[Q] How to use scp from Android system shell? - Android Software/Hacking General [Developers Only]

Hi guys,
I have an Amazon Kindle and the SGS2 which I take out and about with me.
I want to be able to transfer documents to and from the phone and Kindle (already got SSH access to the Kindle over WiFi) while out and about.
My phone is rooted and I've installed dropbear SSH. I can use connectbot to SSH into the phone locally but the shell I'm presented with doesn't see `scp`. I believe this is supposed to be included with dropbear? How do I get scp from this shell?
The reason I'm looking to do it all from a root shell on the phone is becuase I believe this is the only way to get access to the clients connected to the virtual access point. Hence I'll be able to:
be in the middle of the desert, create a WiFi tethering hotspot with the phone (though it has no signal), connect the Kindle to the phone via this access point, get a root shell on the phone and scp documents from the phone to the Kindle.
I believe I am as far as this final step but need an extra kick to get me there. Perhaps I need to install another shell?
Thanks!

Bump

Related

Installing Debian on the G1

This was already mentioned by alansj here, but I though it was important enough to have it's own thread
Saurik has created a Debian image you can install onto your sd card. Once installed, you have the full power of debian on your phone. No more puny little busybox
Instructions and such are here.
Thanks Saurik!
I was actually looking into this earlier... let me know how it runs
cant download a few things
can not open ext2.ko......when i type insmod $kit/ext2.ko ...i get "insmod: can't open ' /sdcard/kit/ext2.ko'...some one please help me out
What graphical interface does this install, or is there one?
cbrunner said:
What graphical interface does this install, or is there one?
Click to expand...
Click to collapse
That was my question when I heard about this... I just went for it though because when I read through the instructions, I realized that everything is stored in the MicroSD card and in RAM (which is reset when the phone is rebooted)
It turns out that there is no GUI - just a good old text-based Debian install! I'm sure that someone will get one working... or maybe just port the entire BSD Subsystem along with apt so we can just forget the Market...
amgupt01 said:
That was my question when I heard about this... I just went for it though because when I read through the instructions, I realized that everything is stored in the MicroSD card and in RAM (which is reset when the phone is rebooted)
It turns out that there is no GUI - just a good old text-based Debian install! I'm sure that someone will get one working... or maybe just port the entire BSD Subsystem along with apt so we can just forget the Market...
Click to expand...
Click to collapse
This awesome article has answered tons of my questions and also seems to imply otherwise:
"This does not replace Android. This also gives you access to the full plethora of programs available in Debian and let's you continue using your phone as it was intended to be: as an Android device with all the capabilities thereof."​
In addition, this IRC channel is where the author of that article idles.
cbrunner said:
This awesome article has answered tons of my questions and also seems to imply otherwise:
"This does not replace Android. This also gives you access to the full plethora of programs available in Debian and let's you continue using your phone as it was intended to be: as an Android device with all the capabilities thereof."​
In addition, this IRC channel is where the author of that article idles.
Click to expand...
Click to collapse
Right. No gui, but you have a full working linux distro on your phone. You can apt-get just about any of the normal stuff.. You could probably even get a x-windows installation to working, although you would have to connect to it remotely - it would probably be "difficult" to get it to display a gui on the phone itself (although that would be sweet).
I've installed Saurik's image on my phone, it works great. Although if you do the "unionfs.sh" step, the wifi settings don't quite work right anymore. It won't let you enable or disable wifi.
But I was able to get an ssh server (with real user and password management) and even a samba server running on my phone quite easily with this . I've also got gcc installed, and will start playing around with developing directly on the phone (instead of having to cross compile).
Sorry for not being hip to the game, but what the heck is Debian?
donutman said:
Sorry for not being hip to the game, but what the heck is Debian?
Click to expand...
Click to collapse
Arguably the most influential distribution of Linux ever. Its package management system, apt, is awesome, and it is what Ubuntu and tons of other distros were started from.
Why would you not use Google before asking here?
can anyone help with my above mentioned problem
i want this baby to run
Is your phone connected to your computer? You lose access to the storage card when it is, I think (you can't cd to it when it's plugged in) and unplugging my phone allowed me to install the module.
/a
Installing Debian errors?
Here is what I get:
insmod $kit/ext2.ko
insmod: init_module '/sdcard/kit/ext2.ko' failed (Operation not permitted)
i've been through this, i'm not gonna explain what happens and why, but imo, the only way to get a real root is the following:
-Install telnet client to your device (from android market).
-Reboot your phone to be sure no telnet-daemons/shells are running.
-When you are on the desktop, just type "enter", "telnetd", "enter". (If you do it from the terminal app it will run under the uid of the terminal app which is not root).
-Then run the telnet client app, and connect to local host. (Or skip this step + the first one if you wanna connect from another pc)
I know it's weird, but when you run something from the terminal app it runs under the terminal app's uid, even if you run a new shell, you still are eg. "app_33", not root. and btw you will have to set the environment variables all from the same shell, that means you can't have a script cause it will run under another shell, with another uid. I'm so confused... maybe I'm wrong but android is not the most friendly environment.
aggtrfrad said:
i've been through this, i'm not gonna explain what happens and why, but imo, the only way to get a real root is the following:
-Install telnet client to your device (from android market).
-Reboot your phone to be sure no telnet-daemons/shells are running.
-When you are on the desktop, just type "enter", "telnetd", "enter". (If you do it from the terminal app it will run under the uid of the terminal app which is not root).
-Then run the telnet client app, and connect to local host. (Or skip this step + the first one if you wanna connect from another pc)
I know it's weird, but when you run something from the terminal app it runs under the terminal app's uid, even if you run a new shell, you still are eg. "app_33", not root. and btw you will have to set the environment variables all from the same shell, that means you can't have a script cause it will run under another shell, with another uid. I'm so confused... maybe I'm wrong but android is not the most friendly environment.
Click to expand...
Click to collapse
Haha I feel you. Now the thing is when I am at the home screen on my G1 i push "Enter" on the keyboard and then type "telnetd" and then push enter again it doesnt do anything. When I open up telnet client on my PC it wont connect with wifi on.
So I then go to Telnet client on myG1 and go to connect to "localhost:23" and it says "Error while connecting to server: localhost/127.0.0.1:23 - Connection refused" the thing is that my local host for my wifi is not 127.0.0.1:23
And when I "netstat" from inside Terminal Emulator there is no address with port "23"
ballaholyk84 said:
Haha I feel you. Now the thing is when I am at the home screen on my G1 i push "Enter" on the keyboard and then type "telnetd" and then push enter again it doesnt do anything. When I open up telnet client on my PC it wont connect with wifi on.
So I then go to Telnet client on myG1 and go to connect to "localhost:23" and it says "Error while connecting to server: localhost/127.0.0.1:23 - Connection refused" the thing is that my local host for my wifi is not 127.0.0.1:23
And when I "netstat" from inside Terminal Emulator there is no address with port "23"
Click to expand...
Click to collapse
Are you already running RC30?
SplasPood said:
Are you already running RC30?
Click to expand...
Click to collapse
Yes, I am running the Modified RC30 posted by JesusFreke
cbrunner said:
Why would you not use Google before asking here?
Click to expand...
Click to collapse
Because I wanted you to tell me baby. That is what a wife is suppose to do.
JesusFreke said:
Right. No gui, but you have a full working linux distro on your phone. You can apt-get just about any of the normal stuff.. You could probably even get a x-windows installation to working, although you would have to connect to it remotely - it would probably be "difficult" to get it to display a gui on the phone itself (although that would be sweet).
I've installed Saurik's image on my phone, it works great. Although if you do the "unionfs.sh" step, the wifi settings don't quite work right anymore. It won't let you enable or disable wifi.
But I was able to get an ssh server (with real user and password management) and even a samba server running on my phone quite easily with this . I've also got gcc installed, and will start playing around with developing directly on the phone (instead of having to cross compile).
Click to expand...
Click to collapse
What command did you use to get the SSH to install? Every time I do the one in the tut by saurik it errors and wont install all the way. I get an error after x11-common and it wont finish.
ballaholyk84 said:
So I then go to Telnet client on myG1 and go to connect to "localhost:23" and it says "Error while connecting to server: localhost/127.0.0.1:23 - Connection refused" the thing is that my local host for my wifi is not 127.0.0.1:23
Click to expand...
Click to collapse
localhost usually refers to the loopback interface which on most devices will be 127.0.0.1.
I'm getting the same thing here... I think there's something wrong with apt-get having to write to /tmp which does not exist (and is mounted read-only).

iPod and G1 syncing

I use my G1 and iPod Touch hand and hand. I share my G1s internet over wifi. Basically I want to create a script that will ssh from my G1 to my Touch then copy the contents of say my images folder to my Touch. This way keeping my iPod and G1 in sync over wifi. I'm wondering what would be the easiest way of doing it, creating a cron script that pings for my iPod's IP and if returned would start a SSH connection and auto copy my pictures? Any idea's?
Note: I was also thinking maybe creating a custom tether app based off the wifi tethering app available that when tethering was activated it would ping periodically for my iPod's IP. That way I could avoid the hassles of cron under the Android Environment and I would only be trying to sync when my G1 is tethering.
G1 has nothing to share with ipod, pervert
...right. I don't think you can do cron jobs on android or host a ssh server natively but you might be able to mount debian on your sdcard and then do everything from in there. rsync is popular for this.
jusplainmike said:
I use my G1 and iPod Touch hand and hand. I share my G1s internet over wifi. Basically I want to create a script that will ssh from my G1 to my Touch then copy the contents of say my images folder to my Touch. This way keeping my iPod and G1 in sync over wifi. I'm wondering what would be the easiest way of doing it, creating a cron script that pings for my iPod's IP and if returned would start a SSH connection and auto copy my pictures? Any idea's?
Click to expand...
Click to collapse
Basically, yeah. Could be easier / more elegant to build a Java app that runs in the background, pinging the ip. To copy via ssh you need scp, which is included in my JF 1.43 ADP1.1 flash.
Then just
Code:
scp -i /sdcard/android_id.seckey -r [email protected]:/wherever/the/files/are/ /sdcard/where/i/want/them
You'd need to supply a public key without password protection (in my example android_id.seckey) to the iPod, which usually is a significant security risk. Maybe in case of your iPod, not so much though.
jusplainmike said:
Note: I was also thinking maybe creating a custom tether app based off the wifi tethering app available that when tethering was activated it would ping periodically for my iPod's IP. That way I could avoid the hassles of cron under the Android Environment and I would only be trying to sync when my G1 is tethering.
Click to expand...
Click to collapse
That's possible as well, but it's more complicated since you'd have to adapt to changes to WiFiTether / G1Tether. Also, that app might need root, while the other approach probably wouldn't, but would only work when both devices are connected to an access point where IPs are DHCP'd statically.
Interesting problem.
d00m said:
...right. I don't think you can do cron jobs on android or host a ssh server natively but you might be able to mount debian on your sdcard and then do everything from in there. rsync is popular for this.
Click to expand...
Click to collapse
The iPod host the ssh server, I would only have to SSH from the G1 and android actually has a cron service, I can't remember what it is of the top of my head exactly.
While trying to scp I get this error:
/system/bin/ssh: No such file or directory
Click to expand...
Click to collapse
Yet I can ssh from my G1

ssh through adb?

im looking to ssh through my phones terminal accessed via adb shell.
my company is pretty strict on outgoing traffic and id like to keep track of my screen sessions. I can ssh through my phone using connectbot, but then im hunched over my phone the entire time.
ive read that dropbear works on arm and should work as a client on the phone through busybox, but havnt found any information on installing it, and i also havnt found the precompiled binaries.
tips?

Security of Android Devices

Hello all. I'm currently taking a computer security class and to make the long story short, at the end of the semester I will have to turn in a research paper and do a 30 minute presentation on it. The topic I chose for this is "Exploring the techniques used to gain access to personal information on Android devices; the methods hackers use and the type of data they are seeking." So if you could please post links to any articles that you come across that talk about security of android devices. Also, I could really use any magazine or book suggestions. Thanks!
Look up open wifi hackers. They can steal your junk if your network isn't secured. Sorry no article
Sent from my ASUS Transformer Pad TF300T using XDA Premium HD app
You should write about the easiest method - allowing to isntall ab with lots of different permisions.
^Installing apps with dubious permissions is what I'm sure he's getting at and that has been the only major "flaw" as of yet. Considering that it requires the user to sideload questionable apps or to download from unprotected app sites it's not the worst thing ever.
Anti-virus/Anti-malware apps still remain next to useless on Android devices. The other main exploits that are used such as spoofing, etc, are simply able to function on any device operating over an unsecured wifi network and aren't unique to Android. I really don't think you're going to find much in the way of peer-reviewed articles on this topic, but I'd recommend that you used the databases available to you through your school rather than just taking articles handed to you by others.
MissionImprobable said:
^Installing apps with dubious permissions is what I'm sure he's getting at and that has been the only major "flaw" as of yet.
Click to expand...
Click to collapse
Not really the only flaw, there is a way to get android to install a rootkit which needs no extra priveleges to do what it wants on your android device. It isn't out in the wild but it can be, and has been, done to highlight an android vulnerability.
http://m.networkworld.com/news/2012...tkit&client=ms-opera-mini-android&channel=new
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2
keynith said:
Look up open wifi hackers. They can steal your junk if your network isn't secured. Sorry no article
Click to expand...
Click to collapse
With all due respect, have you ever *tried* to intercept SSL traffic for a non-browser-based Android app? It's hard as hell to do with a phone & fake AP under your direct rooted control, and damn near *impossible* to casually pull off against a random stranger's phone at Starbucks.
Android MITM is *hard*, and the #1 method of reliably doing it for penetration testing is to hack the app's decompiled SMALI to replace the certificate-validation logic with a dummy class that ignores cert errors.
Put another way, if somebody sniffs your password to something over wifi, it's because the idiot who wrote the app submitted your credentials without using SSL, and not because the access point was "open". Successful Android non-browser SSL MITM isn't "black hat", it's "black magic."
Also, WPA(2), WEP, etc might give some speedbump-like protection against totally random strangers who stumble upon an access point from the outside, but they won't do jack to protect you from the guy sipping a lattè next to you & running Wireshark while connected to the AP using the same key YOU are.
Wifi encryption is there to keep people from leeching free internet service, not to keep your traffic safe from other connected users. That's why ipsec & SSL exist.
There's exactly one safe way to use public wifi -- through a PPTP vpn tunnel (L2TP has a few known Android vulnerabilities).
Sent from my SAMSUNG-SGH-I747 using Tapatalk 2
An application called adb (or android debug bridge) will get you significant access to an android handset via a USB cable. This is part of the android software development kit. Set up your PC with the SDK, install the add-on platform tools, login as root and start the adb server. You can run a shell with the "adb shell" and use "adb pull" and "adb push" to transfer files. The "adb shell" command gives you a shell prompt on the android device and the "su" command gives you root access. This works even with the screen locked with a PIN.
Want to root your device? Download the zip file for rooting a handset and look at the installer script. That can tell you where to copy the su binary - remount your devices /system partition as read-write using "mount -o rw,remount" and follow the installer script.
adrian816 said:
An application called adb (or android debug bridge) will get you significant access to an android handset via a USB cable. This is part of the android software development kit. Set up your PC with the SDK, install the add-on platform tools, login as root and start the adb server. You can run a shell with the "adb shell" and use "adb pull" and "adb push" to transfer files. The "adb shell" command gives you a shell prompt on the android device and the "su" command gives you root access. This works even with the screen locked with a PIN.
Want to root your device? Download the zip file for rooting a handset and look at the installer script. That can tell you where to copy the su binary - remount your devices /system partition as read-write using "mount -o rw,remount" and follow the installer script.
Click to expand...
Click to collapse
Thanks a lot!!
#### Sent from my GN7 #### B0$N4 ####

[Q] Network Android Emulator

What I'm looking for is a way to run an android emulator such as bluestacks or Andy in a way that's accessible over a network. I know there are online services like Manymo or Appetize but I'm specifically looking for something I can run on my local network rather than being reliant on the internet connection.
I presume that it's doable since people like Manymo are doing it but does anyone have a clue that could start me on the right track?
Yes this is possible if you have a computer capable of creating a remote server if you want to connect to it on another device. You would need a client Android emulator installed on the computer and make sure it works. Now you are going to need to research a good VNC that can allow you to remotely control your computer from other devices. Once you have and can successfully start up the server, you'll then need a VNC connecting app that you can connect to the computer running the Android emulator. And then walla, you should be accessing it over your local host (network).
Using CM12.1 on my SGH-T999

Categories

Resources