consistent.
Thus my first question: does exploiting the path traversal vulnerability involve another exploit to set the permissions that allow to access the vulnerable API ?
Reading the related thread, it seems to me that jcase's exploit (Pie for Motorola devices):
relies upon the setup being done under the shell user identity, perhaps to belong to the mount group: can someone confirm this ?
should work mostly for Motorola devices, but not for others: is this stated because successful exploitation also relies upon Motorola specific parts (drivers,customization,...), or because most other vendors have already backported the fix ?
The above questions will certainly sound naive to most of you, but some answers to these would greatly help me not running toward a completely wrong direction.
I'm neither waiting for another binary exploit (I have a Moto G that I boot on a KitKat 4.4.2 rom, and jcase's Pie greatly addresses my current user needs), nor expecting clean source code with build files. I'd just appreciate any relevant direction, pointer, snippet.
For example, I was not aware of the /sys/kernel/uevent_helper trick to execute privileged processes, and discovered it while trying to reverse engineer jcase's implementation. Later on, I've seen it at various places, including the public source of the Cyanide project, which tells me that this is not a secret that must remain secret, but a rather well known (and documented) kernel behavior. That's the kind of things I wish to learn, hopefully with community advice.
Thanks, have a good day.
thanks
Hello fellow forum go-ers of the Security section!!!!
This is my favorite area on this site & always makes me start thinking outside the box so to speak.
So i was thinking about Ubuntu & the ability to run a SU shell within it (not sudo but an actual SU shell by typing 'su' & providing your set password)
Would I be able to launch ADB commands from this SU shell & in turn run commands as any form of top tier user on my unrooted Android device???
Any responses appreciated!!! I really would like some input here on why this would or wouldn't be possible & how well the translated binary performs.
Thanks
No; but Yes. To some extent. This is why, in the *very* early days on Android, many XDA'ers had Terminal Emulator installed on our G1s. We could do build prop edits, push apps to install as system apps, "pull" backups, etc, etc.
These days I'm not sure, since I haven't experimented. However, I've got Kali on my tablet & a terminal app that lets me open either a Kali or Android command line either as a regular user, or as su.
I'm not sure if I helped here... Or if I just muddied the waters even more.
equi_design said:
No; but Yes. To some extent. This is why, in the *very* early days on Android, many XDA'ers had Terminal Emulator installed on our G1s. We could do build prop edits, push apps to install as system apps, "pull" backups, etc, etc.
These days I'm not sure, since I haven't experimented. However, I've got Kali on my tablet & a terminal app that lets me open either a Kali or Android command line either as a regular user, or as su.
I'm not sure if I helped here... Or if I just muddied the waters even more.
Click to expand...
Click to collapse
Little bit of both but that's fine as Kali is a small download! lol, thank you by the way, as my first device was an s2 skyrocket & I remember when it was literally almost all Unix/Linux & much more simple . More or less it killed me by falling out of the computer changes in tech while I caught up on the mobile side.
Again thank you!! as now im closer to certain that i haven't been wasting my time.
LilAnt530 said:
Hello fellow forum go-ers of the Security section!!!!
So i was thinking about Ubuntu & the ability to run a SU shell within it (not sudo but an actual SU shell by typing 'su' & providing your set password)
Would I be able to launch ADB commands from this SU shell & in turn run commands as any form of top tier user on my unrooted Android device???
Click to expand...
Click to collapse
Your android device has an operating system, which gets to make the rules about root. So does your computer. So, being root on your computer is not going to make you root on any other device -- that is, not unless the operating system on the other device is set up to really trust your computer a whole lot (or screws up).
So we might ask: why isn't it configured this way? Well, by way of analogy, imagine if anybody could get into your car and drive away, so long as they had the keys to some car! Or, to make that a slightly more fair analogy: imagine that your car would automatically assume that anyone who drives up in some other car, should be trusted and allowed to drive yours. Sounds like a bad policy, right?
As you may have noticed, some locks -- quite a lot of them, really -- actually do work that way: anybody with any key can unlock them. But those are not the kind of locks you want protecting your valuables while you're away
anonywimp said:
Your android device has an operating system, which gets to make the rules about root. So does your computer. So, being root on your computer is not going to make you root on any other computer -- that is, not unless the operating system on the other computer decides that it really trusts your computer a whole lot (or screws up).
We might ask: why isn't it configured to trust you? Well, by way of analogy, imagine if anybody could get into your car and drive away, so long as they had the keys to some car! Or, to make that a slightly more fair analogy: imagine that your car would automatically assume that anyone who drives up in some other car, should be trusted and allowed to drive yours. Sounds like a bad policy, right?
As you may have noticed, some locks -- quite a lot of them, really -- actually do work that way -- anybody with any key can unlock them. But those are not the kind of locks you want protecting your valuables while you're away
Click to expand...
Click to collapse
But theoretically in the real world i would just pop your cars hood, link up a NAPA BlueFuel On Board Diagnostics Tool (costs about $80 on Amazon) to your cars CPU, then proceed to unlock the doors with a button or simple OBDT terminal command. Then I could Jump Start your vehicle (after i stuck any similar models key into your ignition) & proceed to drive your car wherever i wanted just as if it were my own.....
What enabled me to do this? Having a similar models keys & some in depth administrative authority over your vehicle
For the sake of comparison those keys (Linux Kernel) and the Administrative Authority (The OS used to build the phones platform) should give me the same results (in my mind)
LilAnt530 said:
But theoretically in the real world i would just pop your cars hood, link up a NAPA BlueFuel On Board Diagnostics Tool (costs about $80 on Amazon) to your cars CPU, then proceed to unlock the doors with a button or simple OBDT terminal command. Then I could Jump Start your vehicle (after i stuck any similar models key into your ignition) & proceed to drive your car wherever i wanted just as if it were my own.....
What enabled me to do this? Having a similar models keys & some in depth administrative authority over your vehicle
For the sake of comparison those keys (Linux Kernel) and the Administrative Authority (The OS used to build the phones platform) should give me the same results (in my mind)
Click to expand...
Click to collapse
Actually, this is very often how Windows Domains work. Just "run as Administrator" and you have rooted your whole organization. Obviously that's not how it's intended to work and this would represent a mis-configuration of your Domain if your IT department intended to maintain administrative control. But, for whatever reason, this really does happen; it's not even all that rare.
anonywimp said:
Actually, this is very often how Windows Domains work. Just "run as Administrator" and you have rooted your whole organization. Obviously that's not how it's intended to work and this would represent a mis-configuration of your Domain if your IT department intended to maintain administrative control. But, for whatever reason, this really does happen; it's not even all that rare.
Click to expand...
Click to collapse
Okay Windows is not based on the Linux Kernel, you have no SuperUser capabilities as described on Ubuntu,
The main points of this disccusion were to point out the similarities in platforms & then again in the SU Binaries used on each specifically, thus (hopefully) creating a gap we could bridge, allowing for previous "unrootable" devices to gain root .
So i know a little bit about programming and computers and im curious why no one had pointed this out because of the extreme severity,
For those who arent aware xnpsy which is a spyware client for both android and iphone, has an exploit which allows remote install and root access to and iphone and android 4+
I dont know a whole lot about iphone but arent both android and iphones os based off the same thing?
Possibly sharing some libarys
Quote :
To keep the installation process as simple and quick as possible on Android, Xnspy has come up with the brilliant idea of Remote Installation Support. It’s a service for the users who wish there was someone else who could handle the technical part. If you are nervous and you think you can’t install Xnspy on the target phone, then Xnspy remote installation support is meant for you!
With the Remote Installation Support, Xnspy's customer support reps will be taking care of the entire download and installation remotely. You will only need a physical access to the device during that time and won’t have to do anything on your own.
The wording is very cute on there site but it still is a direct addmision that remote install is a do able.
What does this mean ? No phone is secure
Thanks for sharing. Only a "dead" phone is completely secure