Database Info

[APP][ROOT] DroidSniff - Meet the little brother of DroidSheep - v1.0.0 Build 16

DroidSniff is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.
DroidSniff requires ROOT!​
Please note:
DroidSniff was developed as a tool for testing the security of your accounts.
This software is neither made for using it in public networks, nor for hijacking any other persons account.
It should only demonstrate the poor security properties network connections without encryption have.
So do not get DroidSniff to harm anybody or use it in order to gain unauthorized access to any account you do not own! Use this software only for analyzing your own security!​
Source Code : https://github.com/Evozi/DroidSniff
Please fork and support this project.
This app is based on DroidSheep licence under GPL v3 licence.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Here's the changelog
Version 1.0.0 Build 16
This is the 1st release of DroidSniff , please report any problem/bugs at here.
[Added] Support for Reddit
[Added] Check Update with Updater
[Improvement] Actionbar for android below 4.0 with new sexy UI
[Improvement] The session list will not jump back to the top when the list refreshed/new session added.
[Improvement] Green tick on the icon will be showed when you saved a cookie
[Improvement] Arp Spoof Service - Cleaned up some code and added "killall arpspoof"
[Removed] Pop Up Activity
[Fix] Sniffed Google and Amazon URL
More will be added in the up-coming version:
- Pref Screen
- User Agent Changer
- and more!
** if anyone want to help to develop this please PM me, I also will post to GitHub later since this is licence under GPLv3
Coming Soon:
Ability to add custom URL
Ability to change user agent
Setting Screen
Export to cookies to any apps , instead just of email
MAC to Vendor
Please give some suggestion and ideas. :laugh:
Download : http://www.mediafire.com/?c3mr5lx34kpmp97
(Please don't forget to report bugs so that we can fix it)

That looks great. I hope you release the source code for it too.
Here is my modded version. As you see I've updated to UI for it and removed unnecessary code. The icon you are using looks great, the DroidSheep icon is so ugly so I removed it, even the Android default icon is more beautiful. Instead of using WebKit I use the default browser (Chrome) cause it's much more faster and easier to navigate on. I really like the bottom bar in your browser, looks great. For me Google isn't working cause it NEVER wants to use non-SSL.
Something that would be great is support for SSLStrip. FaceNiff has it but it costs money. I've been trying to get it working by using APK Manager & dex2jar/JD-GUI without any success. The C/C++ files aren't included in the apk.
I've been trying to change the name from DroidSheep but I had so many problems so I just skipped it. It's easy to change the name in the GUI but going through all source files and replacing everything is a bit harder.
The app is a little buggy cause sometmies it captures the logins but not every time. I'm going to investigate the included C/C++ files and see if there are any filters and how everything works.

download llink?

Hello, why you not integrate a wpa calculator?

Aircondition said:
That looks great. I hope you release the source code for it too.
Here is my modded version. As you see I've updated to UI for it and removed unnecessary code. The icon you are using looks great, the DroidSheep icon is so ugly so I removed it, even the Android default icon is more beautiful. Instead of using WebKit I use the default browser (Chrome) cause it's much more faster and easier to navigate on. I really like the bottom bar in your browser, looks great. For me Google isn't working cause it NEVER wants to use non-SSL.
Something that would be great is support for SSLStrip. FaceNiff has it but it costs money. I've been trying to get it working by using APK Manager & dex2jar/JD-GUI without any success. The C/C++ files aren't included in the apk.
I've been trying to change the name from DroidSheep but I had so many problems so I just skipped it. It's easy to change the name in the GUI but going through all source files and replacing everything is a bit harder.
The app is a little buggy cause sometmies it captures the logins but not every time. I'm going to investigate the included C/C++ files and see if there are any filters and how everything works.
Click to expand...
Click to collapse
Thanks for your reply, I think I will try work on the SSLStrip and add DroidSniff the ability to target a specific IP address.
Nice you implemented it to use the default browser (Chrome) Gonna figure out how to do that when i'm free.
Yea, need to disable the SSL so that we can get the Google cookies. On my computer Google.com loads without SSL but with my laptop it automatically use SSL.
Changing the name is quite easy. :laugh:
david23400 said:
download llink?
Click to expand...
Click to collapse
Coming Soon :fingers-crossed:
IImanuII said:
Hello, why you not integrate a wpa calculator?
Click to expand...
Click to collapse
Do mean WPA Alice Calculator?

Dang my phone was off and this post made me turn it on and then..no link. -_-
Great job though, looks a lot better than Droid SHEEP

This is great, I have used droidsheep and facesniff for my job and now facesniff does not work with 4.x and droidsheep has some leaks and is never updated anymore also the latest source wont compile without some tweaks and messing about.
Looking forward to your app. If you make a donate version I will gladly donate to support further development and no ads
SSL strip implementation would be useful as I have compiled SSLStrip for android but it crashes often, if you figure out how to get it stable then good on ya!
thanks!

The most important feature is definitely SSL support. Just Google "SSLStrip-for-Android" and you will find the source code for it running on Android. It shouldn't be hard to implement cause DroidSheep is based on Arpspoof which is also included in this project. There is also an app you can test on Google Play but it seems to only work with USB tethering from your phone to PC.
Using the default browser is much faster. Here is how you do it:
str1 stands for the url (eg; facebook.com)
str2 stands for the cookies content (eg; for facebook you have to use the "c_user" cookie, dont have any clue why DroidSheep is also using the datr, lu, and xs cookies, it just makes it slower to initialize cookies)
Code:
Intent i = new Intent(Intent.ACTION_VIEW);
i.setData(Uri.parse("http://" + str1 + ":8080/" + str1 + "@" + str2));
startActivity(i);
Here is the de-compiled version of FaceNiff. Nothing new here, the "faceniff" which contains the SSLStrip library is already compiled and the sources for it is not included in the project.
http://www.media fire.com/?e5xsan45cefe4fy (i have to low posts for links)

Here is the version of SSLStrip I built from the latest source, minimal changes (better icon n stuff)
http://www.filedropper.com/sslstripforandroid101

+1000 SSL strip is important, facebook and twitter now requires https login. Without ssl strip this app would be obsolete for facebook, twitter penetration.

For any of those who can wait for this app, you may also want to check out a similar app known as FaceNiff.
Have Fun!
Sent from my e1809c_v75_jdt1 using xda app-developers app

So you don't think we know what FaceNiff is? It costs money that's the only bad thing and DroidSheep is free and open source but without support for SSLStrip.

nice i like it
it will be amazing when u add
1-sslstrip with auto save (user + password)
2- open sniffed profiles in the stock browser
3-screenshot to sniffed profile
4-auto save cookies
and this can help u
http://comax.fr/yamas/bt5/yamas.sh

The script I posted on the first page was taken from FaceNiff and after some research it seems like it's forwarding all traffic to port 8080 where it's doing the SSL spoofing and enables opening sessions in the default browser (running through the proxy server). When you click on a profile in FaceNiff it will open "http://facebook.com:8080/[email protected]_IDENTIFIER" and the binary will return a response which will set the cookies and rederict the user to the normal Facebook website. It was working when I tested it but then I realized the FaceNiff app was running on my Android, I stopped it and it didnt work anymore.
As fatcobrah said most important is SSLStrip as most websites are forcing users to use SSL and open profiles in the default browser cause it's much easier to navigate in, you can zoom in/out and it has a very fast Javascript engine (at least in Chrome). Improved filters to capture more websites would also be great and grabbing the users Facebook picture like in FaceNiff is also very useful.
Also found this string inside the faceniff binary "all your passwords are belong to Us!.

btw ARP-spoofing is kinda slow. i mean, having your cellphone work as an "inbetween" router dramatically slows down the connection. i've hacked my bother's account (nothing bad, just posted a "you've been hacked" status). and now everytime the internet slows down, he suspects i'm trying to hack him.
so when you make you AWESOME app, please try making the ARP-spoofing faster.
———————————————————
i didn't mean to mock you or to offend you in any kind of way

orthonovum said:
Here is the version of SSLStrip I built from the latest source, minimal changes (better icon n stuff)
http://www.filedropper.com/sslstripforandroid101
Click to expand...
Click to collapse
Nice , I also plan to try that SSLStrip that ported by crazyricky. Hope that it works.
fatcobrah said:
@fatcobrah
Click to expand...
Click to collapse
Thanks for the suggestion.
Aircondition said:
The script I posted on the first page was taken from FaceNiff and after some research it seems like it's forwarding all traffic to port 8080 where it's doing the SSL spoofing and enables opening sessions in the default browser (running through the proxy server). When you click on a profile in FaceNiff it will open "http://facebook.com:8080/[email protected]_IDENTIFIER" and the binary will return a response which will set the cookies and rederict the user to the normal Facebook website. It was working when I tested it but then I realized the FaceNiff app was running on my Android, I stopped it and it didnt work anymore.
As fatcobrah said most important is SSLStrip as most websites are forcing users to use SSL and open profiles in the default browser cause it's much easier to navigate in, you can zoom in/out and it has a very fast Javascript engine (at least in Chrome). Improved filters to capture more websites would also be great and grabbing the users Facebook picture like in FaceNiff is also very useful.
Also found this string inside the faceniff binary "all your passwords are belong to Us!.
Click to expand...
Click to collapse
Yea, agree, and I also found out that the port 8080 will not work unless you start a background service to do the forwarding job like FaceNiff does.
I also looked at faceniff binary and it contain some interesting string. I think when I back home I will try to do that like FaceNiff does.
Riro Zizo said:
btw ARP-spoofing is kinda slow. i mean, having your cellphone work as an "inbetween" router dramatically slows down the connection. i've hacked my bother's account (nothing bad, just posted a "you've been hacked" status). and now everytime the internet slows down, he suspects i'm trying to hack him.
so when you make you AWESOME app, please try making the ARP-spoofing faster.
———————————————————
i didn't mean to mock you or to offend you in any kind of way
Click to expand...
Click to collapse
This is because of limited bandwidth and processing power of most Android devices, there might be bandwidth problems in networks with a lot of traffic. This might lead to problems and slow connections for the whole network.

Riro Zizo said:
btw ARP-spoofing is kinda slow. i mean, having your cellphone work as an "inbetween" router dramatically slows down the connection. i've hacked my bother's account (nothing bad, just posted a "you've been hacked" status). and now everytime the internet slows down, he suspects i'm trying to hack him.
so when you make you AWESOME app, please try making the ARP-spoofing faster.
Click to expand...
Click to collapse
Without arpspoof running: http://www.speedtest.net/result/2053296350.png
With arpspoof running: http://www.speedtest.net/result/2053297706.png
You say it's slower? You're wrong.
I just tried the SSLSlip ported to Android and here are the results:
1. If you have your homepage as "https://www.google.com" it wont load. You have to start browsing on a non-SSL site and the web proxy NanoHTTPD will transform all https links to http.
2. When I logged in to Google the account name and password was shown in the GUI but it was logged out directly after the page refreshed. Maybe NanoHTTPD can't handle cookies correctly?
3. Much slower and battery is draining much more faster cause everything is going through the NanoHTTPD client.
FaceNiff is running the SSLStrip and webserver in the binary file (Linux kernel) and this port is running it inside the Dalvik virtual machine which will make it go slower. We already know that arpspoof is compatibility with this but not sure about the droidsheep binary...

well, my experience with droidsheep was a slow surfing situation...
and you can't speed test it. explaination:
ARP-spoof is making the PC think that the phone is the router, instead of the actual router.
so with ARP-spoof on: PC---Phone---Router---Internet
now, the speed test is only between the Router and the internet. and with ARP-spoof on, it's between the Phone and the Internet.
the connection will still be slow, because having the Phone run as router is actually really hard to do, having the Phone track the PC's activity, and interfere with it is hard.
the phone gets the command from the PC, then send it to the router, the router responds to the phone, then the phone sends the data to the PC... so it's a slower process than without ARP-spoof.
———————————————————
i didn't mean to mock you or to offend you in any kind of way

This is rather interesting. Will you release the source code?

The source code is already released here:
http://code.google.com/p/droidsheep/
Please note that xDragonZ is not the author of this project, he have only changed the GUI and improved it. Here you can see how it works:
http://droidsheep.de/download/Bachelorarbeit.pdf

[APP][2.3+] JuiceSSH - Free SSH Client

For the last six months we've been working on an SSH app and after a lot of hard work and sleepless nights coding - we've hit publish on the Play Store!
As a pair of full-time linux based systems administrators we spend our lives inside SSH sessions, looking after a large number of servers in and out of office hours. Like most android users we used Connectbot and while it's awesome, we found ourselves getting frustrated with it's lack of functionality in areas and started writing an app that suited our needs better.
Over time our little SSH client grew and grew functionality-wise and JuiceSSH was born...
Play Store & Screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
http://play.google.com/store/apps/details?id=com.sonelli.juicessh
Features:
Full colour SSH terminal client
Popup keyboard with all those normally hard to find characters
Use the volume keys to quickly change font size
Click URLs to open in a browser
Copy & Paste within sessions
External keyboard support
Save / Share SSH transcripts to Dropbox/Evernote/Email & SD card
UTF-8 character support
Easily organise your connections by group
Homescreen shortcuts
Keep multiple SSH sessions running in the background
Seamlessly connect 'via' other SSH connections with one click
Immediate access when you open the app to your frequently used connections
Password & OpenSSH private key support
Two-factor SSH authentication (eg: Google Authenticator)
All keys & passwords encrypted on-device with AES-256 encryption
Identities (users/password/keys) are abstracted from connections. Instead of updating every connection when you change your password - just update the identity and any connections linked to it will use the new password/key.
Works out of the box with Ubuntu, RedHat, CentOS, Mint, Gentoo and all other flavours of Linux
zlib compression to improve SSH sessions on high latency connections
Pro Features (optional in-app purchase):
Integrate with Amazon AWS / EC2, synchronise connections and automatically group servers based on their class or security groups.
Securely keep everything in sync between multiple devices
Automated AES-256 encrypted backups of all of your connections and settings
A beautiful widget for fast access to either your frequently used connections, or a specific group (Android 3.0+).
Team collaboration. Share your groups of connections with team members and start working together instead of separately.
Handy snippets library for quick access to your frequently used commands
Dark, Light, Solarized Dark and Solarized Light terminal color themes. For an overview of solarized color scheme and why it rocks for terminal usage check out http://ethanschoonover.com/solarized
Security lock to automatically protect JuiceSSH after a period of inactivity
Coming Soon:
Port forwarding
File transfers ( SCP / SFTP )
WOL
We've only just released it a few days ago and are already building up quite a user base and have had some fantastic feedback so far.
Any comments / suggestions are more than welcome!

Changlog
1.3.3
- Added page up/down keys to popup keyboard
- Added port forwarding (pro feature)
- Connect to port forwards via widget
- Automatically open port forwards in browser
- Improved reliability of 'connect via' functionality
- Improved SSH agent forwarding support
- Auto-expand connection group if only one exists, or the 'All' group if none exist
- Terminal font readability improvements
- Don't CloudSync font size between devices (handy if you have phone & tablet with different DPI)
1.3.2
- Can now disconnect & reconnect from connection notification (ICS+)
- No longer uses/modifies WIFI_SLEEP_POLICY setting
1.3.1
- Fixed a rare SSH 'Authentication Cancelled by Server' issue introduced in 1.3.0
- Added line wrapping for long terminal lines and improved tmux/screen wrapping compatibility
1.3.0
- Added support for two-factor authentication (eg: Google Authenticator)
- Added support for keyboard-interactive authentication
1.2.8
- Better support for keys exported from Connectbot (PKCS#8)
- Improved external ALT key handling (AltGr for international keyboards)
- Fix for broken keys/symbols on devices with slide-out keyboards
1.2.7
- Security lock to automatically protect JuiceSSH after a period of inactivity (Pro only)
- Added ALT and Hide Keyboard items to the popup keyboard
- Fix for issue with 3rd party keyboards in landscape mode
- Optimised terminal resizing performance to remove lag
- Fix for crash when deleting snippets
- Fix for incorrect color in Solarized Light color scheme
- Fix for incorrect number of EC2 instances shown
- Fix for enter key not working in nano & mongo client
1.2.6
- Beautiful new widget for pro users (Android 3.0+)
- Fix for rare issue that caused battery drain
1.2.3
- Improved Asus Transformer keyboard handling
- Bugfixes including SSH connect timeout issue
1.2.2
- Ability to hide software keyboard
- UI Improvements for Samsung Touchwiz devices
- Improved failed connection handling
1.2.0
- Amazon AWS/EC2 integration - keep your connections in sync with your AWS account & instances.
- Function keys (F1-F12) now on popup keyboard
- Fixed bug in 'connect via' connections
1.1.5
- Big improvement in Xterm support/dynamic terminal resizing. Applications like htop and ncurses dialogs now work flawlessly.
- New terminal color themes: Dark, Light, Solarized Dark and Solarized Light
- Fix for Samsung devices that had unreadable buttons on the popup keyboard
1.1.4
- Fix for in-app purchases not being recognised
1.1.3
- Added zlib compression to improve SSH sessions on high latency connections
- Added setting to choose whether the popup keyboard shows above or below the terminal
- Made Settings menu easier to use for low resolution devices
- Fixed bug that caused crash on devices without Google Play Services
- Added support for ssh://<host>:<port> links and bookmarks
1.1.2
- Bugfixes when resizing/rotating terminal
- Homescreen shortcuts
1.1.0
- Save handy snippets that can be used anytime within SSH sessions
- Copy and paste within SSH sessions
- Share SSH session transcripts via Dropbox/Email/Evernote etc or save them to SD card
- Host key/fingerprint verification
- No longer forces new users to link app with a google account
1.0.7
- Optimised automatic dropped/failed connection detection
- Fixed a UTF-8 encoding issue with some characters
1.0.6
- Fixed crash in Google Play billing service that caused some purchases not to take affect
- Fixed issue on Honeycomb tablets that caused a crash when notifications were received
1.0.5
- Fixed problem that occasionally caused an error when resuming background SSH sessions

Excellent SSH client! The layout and functionality makes working on remote machines very easy and efficient.
I have one issue: In some instances the Enter/Return key is not recognised. One easy way to replicate this is by editing a file with nano and then attempting to save it. It just doesn't work.
Any ideas?
Thanks again for the wonderful app!

beanaroo said:
Excellent SSH client! The layout and functionality makes working on remote machines very easy and efficient.
I have one issue: In some instances the Enter/Return key is not recognised. One easy way to replicate this is by editing a file with nano and then attempting to save it. It just doesn't work.
Any ideas?
Thanks again for the wonderful app!
Click to expand...
Click to collapse
Hi,
Thanks for the kind feedback.
We are currently aware of an issue that specifically affects nano, where the enter key is not recognised.
We're looking into it and hopefully will have a fix included in an update soon.
Thanks!

Hi. I am having trouble using an RSA public key with juiceSSH. I know it's not Juice's fault, as I can't use the id_rsa.pub with connectbot either - just thought I'd ask here for any ideas as i'm stuck.
I generate the keys on a Win XP box, using openssh (the cygwin version). OpenSSH itself is running fine (I can connect using passwords). Here's the keygen output:
C:\OpenSSH\bin>ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/graeme/.ssh/id_rsa):
/home/graeme/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/graeme/.ssh/id_rsa.
Your public key has been saved in /home/graeme/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [email protected]
I then copied the id_rsa.pub file to /sdcard on my galaxy note, and tried to add it to my existing identity in Juicessh. I chose "file Path" and after typing id_ the full file name id_rsa.pub appeared. I touched that to select it then hit "OK" but nothing happens. I can only leave this screen by hitting cancel. I then tried to paste in the contents of the file, and that is permitted. But, wehn I try to connect using it, juicessh says "invalid file".
I've regenerated the key a couple of times, always with same results. As I say, the same file is also rejected by connectbot ("problem parsing imported private key").
So it appears that ssh-keygen on my XP box is producing an invalid file format (but that seems wildly unlikely??). I wondered if it was a DOS->Linux file format issue (cr vs cr/lf) but I haven't seen anything online suggestign that a file format conversion is needed if copying keys from Windows to Linux?
How can I track down what's wrong & why?

_pigro_ said:
Hi. I am having trouble using an RSA public key with juiceSSH. I know it's not Juice's fault, as I can't use the id_rsa.pub with connectbot either - just thought I'd ask here for any ideas as i'm stuck.
I generate the keys on a Win XP box, using openssh (the cygwin version). OpenSSH itself is running fine (I can connect using passwords). Here's the keygen output:
C:\OpenSSH\bin>ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/graeme/.ssh/id_rsa):
/home/graeme/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/graeme/.ssh/id_rsa.
Your public key has been saved in /home/graeme/.ssh/id_rsa.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX [email protected]
I then copied the id_rsa.pub file to /sdcard on my galaxy note, and tried to add it to my existing identity in Juicessh. I chose "file Path" and after typing id_ the full file name id_rsa.pub appeared. I touched that to select it then hit "OK" but nothing happens. I can only leave this screen by hitting cancel. I then tried to paste in the contents of the file, and that is permitted. But, wehn I try to connect using it, juicessh says "invalid file".
I've regenerated the key a couple of times, always with same results. As I say, the same file is also rejected by connectbot ("problem parsing imported private key").
So it appears that ssh-keygen on my XP box is producing an invalid file format (but that seems wildly unlikely??). I wondered if it was a DOS->Linux file format issue (cr vs cr/lf) but I haven't seen anything online suggestign that a file format conversion is needed if copying keys from Windows to Linux?
How can I track down what's wrong & why?
Click to expand...
Click to collapse
If your key is valid, the 'Smart Search' in JuiceSSH should find the key (regardless unix/windows line endings of where it is on your sdcard).
If it's not - then it does suggest your key is invalid.
The fact that when you paste in the key on your android device, it still shows as invalid suggests that it's more than just a line endings issue.
I'm afraid I don't have a windows box here to test with.
Can you confirm that the first line of your key contains -----BEGIN RSA PRIVATE KEY----- or -----BEGIN DSA PRIVATE KEY-----
Thanks

Hi, thanks for taking the time to have a look!
The private id_rsa file, which resides in ~home/graeme/.ssh on the XP box, has the -----BEGIN RSA PRIVATE KEY ----- header. The public id_rsa.pub simply has ssh-rsa at the start.
However I think I may be very confused. My need is to connect from my android phone over ssh to my XP "server" which is running openssh. I can currently do this using password authentication, and I want to use keys instead. I have generated public/private RSA keys using ssh-keygen on the XP box, and then copied the public key it generated onto the android phone and tried to import it.
Should I actually be generating the keys on the phone and then copying the public one to the PC? If so, what do I need on Android to do this (I'm not rooted).

_pigro_ said:
Hi, thanks for taking the time to have a look!
The private id_rsa file, which resides in ~home/graeme/.ssh on the XP box, has the -----BEGIN RSA PRIVATE KEY ----- header. The public id_rsa.pub simply has ssh-rsa at the start.
However I think I may be very confused. My need is to connect from my android phone over ssh to my XP "server" which is running openssh. I can currently do this using password authentication, and I want to use keys instead. I have generated public/private RSA keys using ssh-keygen on the XP box, and then copied the public key it generated onto the android phone and tried to import it.
Should I actually be generating the keys on the phone and then copying the public one to the PC? If so, what do I need on Android to do this (I'm not rooted).
Click to expand...
Click to collapse
Ahh ok - makes more sense now.
You need the private key on the phone (id_rsa).
The public key needs to be copied to ~/.ssh/authorized_keys ( cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys) on your windows XP box.
Now linux is very fussy about the permissions on this authorized_keys file - although not sure if windows will be.
On Linux the .ssh directory must be 700 and the authorized_key file 600.
Let me know how you get on.
Paul

Many thanks Paul, I've got it working now (though I feel like a plonker!). Cheers for the help, you saved me a lot of time

_pigro_ said:
Many thanks Paul, I've got it working now (though I feel like a plonker!). Cheers for the help, you saved me a lot of time
Click to expand...
Click to collapse
If it makes you feel any better, getting the private/public keys mixed up is a really common problem! It's not just you

I have set up such keys in the past successfully from the same XP box to my old Nokia N900 (even managed to set up reverse tunnel so that I could login to phone from PC wherever it happened to be whilst on 3G) so I *should* know what I'm doing ... just a "senior moment" today hopefully!
Big thumbs up for the juicessh app by the way. Clean & simple interface, very nice.

Just released an update to the Play Store that includes a nice new widget for our Pro customers running Android 3.0+ (Honeycomb) that allows quick homescreen access to your frequently used connections, or specific groups:

Quick bug report: I was abouit to report this with the previous version until I saw the post saying there was an update. I've updated but the bug is still there.
I have my WiFi -> Advanced -> keep WiFi on during Sleep set to "Always".
I disable WiFi (and go automatically to mobile data) and then run Juicessh to connect to a remote server.
I then exit the session (by typing "exit" into the terminal) and before doing anything else I check the above setting and it has changed from "Always" to "Never". Not a big deal, but it was driving me a bit crazy until I tracked down what it was that was making my phone use mobile data every time the screen was off!
Samsung Galaxy Note, stock build on ICS 4.0.4.

_pigro_ said:
Quick bug report: I was abouit to report this with the previous version until I saw the post saying there was an update. I've updated but the bug is still there.
I have my WiFi -> Advanced -> keep WiFi on during Sleep set to "Always".
I disable WiFi (and go automatically to mobile data) and then run Juicessh to connect to a remote server.
I then exit the session (by typing "exit" into the terminal) and before doing anything else I check the above setting and it has changed from "Always" to "Never". Not a big deal, but it was driving me a bit crazy until I tracked down what it was that was making my phone use mobile data every time the screen was off!
Samsung Galaxy Note, stock build on ICS 4.0.4.
Click to expand...
Click to collapse
Interesting, thanks for pointing this out. I will do some testing and try to get this resolved for our next update - which should be hitting very soon and including a much requested feature... PIN lock for the app.

JuiceSSH said:
Interesting, thanks for pointing this out. I will do some testing and try to get this resolved for our next update - which should be hitting very soon and including a much requested feature... PIN lock for the app.
Click to expand...
Click to collapse
I think I've found the issue here - would you be able to help test if I send you over an update with the fix included?

yes, no problems. do you want me to PM you an email address?

_pigro_ said:
yes, no problems. do you want me to PM you an email address?
Click to expand...
Click to collapse
Have just PM'd you the build - let me know if it helps and i'll merge this into our next update.
Thanks!

Hi, I just tested the new .apk you provided but it's still doing the same as before.
Also FYI - it is not neccessary to go onto a mobile data connection to trigger the problem, that was just the way I happened to be using the app when I noticed the bug.
So, if I am on my home WiFi (with Keep wifi on during sleep set to "always") I can run juicessh, connect to a server on my own LAN and then after, exiting the ssh session, the WiFi setting has immediately changed from "Always" to "Never".
Let me know if you need any further info, and if you'd like me to do any more testing.

Hi Guys,
I've been trying to find the keys juiceSSH generated when I first installed it in order to put in the authorized_Keys on my server, but for the life of me I can't find them.
Anyone know where they are?
Thank you in advance,
J

JohnerH said:
Hi Guys,
I've been trying to find the keys juiceSSH generated when I first installed it in order to put in the authorized_Keys on my server, but for the life of me I can't find them.
Anyone know where they are?
Thank you in advance,
J
Click to expand...
Click to collapse
Hi,
JuiceSSH does not (currently) generate any SSH keys for you - it can only import ones created elsewhere with ssh-keygen or other such tools.
You might be thinking of the encryption password that you're prompted for when you first ran the app? This is used to generate an AES-256 key that encrypts all of your settings, connections, passwords etc so that they are not stored in plain text.
Thanks.
Paul

[TOOL][Forensic] Andriller - data acquisition from Android devices

Moderators: if this thread is in wrong place please forgive and move it to a location best suitable for this thread.
Self-introduction I come from law-enforcement digital forensics background aimed at data extractions from mobile devices.
I would like to introduce a tool that I created.
Andriller
http://andriller.com
Andriller is a Windows GUI forensic tool, that performs read-only, forensically sound, non-destructive acquisition from Android devices. The executable is run from a terminal or by executing directly; it produces results in the terminal window, and a report in a HTML format.
Usage:
Download Andriller from the download page and install. To use the software you need to obtain a license key (free trial available). Instructions on doing this will be provided on the page
Note: Android version 4.2.2+ requires to authorise the PC to accept RSA fingerprint. Please do so, and tick the box to remember for future.
Note: Devices with Superuser or SuperSU App require to authorise root access from an unlocked screen. Please grand permissions if requested.
Description:
Once andriller is executed, it will produce permilinary results in the terminal window; for rooted devices it will download and decode the content automatically. It will produce a new folder in the location where it was executed, where the main "REPORT.html" file can be opened in a web browser.
Supported data extraction:
Non-root devices (Android versions 2.x):
- Android device make and model
- IMEI, build version, OS version
- Wifi mac address
- Time and date check
- SIM card details (for a some Galaxy Sx devices only)
- Synchronised accounts
Non-rooted devices (via backup method, Android versions 4.x and above)
- Wi-Fi passwords (WPA-PSK/WEP)
- Call logs (Samsung) register
- Android browser saved passwords
- Android browser browsing history
- Google Chrome saved passwords
- Google Chrome browsing history
- Facebook* chat messages
- Facebook* user viewed photographs
- Facebook* user notifications
- WhatsApp* contacts list
- WhatsApp* chat messages
- Kik Messenger* chat messages
- BBM* chat messages (Blackberry Messenger)
- Viber* chat messages
Rooted devices (via root adbd or 'su' binary, any Android versions):
- Security lockscreen pattern gesture extraction (decoding online)
- Security lockscreen PIN code cracking (up to 8 digits long)
- Wi-Fi passwords (WPA-PSK/WEP)
- Synchronised accounts and profile picture
- Bluetooth mac address and name
- Phonebook contacts
- Call logs register
- Call logs (Samsung) register
- SMS messages
- Android browser saved passwords
- Android browser browsing history
- Google Chrome saved passwords
- Google Chrome browsing history
- Facebook* friends list
- Facebook* chat messages
- Facebook* user viewed photographs
- Facebook* user notifications
- WhatsApp* contacts list
- WhatsApp* chat messages
- Kik Messenger* chat messages
- BBM* chat messages (Blackberry Messenger)
- Viber* chat messages
* = if an Application is installed
Disclaimer:
Andriller comes with absolutely no warranty. Even though Andriller was written in a way to be a forensically sound read-only utility, I do not take any responsibility to any damage or harm caused to your computer systems or your Android devices, which may be believed to have been caused by executing Andriller. I also do not take any responsibility of any unsolicited, non-consensual or unlawful misuses of this utility. It is the end user's responsibility to believe an appropriate consent or a lawful excuse was obtained if the utility is used with an other's Android devices, and they are aware what the utility does.
Visit http://andriller.com to download the latest software

Andriller performing AB extraction
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Reporting in HTML
Android Decoders
Password Cracking

Update 14/10/2013
Version 1.0.0a
Python-based compiled executable for MS Windows uploaded.
http://andriller.com
Update 07/11/2013
Version 1.1.0a
Added support to the latest Facebook App.
Minor improvements to decoding method.
Updated 13/01/2013
Version 1.2.0a
Added support for:
- Lockscreen PIN cracking
- Wi-Fi passwords
- Android web browser
--- Saved passwords
--- Browsing history
- Google Chrome web browser
--- Saved passwords
--- Browsing history
- Synchronised accounts
- Kik Messenger
- BBM (Blackberry Messenger)
Improvements to downloading and decoding.
Minor bugs fixed.
Updated 03/02/2013
Version 1.3.0a
Added support for:
- Data extraction via backup method (android version 4.x), no need for root.
Updated 17/02/2013
Version 1.3.1a
Added support for:
- Android (default) E-mail client:
--- Account and passwords
--- E-mails support
Minor bugs fixed.
Updated 21/02/2013
Version 1.3.2a
Improved data handling.
Bugs fixed for PIN cracking.
Updated 01/04/2014
Version 2.0.0
Graphical User Interface (GUI) - for Windows XP/Vista/7/8
Lockscreen cracking for:
--- Pattern
--- PIN
--- Password (using a wordlist file)
Decoding of individual of databases
Also includes all features from previous versions of Andriller
Requires registration, free 7 days license
Updated 19/04/2014
Version 2.0.1
Transferred to andriller.com domain
- Minor bugs fixed
- Added support for decoding Grindr App messages & users (Apple iOS)
- Window size reduced to accommodate smaller resolutions
- Default font changed to Consolas
- License key filename is now stored as the unique id
Updated 29/04/2014
Version 2.0.2
- Installer; Andriller now comes as a Setup Installer for Windows
- Improved PIN and Password cracking speed of up to 48% faster than previously
- Minor bugs fixed
- Some descriptions clarified
Updated ??/05/2014
Version 2.0.3
- Decoders in menus were fixed for error handling
- Typing mistakes corrected (oops)
- Minor improvements all-round
Updated 14/05/2014
Version 2.0.4
- Added support for Viber Messages chat (Android)
- Fixed a bug in Email decoder, so the feature is working now
- Chrome web browser decoding works for any mobile/desktop operating system (Android, iOS, Windows, Unix, Mac)
- Fixed Facebook chat messages decoding for the latest App version
- Decoders; if [Output] if chosen, the decoded data will be saved there; else the decoded data will be displayed in a temporary directory
- Error handling improved within file browsing/saving, license key registration

seriously awesome dude
dude i am working on presentation on forensics ill surely give out your tool in the first place all the others congs :angel::angel::angel:

stealthroot said:
dude i am working on presentation on forensics ill surely give out your tool in the first place all the others congs :angel::angel::angel:
Click to expand...
Click to collapse
Thanks buddy, all the best luck with your presentation and forensics! :good:

Andriller is awesome, customer of yours since half a year, cannot recommend it enough.
This deserves a bump.^^

Hi.
Does your tool support retrieving (at least as a read-only) applications installed and their data from dead Android phones (particularly from those which are not rooted and stuck on boot and showing only logo)?
Do you know any other open-source solution for this?
Thank you.

john2014 said:
Hi.
Does your tool support retrieving (at least as a read-only) applications installed and their data from dead Android phones (particularly from those which are not rooted and stuck on boot and showing only logo)?
Do you know any other open-source solution for this?
Thank you.
Click to expand...
Click to collapse
What you are looking for does not exist (to my knowledge). There isn't a single tool to magically repair half-broken Android devices. It's handset make model dependant. This will require extensive manual interactions to repair boot loops, re-flashing individual partitions, etc. If not successful, the options left are JTAG or even chip-off.

den4uk said:
What you are looking for does not exist (to my knowledge). There isn't a single tool to magically repair half-broken Android devices. It's handset make model dependant. This will require extensive manual interactions to repair boot loops, re-flashing individual partitions, etc. If not successful, the options left are JTAG or even chip-off.
Click to expand...
Click to collapse
Thanks for your reply.
Actually, what I want primarily is not to repair the device itself, but to extract some apps installed with their data which are important.
If there is no a single solution, could you please tell what open source solutions can be used as a complex in this case and what sources would you advise to read (as a starting point and to have a general idea) in order to get a better understanding of possible solutions for this kind of problems?

Andriller is actually working!!!!
Thanks !

Thanks 4 this very useful tool!
At work i use UFED and XRY to aquire and analyse mobile datas...
...but this tool is definitly worth to use beside this two programs.... :good:
greets from austria
chris_forens!c

what is andriller reg. key

Can't extract/decode call logs
I'm able to extract the backup, but I'm not getting call logs for some reason. Is there a different way I should be using the decoder? I ran the adb extraction and got account info, phone MAC, build, wifi passwords and download history. After playing around a bit, I extracted the ab image using 'tools' then parsed the extracted folder which gave me chrome saved passwords and chrome history. I tried parsing .tar and .ab files extracted and didn't get anything useful. Using the call log decoder, i tried to access the com.android.calllogbackup file but theres only a manifest file there (no .db). Any advice on getting call/text logs? Will i need to root the phone? Its a Samsung Galaxy On5, on 6.0.1

[APP][4.0+][v1.11 - 20150221] OpenConnect - SSL VPN client for Cisco AnyConnect

Highlights
100% open source (GPLv2+)
No ads
One-click connection (batch mode)
Supports RSA SecurID and TOTP software tokens
Keepalive feature to prevent unnecessary disconnections
Compatible with ARMv7, x86, and MIPS devices
No root required
Based on the popular OpenConnect Linux package
Click to expand...
Click to collapse
Requirements
Android 4.0 (ICS) or higher (with working VpnService + tun infrastructure)
An account on a suitable VPN server
Click to expand...
Click to collapse
Downloads
Binaries are attached to this post under the downloads tab.
Google Play: https://play.google.com/store/apps/details?id=app.openconnect
Source code: https://github.com/cernekee/ics-openconnect
F-Droid: https://f-droid.org/repository/browse/?fdid=app.openconnect
Click to expand...
Click to collapse
(note that the F-Droid binaries are signed by a different key than the official releases)
Changelog
Code:
v1.11 - 2015/02/21
- Fix "Unknown compression type 0" errors when CSTP and DTLS use
different compression settings
Older changelogs:
Code:
v1.10 - 2015/02/08
- Fix CSD script problem on Lollipop (bug #1)
- Fix IPv6 address display on status window (bug #2)
- Enable LZ4 compression support
- Identify as a mobile client when Android or iOS is selected
- Update to OpenConnect v7.04+, GnuTLS 3.2.21
v1.02 - 2014/09/02
- Fix regression on certificate handling
v1.01 - 2014/08/29
- Add Spanish translations (thanks to teosoft)
- Fix regression on CSD scripts starting with "#!/bin/sh"
- Improve error messages on broken ROMs that throw exceptions when
starting a VpnService
- Fix intermittent fragment-related crashes on ICS
v1.00 - 2014/08/10
- Fix problems storing >8kB certificates on some ROMs
- Clean up seldom-used menu items and move some options into General Settings
or About
- Integrate Xposed module for bypassing the VPN confirmation dialog
- Switch to ACRA for problem reporting
v0.96 - 2014/07/06
- Force a minimum MTU of 1280 on KK due to bugs in 4.4.3 and 4.4.4 ROMs:
https://code.google.com/p/android/issues/detail?id=70916
- Fix navigation anomalies (weird Back button behavior) seen after
re-entering OpenConnect from one of the Notifications
v0.95 - 2014/06/14
- Show the auth dialog <message> text in case it contains useful information
- Add German translations (thanks to Ingo Zansinger <[email protected]>)
- Add Chinese translations
- Add Advanced options for changing Dead Peer Detection timeout and enabling Perfect Forward Secrecy
- Clean up a bunch of lint warnings and unused strings/files
- Try to generate a human-readable profile name when adding a new VPN
v0.91 - 2014/06/01
- Fix bugs involving saved authgroups
- Fix batch mode error handling
- Update to GnuTLS 3.2.15 to fix GNUTLS-SA-2014-3 / CVE-2014-3466
v0.9 - 2014/04/26
- Add new "Send feedback" screen
- Add new "SecurID info" screen for RSA soft token users
- Allow changing settings and using other menu options (about, SecurID,
send feedback, etc.) while connected
- Update FAQ and provide some links to relevant XDA posts
v0.81 - 2014/04/06
- Fix potential issue recognizing certificates stored in VPN profiles
created with <= v0.7
v0.8 - 2014/04/02
- Fix hangs after reconnect if DTLS is disabled
- Fix incorrect storage of PKCS#12 certificates
- Remove unnecessary passphrase prompts on unencrypted certificates
- Add a workaround for ASA certificate request quirks
- Fix FC when attempting to import an OpenVPN profile
v0.7 - 2014/03/08
- Update GnuTLS to address CVE-2014-0092
- Fix FC and other misbehavior on IPv6 connections
- Update to libopenconnect 5.99+
- Fix/delete several broken translations
- Minor improvements to the auth form UI
- Switch curl from OpenSSL to GnuTLS and remove advertising clauses
v0.6 - 2014/02/09
- First release in Google Play Store
- Change to new "big O" launcher icon
- Avoid displaying error alerts if the user terminated the connection
- Try to make the libopenconnect build process more robust, and strip *.so
files to conserve space
v0.5 - 2014/02/01
- Fix "living dead" connections (can't pass data after reconnection due to
DTLS parameter mismatches)
- Add FAQ tab in response to user feedback
- Move log window into a tab
- Reorganize action bar so that the most important items (Status/Log/FAQ)
are tabs, and less important items (Settings/About) are in the menu
- Fix KeepAlive socket errors on KitKat devices
- Other UI and documentation fixes
- Add split tunnel configuration options
- Improve icons
v0.2 - 2014/01/18
- Allow SecurID token import via URI or text file
- Newly reworked "status" tab with uptime, error alerts, IP addresses,
etc.
- Fix a couple of bugs involving screen rotation / activity redraw on
the log window
- Prompt for hostname instead of profile name when adding a new VPN, to
help avoid "empty hostname" mistakes
- Numerous other UI improvements and fixes
- Remove "reconnect on boot" until it works properly
- Try to accommodate Linux CSD wrapper scripts starting with "#!/bin/bash"
Click to expand...
Click to collapse
FAQ
Q: What is this app used for?
A: OpenConnect is used to access virtual private networks (VPNs) which utilize the Cisco AnyConnect SSL VPN protocol. A typical use case might involve logging into your workplace remotely to check email after hours.
If in doubt, check with your I.T. administrator to see if a suitable service is available.
Q: How do I get started?
A: In most cases, you'll just need to create a profile and enter the hostname of the VPN gateway. The other fields in the profile are all optional and should be left alone unless there is a specific need to change them.
Once you've set up the profile, select the VPN entry and OpenConnect will attempt to establish a new session. If this fails, the "Log" tab may provide helpful diagnostic information.
Q: How do I authenticate using an SSL client certificate?
A: Copy your certificate files to Android's external storage directory (nominally /sdcard or the Downloads folder), then edit the VPN profile and make the following changes:
P12 or PFX file: select "User certificate", pick the file from the list, then touch "select". Leave "Private key" blank.
Single PEM/CRT/CER file: same as above.
Separate PEM/CRT/CER and KEY files: populate "User certificate" with the certificate file, and "Private key" with the key file.
When finished, delete the certificate files from external storage so they cannot be stolen by other apps.
If you are generating your own keys (e.g. for use with your ocserv gateway), some basic CA setup instructions are posted here.
Q: Will OpenConnect work with non-AnyConnect VPNs?
A: Unfortunately the software design is tied very closely to the AnyConnect requirements and the libopenconnect interfaces. Therefore it only works with Cisco AnyConnect and ocserv gateways.
Q: Will OpenConnect work with Cisco IPsec VPNs running on an ASA?
A: OpenConnect supports SSL VPN (CSTP + DTLS) only.
Q: How do I import a SecurID software token?
A: If you have an URL that starts with "com.rsa.securid.iphone://" or "http://127.0.0.1/securid/" in your email, click on it and tell OpenConnect to add it to the desired VPN profile. If you just have a raw token string then write it to a text file, copy it under /sdcard, click "Token string" in the VPN profile editor, then select the filename.
If you have an "sdtid" XML file, copy it to /sdcard and then import it.
Q: Is it possible to skip all login prompts when connecting?
A: If you have saved your username, password, or other credentials, or if you are using SecurID or certificate authentication, you can try enabling "Batch Mode" in the VPN profile to skip the login dialogs. If you need to change your saved password later or have trouble connecting, just disable batch mode.
The VPN warning dialog is a security feature built into the Android OS. It cannot be bypassed by OpenConnect, but if your device is rooted, you can try installing the Xposed Framework and then activating the Auto VPN Dialog Confirm module. Some notes on this are posted here.
Due to the user interaction required by these dialogs, it is not always possible to reliably start up the VPN in the background. So a "start-on-boot" feature is not currently provided.
Q: How do I improve battery life while the VPN is up?
A: One option is to select "Pause when asleep" under Settings. The downside is that VPN access will be temporarily stopped when the screen is off. Also, ASA gateways sometimes get annoyed with constant reconnections and may prematurely terminate your session after a few days.
Another option is to contact your server administrator and request that they disable dead peer detection (DPD), increase the idle timeout to >1hr, and increase the keepalive interval to ~5min or so.
Q: How do I use OpenConnect with AFWall+?
A: There are a few caveats to keep in mind when using an Android firewall with VPN:
* If you run KitKat, use Android 4.4.2 or higher and AFWall 1.2.8 or higher. Android 4.4 and 4.4.1 have a serious TCP MSS bug which causes stalled connections and/or poor performance. AFWall <=1.2.7 does not have the extra logic needed to handle the routing changes in KitKat.
* Always allow traffic from the VPN app on all interfaces. In particular, you should whitelist VPN traffic from OpenConnect, as OpenConnect sends DNS requests over the VPN interface every few minutes to help keep the connection from timing out.
Q: Are any apps incompatible with VPN?
A: Apps which perform their own DNS resolution, such as Firefox, may have issues picking up the latest system DNS settings when connecting to the VPN. This can be a problem if your system DNS servers are not accessible over the VPN's routes, or if you are trying to look up hostnames that do not have public (internet) DNS entries.
Q: Under what circumstances will OpenConnect request root?
A: There are two root-only features shown under Settings; both are disabled by default. One setting works around a ROM bug in CM9 which sets incorrect permissions on /dev/tun, preventing VpnService from passing traffic to the tunnel interface; the other setting loads tun.ko on ROMs that neglect to load it by default.
Based on user feedback and testing, future releases may autodetect these conditions.
Q: How do I send a problem report?
A: Navigate to Log -> (menu) -> Send log file. Please be sure to furnish a complete, accurate description of the issue you are seeing, as the logs do not always show a smoking gun.
Click to expand...
Click to collapse
TODO
Translations - I will set up the necessary infrastructure if there are volunteers
Compatibility testing
Add x509 certificate parsing/validation in the profile editor
Enable Android keystore support
Proxy support
Split tunnel DNS?
Click to expand...
Click to collapse
MISC
Using OpenConnect + ocserv (on a VPS) to bypass China's Great Firewall (GFW): link
XDA:DevDB Information
OpenConnect, App for the Android General
Contributors
cernekee
Source Code: https://github.com/cernekee/ics-openconnect
Version Information
Status: Testing
Created 2014-01-18
Last Updated 2015-02-21

hello cernekee,
I was using smoothconnect on my note3 and It was working just fine, but now after I update my note3 to kitkat it surfs only couple of things like "play store", google search, and whatsup. but all other web sites and programs do not!!
now I tried out this program "open connect" with some hope but nope, I does the same thing. It only opens play store and google search but no other things.
I wonder what cause this problem, any suggestions please??

msm88now said:
hello cernekee,
I was using smoothconnect on my note3 and It was working just fine, but now after I update my note3 to kitkat it surfs only couple of things like "play store", google search, and whatsup. but all other web sites and programs do not!!
now I tried out this program "open connect" with some hope but nope, I does the same thing. It only opens play store and google search but no other things.
I wonder what cause this problem, any suggestions please??
Click to expand...
Click to collapse
Sometimes an MTU or TCP MSS problem could cause this symptom. What kind of gateway are you connecting to? Are you the admininstrator?
Older versions of KitKat did have an MSS problem; I think 4.4.1+ is OK: https://code.google.com/p/android/issues/detail?id=61948
There are a few other outstanding problems on <= 4.4.2: http://www.androidpolice.com/2014/0...n-routing-fixes-are-planned-for-some-of-them/
Do you see the same problem connecting from other systems, like a Windows PC, or even the Cisco AnyConnect Android app?

Hi cernekee,
I have an openSSL Cisco vpn connection provided by my university, I hooked it with D-615 Dlink router through DHCP.
Cisco AnyConnect for andriod does not work on our university network because it asks for a certificate which my uni does not provide. that's why I'm using smoothconnect.
anyways, right now I have a flawless connection on my all devices on my room's wireless like my both Win7 laptops and my galaxy S2 andriod 4.1.2.
all work except my note 3 after I updated it to (4.4.2). I don't know if it's a IPv6 or MTU problem,
I tried to decrease MTU value in smoothconnect but with no success. as Cisco stated in: AnyConnect Android 4.4 (KitKat) Compatibility Update (CSCul28340)
any suggestions please???

msm88now said:
Hi cernekee,
I have an openSSL Cisco vpn connection provided by my university, I hooked it with D-615 Dlink router through DHCP.
Cisco AnyConnect for andriod does not work on our university network because it asks for a certificate which my uni does not provide.
Click to expand...
Click to collapse
I don't see this university's VPN requesting a certificate (i.e. SSL client cert). It just asks for a group/username/password.
Are you getting an error that says that the gateway is not licensed for mobile, after you enter your password?
that's why I'm using smoothconnect.
anyways, right now I have a flawless connection on my all devices on my room's wireless like my both Win7 laptops and my galaxy S2 andriod 4.1.2.
all work except my note 3 after I updated it to (4.4.2). I don't know if it's a IPv6 or MTU problem,
I tried to decrease MTU value in smoothconnect but with no success. as Cisco stated in: AnyConnect Android 4.4 (KitKat) Compatibility Update (CSCul28340)
any suggestions please???
Click to expand...
Click to collapse
Can you grab a packet capture when you're seeing the connectivity failures, and email me the result? e.g.
Code:
adb push tcpdump /data/local/tmp
adb shell
cd /data/local/tmp
su
chmod 755 tcpdump
./tcpdump -n -i tun0 -w out.pcap

yes that's right, Cisco anyconnect asks only for username/ password but when I try to start a connection it ends up with no license error!
that's way I'm using smoothconnect and now openconnect on my both andriod phones.
now for my problem, I didn't get what do you mean by connectivity failure because I'm not getting any connectivity failure messages on my note3 after update to 4.4.2 neither on smoothconnect nor on openconnect. it connects as usual and I can see some traffic packets are being transfered but I can only surf google serch, youtube and some other stuff like play store and whatsup. whenever I try to surf any other website like for example bbc news the browser( chrome, opera, Dolfin..) just waits and then ends up with nothing like there is no internet connection!
did I explain my problem clearly? is it an Ipv6 problem? I'm really confused and frustrated

msm88now said:
yes that's right, Cisco anyconnect asks only for username/ password but when I try to start a connection it ends up with no license error!
Click to expand...
Click to collapse
OK. This is because the Cisco mobile clients look for an "X-CSTP-License: accept" header from the gateway after authenticating, to see if the operator has paid extra to support the Cisco mobile client. libopenconnect-based clients (including SmoothConnect) do not require this header.
now for my problem, I didn't get what do you mean by connectivity failure because I'm not getting any connectivity failure messages on my note3 after update to 4.4.2 neither on smoothconnect nor on openconnect. it connects as usual and I can see some traffic packets are being transfered but I can only surf google serch, youtube and some other stuff like play store and whatsup. whenever I try to surf any other website like for example bbc news the browser( chrome, opera, Dolfin..) just waits and then ends up with nothing like there is no internet connection!
Click to expand...
Click to collapse
I can take a look at this to see what is happening. Just start up tcpdump to capture the tun0 traffic (see above instructions), then try visiting the BBC news site and maybe a few other non-working sites. Then hit control-C to interrupt tcpdump, make sure there is some data in the pcap file, and email me the pcap file.

cernekee said:
I can take a look at this to see what is happening. Just start up tcpdump to capture the tun0 traffic (see above instructions), then try visiting the BBC news site and maybe a few other non-working sites. Then hit control-C to interrupt tcpdump, make sure there is some data in the pcap file, and email me the pcap file.
Click to expand...
Click to collapse
Hi,
I don't know how to make Tcpdump on my note3 not to mention hitting the control-c on andriod. what instruction did you mean?

msm88now said:
I don't know how to make Tcpdump on my note3 not to mention hitting the control-c on andriod. what instruction did you mean?
Click to expand...
Click to collapse
Do you have a friend who is familiar with ADB, rooting phones, etc. who might be able to help out in person?
You could also try something like Shark for Root, or follow this video. Make sure you capture on the tun0 interface so that we can see what is happening on the VPN tunnel. If you capture from the wifi interface you'll still see traffic, but everything will be encrypted so it will not be possible to diagnose the failure.

I got it. first I rooted my note3 then I followed the instruction in the video and here it is, I hope it's what you asked me for. waiting for your diagnosis, fingers crossed

msm88now said:
I got it. first I rooted my note3 then I followed the instruction in the video and here it is, I hope it's what you asked me for. waiting for your diagnosis, fingers crossed
Click to expand...
Click to collapse
According to this trace (partial screenshot attached), the Note 3 is advertising an MSS of 1460 bytes on IPv4 TCP connections. This looks abnormally high for a VPN interface; the other direction is using an MSS of 1380, which looks more realistic. The MSS for IPv4 would normally be the tun0 MTU minus 40 bytes. I am assuming this means the MSS is being computed from the 1500-byte wlan0/eth0 MTU, not the smaller tun0 MTU.
When Google fixed the MSS bug in Android 4.4.1, they left the following comments in the changelog:
Code:
commit ca5b4e8d0d8219273ecf0961ed6e8c47ab5d798a
Author: JP Abgrall <[email protected]>
Date: Wed Nov 20 17:27:01 2013 -0800
SecondaryTableController: force the MSS to match pmtu on TCP SYN
Without this change, the VPN sets up a tun/ppp that needs a small
MTU, and during TCP SYN the MSS will end up matching the outgoing iface
MTU which is potentially too big.
This leads to connection flakiness. The wrong MSS is visible by
tcpdump-ing on the tun/ppp device.
With this change, the MSS now is correct.
[b]It requires the kernel to be configured with
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
If kernel is not configured, it silently fails.[/b]
Bug: 11579326
Change-Id: I254d8c39435b92dff91931e461e1efb8b35f6b1e
Note the bolded sentences (emphasis mine). I suspect that your device is running the latest AOSP netd code that has the fix (if the ROM is indeed based on AOSP 4.4.1/4.4.2), but the kernel may be missing the TCPMSS target. If you see an error when running this command as root, it probably means that kernel support is missing:
Code:
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN SYN -d 1.2.3.4 -j TCPMSS --clamp-mss-to-pmtu
Toward the bottom of the page on the original Android 4.4 MSS bug report I see a couple of reports from other Note 3 owners that the problem still isn't fixed for them, so it may be something particular to this device (such as the kernel configuration).
I do not see any evidence of IPv6 usage in your log, which rules out some of the known 4.4.2 VPN issues.
If this does turn out to be a kernel problem, you can try a custom kernel from XDA (assuming you can unlock your bootloader), or you could file a bug report with Samsung asking them to enable CONFIG_NETFILTER_XT_TARGET_TCPMSS=y in the next OTA update. From their end this is a simple, low-risk change.

cernekee;
Note the bolded sentences (emphasis mine). I suspect that your device is running the latest AOSP netd code that has the fix (if the ROM is indeed based on AOSP 4.4.1/4.4.2) said:
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN SYN -d 1.2.3.4 -j TCPMSS --clamp-mss-to-pmtu
[/code]
Toward the bottom of the page on the original Android 4.4 MSS bug report I see a couple of reports from other Note 3 owners that the problem still isn't fixed for them, so it may be something particular to this device (such as the kernel configuration).
I do not see any evidence of IPv6 usage in your log, which rules out some of the known 4.4.2 VPN issues.
If this does turn out to be a kernel problem, you can try a custom kernel from XDA (assuming you can unlock your bootloader), or you could file a bug report with Samsung asking them to enable CONFIG_NETFILTER_XT_TARGET_TCPMSS=y in the next OTA update. From their end this is a simple, low-risk change.
Click to expand...
Click to collapse
as you can see in the attachment I applied the code with no error message. so in this case I assume I have no problem with the kernel? right?
then what causes the problem? and what can I do in order to solve it?

msm88now said:
as you can see in the attachment I applied the code with no error message. so in this case I assume I have no problem with the kernel? right?
then what causes the problem? and what can I do in order to solve it?
Click to expand...
Click to collapse
Can you connect to the VPN, try to access a few "bad" sites, and then post the full output from:
Code:
su
iptables -t mangle -nxvL

cernekee said:
Can you connect to the VPN, try to access a few "bad" sites, and then post the full output from:
Click to expand...
Click to collapse
here is the output after some bad sites access, I also repeated the provisos code during an openconnect session. hope it will help us.

msm88now said:
here is the output after some bad sites access
Click to expand...
Click to collapse
Hmm, on my KitKat device I have an st_mangle_POSTROUTING chain which does the TCPMSS clamping:
Code:
Chain st_mangle_POSTROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * tun0 0.0.0.0/0 0.0.0.0/0 tcpflags: 0x06/0x02 TCPMSS clamp to PMTU
I did not see this in your output. Maybe Samsung is using an outdated version of netd.
Try running this command as root after bringing up the VPN and see if you are able to pass traffic with the bad sites:
Code:
iptables -t mangle -A POSTROUTING -p tcp -o tun0 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
If not, post the new "iptables -t mangle -nxvL" output so we can look at the traffic counters.
Also can you attach your /system/bin/netd binary?
Thanks.

cernekee;
Try running this command as root after bringing up the VPN and see if you are able to pass traffic with the bad sites:
[code said:
iptables -t mangle -A POSTROUTING -p tcp -o tun0 --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Click to expand...
Click to collapse
are kidding me!! it really worked. after I run the the code I tried to access all the bad sites and all of them worked!! but not as fast as my other mobil SG2. I noticed that it takes noticably much longer to access them. but still, It worked and It's fantastic!!
any ways, I rebooted my note3 to see if it will work again but it turned out it didn't! I need to re-enter the code again to make it work. now could you tell me what is my phones problem exactly? despite the re-entering issue I'm very happy that I finally can use internet on my note3 again thanks to you cernekee.

msm88now said:
any ways, I rebooted my note3 to see if it will work again but it turned out it didn't! I need to re-enter the code again to make it work. now could you tell me what is my phones problem exactly?
Click to expand...
Click to collapse
The ROM is supposed to add that rule automatically, but it doesn't.
If you attach your /system/bin/netd binary and output from "getprop" I'll try to figure out why.

cernekee said:
The ROM is supposed to add that rule automatically, but it doesn't.
If you attach your /system/bin/netd binary and output from "getprop" I'll try to figure out why.
Click to expand...
Click to collapse
here I attached them.

I posted a problem report on Samsung's support forum:
http://developer.samsung.com/forum/...&messageId=259244&listLines=15&startId=zzzzz~

Works like a charm with the lastest Slimkat on Nexus 4. Thanks a lot !
Just add a widget to one click connect from the launcher and it will be the best VPN apps that I've use.
Today I've a Tasker task to launch Anyconnect with uri and simulate touchs screen to automate my connection.
@ edit :
Is there a way to don't have the attached screen ?

[DEV][ROOT] Pi-hole for Android // Deploy Pi-hole DNS server to ANY Android 4.x device.

Pi-hole for ARMv7 (2011 and newer) Android devices.
NOTE: This project has been supersceeded by the Raspbian APK installer.
The post below is still useful for Android 4.x devices.
________________
Original post...
[ Preface: I have successfully deployed this to several ARMv7 and ARMv8 devices, but looking for additional test devices to ensure the scripts are robust enough to detect the many various device configurations out there, especially interested in RockChip and Allwinner-based Android HDMI sticks. Please give it a spin and report your results - Thanks! ]
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole intended for use on a private network. It is designed for low-power embedded devices with network capability, most well-known being the Raspberry Pi.
This customized Linux Deploy image works on any rooted Android device with an ARMv7 (or newer) class CPU. This typically includes anything made in the past 10 years. Form factor is not important; it could be a phone, tablet, HDMI stick or any device running Android.
Requirements:
· Android device, rooted
· Developer Options -> Root Access -> Enabled for Apps
Instructions:
· Open browser on device and download+install the Linux Deploy APK below. You can also download it from the Play Store if you prefer:
​· https://github.com/meefik/linuxdeploy/releases​
· Download the Pi-hole for Android disk image: 1.6 [20220908]
· https://github.com/DesktopECHO/Pi-hole-for-Android/releases​​· Restart Phone (This is REQUIRED)
· Open Linux Deploy
· Open Properties Menu (Bottom Right)​· Distribution: rootfs.tar​· Source Path - This varies depending on the device, ie: ${EXTERNAL_STORAGE}/Download/p4a16.tgz​· Set password for user "android"​· Init -> Enable​
· Go back to main window, click Options Menu (Three dots, top right of screen) and click "Install"
· Wait a few minutes for the disk image to install.​· Allow the install to complete before proceeding to next steps.​· When install is complete, the Linux Deploy console window will show the following:​
Code:
[HH:mm:ss] >>> :: Configuring core/launchroot ...
[HH:mm:ss] >>> deploy
· Open Hamburger Menu (Top Left) and touch "Settings"
· Place check mark on Lock Wi-Fi​· Place check mark on Autostart​
Touch the [ -> START ] button and confirm when prompted.
Pi-hole is now installed and running!
Your Android device's IP is shown at the top of the Linux Deploy main window. You can interact with the Pi-hole instance in three ways:
Open a web browser to the Android device's IP address. Example:
http://10.13.12.11/admin
SSH to the instance on port 22. Example:
ssh [email protected]
RDP to the device's IP address to open an XTerm. Example:
mstsc.exe /v:10.13.12.11
Additional Info
You can restart (or "bounce") the Pi-hole instance in Linux Deploy by pressing [ ■ STOP ] and waiting a few seconds for the instance to indicate all services are stopped. Restart the instance by pressing [ ▸ START ]
When a Pi-hole instance starts up, the default setting is to let it automagically configure networking. If you change networks on the Android device simply restart the instance for Pi-hole to pick up the new settings.
Alternatively, set a static assignment by commenting-out two lines in /etc/rc.local (You will see which ones when you open the file in an editor.) After the lines are commented out with a hash "#" you can manually add your IP, subnet and interface name to /etc/pihole/setupVars.conf
The Pi-hole instance on Android otherwise behaves like it is running on a 'real' Raspberry-Pi or a standard PC. Consult the extensive documentation online to learn how to fully leverage Pi-hole's functionality.
Adjust QT display scaling: ~/startwm.sh
Change the font size in QTerminal: ~/.config/qterminal.org/qterminal.ini
If your Android device has a battery and was unused for months or years, replace its battery. Old, worn, or abused Li-ion batteries can fail when pushed back into service. Failure appears as a bulge in the battery, "thermal event" or worse. A new battery makes an excellent UPS for the tiny Linux box you just provisioned!

Thanks a lot for this, I find this the only working solution for Pi-hole + unbound on Linux Deploy. I was able to run pi-hole from scratch on debian/ubuntu based images but was not able to get unbound running and not sure why it always gave SERVFAIL.
Anyways, this worked I wonder why...
On a separate note I tried updating pi-hole but it only updated FTL version to v5.13 and I know the core and web-interface is also updated and newer versions are released but for some reason pihole shows it's up to date in the "pihole -up" command BUT it shows update available on web interface (admin panel).
Can you let me know why?

What model phone do you have?
CentOS 7 Was the only distro I could convince to work on every android phone. Android 4.x shipped with a 3.0 kernel and CentOS has a glibc juuuust old enough to be able to run with a kernel that old.
Yesterday I released version 1.5 which should take care of the update issue. Give that a shot and let me know how things look for you.

I dug into this more seems like this PR merge causes it: https://github.com/pi-hole/pi-hole/pull/4475
I reverted the changes to that script and it worked. I made a comment on that PR, hopefully they'll fix.
Thanks for the update, I'll check it now.
I use Xiaomi Redmi Note 4G (codename: dior). Using my own self-built LineageOS 14.1 (Kernel 3.4.0). I understand the issues with having older kernel version with newer distributions and yes, you're right CentOS 7 would be perfect for this use case. Unfortunately pihole install script by default didn't support CentOS 7 on ARM so I didn't go that way initially.
Also, Is there a way I could check for newer versions of your container other than XDA?

Hi Ashish, The 'official' page is located on GitHib:
https://github.com/DesktopECHO/Pi-hole-for-Android
Nice find with the git versioning issue! You can also just run ``p4a-install`` which does the same thing but skips the version check and force-installs the latest Pi-hole release. I think they will fix this... fyi the Pi-hole installer works on CentOS ARMv7, that may not have been the case a year or two ago. In any case if you're on Kernel 3.4 you should be able to get a modern distro running without too much grief. The project page on GitHub has all my fix-ups, you should be able to apply them against your preferred Linux flavour.

Very nice! Running on OnePlus Nord N10 here. arm64-v8a

Few hours later...
Stopped for some reason...

Going again, nothing is logged, however it seems to function well and good.

Hi there, I'm pretty sure the disk resize had something to do with your issue -- I see "pihole -up" was complaining there was no disk space left.
For what it's worth, my Galaxy S2 has been running Pi-hole months at a time without issues.

One more thing, just an FYI if you're interested... as of P4A update v1.5 you can tell Linux Deploy to install to a folder on your Android device instead of a disk image. That way you don't have to worry about filling up the image file.

ashishkotnala29 said:
I dug into this more seems like this PR merge causes it: https://github.com/pi-hole/pi-hole/pull/4475
I reverted the changes to that script and it worked. I made a comment on that PR, hopefully they'll fix.
Click to expand...
Click to collapse
I rebuilt a newer version of Git (2.34) for CentOS 7 on ARMv7. I can upload the RPMs if you want to try out updating with that version instead. It's probably all academic anyway as the Pi-hole folks are working on a resolution.

DesktopECHO said:
I rebuilt a newer version of Git (2.34) for CentOS 7 on ARMv7. I can upload the RPMs if you want to try out updating with that version instead. It's probably all academic anyway as the Pi-hole folks are working on a resolution.
Click to expand...
Click to collapse
Sure, thanks I can try that later.

Here you go!
GIT 2.34 CentOS 7 ARM v7

DesktopECHO said:
Here you go!
Click to expand...
Click to collapse
Had to figure out the dependencies and I only installed 4 packages out of all those and I think it is working... The results are promising.
This test is on your v1.4 image because it makes sense there. Using old git 1.8.x we only got FTL update here.
Finally going through the update and it was a success!
Thanks a lot for compiling these RPMs.
Here's are the prerequisites which are needed to install the RPMs you complied.
Bash:
sudo yum remove -y git
sudo yum clean all
sudo yum install -y emacs-filesystem pcre2
Then only install git, git-core, git-core-doc and perl-Git. That's all!

We managed to figure out the issue. It was the "git fetch --tags origin" command on v1.8.x. For some reason this doesn't work the same as in modern git versions.
Discussion here: https://github.com/pi-hole/pi-hole/pull/4475
Fix here: https://github.com/pi-hole/pi-hole/pull/4575
Thanks for your help!

ashishkotnala29 said:
We managed to figure out the issue. It was the "git fetch --tags origin" command on v1.8.x. For some reason this doesn't work the same as in modern git versions.
Discussion here: https://github.com/pi-hole/pi-hole/pull/4475
Fix here: https://github.com/pi-hole/pi-hole/pull/4575
Thanks for your help!
Click to expand...
Click to collapse
You’re welcome! And thank you for chasing down that bug.
They had a similar issue with bash on CentOS 7 a few months ago. Next re-spin of P4A I think I’ll just include the updated Git just for a little extra insurance. Will also be switching to OpenSSH from DropBear (so Gravity Sync can work) now that I have sorted out why it wouldn’t start.

Hey @DesktopECHO I have a small issue idk who to ask maybe you've come across this in your testing.
I have a very old Chinese android tablet running Android v4.1.1 on kernel v3.0.8. It has 2 cores Cortex-A9.
Everything seems to work fine but as soon as I turn the screen off the detected core count reduces to 1. It's like 1 core is put to sleep and is no longer "visible" to the OS. I've verified this using the "htop" utility and on pi-hole web-ui (hover over green/red status beside load averages).
I am using wake lock apps to keep the Wifi performance high. I also tried changing CPU governor to ondemand/interactive/performance still same behavior. Any ideas how can I keep both cores online while keeping screen off?
EDIT: Seems to be working fine when switched to ondemand governor and restarting.

Sometimes the closest you can get is to just turn down the screen brightness to zero which should be 'good enough' for most situations, we just need to find where that control is on your device.
Break out of chroot:
Code:
[[email protected] ~]$ unchroot
Find a hint for where screen brightness is controlled:
Code:
localhost:(unreachable) # find /sys/ -name brightness
For my device I get:
Code:
/sys/devices/platform/soc/1a00000.qcom,mdss_mdp/1a00000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/brightness
/sys/devices/platform/soc/78b5000.i2c/i2c-1/1-005a/leds/vibrator/brightness
/sys/devices/platform/soc/7864900.sdhci/leds/mmc1::/brightness
/sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,[email protected]:qcom,[email protected]/leds/charging/brightness
/sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,[email protected]:qcom,[email protected]/leds/green/brightness
/sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,[email protected]:qcom,[email protected]/leds/blue/brightness
In my case it was the first entry, so to confirm we'll try turning down the brightness:
Code:
echo 0 > /sys/devices/platform/soc/1a00000.qcom,mdss_mdp/1a00000.qcom,mdss_mdp:qcom,mdss_fb_primary/leds/lcd-backlight/brightness
It worked! Sometimes you have to try 1 instead of 0 as the minimum value. Usually it's 0-255

DesktopECHO said:
Sometimes the closest you can get is to just turn down the screen brightness to zero which should be 'good enough' for most situations, we just need to find where that control is on your device.
It worked! Sometimes you have to try 1 instead of 0 as the minimum value. Usually it's 0-255
Click to expand...
Click to collapse
Thanks for this. Yeah I was aware that keeping screen on will let me achieve my goal but I was trying to avoid it unless absolutely necessary.
I've been using this app for keeping wake locks since for some reason the CPU and Wifi lock options in Linux Deploy app do not work for me on the two devices that I tested. "Partial wake lock" option in this app works great, keeps wifi up and CPU too while screen off.

I've googled something like this a month ago, it's like you guessed. Thank you so much @DesktopECHO !!
This is probably a very silly question but give me some leeway.
If I'm browsing the web on the android device where my pihole is deployed, shouldn't it be blocking ads as I'm browsing ?