After many hours of yelling and screaming at my linux dev box, I finally got everything working so I can cross compile and port in theory any application to Android. Obviously the first step was to get SSHd working on the phone, specifically dropbear since it is much simpler than openssh.
Follow these exactly and you should have a running dropbear daemon.
If you have already rooted your phone and have busybox on your phone, I HIGHLY recommend walking through this to make sure you have done everything that is listed. There are a few things you must do for dropbear to work correctly
NOTE: I have not been able to login yet! I have been unable to find the password data for the phone. It is asking for a password when you login with root. And yes, I have tried no password and also common ones along with "android". All result in me still being locked out.
With that out of the way, lets begin. I am assuming you have a virgin G1. I will walk you through the entire procedure.
PART 1 - ROOTING YOUR PHONE
1. Download pTerminal from the marketplace or from http://android-dls.com/files/src.com.poidio.terminal.apk. If you choose to download the file from the link provided, download it on the phone by going to this forum post and long holding the link.
2. Run pTerminal and type
Code:
cd /system/bin
and then
Code:
telnetd
3. Connect the phone to your wifi and go back to pTerminal and run:
Code:
netstat
This will show you the local ip of the G1.
4. Using your favorite telnet client, connect to your phone on the default telnet port 23.
PART 2 - BUSYBOX
5. Welcome to root access We now need to get busybox on the phone. Again, pull up this thread on your phone and long hold the following link: http://staulkor.com/android/busybox.xxx. Dont mind the .xxx extension. Browser wont let you download certain extension types. The xxx will be renamed to asc automatically.
6. We now need to remount /system because it is currently read only. After that we will copy busybox off the sdcard and put it in the bin directory and then make it executable. Go to your telnet app and type:
Code:
mount -o remount,rw /dev/block/mtdblock3 /system
dd if=/sdcard/download/busybox.asc of=/system/bin/busybox
chmod 4755 /system/bin/busybox
cd /system/bin
busybox cp -s busybox cp
You now have access to the cp command. You can use that syntax to make a symlink to any of the busybox commands. MAKE SURE you do NOT overwrite the default symlinks. They have special syntaxes and you will most likely break things.
PART 3 - DROPBEAR
7. Now that you have busybox and the cp command (you MUST have the cp command), we need to create a directory.
Code:
mkdir /system/etc/dropbear
This is where the encryption keys will be kept.
8. Now you have the required directory, you can download dropbear and dropbearkey.
Dropbear - http://www.staulkor.com/android/android-dropbear-0.51.rev1.xxx
Dropbearkey - http://www.staulkor.com/android/android-dropbearkey-0.51.rev1.xxx
Again, download them on the phone by long pressing each link and saving it.
I am using version 0.51 of dropbear. The rev1 is so you know what revision of the android port it is. Changes may have to be made and recompiled and I want to make sure you guys can tell the versions apart short of an md5 hash
9. Now that they are downloaded, they again change the .xxx extension to .asc automatically. We need to move them to /system/bin and make them executable.
Code:
cp /sdcard/download/android-dropbear-0.51.rev1.asc /system/bin/dropbear
cp /sdcard/download/android-dropbearkey-0.51.rev1.asc /system/bin/dropbearkey
chmod 4755 /system/bin/dropbear
chmod 4755 /system/bin/dropbearkey
10. Now we have to create the encryption keys. If you do not create them, dropbear will not run at all.
Code:
dropbearkey -t rsa -f /system/etc/dropbear/dropbear_rsa_host_key
dropbearkey -t dss -f /system/etc/dropbear/dropbear_dss_host_key
11. Now dropbear is totally installed. You can run it by typing:
Code:
dropbear
To check if it is running, type:
Code:
ps
and to make sure it is listening, type:
Code:
netstat
and look for the 0.0.0.0:22 LISTENING
At any point if you have to kill dropbear, you will need to run ps, find the PID and then do "kill <pid>" without the brackets of course.
12. Now we can try to login to the phone. I run Vista on my main box, so I use putty for my ssh/telnet client. If you use linux/osx and type:
Code:
ssh [email protected]<ip address of G1>
You should be able to connect to the phone and it will ask for a password.
13. ?????????? -- We need to be able to login. I cant find any password data on the phone. I am looking for that data to see if there is even a password, or if it would be possible to create a password, or a new user, or something.
Enjoy!
Credits:
Rooting the phone - http://android-dls.com/forum/index.php?f=15&t=151&rb_v=viewtopic
Busybox - http://android-dls.com/forum/index.php?f=15&t=153&rb_v=viewtopic
And big thanks to DarkriftX for making those tutorials and helping the cause
What about public key authentication? Have you tried that?
BTW, awesome news!
No, I have not tried that. Ill give it a shot
running
is it fine to just leave dropbear running? or should we kill it when not in use
I dont know. I think it should be fine, but it may eat some extra battery. We will need to test battery life with it running. My guess is that it probably wont impact the battery life.
k
i'll be sure to keep informed about mine too
thanks staulkor, you even followed though with the walk-though. now its time for you to catch some Z's you desserved it.
ugh
i'm stumped
what's with all the fish names lol if anyone is trying brute force add a list of fish names hehe. i'm going to have to crash i have tried everything i know how and looked through almost everyfile i could think to look through.
sry if this is a dumb qustion
can someone explain wat exactly running dropbear on the g1 allows us 2 do? im just a little confused
Nothing yet since we cant login, but once we can, ssh brings with it a lot of goodies like tunneling
Howdy Boys
A few notes I made whilst following the walkthrough
Code:
busybox cp -s busybox cp
this was failing without me cd'ing over to /system/bin on the telnet terminal
not sure why, since it is in the binaries file, but, whatever
secondly
I think you meant
Code:
cp /sdcard/download/android-dropbearkey-0.51.rev1.asc /system/bin/dropbearkey
not
Code:
cd /sdcard/download/android-dropbearkey-0.51.rev1.asc /system/bin/dropbearkey
enough pety stuff, to the meat and potatoes
Just because there is a prompt for a password, doesnt mean the password exists, or even if that user exists
for proof try to
Code:
ssh [email protected]<ip address with an SSH server>
now I may be 1337, but definitely not 1337 enough to have made my own password on your 'puter
so, the bigest thing would be assigning a password with good ol passwd
since staulkor and the gang has been great enough to get busybox over there, we need to get a user with which we have the password, I chose the aptly named user "ssh"
so I ran
adduser ssh -HD && passwd ssh
but that returns
[CODE[passwd: unknown uid 0 [/CODE]
meaning, as far as I know, that its trying to change the password, but it does not have one for user 0 (aka root), so its looped into an error
so I did
Code:
busybox echo root:x:0:0:root:/root:/ > /etc/passwd
to add the root user to the passwd file, allowing for it to define passwords
note - I am not sure what the home dir and the shell directory (/system/bin/sh?) should be officially, but this seems to work, for the time being
from there passwd works
Code:
passwd: no record of ssh in /etc/shadow, using /etc/passwd
Changing password for ssh
New password:
Bad password: too weak
Retype password:
Password for ssh changed by root
the bad password error comes up even with a 16 alphanumeric, so im not sure wtf thats about
ssh still does not work when I try, however
Code:
busybox login ssh[/]
returns a password prompt, which accepts when entered correctly, which takes me to an ash shell, as prompted to in the /etc/passwd file
I hope that helps some.
Im pretty sure you could set the root password, now that its empty set, but I haven't studied the boot procedure
and I do not want to bork up something that mounts as root expecting no password.
Id rather have a locked phone than an unlocked brick =]
anyone have the guts to try?
Wow, good info Thanks for catching my typos. I have edited the first post with the corrections.
Looks like you are getting somewhere with applying a password. The only reason I said to ssh to [email protected]<ip address> was because I was assuming that would be the account I do know that you can put [email protected]<ip address> and it will still try to authenticate, but I think root is a reasonable assumption.
Anyways, I am off to bed soon, so android development will cease until tomorrow after class.
My plan is to configure dropbear to take public authentication keys instead of passwords.
I am pretty sure it will work, but I just need to confirm.
Looks like somebody beat you to it!
http://www.upche.org/doku.php?id=wiki:android4
This is only confirmed on the emulator. I guess install dropbear on the emulator (watch out, when you close the emulator, you will have to reinstall everything again the next time it boots up) and then try this out and see if you can login.
I have been messing with public key authentication for about an hour now. It is accepting it, but saying "Permission denied (publickey)". I am assuming its saying that because I honestly have no idea where the authorized_keys file goes. I put it in /system/etc/dropbear thinking it will look in the same spot where the private keys are for the server, but no luck.
The only setting in the options.h file before I compile is to enable pub key auth (and yes, it is enabled). I guess tomorrow I will hunt through the code looking to see how it looks for this file.
staulkor said:
I have been messing with public key authentication for about an hour now. It is accepting it, but saying "Permission denied (publickey)". I am assuming its saying that because I honestly have no idea where the authorized_keys file goes. I put it in /system/etc/dropbear thinking it will look in the same spot where the private keys are for the server, but no luck.
Click to expand...
Click to collapse
make sure authorized_keys2 has permissions of '600' (chmod 600 authorized_keys2). That *might* be why dropbear is *****ing...
Although, this assumes you are putting it in the correct place - usually ~/.ssh/... but if $HOME isn't defined... *shrug*
Good luck!
CleverJake37 said:
Howdy Boys
...
so I did
Code:
busybox echo root:x:0:0:root:/root:/ > /etc/passwd
...
from there passwd works
Im pretty sure you could set the root password, now that its empty set, but I haven't studied the boot procedure
and I do not want to bork up something that mounts as root expecting no password.
Id rather have a locked phone than an unlocked brick =]
anyone have the guts to try?
Click to expand...
Click to collapse
You can clone the root user id and you don't need to touch the "root's line" or his password for anything...
echo root:x:0:0:root:/root:/ > /etc/passwd
echo justme:x:0:0:justme:/justme:/ >> /etc/passwd
So you have a second user with the same uid, with a different password on shadow or passwd file. This way, when you enter the username justme with justme's password, you should get a root shell based on the uid. This works normally on Fedora and Debian, it should work on android too (even with busybox...)
Nada
that didnt do it
though that is a neat trick
thanks, im gonna use it in teh future
=]
so I ran
Code:
dropbear -F -E
to monitor to stout and not background it
I tried sshing in via [email protected] and [email protected]
and its returned
Code:
[792] Nov 07 02:48:57 login attempt for nonexistent user from 192.168.0.11:47790
confirming my earlier beliefs
=[
I also tried the -s option in dropbear to allow for passwordless logins, but to no avail
return from
Code:
ssh -v 192.168.1.8
Code:
OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.0.8 [192.168.0.8] port 22.
debug1: Connection established.
debug1: identity file /home/patrick/.ssh/identity type -1
debug1: identity file /home/patrick/.ssh/id_rsa type -1
debug1: identity file /home/patrick/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version android-dropbear_0.51
debug1: no match: android-dropbear_0.51
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '192.168.0.8' is known and matches the RSA host key.
debug1: Found key in /home/patrick/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/patrick/.ssh/identity
debug1: Trying private key: /home/patrick/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/patrick/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).[\CODE]
seems like its attempting to read the key, but its not able to for some reason
I think the biggest issue is creating a userbase that dropbear can read from
I was googling around for solutions to the 'nonexistent user' error and came across this post: http://www.mail-archive.com/[email protected]/msg00193.html
Basically it looks like dropbear logins will fail if there is no /etc/nsswitch.conf and associated libnss* libraries. I haven't had a chance yet to test this solution myself, but I thought I'd point it out in case it can help someone else.
Ah, what a crap...
I downloaded the sources of dropbear, it gives this message when some function "getpwnam((char*)username)" returns NULL. It's system function or something, I mean, it's not a part of dropbear. Description from Internet: "getpwnam - get passwd record given user login name". Searching around, I guess is looking in /etc/passwd for the record for given username.
I tried to create /etc/passwd file and /etc/group, and I am even able to use /system/bin/login to login as root (with password) or as a user created by 'adduser', but all that does not affect anyhow to dropbear error message.
So, I runned out of ideas :-/ Would be good to compile dropbear from sources to know for sure what it is doing, but sounds too complicated. Actually, people who compiled the android version should know how it works...
Tether via wifi setup 1.1 (Can someone make this a sticky!?!?)
This wifi is not an Encrypted connection, please take necesassry step to protect your data (ie: https)
Speed are fast, speed tests give me 900kbps down / 200 kbps up on 3G
Requirements:
G1 with Root
JFv1.31 Image (either AD1 or RC30)
tether-1.6.tar Fixed error in 1.5
tether-1.5.tar [/URL] Has an error in dnsmasq.conf
tether-1.2.ZIP[/URL]
tether-1.1.ZIP[/URL]
Windows XP with wifi card
*******************************************
New Way:
1. Connect phone to computer via USB cable.
2. On the phone, select Mount on the USB connect Notification window.
3. Download the latest tether package and save it to the sdcard(G1 Storage).
4. DISCONNECT THE USB CABLE!!!
5. Open the Terminal Emulator application on the G1
6. Type:
su and press enter (Select Yes to the warning about superuser access)
7. type:
tar xf /sdcard/tether-1.6.tar and press enter
If there are no errors you can proceed..
8. Make sure the G1 wifi is disabled. (settings/wireless controls/Uncheck wi-fi enabled)
type:
tether start ( to start tethering)
tether stop ( to stop tethering)
9. Connect to G1 ad-hoc access point – Ensure Ad-hoc networks is enabled on your windows box .
On WidowsXP (start/settings/network connections/wireless network connection/properties/wireless networks/advanced/
(make sure Any Available Network is enabled)
Then select view wireless networks, you should see an ad-hoc network access point called g1, please note any can connect to this network and surf the internet. You should have dnsmasq assign your laptop a static IP address and then use IP tables to block unwanted access. This is not in this document! Also the G1 gets hot, no worries.
10. You must always be root to start/stop tethering. Open the terminal application, type su, then tether stop/start.
ERRORS:
************************
insmod: init_module '/system/lib/modules/wlan.ko' failed (Operation Not Permitted)
fatal error opening "/sys/android_power/aquire_partial_wake_lock"
error : SI0CSIFADOR (permission denied)
error: SI0CSIFFLAGS (permission denied)
Could not open socket to kernal: Operation not permitted (X5)
/data/local/bin/tether: cannot create /proc/sys/net/ipw4/ip_forward: permission denied
dnsmasq: cannot open or create lease file /data/local/dnsmasq.leases: Permission denied.
error: SIOCSIFFLAGS (Cannot assign requested address)
#
***********
Either you forgot to uncheck enable wifi on the G1 or you're not root, (type su(enter) then tether start(enter))..
*********************************
Old - Manual Setup - Reference
1. Download tether-1.1.ZIP file
2. Create a directory c:\tether on your workstation
4. Unzip tether-1.1.ZIP file to c:\tether directory (5 Files)
3. Use adb utility to copy files from c:\tether to phone (This is done via a windows command window Start/run/cmd/)
(I copied the adb.exe & AdbWinApi.dll into my c:\windows\system32\ directory, this allows you to start adb.exe from any folder.)
C:\>cd c:\tether
Connect your phone via the USB cable.
************************
If you see this error:
C:\tether>adb push tether /data/local/bin/tether
'adb' is not recognized as an internal or external command, operable program or batch file.
You need to use the complete path to adb.exe executeable for all commands!!
C:\tether>C:\folder-where-adb.exe-is-located\adb.exe push tether /data/local/bin/tether
***********************
C:\tether>adb shell
#mkdir /data/local/bin/ (This directory may exists, if it does ignore the error, this needs to be a directory NOT a file!)
#exit
C:\tether>adb push tether /data/local/bin/tether
C:\tether>adb push iptables /data/local/bin/iptables
C:\tether>adb push dnsmasq /data/local/bin/dnsmasq
C:\tether>adb push tiwlan.ini /data/local/tiwlan.ini
C:\tether>adb push dnsmasq.conf /data/local/dnsmasq.conf
4. Change file permissions
C:\tether>adb shell
# chmod 755 /data/local/bin/tether
# chmod 755 /data/local/bin/dnsmasq
# chmod 755 /data/local/bin/iptables
# chmod 755 /data/local/dnsmasq.conf
# chmod 755 /data/local/ tiwlan.ini
5. Make sure the G1 wifi is disabled. (settings/wireless controls/Uncheck wi-fi enabled)
6. Start and stop tether
#tether start
7. Connect to G1 ad-hoc access point – Ensure Ad-hoc networks is enabled on your windows box .
On WidowsXP (start/settings/network connections/wireless network connection/properties/wireless networks/advanced/
(make sure Any Available Network is enabled)
Then select view wireless networks, you should see an ad-hoc network access point called g1, please note any can connect to this network and surf the internet. You should have dnsmasq assign your laptop a static IP address and then use IP tables to block unwanted access. This is not in this document! Also the G1 gets hot, no worries.
#tether stop (stop tethering)
You can enable and disable the tethering after install directly from the phone without being connected to the PC. (MUST HAVE ROOT, OR JF's). Just go into Terminal Emulator..... and simply type the following....
TO START:
$ su (Click yes when it says a program is asking from root)
# tether start
TO STOP:
$ su (Click yes when it says a program is asking from root)
# tether stop
*********************
To restrict who can connect to your wifi network.
You need to get your MAC address of the wifi card, (start/run/cmd/ipconfig /all)
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2915ABG Netw
k Connection
Physical Address. . . . . . . . . : 00-13-CE-B7-A8-0E
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.30
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
Lease Obtained. . . . . . . . . . : Thursday, January 29, 2009 11:23
Lease Expires . . . . . . . . . . : Thursday, January 29, 2009 11:25
Then on the phone, copy the dnsmasq.conf-sure to dnsmasq.conf then either use vi or echo to insert that MAC address and unique ip for each MAC address. Everyone that isn't staticly assigned will be give 192.168.2.254 which is dropped via iptables.
su
cp /data/local/dnsmasq.conf dnsmasq.conf-old
cp /data/local/dnsmasq.conf-secure dnsmasq.conf
(replace XX:XX:XX:XX:XX:XX with your MAC Address in that format)
(for each MAC address/host you have use a unique IP address starting at 192.168.2.40)
echo dhcp-host=XX:XX:XX:XX:XX:XX,192.168.2.40 >> /data/local/dnsmasq.conf
echo dhcp-host=XX:XX:XX:XX:XX:XX,192.168.2.41 >> /data/local/dnsmasq.conf
echo dhcp-host=XX:XX:XX:XX:XX:XX,192.168.2.43 >> /data/local/dnsmasq.conf
tether start
**********************
Someone write a gui app would be greatly appriecatied!
I have some ideas, but don't know java!
Also, I've made some suggestions on how to better secure the connection. Basically:
Start the wifi
Have IPTABLES drop all traffic
Have the user connect to the access point
Have the user click a allow/deny box
The loads the dnsmasq.leases file, which contains the ip/hostname
The user selects which ip/hostname they want to allow access
flush iptables
create new IPTABLE rules with the ip/hostnames allowed.
Use which ever method you prefer, please leave comments at http://forum.xda-developers.com/showthread.php?t=444004
If one of these posts need to be changed or there is a new method please PM me.
This is for CyanogenMod and its derivates. Stock ROMs should be fine.
If you are inrested in editing your MAC address, there's a guide linked below. I don't know if stock ROMs will automcatically correct the MAC. In this case I think you have to edit /efs/imei/.nvmac.info (read more something about /efs before playing with it!)
Click to expand...
Click to collapse
The easiest way to do the calibration is:
Turn wifi ON and run
Code:
tiwlan_plts -n
This is the script called from a oneshot init service in my init.latona.rc if someone is interested. It will calibrate and correct the MAC automatically, even after a data wipe:
Code:
#!/system/bin/sh
if [ ! -f /data/misc/wifi/nvs_map.bin ]; then
insmod /system/lib/modules/tiwlan_drv.ko
/system/bin/tiwlan_loader -i /system/etc/wifi/tiwlan.ini -f /system/etc/wifi/firmware.bin
/system/bin/tiwlan_plts -n
rmmod tiwlan_drv
fi
____________________________________
Older method
Click to expand...
Click to collapse
UPDATE: I found an easy way to get the real MAC.
Download the apk attached or run the following commands:
Code:
su
mount -o remount,rw /system
ln -s /system/lib/modules/tiwlan_drv.ko /system/etc/wifi/tiwlan_drv.ko
#Make sure wifi is off
./mfgloader -l #Take the binary from a stock ROM
./mfgloader -u
rm /system/etc/wifi/tiwlan_drv.ko
mount -o remount,ro /system
After that your MAC address shoud begin with D0:C1:B1 and not 08:00:28.
To see your current MAC: System Settings > About phone > Status (turn wifi on)
Click to expand...
Click to collapse
____________________________________
This is the first post with some more informations about the calibration
Click to expand...
Click to collapse
While I was reading some logs, I noticed these lines
Code:
TIWLAN: 1089.979242: Starting to process NVS...
TIWLAN: 1089.983698: No Nvs, Setting default MAC address
TIWLAN: 1089.989007: pHwInit->uEEPROMCurLen: 1c
TIWLAN: 1089.993462: ERROR: If you are not calibating the device, you will soon get errors !!!
...
TIWLAN: 1094.726827: Station ID : 08-00-28-12-03-58
...
You can see that the device is not calibrated and that the default MAC address is assigned.
Each device should have a unique MAC address, two devices with the same MAC address in the same network will give problems.
________
UPDATE
I made two flashable files:
wlan_calibration.zip will only do the calibration
wlan_calibration_rand.zip will do the calibration and will randomize the last three octets of the address
Click to expand...
Click to collapse
If you still want to do it on your own, here the guide:
_______________
WLAN Calibration
Here the steps you need to follow (taken from: WLAN Calibration):
1) Turn wifi off
2) From ADB/terminal emulator run the following commands [1]:
Code:
$ su
# cd /data/misc/wifi
# insmod /system/lib/modules/tiwlan_drv.ko
# start wlan_loader
# ifconfig tiwlan0 up
# tiwlan_cu -b
/ w p 1 l 2 f 2
/ t b v 21
/ t b t 1 0 0 0 0 0 0 0
/ q
# rmmod tiwlan_drv
This will create this file: /data/misc/wifi/nvs_map.bin. If it's not there, you did something wrong.
After that you should not get the error while turning wifi ON.
________
MAC address fix
Even after the calibration, you'll still have the default MAC address (Station ID : 08-00-28-12-03-58). But no problem, you can 'easly' change it: Editing the MAC Address.
You need to get the newly created /data/misc/wifi/nvs_map.bin and edit it with an hex editor as described in the guide linked above.
I still don't know if the calibration will improve anything, but it surely won't hurt:
For optimal Wi-Fi performance it is mandatory to calibrate the Wi-Fi hardware
Click to expand...
Click to collapse
NOTE: nvs_map.bin is in /data, so if you do a factory reset you have to do this again.
___
[1]
ADB: System settings > Developers options (ON) > Root access > Apps and ADB
Wow...good solution buddy. I think u shouldpost this in development thread. People dont look much in general thread.
this should be added to the cm9/10 instalation .zip file
I did flash the zip file, ran the other commands thru terminal and see the file /data/misc/wifi/nvs_map.bin.
I don't understand the next step to be done.
I cannot open the bin file using hexeditor, I gave it root access.
And, in case i open it what mac address should i use? Is some address hard coded to each phone?
Hetalk said:
I did flash the zip file, ran the other commands thru terminal and see the file /data/misc/wifi/nvs_map.bin.
I don't understand the next step to be done.
I cannot open the bin file using hexeditor, I gave it root access.
And, in case i open it what mac address should i use? Is some address hard coded to each phone?
Click to expand...
Click to collapse
I don't know how MAC are assigned, I simply randomized the last part of the address (I kept the first part: 80:00:28).
Anyway I just uploaded a new zip file to make things even simpler. It will automatically randomize the last four three groups. If you want to use it, you need to delete /data/misc/wifi/nvs_map.bin first. EDIT: I changed the script, now you can do the calibration without removing the file.
Anyway I don't know what's wrong with your editor, I did it from my computer.
I tried using hex editor from play store.
I'll try the new zip tomorrow..
As I wrote in the OP, today I found the way to get the original MAC.
I don't know what is needed to make the commands work while in recovery (services needed etc...), so I made a dummy app (I simply adapted the code of an app I made few days ago to do a similar thing).
No fancy icon (it's the default one), no checks, ugly etc... It simply does the job (my Java knowledge is almost zero)
EDIT:
I almost forgot to say that the real MAC is in /efs/imei/.nvmac.info. It was the first place where I looked, but it's an hidden file an I didn't see at first.
bam....
Dear @loSconosciuto
I following this guide to solve the problem that actually I have in my phone with CM 11. In the Status menu, "non available" appears in my device WIFI mac. I following the guide step by step and I couldn't change it.
Could you help me?
carniman78 said:
Dear @loSconosciuto
I following this guide to solve the problem that actually I have in my phone with CM 11. In the Status menu, "non available" appears in my device WIFI mac. I following the guide step by step and I couldn't change it.
Could you help me?
Click to expand...
Click to collapse
This guide is for the kernel 2.6.35 which uses a completely different driver, it's quite an old thread. The calibration is done in a different way and I don't think that's the problem.
I'm not using CM11, so it's quite hard for me to know exactly what's wrong.
loSconosciuto said:
This guide is for the kernel 2.6.35 which uses a completely different driver, it's quite an old thread. The calibration is done in a different way and I don't think that's the problem.
I'm not using CM11, so it's quite hard for me to know exactly what's wrong.
Click to expand...
Click to collapse
Ok, sir. Thank you for your help.
Hi there
trying to fix Samsung s4 active i9295 wifi problem. at least got the MAC address showing (was 02:lots of zeroes) still unable to start wifi. is there anything else I should search for? tiwlan_drv.ko was not there so I downloaded it sepparately. do I need some more modules to be added? using stock 4 file engineering FW Android 5.0.1
Hi,
I download backtrack-v10-image and I used the Linux Installer from linuxonandroid to launch it, but when I want to install anything, it's shows me "permission denied" in terminal emulator :crying: as well as in console of backtrack "requested operation requires superusers privilege" and when i tape Vnc password's it's show me "authentications failure" .
So I try to start the image manually using the bootbt provided by the website of backtrack. this faith it, the console shows me backtrack
[email protected] by red, against the keys of keyboard are completely messed up, whether in the physical or virtual keyboard.
Sorry if I'm not in the right section .... thank you
tf300t , ww_epad -10.6.1.15.3-20130416, rooted
ps: I can't post any link, you have to google it (To prevent spam on the XDA forums, ALL new users prevented from posting outside links in their messages. After approximately 10 posts, you will be able to post outside links. Thank you for understanding!) as you can see that I'm noob here .
solved by my self, i was able to do it by modifying the directory of the image and using linuxonandroid launcher, but i took precaution to note the password now, like this:
[email protected]:/ $
[email protected]:/ $ cd /sdcard/BT5
[email protected]:/sdcard/BT5 $ su
[email protected]:/storage/emulated/legacy/BT5 # sh /data/data/com.zpwebsites.linuxonandroid/files/bootscript.sh /sdcard/BT5/backtrack.img
Checking loop device... MISSING
Creating loop device... OK
mount: mounting /storage on /data/local/mnt/external_sd failed: Invalid argument
No user defined mount points
net.ipv4.ip_forward = 1
Config file not found, using defaults!(/root/cfg/backtrack.img.config)
Starting first boot setup.......
Creating User account (named backtrack)
Enter new UNIX password: <you have to note this password to use it in backtrack console after sudo su
Retype new UNIX password:
passwd: password updated successfully
The user `backtrack' is already a member of `tty'.
Please enter a password for VNC (must be between 6 and 8 characters long
Using password file /home/backtrack/.vnc/passwd
Password:
Password too short
groupadd: group 'sdcard-rw' already exists
Start VNC server? (y/n)
y
Start SSH server? (y/n)
y
Now enter the screen size you want in pixels (e.g. 800x480), followed by [ENTER]:
1280x752
New 'X' desktop is localhost:0
Starting applications specified in /home/backtrack/.vnc/xstartup
Log file is /home/backtrack/.vnc/localhost:0.log
If you see the message 'New 'X' Desktop is localhost:0' then you are ready to VNC into your backtrack OS..
If connection from a different machine on the same network as the android device use the address below:
eth0: error fetching interface information: Device not found
If using androidVNC, change the 'Color Format' setting to 24-bit colour, and once you've VNC'd in, change the 'input mode' to touchpad (in settings)
* Starting OpenBSD Secure Shell server sshd [ OK ]
Save settings as defaults? (y/n) (You can always change it later in the app)
y
Config saved to /root/cfg/backtrack.img.config
To shut down the Linux environment, just enter 'exit' at this terminal - and WAIT for all shutdown routines to finish!
Click to expand...
Click to collapse
I just want to know how to clean the installation of the "chroot"
without move / rename the image in android to return to the initial state of "chroot"
(without the files are installed in the backtrack)
Well, i struggled for half a day relentlessly and finally got Reaver Working on my XOLO A500S android phone, everything is going good and fine, i got the Reaver app working on my Rooted app without bcmon and it worked and i’m ready to hack the network but just as i bypassed "Test Monitor" successfully(by loading a few scripts and debugging) and hit "Start Attack" this thing showed up, below i’ve written down the issue as it appeared and the scripts that i used to bypass Test Monitor are attached below, i’m basically a noob but good at technical things.
HELP URGENTLY!!!! I waisted a whole day trying to get it working, i’d be so grateful :laugh: if you could help me out with it! PLEASE!! :crying:
Here are those scripts i loaded and put the phone on debug mode
Custom activation script:
#!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo “rfasuccess”
exit
Custom Warm-up Script
#!/bin/bash
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
Custom stop Script:
#!/bin/bash
svc wifi enable
echo “rfasuccess”
1. this happened first but i continued anyway.
Stdout:
"rfa success"
StdErr:
Control the Wifi manager
usage: svc wifi [enable[disable] Turn wifi on or off.
svc wifi prefer
set Wifi as the preferred data network
.//srart.shl[4]: sh :not found
.//start.sh[5]: cd: /data/data/com.bcmon.bcmon/files/tools : No Such File or Directory
./start.sh[6]: ./enable_bcmon : not found
2. and then this happened in the processing window
sh: [3]: sh: not found
CANNOT LINK EXECUTABLE: could not load library "libcap.so.1" needed by "./reaver"; caused by library "libcap.so.1" not found
3. and finally when i hit stop, this message showed up
Stdout:
?rfasuccess?
StdErr:
Control the Wi-fi manager
usage: svc wifi[enable[disable]
Turn Wi-Fi on or off
svc wifi prefer
Set Wi-Fi as the preferred data network