Related
This is probably not that useful unless (a) you're paranoid or (b) you need access to a secured network from your phone, however I managed to build openvpn and stunnel against bionic and the onboard openssl library. These are available at http://g1.fnord.to/crypto
OpenVPN requires root access and busybox. With this you can conceivably route all IP traffic through a server somewhere by use of the 'route' command, after the VPN link is brought up. This has been tested, and does not seem to affect phone functionality.
stunnel doesn't require root afaik so you should be able to run it from /data/local. This should allow you to encrypt web traffic at least, by setting the proxy via the 'Proxy Settings' app that's available with AnyCut.
Some how I think T-Mobile might get mad if you did this... They say they allow tethering but if you go over your 10GB limit and they can't see your traffic I would think they would want to know what is up.
Good idea and I know some people are that paranoid... but I see this getting people in trouble... or maybe it is just me.
This is GREAT. I've been looking for this since the day I got my G1. I tried to compile a statically-linked binary a while back, but it was HUGE and wouldn't do much before segfaulting at me.
This gets a 4 smilies because this is how I access my work network remotely from my desktop, and now I can access some of these servers for maintenance remotely from my phone! (I would have given it a whole row of smilies, but apparently that is frowned upon.)
Thanks a million for getting this working!
I probably won't be using it as a default route, but it can be a static route to my office servers for sure!
Just got done testing this to vpn to my workplace and it works awesome. It also routes all traffic while tethering thru the vpn tunnel route.
This has been the best reason for me to get root yet.
Wow this is dope... trying to set this up now so now I can connect to my server on the go. I hope t-mobile don't even see this cuz they will be trippin over why do you need to hide your traffic but this is great no more keeping record of wat you do. Next is gonna be p2p and I will even fell back for t-mobile network lol Thanks this great
neoobs said:
Some how I think T-Mobile might get mad if you did this... They say they allow tethering but if you go over your 10GB limit and they can't see your traffic I would think they would want to know what is up.
Good idea and I know some people are that paranoid... but I see this getting people in trouble... or maybe it is just me.
Click to expand...
Click to collapse
It would probably help for wifi usage. I never connect to public wifi with my G1 for this very reason. I have openvpn running on my router at home so I can tunnel into it when i'm wifi-ing on the go. If the G1 is in an area where there is no 3G coverage but there is public wifi, this might just be what the doctor ordered.
Can the G1 auto connect to openvpn whenever it connects to a network (via wifi), i want it to automatically poll mail for me..
The openvpn daemon is designed to autoreconnect if a keepalive ping fails. I would think if it is running in the background and you changed from Edge/3g to Wifi that it would force a reconnect situation, and it would re-establish the vpn through the new connection.
I will test this right now and get back to you
After testing, it works as expected. ~60 seconds after starting wifi I got the following message:
Inactivity timeout (--ping-restart), restarting
After that it re-established the tunnel through the new interface, and I was able to access machines at my office again.
I didn't know if anyone used a shell script to start/stop their VPN but I made the following so that I can easily start and stop it
Code:
#!/system/bin/sh
case "$1" in
'start')
modprobe tun
/data/local/bin/openvpn --config /path/to/config.ovpn --writepid /data/local/openvpn.pid &
;;
'stop')
kill -9 `cat /data/local/openvpn.pid`
sleep 2
rmmod tun
;;
*)
echo "Usage: $0 [start|stop]"
;;
esac
Instead of keepalive for timeout detection, it would be nice to have hooks called on ifup/ifdown, just like debian's /etc/network/if-up.d/*.
It would allow immediate reconnection upon switching interfaces (between 3G and Wifi for example), and also prevent a situation where an interface comes up, sets the default route, and traffic goes cleartext for 60 seconds until vpn reconnection.
I can think of a lot of other uses for such hooks. Does android offer them?
If we're certain the hooks do not exist natively, I'll find a non-polling way to provide them.
I couldn't find an android interface for ifup, so I just used the netlink notifications, via ip(8). Note that you need the real iproute2 ip binary rather than the busybox one. Probably awk as well - I didn't check since I use debian binaries rather than busybox.
Here's how you use it:
Code:
ip monitor route | awk -W interactive '/^default/ {system("/data/local/bin/ifup " $5)}'
It'll execute /data/local/bin/ifup whenever the default route is changed, and pass the interface name as $1. For 3G/GPRS the interface name is usually rmnet0, whereas for WLAN it is if<num> where num is increasing on every insmod, probably indicating a leak in the tiwlan driver.
If you want it to reconnect openvpn whenver the route changes, you should probably
Code:
killall -USR1 openvpn
for any interface other than tap0 (or whatever you call your openvpn interface).
The above method can be used for earlier events such as link-up, but I figured a default route would be the best time to start openvpn. For extra paranoia, you might want to use iptables to prevent connections to anything other than openvpn on tiwlan0, and have an "up" line in your openvpn config file to set the default route through your vpn when it comes up.
When I get around to write a nice script that does the above, I'll post it here.
How much space are we talking about using with native iproute2, awk, and other binaries? I would think the amount of space used is getting rather large. I guess that it quickly becomes a good time to start using the SD card to store apps.
I've not wanted to repartition my card, but I could always make a FS image and mount it 'mount -o loop' style.
As for instant-on, I'm not using this for paranoia like some are, so instant doesn't really matter to me nearly as much as it could otherwise.
Space requirements - I don't know how much it takes with the libs since I just use it inside a debian chroot and it's all on the sdcard. I need debian anyway, to run certain X apps, etc, so for me it's not a waste of space. Anyway, if you just build iproute2 and awk, or even your own binary that just creates a netlink socket and blocks on it, it shouldn't take a lot of space. Or, if you happen to have python on the phone, it can be done in a few lines of script instead of another binary.
Re instant on, I find it better, not just for paranoia reasons (e.g. ensuring that I never send a cleartext pop3/imap password over wlan), but also for long-running connections such as ssh. If I run them over the vpn interface, I have a fixed IP and the connections persist. If, on the other hand, I create the connection directly over 3g/wlan/gprs, it'll die as soon as I change interfaces. Therefore, I'd rather run all long-running connections over openvpn. IP mobility RFC implementation would be more efficient but as long as it's not an option, a vpn will do.
By the way, do we currently have a way to tie a script/executable to an icon/shortcut, or do you run your script from a terminal?
My understanding is there are problems running apps from a gui shortcut.
http://forum.xda-developers.com/showpost.php?p=3142661&postcount=93
I run everything I do from a terminal.
I guess we need a small loader then. Something that calls Exec.createSubprocess(), just like Term.apk does. Each app will have a symlink to this ShellLoader.apk, which will execute scripts based on the name it was executed under. Another one for the TODO list
From Term.java:
Code:
public void onCreate(Bundle icicle) {
super.onCreate(icicle);
Log.e(Term.LOG_TAG, "onCreate");
setContentView(R.layout.term_activity);
mEmulatorView = (EmulatorView) findViewById(EMULATOR_VIEW);
int[] processId = new int[1];
if (TEST_MODE) {
// This is a vt100 test suite.
mTermFd = Exec.createSubprocess("/sbin/vttest", null, null);
} else {
// This is the standard Android shell.
mTermFd = Exec.createSubprocess("/system/bin/sh", "-", null,
processId);
}
final int procId = processId[0];
final Term me = this;
final Handler handler = new Handler() {
@Override
public void handleMessage(Message msg) {
me.finish();
}
};
Can we use Exec.createSubprocess() as in this above but call "/system/bin/su /data/local/bin/APPLICATIONNAME" to make the Superuser app prompts for root among other things?
Maybe create a user interface that lets you enter what you want in the place of '/data/local/bin/appName' and then when it creates the shortcut also asks if that application needs root?
It could be a list of shortcuts that is selected from a list then. Look like a list of bookmarks perhaps?
I don't know enough of the android environment to know how realistically we could do something like that.
looks like that code example from above is old. Current source from git looks different, but the call looks similar enough. I will play with it here shortly.
Yes, we could do that, including su, but be careful with it
Re bookmarks inside a single loader, I think we can do even better:
We can have a single application called Loader, and call it with different parameters using AnyCut. AnyCut has a "make your own shortcut" option, where you can provide Action, Data and Type. I'm not familiar with the Android environment yet, but I guess the Action can point to the loader, and the Data can be a script name to be executed. This way, a single .apk can be used for starting many native programs.
If implemented that way, I suggest stripping slashes from Data and prepending with /data/local/scripts/ or a similar directory, so that it can only execute scripts the user meant for it to run, rather than arbitrary shell commands. /data/local/scripts/ can contain symlinks to scripts/apps the user wishes to execute from the Android interface. It's more secure that way, while retaining usability.
Makes sense?
Certainly does. You wouldn't want someone to be able to 'rm -rf /' or anything like that.
I think I like restricting it to /data/local/scripts and forcing us to symlink or place any scripts we want to be able run in that path.
Also agree with stripping slashes. There might be other sanitizing that we would want to do to keep malicious actions from being performed.
I would think strip any special characters that have special meaning to the shell * | < > ` etc. If we want to do anything that requires these, we put it in whatever shell script and then just call the script.
Maybe the best route is to just scan the /data/local/scripts folder and allow the user to select from a list.
In any case, whoever does this already has root, so it is just as easy to launch a terminal and break everything from there.
Just a few brainstormed thoughts.
I was wondering if there is a method to cache DNS requests? I use CM latest and was browsing around in the system folder, when i came by /system/etc/resolv.conf. Here you find the nameservers used by android to resolve DNS.
This got me thinking, because I use a DNS cache on my Ubuntu Box. Might there be a way to do this on Android, to speed up browsing regularly visited websites? Does anyone have any idea how to use a local DNS cache to speed up browsing?
Here's the deal:
- In /system/etc/resolv.conf you find 4 nameservers (4.2.2.5 - 4.2.2.2)
- Doing a ping test (count = 1000) to those, i find big differences in latency. Average was 800 on my test on 3G (I live in the Netherlands). I found this number rather large.
- On IRC, when asking this question, they mentioned porting dnsmasq to android and change nameserver to localhost
A ported version of dnsmasq is found here: http://code.google.com/p/android-wifi-tether/source/browse/trunk/res/raw/dnsmasq?spec=svn120&r=120
Copied the file to /system/bin, chmod +x the file, and this one works.
Now here's the thing:
- dnsmasq --help mentions a configurationfile: /data/local/dnsmasq.conf. This one have to be made for android
- how to configure dnsmasq so it uses the DNS servers and create a cache, thus speeding up browsing (in my humble belief)
- how to start dnsmasq on booting android (and making sure it stays alive)
And finally, does it make sense to use this kind of method? Like to apply for a think tank to make this work
That does sound like a good idea. For me it isn't just 800ms to find out the DNS but on edge rather something like about 3 seconds! this would seriously speed the whole thing up! However, how are you gonna find the IP adresses for the first time?
Well dnsmasq creates a cache, using nameservers found in the config file, if i am correct. I am looking into the dnsmasq.conf examples to see what workaround i need.. Should be pretty straightforward
resolv.conf should have nameserver 127.0.0.1, and dnsmasq should use configured nameservers like 4.2.2.5 and create a cache. Therefore apps use the dnsmasq as DNS server.
Furthermore, i am trying to find out what nameservers are the fastest. 4.2.2.2-5 are Verizon, while i am in the Netherlands. OpenDNS has a datacenter in Amsterdam, so i figured changing nameservers to OpenDNS would speed things up some more..
Even better would be unbound, though the stated overhead of ~11 MB might be too much for G1/mT3G v1.
Also, do you have to do any tricks to prevent resolv.conf from being overwritten when you switch networks? I know that usually dhclient will rewrite the file, and there's a couple of workarounds, but I have no idea which ones would work on Android.
CM builds already have a dnsmasq binary in /system/bin. It's used for tethering. You could launch it with a different config file if needed (there's a dnsmasq.conf in /system/etc already for tethering). Also, the values in resolv.conf aren't really used by much anymore unless you have stuff linked with uclibc. The resolver in Bionic uses the values of the net.dns* system properties.
cyanogen said:
CM builds already have a dnsmasq binary in /system/bin. It's used for tethering. You could launch it with a different config file if needed (there's a dnsmasq.conf in /system/etc already for tethering). Also, the values in resolv.conf aren't really used by much anymore unless you have stuff linked with uclibc. The resolver in Bionic uses the values of the net.dns* system properties.
Click to expand...
Click to collapse
Thanks for the reaction... You are right indeed, i found the dnsmasq.conf:
Code:
no-resolv
no-poll
server=4.2.2.2
server=4.2.2.3
interface=usb0
dhcp-authoritative
dhcp-range=192.168.77.100,192.168.77.105,12h
dhcp-leasefile=/data/misc/dnsmasq.leases
pid-file=/data/misc/dnsmasq.pid
user=dhcp
no-negcache
What you're saying is that i should create another one, but i am wondering what values i should use..
interface=?
Also, regarding your remark on DNS, how to see the values of net.dns* and how to change them? sysctl -n doesn't show these values, I must be looking in the wrong direction...
Hey,
You don't have to set an interface at all.
The interface delcaretion limit dnsmasq to listen only on a specific interface (for both DHCP and DNS requests).
As far as I know dnsmasq is caching dns by default you can limit the cache size and set not to cache negative queries but it will cache by default so no special settings is needed.
In addition, Dnsmasq is also function as dhcp server and if you don't want it to try removing all lines that declaring on dhcp settings.
True on that one, i want to use dnsmasq mainly on 3G
On my remark about the dns properties, already found out to use getprop and setprop
getprop shows different values on DNS compared to resolv.conf:
[net.dns1.195]: [84.241.226.140]
[net.dns2.195]: [84.241.226.9]
[net.dns1]: [84.241.226.140]
[net.dns2]: [84.241.226.9]
You need to be aware of one thing with regards to the resolv.conf file.
It is NOT USED BY ANDROID.
If you use the command "getprop", you will see several dns entries in there -- none of which matches the static dns servers set in resolv.conf. The resolv.conf is used by TERMINAL BINARIES.
zrubi said:
Hey,
You don't have to set an interface at all.
The interface delcaretion limit dnsmasq to listen only on a specific interface (for both DHCP and DNS requests).
As far as I know dnsmasq is caching dns by default you can limit the cache size and set not to cache negative queries but it will cache by default so no special settings is needed.
In addition, Dnsmasq is also function as dhcp server and if you don't want it to try removing all lines that declaring on dhcp settings.
Click to expand...
Click to collapse
might as well restrict it to the local interface
Code:
interface=lo
you can then turn off dhcp with
Code:
no-dhcp-interface=lo
I use OpenDNS on my home network which is claimed to be better than ISP dns servers. When you signup/setup you are required to input their values for dns servers, perhaps you set these values from your phone?
Not sure if Android supports this... but the easiest and least resource intensive way to do this would be to simply add your commonly used domains to the hosts file. I believe some ad blocking software used to use this to block ads.
Aside from that... Bind can be run as a caching nameserver and would probably work in conjunction with setprop to overwrite the nameserver values android tries to use...
Another interesting idea might be to run a squid cache with data stored on the SD card... this should theoretically be faster than pulling the pages over 3G, but could be memory constrained.
FWIW I did some testing with timing page loads over 3G/2G/Wifi... and I found that the bottleneck for page loads on the G1 was not in fact the speed of the network connection(3G and WiFi were virtually identical - 12Mbps cable, 2G slightly slower), but CPU time spent in rendering(well, possibly memory related as well, but the G1 is always memory constrained so its hard to tell). The biggest speed improvement I experienced was in turning off Javascript.
I also tested Stock vs Dolphin vs Steel and found Stock & Steel to have very similar numbers, with Steel having a slight edge sometimes. Dolphin was always orders of magnitude slower.
IMHO The only real way to speed up browsing on the G1 would be to utilize an external compression proxy to reduce the amount of data being sent across the network to the G1, or to rewrite the browser/Dalvik VM/whatever to be more efficient. I tried the external proxy method but couldn't seem to get it to work.
good thought...i'll tinker w/ this some
also dot folder
@equid0x Good thoughts... I used Opera on Android, which uses a compression proxy. Runs fast. Might be an idea to look into this for the native browser and abandon the idea to cache DNS.
cyanogen said:
CM builds already have a dnsmasq binary in /system/bin. It's used for tethering. You could launch it with a different config file if needed (there's a dnsmasq.conf in /system/etc already for tethering). Also, the values in resolv.conf aren't really used by much anymore unless you have stuff linked with uclibc. The resolver in Bionic uses the values of the net.dns* system properties.
Click to expand...
Click to collapse
I think I have dnsmasq playing nice w/ this config:
Code:
no-resolv
no-poll
server=4.2.2.2
server=4.2.2.3
listen-address=127.0.0.7
interface=lo
pid-file=/data/misc/dnsmasqcache.pid
user=dhcp
no-negcache
it's listening on UDP port 53 -- seems to be doing its thing..
you're right..resolv.conf doesn't affect anything I do.
but I don't see any entries like net.dns* when i
#sysctl net
What am I missing about how Bionic does things?
alapapa said:
but I don't see any entries like net.dns* when i
#sysctl net
Click to expand...
Click to collapse
Use:
# getprop
Brut.all said:
Use:
# getprop
Click to expand...
Click to collapse
Thanks.
i can:
# setprop net.dns1 127.0.0.1
# setprop net.dns2 127.0.0.1
and it uses dnsmasq for a while, then they change back to t-mobile's (seems like it happens when i change towers or it goes from 3g->edge or vice-versa
does net.dnschange have any ability to control this?
know where I can find any documentation on the dhcp process that populates these values?
edit: just tested again and the settings persisted all night. performance wasn't noticeably different than normal. I'll try to do some more scientific tests and report back..
was this project dropped? anything goin on here?
dnsmasq cpu problem
Hi Guys,
I've implemented the dnsmasq with my adhoc connection. My config file is:
no-resolv
no-poll
server=10.50.30.254
listen-address=127.0.0.1
interface=lo
pid-file=/data/misc/dnsmasqcache.pid
user=dhcp
no-negcache
addn-hosts=/data/misc/dnsmasq-host
cache-size=65536
local-ttl=86400
where the dnsmasq-host file is a copy of http://www.mvps.org/winhelp2002/hosts.txt to avoid advertising site.
After few minutes I run dnsmasq I get the cpu at 100% and the process sayd:
dnsmasq: Unknown cmd ''
dnsmasq: Unknown cmd ''
dnsmasq: Unknown cmd ''
I've tried only with few config options but the result is the same.
Do you know what is that?
Hi,
This is a potential game changer, DNS server for Android, the open source, DNSMasq and some specific config files for it.
It runs on your Android device and you point your DNS queries to it instead of your remote ISP DNS server.
Using this setup will speed up your Android online experience many fold because DNS (specially over 3G) is one of the slowest blocking components of the entire browsing activity.
Features/Points to note -
- Caching, multithreaded. The replies from the cache are instantenous, hence browsing speed is enhanced significantly
- Query multiple DNS servers simultaneously. Fastest reply is used. Hence redundancy is also achieved along with speed. Currently set to Google DNS servers, Open DNS servers and your home Wifi router. Best not to use more than 5.
- Works with all versions of Android from 1.5 -4.x and all Android phones and tablets
- You can add your ISP's (both 3g and home) DNS servers to /data/local/dnsmasq.conf.
- Don't use your ISP's servers (and remove your Wifi router) if anonymity is a concern.
- Can help circumvent DNS restrictions.
- If your home router has DNS and an IP other than 192.168.1.1, you can change the entry in /data/local/dnsmasq.conf
- It may not start automatically if your ROM doesn't have init.d support. In that case and in either case, you can download SManager and set /etc/init.d/97dns to 'su' (run as root), 'boot' (run on boot) and 'net' ( run on network change)
- To make it stick all the more, you can download SetDNS and enable it and set the DNS server to 'Custom' -> 127.0.0.1 primary and 8.8.4.4 secondary ( backup Google DNS in case DNSMasq is not running for some reason). Make sure that you have Wifi and 3G options checked.
- Will significantly speed up your tethering experience if you set your DNS server to the Android phone and to use this DNS server. Currently the dhcpd option is disabled. You can either enable it or tell your tethering DHCP software to send DNS server=192.168.x.x ( or your Android phone IP) to your PC.
- Block Ads with the MVPS HOSTS file located at /data/local/dnsmasq-host
- VPN connections with and without split tunneling are supported. Check out commented sections in config files. Can use different DNS servers for different domains.
- You need to use this version of DNSMasq. Others ( eg those distributed with most ROMs) have a runaway CPU problem or don't work without the -d (debug) option. Any help resolving those issues welcome.
- You'll need root and su. busybox optional. Simply run Install.bat to install it and configure it automatically. Then make it stick with SManager and SetDNS as mentioned above.
- It's not mine, I just found the correct version and configured it.
- Enjoy! Please click the Thanks button if this helps you.
25th May - Fixed bug where Wifi DHCP wasn't working
Any idea why this breaks my native tether on an og evo 4g on team dirt cm9 port?
Is it necessary to use the install.bat from a pc to make this work or can I just add the dns script to the init.d folder?
Firstly, thank you.
I am trying to manually setup this so I can use some dns redirection (using the --server option) but when I run the install.bat file, it breaks tethering (which uses dnsmasq as well). Would you please help me out understanding what steps the script did to get it running?
Hi,
I think that this version of DNSMASQ may need some different startup options to support dhcp. I have specifically disabled dhcp in the config file.
Or it (dhcp) simply may be compiled out of the binary and it currently may not be usable for both DNS and DHCP.
YMMV. BTW the install script backs up the dnsmasq binary so you can replace it with the backup in case of any issues.
Cheers.
I will try this one if it'll bring any good to my connection. Thanks.
DISCLAIMER:
It is extremely illegal to use this app against networks you don't own or don't have a permission to attack. I am not responsible for how you use it and any damage you may cause. Consider yourself warned.
Hijacker is a Graphical User Interface for the wireless auditing tools airodump-ng, aireplay-ng and mdk3. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.
This application requires an android device with a wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Nexus 5 and any other device that uses the BCM4339 (and BCM4358 (although injection is not yet supported so no aireplay or mdk)) chipset will work with Nexmon. Also, devices that use BCM4330 can use bcmon.
The required tools are included in the app. To install them go to Settings and click "Install Tools". This will install everything in the directory you select. If you have already installed them, you don't have to do anything. You can also have them at any directory you want and set the directories in Settings, though this might cause the wireless tools not being found. The Nexmon driver and management utility is also included.
Root is also necessary, as these tools need root to work. If you don't grant root permissions to it, it hangs... for some reason... don't know why...
Features:
View a list of access points and stations (clients) around you (even hidden ones)
View the activity of a network (by measuring beacons and data packets) and its clients
Deauthenticate all the clients of a network
Deauthenticate a specific client from the network it's connected
MDK3 Beacon Flooding
MDK3 Authentication DoS for a specific network or to everyone
Try to get a WPA handshake or gather IVs to crack a WEP network
Statistics about access points (only encryption for now)
See the manufacturer of a device (AP or station) from a OUI database (pulled from IEEE)
See the signal power of devices and filter the ones that are closer to you
Leave the app running in the background, optionally with a notification
Copy commands or MAC addresses to clipboard, so you can run them in a terminal if something goes wrong
Include the tools
Reaver WPS cracking (pixie-dust attack using NetHunter chroot)
.cap files cracking with custom wordlist
Let the user create custom commands to be ran on an access point or a client with one click.
Installation:
Make sure:
you are on Android 5+
you are rooted. SuperSU is required. If you are on CM, install SuperSU
have installed busybox (opened and installed the tools)
have a firmware to support Monitor Mode on your wireless interface
Download the latest version here.
When you run Hijacker for the first time, you will be asked whether you want to set up the tools or go to home screen. If you have installed your firmware and all the tools, you can just go to the home screen. Otherwise, click set up to install the tools. You can change the directories in which they will be installed, but I recommend that you leave them unchanged. The app will check what directories are available and select the best for you. Keep in mind that on some devices, installing files in /system might trigger an Android security feature and your system partition will be restored when you reboot. After installing the tools and the firmware (only Nexmon) you will land on the home screen and airodump will start. If you don't see any networks, make sure you have enabled your WiFi and it's in monitor mode. If you have a problem, go to settings and click "Test Tools". If they all pass, you probably don't have monitor mode enabled. If something fails, click "Copy test command" and select the tool that fails. A sample command will be copied to your clipboard so you can open a terminal, run it, and see what's wrong.
Keep in mind that Hijacker is just a GUI for these tools. The way it runs the tools is fairly simple, and if all the tests pass and you are in monitor mode, then you should be getting the results you want. But also keep in mind that these are AUDITING tools. This means that they are used to TEST the integrity of your network, so there is a chance (and you should hope for it) that the attacks don't work on a network. It's not the app's fault, it's actually something to be happy about (given that this means that your network is safe). However, if an attack works when you type a command in a terminal, but not with the app, feel free to post here to resolve the issue. This app is still under development so bugs are to be expected.
Troubleshooting:
First of all, if the app happens to crash at a random time, run it again and close it properly. This is to make sure that there are not any tools still running in the background, as this can cause battery drain. If it crashes during startup or exiting, open a terminal, run `ps | busybox grep -e air -e mdk` and kill the processes you see.
Most of the problems arise from the binaries not being installed (correctly or at all). If that's the case, go to settings, click "install tools", choose directories for binaries and the lib (libfakeioctl.so) and click install. If the directory for your binaries is included in PATH, then you don't have to do anything else. If it's not, the you need to adjust the absolute paths of the binaries, right below the "install tools" option. This might also cause problems (especially with mdk) since these programs require the wireless tools to be installed, and they won't find them if you install them anywhere other than the paths included in your PATH variable. If you don't know what the PATH variable is, then you probably shouldn't be using any of these programs.
If you are certain that there is problem with the app itself and not the tools installation, open an issue here so I can fix it. Make sure to include precise steps to reproduce the problem and a logcat (having the logcat messages options enabled in settings). If the app happens to crash, a new activity should start which will generate a report in /sdcard and give you the option to email it to me directly. I suggest you do that, and if you are worried about what will be sent you can check it out yourself, it's just a txt file and it will be sent as an email attachment to me.
XDA:DevDB Information
Hijacker, App for all devices (see above for details)
Contributors
chrisk44
Source Code: https://github.com/chrisk44/Hijacker
Version Information
Status: Testing
Current Stable Version: v1-RC.4
Stable Release Date: 2016-12-23
Created 2016-11-14
Last Updated 2016-12-26
Reserved
thank you
works great on my nexus 5 and note 3
not working on s6 edge problem i dont know i already installed in my device correctly and also hijacker airdump shows networks for attacking but not do real attack
Is there an updated XDA tutorial yet on setting up adb COMPLETELY wirelessly as of Android 11?
Why do I ask?
Using adb is a critical developer/hacking/user tool
As of Android 11, adb has been fundamentally changed for Wi-Fi
As of Android 12, adb was further improved for Wi-Fi
The existing XDA Developers' tutorial doesn't contain that info
I figured it out on my own (see below)...
(Which meant a LOT of new questions popped up that had to be solved that could have been answered in a tutorial)
Unfortunately, almost everything out there that I can find about adb is (wrong / inaccurate / incomplete [choose one]) in terms of how to set up a wi-fi connection as of Android 11 & 12.
The problem is there are important questions to be solved that are MISSING from that old tutorial
(These problems revolve around connection completely from the PC side only)
Where I would think EVERYONE would have the SAME questions as I do about the new setup
(And for which an updated XDA Developers' adb tutorial would be very useful!)
Mostly these new Android 11+ Developer options Wireless debugging features eliminate the USB cable.
But that then instantly brings up the non-intuitively fundamental question of ESTABLISHING the connection solely from the PC...
(which - let's never forget - is how the older, well documented USB-cable-first-then-Wi-FI adb connection had always been done)
Hence my question of:
Is there an updated XDA tutorial yet on setting up adb COMPLETELY wirelessly as of Android 11+ & 12+?
DETAILS:
Spoiler: Short summary of steps which should be in a tutorial
Given how important adb is to Android software development and hacking, I searched for an XDA Developers writeup on how the newly added Android 11+ Developer options Wireless debugging works and which incorporates a few of the even more newly added Android 12+ Developer options Wireless debugging tiles (which are CRITICAL but it's not obvious to those who haven't done it why those new Android 12 tiles have to be used every day all day!) & Android 12's separate ability to randomize the phone's MAC address for every Wi-Fi connection for added privacy (not just for every Wi-Fi SSID as Android 11 did it) which itself has further implications for reserving IP addresses (usually erroneously referred to as "static IP addresses" in the router and on the phone) for those daily random-port connections using adb over Wi-Fi only. You can no longer connect "from" the PC until after you physically "look" (using live human eyeballs!) to locate either the random port assignment (for "adb connect") or a different random port assignment plus a random pin assignment (for the new Android 11+ encrypted "adb pair" command). Now you can connect via adb over Wi-FI from the PC. But bear in mind the catch! Frequently (upon reboot for example), the Android 12+ tile turns off, as does the Developer options:Wireless debugging toggle, as does the Wi-Fi connection (in my case for privacy, as I have Wi-Fi toggle off when I leave the range of the LAN - which then turns off Wireless-debugging in an unintended cascade) but more importantly, frequently the random port assignment changes as does the random pin assignment. So you have to perform the all-important human-eyeball LOOK frequently - which you would rather not need to do if you could help it
Whew! I said what "should" be in a tutorial so others don't have to figure all of that out on their own just to set up adb completely wirelessly (without first establishing a USB connection on the PC).
I figured it all out, of course, but that XDA Developers writeup didn't help (in fact it hurts)... because it contained completely outdated information (which is why I wrote that long paragraph above, to summarize what's completely missing).
Here's what needs to be done on the phone:
Enable Wi-Fi (mine is set up to NOT auto-reconnect, for privacy)
Establish a connection over Wi-Fi to an SSID on your LAN
Enable Developer options:Wireless debugging (Android 11+)
Enable Developer options:Wireless debugging Tile (Android 12+)
Enable random MAC address per SSID (Android 11) or per connection (Android 12+)
Enable the (so-called) static IP address of the phone
Physically eyeball the random Wireless debugging port assignment (&/or random port + random PIN)
Note all the questions are related to the fact everyone wants to eliminate that last step above!
On the PC:
Simply assure yourself that the phone is on the LAN (e.g., ping 192.168.0.2) (duh)
Remember - it's using a RANDOM MAC address so the router has to be configured for that
Then connect from the PC adb to the phone completely over Wi-Fi (encrypted or not)
Remember - there's no initial establishment via USB - which means you need to know random ports!
adb connect 192.168.0.2:12345 (or) adb pair 192.168.0.2:12345 123456
Remember - everyone's goal is to obtain those random ports 100% from the PC side of things
You may have to accept an encryption dialog on your phone if this is the first time using that PC
At this point, adb over Wi-Fi works the same as adb has always worked (over USB first, then over Wi-Fi).
Until, of course, Android randomly resets the port assignment - which it does frequently!
Then you're back to having to look at the phone for the random port assignment
Notice that most of the issues people are having (see reference list below) are related to the fact that the random port assignement, as far as we know, can ONLY be obtained from a visual inspection of the Android phone - but also notice that nobody used to need to do that in the olden days (when we connected via USB cable first!).
My observation is nobody wants to do that visual inspection of the phone every time, all day, every day, whenever Android re-randomizes the MAC address (which, for me, happens frequently but my phone is set up specifically for Wi-FI privacy).
In summary, this thread asks if there is an XDA Developers' writeup for connecting adb on the PC completely wirelessly to Android 11 and Android 12 and up.
The REASON I believe that XDA Developers' updated adb tutorial is needed by hackers/developers/users is:
a. The way adb works over Wi-Fi is COMPLETELY DIFFERENT as of Android 11 (this is why finding an updated tutorial is needed!)
b. I had to figure all this out on my own, so that means everyone else does too (unless I missed the XDA Developers' tutorial), and,
c. There are still a ton of open unanswered questions that everyone also has.
REFERENCES: (in no specific order, these are attempts to make it work the way everyone wants it to work!)
(PSA) Using the new Android 12 TILE for 'Developer options' 'Wireless debugging' to establish adb connection over Wi-Fi without USB
What's the difference between Windows/Android adb "connect" versus adb "pair" when mirroring Android 12 over Wi-Fi onto a Windows PC?
Android 12 Developer options adb "Wireless debugging" option keeps turning off
[adb,scrcpy,vysor] What ports does Android 12 randomly set when Wi-Fi connecting via Wireless debugging adb "pair" or "connect" commands?
[adb] What is the adb syntax to connect wirelessly to Android by unique serial number (instead of by Wi-Fi LAN IP address & random port assignment)?
Note that none of those threads would be needed if we could have found a comprehensive tutorial that was updated to Android 11 and 12 new connect-adb-over-Wi-Fi-without-USB functionality that answers those basic obvious questions to ask. (See illustrative screenshots below).
Is an updated XDA Developers' writeup extant for connecting adb on the PC completely wirelessly to Android?
I simply use ladb - it's an app that makes the whole process a breeze
See a big xda write up about it here ..
How to debloat your phone (and more) without connecting to a PC
LADB is an app that lets you run ADB shell commands from your phone, no root and no PC needed! Use it to debloat your phone and more!
www.xda-developers.com
CFKod said:
I simply use ladb
Click to expand...
Click to collapse
Thanks for that advice to use Local ADB which "leverages Android’s built-in support for ADB over WiFi to provide a GUI for sending shell commands straight from the Android device."
The great news is that was the first XDA Developers' tutorial that I've seen that showed cognizance of the new Android 11 features of setting up adb completely wirelessly (without need for USB first).
* GitHub: LADB (A local ADB shell for Android!)
The bad news is that, at least upon initial inspection, ladb doesn't do anything you can't do inside of Termux as far as I can tell (is that correct though - maybe the ladb apk can do more privileged actions?).
Spoiler: Example of doing in Termux what would often be done in adb
1. Install F-droid <https://f-droid.org/>
<https://f-droid.org/F-Droid.apk>
2. Install F-Droid Termux <https://f-droid.org/en/packages/com.termux/>
<https://f-droid.org/repo/com.termux_117.apk>
3. Add F-Droid Termux Widget <https://f-droid.org/en/packages/com.termux.widget/>
<https://f-droid.org/repo/com.termux.widget_12.apk>
4. Run the F-Droid Termux & create an alias we'll name "rad" for reset ad id.
$ rad
(This should report: No command rad found)
$ alias rad 'am start -n com.google.android.gms/.ads.settings.AdsSettingsActivity'
$ rad
(this should pop up the "Reset Advertising ID" Activity on your phone
(manually close that Activity for now - we can programmatically close it later)
$ cat ~/.bashrc
cat /data/data/com.termux/files/home/.bashrc
No such file or directory
$ alias > ~/.bashrc
$ cat !$
alias rad='am start -n com.google.android.gms/.ads.settings.AdsSettingsActivity'
$ unalias rad
$ rad
(This should report: No command rad found)
$ source ~/.bashrc
$ rad
(this should pop up the "Reset Advertising ID" Activity on your phone
(manually close that Activity for now - we can programatically close it later)
5. Run the F-Droid Termux and create two directories for the shortcut widget
$ mkdir -p $HOME/.shortcuts (we will put our shell script here)
$ mkdir -p $HOME/.shortcuts/tasks (we didn't use this directory yet)
6. Create a shell script to open up the reset ad id Activity.
$ cd $HOME/.shortcuts
$ nano ./rad.sh
Edit the result to look like this:
#!/data/data/com.termux/files/usr/bin/bash
am start -n com.google.android.gms/.ads.settings.AdsSettingsActivity
$ chmod +x ./rad.sh
$ ./rad.sh
(nothing will happen)
7. Modify termux to be able to execute user shell scripts on Android.
$ pkg install termux-exec
8. Test your shell script.
$ ./rad.sh
(this should pop up the "Reset Advertising ID" Activity on your phone
(manually close that Activity for now - we can programmatically close it later)
9. Add the Termux Widget to your homescreen.
Long press your Android homescreen.
Select "Widgets" & then "Termux:Widget" & place it on your Android homescreen.
It will ask: Create widget and allow access? to which you press "Yes"
Then press the "rad.sh" entry showing up in that Termux Widget.
"Termux requires "Display over other apps" permission
to start terminal sessions from background on Android >=10."
"Grants it from Settings -> Apps -> Termux -> Advanced"
10. Grant Termux permission to display over other apps:
Android11:Settings > Apps > Your apps > Termux > Appear on top = (change off to on)
11. Now press the Termux Widget entry named "rad.sh"
(this should pop up the "Reset Advertising ID" Activity on your phone
(manually close that Activity for now - we can programmatically close it later)
12. Reboot the phone & ensure everything is persistent.
Tap the new homescreen icon after rebooting
& the "reset ad id" Activity should pop up.
But worse, the LocalADB instructions clearly say to do the same manual (aurgh!) steps we've been doing all along.
That is, even with LADB, they're still NOT obtaining the random port address programatically; they're getting it manually - just like I've been doing all along without LADB.
So ladb doesn't change anything... as far as I can tell (but maybe I'm wrong?).
"Copy the 6 digit “Wi-Fi pairing code” and paste it into the “pairing code” box in LADB. Copy the 5 digit port number from the IP address (the 5 numbers after the colon) and paste it into the “Port” box in LADB."
Click to expand...
Click to collapse
If I were to "guess" wildly - then that means what everyone wants is perhaps impossible to accomplish; but I'm still hoping that's not the case - but - the point is to find an updated XDA Developers' tutorial that shows an awareness of the stated problem set.
EDIT: I have an idea. I installed LADB on Android, and now I'm trying to see if I can query that LADB from the PC using adb commands where the goal is maybe the PC adb can query the Android ladb to figure out what the current random port assignment is???
GalaxyA325G said:
So ladb doesn't change anything... as far as I can tell (but maybe I'm wrong?).
If I were to "guess" wildly - then that means what everyone wants is perhaps impossible to accomplish; but I'm still hoping that's not the case - but - the point is to find an updated XDA Developers' tutorial that shows an awareness of the stated problem set.
EDIT: I have an idea. I installed LADB on Android, and now I'm trying to see if I can query that LADB from the PC using adb commands where the goal is maybe the PC adb can query the Android ladb to figure out what the current random port assignment is???
Click to expand...
Click to collapse
Yes .. everything you have said is correct
I wouldn't say it has any special privileges. It just guides you through the connection process.
You end up with a blank canvas in terminal - just as you would using termux
Not sure what the app costs, I purchased pre release so cost barely a thing
either way , it cuts out some of the faff and i'd certainly recommend for a less tech savvy person...
Then again.. why wouldn't anyone with no clue, use adb?
If I can assist in any way. Feel free to give me a shout on telegram
CFKod said:
Yes .. everything you have said is correct
Click to expand...
Click to collapse
I must again thank you for letting me know about local adb.
I installed ladb the instant you informed me about it.
Yesterday and today I started to test it out.
CFKod said:
It just guides you through the connection process.
Click to expand...
Click to collapse
I'm hoping maybe this ladb running on the Android device "might" give it something special that the PC doesn't have in terms of access to the information of the random port assignment on Android.
There are multiple levels of this problem set, the top level being the almost complete lack of XDA Developers' tutorials that have any cognizance of what's new in Android 11 and up with respect to adb wireless connections - where - again - I thank you for finding the one and only XDA Developers' tutorial that shows that awareness.
However, the more important level of this problem set is to find a way to connect adb wirelessly to Android WITHOUT manually grepping the random port with our eyeballs.
CFKod said:
You end up with a blank canvas in terminal - just as you would using termux
Click to expand...
Click to collapse
It may very well be that the Android developers made that impossible (e.g., for security reasons); but in the absence of any information or tutorial stating that as a fact, I'm not going to assume it's impossible (yet).
AFAICT, the way to solve the problem is to find a way to either:
a. Keep the port assignment static, or,
b. Set the port to a specific assignment (as we did with USB), or,
c. Determine the random port assignment programatically
It "may" be that local adb can help in that latter method... dunno yet... but I didn't even know ladb existed until you mentioned it so I'm starting from scratch without a tutorial (for this part of the problem set).
CFKod said:
I wouldn't say it has any special privileges.
Click to expand...
Click to collapse
Actually, after looking it up since yesterday, I think local adb DOES have more privileges than does Termux; so I was wrong in that assumption.
The ladb developer, @tytydraco said so himself on Dec 18, 2020 when he announced the existence of the ladb APK on XDA Developers.
tytydraco said:
for those of you who have used or encountered ADB in the past, you know that you usually need a PC to shell into your phone. While yes, apps such as Termux exist, they don't have elevated privileges as ADB does.
Click to expand...
Click to collapse
So we can safely assume ladb has "elevated privileges" which Termux doesn't have (which is a good thing as we may need them!).
CFKod said:
Then again.. why wouldn't anyone with no clue, use adb?
Click to expand...
Click to collapse
Well.... just as "mock location" GPS spoofing is a "Developer option" that has gone mainstream, I suspect we're at an inflection point where with screen mirroring of scrcpy and vysor, that adb usb/wireless debugging has gone mainstream too!
In summary, here's the status so far (which may change over time)...
a. Unfortunately, nobody knows of an updated XDA adb tutorial
b. But there is an updated XDA ladb tutorial
c. But even that ladb tutorial REQUIRES an eyeball grep of the random port assignment (aurgh!)
Note with the brand new Android 12 tile that it's not in the least difficult to do that eyeball grep of the current random port assignment (although you have to get up from your computer to find the phone in order to do so) - but the whole point of computers is they are supposed to do that stuff for you (are they not?).
While it may be designed that way by Google, I'm hoping I can figure out a programatic way to obtain that random port assignment from the PC, where the suggestion of perhaps implementing ladb as a middleman "might" solve that problem (if I can figure out the method).
Thanks for your help and advice, as everyone has the same adb random port assignment problem who wants to mirror their phone onto the PC completely wirelessly - and for which there is no known XDA tutorial to help them (yet).
BTW, I've noticed only recently since I started testing out ladb that the serial numbers are different where I wonder if anyone can explain why there is both a long and a short serial number when using adb completely wirelessly.
Note the question matters because "maybe" we can omit the random port if we can connect via the static serial numbers...
Adb source changes a lot, with the adb wifi stuff being added in, you could probably compile a modified adb binary to use via an apk like ladb that could use a static serial number connection method.
In source, there's a lot of testing binaries you can compile, iirc in maybe 11-dev branch there was some code commented out to allow for more insecure connections.
Hey I have noticed that shizuku also uses wireless adb...
I may have time to test it later.
Surge1223 said:
you could probably compile a modified adb binary to use via an apk like ladb that could use a static serial number connection method.
Click to expand...
Click to collapse
Thank you for that suggestion, because if it was easy to connect purely over Wi-Fi (sans USB) between adb on the PC and the Android 11+ phone (WITHOUT eyeballing the randomly assigned port address), it would have been documented already (since it's what EVERYONE wants to do).
So we're breaking new ground...
And, while I definitely harbor the optimism that there (almost always) is a way, I do agree that nobody on the Internet (that I can find) has found THAT way.
Still... as you suggested, ladb does have some extra "hooks" on the phone itself which may allow ladb to REPORT back to the PC over Wi-Fi what our EYEBALLS have to see for themselves today (of the random port address).
This report back to the PC (of the random port address) over Wi-FI has to be done in some OTHER protocol than adb itself, I suspect... as it's a chicken-and-the-egg scenario otherwise.
BTW, we "might" be able to use the Android serial number to good effect, but probably not as my tests using the Android serial number only work AFTER the adb connection has been prior established.
Code:
C:\> adb devices
*daemon not running; starting now at tcp:5555
*daemon started successfully
List of devices attached
C:\> adb devices
List of devices attached
C:\> adb devices
adb-YFVR80V7YFY-yF7kj8._adb-tls-connect._tcp. device
C:\> scrcpy -s adb-YFVR80V7YFY-yF7kj8._adb-tls-connect._tcp.
C:\> adb connect -s adb-YFVR80V7YFY-yF7kj8._adb-tls-connect._tcp.
C:\> adb connect -s 192.168.0.2
CFKod said:
Hey I have noticed that shizuku also uses wireless adb...
I may have time to test it later.
Click to expand...
Click to collapse
Thank you for that pointer to Shizuku which, like ladb, I had never heard of until you mentioned it as a possible solution.
What's nice is Shizuku has its own updated tutorial on XDA Developers which, at least, is aware of the new Android 11+ Developer options:Wireless debugging toggle, as it says...
"On Android 11 or above, you can enable Wireless debugging and start Shizuku directly from your device, without connecting to a computer."
Click to expand...
Click to collapse
By which they really mean:
"On Android 11 or above, you can enable Wireless debugging and start Shizuku directly from your device, without first needing to connect by USB to a computer."
Click to expand...
Click to collapse
I'm not rooted; but, since Shizuku can be started on the Android device, maybe it can be used to tell the computer over Wi-Fi what the current random port address assignment is (or the unencrypted adb connect command) or the random port and pin assignment (for the encrypted adb connect command).
MOD EDIT: ENGLISH TRANSLATION ADDED
I want to apply this program, Yasser, as much as possible
---------------------------------
ااريدتطبيق هذا البرنامح ياسر مايمكن
MOD EDIT: ENGLISH TRANSLATION ADDED
and not google
-----------
وغير قوقل
زين said:
MOD EDIT: ENGLISH TRANSLATION ADDED
I want to apply this program, Yasser, as much as possible
---------------------------------
ااريدتطبيق هذا البرنامح ياسر مايمكن
Click to expand...
Click to collapse
زين said:
MOD EDIT: ENGLISH TRANSLATION ADDED
and not google
-----------
وغير قوقل
Click to expand...
Click to collapse
1. This thread is a question (mostly) about a missing XDA tutorial.
2. The NEED for the tutorial is embedded in the details
Essentially...
a. We need an updated adb TUTORIAL for Android 11+ new features
b. Specifically, how to connect COMPLETELY via Wi-Fi (no USB)
Keeping in mind...
i. The OLD USE model used adb over USB first
ii. And then, after USB connection, adb could move to Wi-Fi
What we want is...
A. The Android 11+ use model is to eliminate the need for USB
B. But STILL connect using adb over Wi-Fi from the PC
Where...
A. The OLD use model was done COMPLETELY from the PC
B. And we're simply trying to REPLICATE that old use model
However... the problem is...
1. So far, we MUST first ascertain VISUALLY the random port (& PIN)
2. Which means we can no longer connect FROM the PC
That's the problem exposed by this thread, in a nutshell...
But... I do NOT understand what the two posts above are asking us to answer...
a. "I want to apply this program, Yasser, as much as possible"
b. "And not google"
Huh?
A. Which program? (adb? ladb? shizuku?)
B. Who (or what?) is Yasser?
C. And what does "not Google" have to do with it?
D. What does that poster want as an "answer"?
I want to help the guy (just as I'd want to help anyone).
But I don't understand what the heck the guy is even asking.
Can someone translate that English translation to something that makes sense in English that can be answered in English?