This script is an adaptation of this post.
Click Me!
No root required for run.
I modify & add some option.
New option:
Limit the test to 10mb (original 100MB )
Added server 2 NL, 1 GB, 4 USA, 1 FR
Get your external IP
Ping average
Arp table
DNS
Interface & ip local
Kernel IP routing table
How to use:
Android Phone with busybox
Download script or copy
Open terminal & go to script directory
For print Usage:
Code:
sh ./net_tool.sh
Terminal see said:
----Usage: sh ./net_tool.sh your_country.
----Country option: NL/NL2--GB--US/US2/US3/US4--FR
----Exemple for french: sh ./net_tool.sh FR
Click to expand...
Click to collapse
For Use:
Code:
sh ./net_tool.sh FR
Terminal see said:
Code:
Connecting to 212.27.60.49 (212.27.60.49:80)
Speedfile 100% |*******************************| 8192k 0:00:00 ETA
*******Your IP: XXX.XX.XXX.XXX**********************
*******Average download Speeds:**********
*******0 MB/s
*******409 kB/s [COLOR="Orange"][B]<-- Yes my connection s**k[/B][/COLOR]
*******3 Mb/s
*******Average Time Ping:****************
*******90.912 ms
*******Kernel IP routing table***********
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.0 0.0.0.0 UG 0 0 0 wlan0
0.0.0.0 192.168.0.0 0.0.0.0 UG 307 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.0 U 307 0 0 wlan0
192.168.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 wlan0
********ARP******************************
box.home (192.168.1.1) at XX:XX:XX:XX:XX:XX [ether] on wlan0
*********Ifconfig ip interface **********
wlan0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX 192.168.1.333
lo Link encap:Local Loopback 127.0.0.1
********DNS SERVER***********************
[dhcp.wlan0.dns1]: [192.168.0.0]
[dhcp.wlan0.dns2]: []
[dhcp.wlan0.dns3]: []
[dhcp.wlan0.dns4]: []
[net.change]: [net.dns2]
[net.dns1]: [208.67.222.222]
[net.dns2]: [208.67.220.220]
[net.dnschange]: [1]
[net.rmnet0.dns1]: [208.67.222.222]
[net.rmnet0.dns2]: [208.67.220.220]
[net.rmnet1.dns1]: []
[net.rmnet1.dns2]: []
[net.rmnet2.dns1]: []
[net.rmnet2.dns2]: []
[net.wlan0.dns1]: [49.0.0.0]
[net.wlan0.dns2]: []
Done
Click to expand...
Click to collapse
Trouble:I use ifconfig in script but some android phone use over command / For see tape "busybox" in terminal. This command list available command.
I've a Samsung S5 with CM12.1 + FakeWifi (Xposed).
I use the following script to reverse tether with ubuntu.
Code:
#!/bin/bash
ADB="adb"
# We need root on the host to mess with networking
if [[ $(whoami) != "root" ]]; then
echo "You must be root to run this script!"
exit 1
fi;
# We need root on the device to mess with networking
$ADB -d root
# Keep NetworkManager from messing with the adapter
grep 'usb0 inet manual' /etc/network/interfaces
if [ ! $? ]; then
echo 'Configuring usb0 for manual control'
echo 'iface usb0 inet manual' >> /etc/network/interfaces
restart network-manager
fi
echo 'Setting up usb networking on device'
$ADB -d shell 'ip addr add 192.168.200.2/30 dev rndis0;\
ip link set rndis0 up; \
ip route delete default; \
ip route add default via 192.168.200.1; \
setprop net.dns1 192.168.200.1'
echo 'Setting up usb interface on the host'
ip addr flush dev usb0
ip addr add 192.168.200.1/30 dev usb0
ip link set usb0 up
# Turn off the firewall if one is active
echo 'Checking for ufw firewall'
which ufw && ufw status || ufw disable
echo 'Enabling NAT and IP Forwarding'
# Start forwarding and nat (use existing default gw)
iptables -F -t nat
iptables -A POSTROUTING -t nat -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 'Starting dnsmasq'
dnsmasq --interface=usb0 --no-dhcp-interface=usb0
echo 'Connection is active! Press any key to shutdown.'
read
echo 'Attempting to shut down reverse tethering'
killall dnsmasq
ip link set usb0 down
iptables -F -t nat
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 'Disabling usb networking on host'
$ADB shell ip route delete default
echo 'Disable and re-enable Wifi to return the device to normal'
Now the problem is that if I ping a public IP it works, but if I ping or curl the corresponding domain it fails "unknown host", "could not resolve".
What the heck should I do in order to make DNS working?
Thanks a lot for your help
Tsktsk said:
I've a Samsung S5 with CM12.1 + FakeWifi (Xposed).
I use the following script to reverse tether with ubuntu.
Code:
#!/bin/bash
ADB="adb"
# We need root on the host to mess with networking
if [[ $(whoami) != "root" ]]; then
echo "You must be root to run this script!"
exit 1
fi;
# We need root on the device to mess with networking
$ADB -d root
# Keep NetworkManager from messing with the adapter
grep 'usb0 inet manual' /etc/network/interfaces
if [ ! $? ]; then
echo 'Configuring usb0 for manual control'
echo 'iface usb0 inet manual' >> /etc/network/interfaces
restart network-manager
fi
echo 'Setting up usb networking on device'
$ADB -d shell 'ip addr add 192.168.200.2/30 dev rndis0;\
ip link set rndis0 up; \
ip route delete default; \
ip route add default via 192.168.200.1; \
setprop net.dns1 192.168.200.1'
echo 'Setting up usb interface on the host'
ip addr flush dev usb0
ip addr add 192.168.200.1/30 dev usb0
ip link set usb0 up
# Turn off the firewall if one is active
echo 'Checking for ufw firewall'
which ufw && ufw status || ufw disable
echo 'Enabling NAT and IP Forwarding'
# Start forwarding and nat (use existing default gw)
iptables -F -t nat
iptables -A POSTROUTING -t nat -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 'Starting dnsmasq'
dnsmasq --interface=usb0 --no-dhcp-interface=usb0
echo 'Connection is active! Press any key to shutdown.'
read
echo 'Attempting to shut down reverse tethering'
killall dnsmasq
ip link set usb0 down
iptables -F -t nat
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 'Disabling usb networking on host'
$ADB shell ip route delete default
echo 'Disable and re-enable Wifi to return the device to normal'
Now the problem is that if I ping a public IP it works, but if I ping or curl the corresponding domain it fails "unknown host", "could not resolve".
What the heck should I do in order to make DNS working?
Thanks a lot for your help
Click to expand...
Click to collapse
Hi! Unfortunately, I have no idea on how to fix these issues, but if you'd be willing to try a different reverse tethering solution, you might want to try ReverseTethering NoRoot, an app I have developed. I have opened a dedicated thread over here: http://forum.xda-developers.com/android/apps-games/app-reversetethering-noroot-t3316716
Tsktsk said:
I've a Samsung S5 with CM12.1 + FakeWifi (Xposed).
I use the following script to reverse tether with ubuntu.
Code:
#!/bin/bash
ADB="adb"
# We need root on the host to mess with networking
if [[ $(whoami) != "root" ]]; then
echo "You must be root to run this script!"
exit 1
fi;
# We need root on the device to mess with networking
$ADB -d root
# Keep NetworkManager from messing with the adapter
grep 'usb0 inet manual' /etc/network/interfaces
if [ ! $? ]; then
echo 'Configuring usb0 for manual control'
echo 'iface usb0 inet manual' >> /etc/network/interfaces
restart network-manager
fi
echo 'Setting up usb networking on device'
$ADB -d shell 'ip addr add 192.168.200.2/30 dev rndis0;\
ip link set rndis0 up; \
ip route delete default; \
ip route add default via 192.168.200.1; \
setprop net.dns1 192.168.200.1'
echo 'Setting up usb interface on the host'
ip addr flush dev usb0
ip addr add 192.168.200.1/30 dev usb0
ip link set usb0 up
# Turn off the firewall if one is active
echo 'Checking for ufw firewall'
which ufw && ufw status || ufw disable
echo 'Enabling NAT and IP Forwarding'
# Start forwarding and nat (use existing default gw)
iptables -F -t nat
iptables -A POSTROUTING -t nat -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 'Starting dnsmasq'
dnsmasq --interface=usb0 --no-dhcp-interface=usb0
echo 'Connection is active! Press any key to shutdown.'
read
echo 'Attempting to shut down reverse tethering'
killall dnsmasq
ip link set usb0 down
iptables -F -t nat
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 'Disabling usb networking on host'
$ADB shell ip route delete default
echo 'Disable and re-enable Wifi to return the device to normal'
Now the problem is that if I ping a public IP it works, but if I ping or curl the corresponding domain it fails "unknown host", "could not resolve".
What the heck should I do in order to make DNS working?
Thanks a lot for your help
Click to expand...
Click to collapse
Hi did you end up resolving this issue? I have the exact same problem. Can ping any site but DNS lookup fails. Then I installed DNSsetter app which allows me to change the dns server. Now I can do DNS lookups and it resolves correctly but none of the apps do not appear to be aware of the fact that the phone is using reverse USB tethering.
After much struggling with high cpu loads using Androids own dnsmasq I finally came up with the solution to use dnsmasq for ad domain blocking.
[Q] Need root?
Yep.
[Q] Why dnsmasq?
Dnsmasq can use wildcards in domain names, no more lenghty /etc/hosts files.
[Q] Why did it have high cpu?
This happens because dnsmasq keeps reading stdin after it starts. You can close stdin with a command <&-
[Q] How does it work?
See file adblock.conf
[Q] Problems?
The only problem to solve is to set the net.dns1 for mobile data. For wifi it can be done with a script /system/etc/dhcpcd/dhcpcd-hooks/21-dns.conf
[Q] What version of Android?
It was on Android 4.2.2 with dnsmasq version 2.51 (dnsmasq -v)
Happy holidays
/data/local/tmp/adblock.conf:
### AdBlock for Android
### Original by Malakai1911, changed by Tweakradje (2016)
### 1) place this file is /data/local/tmp/adblock.conf
### 2) Start dnsmasq: dnsmasq --conf-file=/data/local/tmp/adblock.conf <&-
### why <&- ? dnsmasq just keeps reading stdin for commands. <&- closes stdin
### check for high cpu (should be 0%): top -n 1|grep dns
### 1843 0% S 1 2992K 2456K fg root
### 3) you need to set DNS manually: setprop net.dns1 127.0.0.1 (use for test)
### BUT dhcpd will change net.dns1 again (net.dnschange goes +1)
### Override DNS on WLAN0 and RMNET0:
### 4) echo setprop dhcp.wlan0.dns1 127.0.0.1 >/system/etc/dhcpcd/dhcpcd-hooks/99-dnsmasq
### 5) chmod 644 /system/etc/dhcpcd/dhcpcd-hooks/99-dnsmasq
### *) Nothing found yet for mobile data dns on RMNET0 (netd does that?)
### echo setprop net.rmnet0.dns1 127.0.0.1>>/system/etc/dhcpcd/dhcpcd-hooks/99-dnsmasq
### ps: if your tether mobile data Android uses the netd and start:
### dnsmasq --no-daemon --no-resolv --no-poll --dhcp-option-force=43,ANDROID_METERED --dhcp-range=%s,%s,1h
### ps: killall -HUP dnsmasq does not reread this config file!
### stop dnsmasq: killall dnsmasq
### if you trust the workings you can copy adblock.conf to /etc/dnsmasq.conf
### add to your install-recovery.sh the line: dnsmasq <&-
### <&- is needed to close stdin and avoid high cpu usage from dnsmasq !!!!
# Configuration dnsmasq
no-resolv # don't read /etc/resolv.conf
no-poll # don't look for changes in other files
no-hosts # do not read /etc/hosts
# forwarding dns servers
server=208.67.222.222
server=208.67.220.220
no-dhcp-interface=lo # tftp and dhcp disabled by default?
interface=lo # only listen on this NIC, lo is default
listen-address=127.0.0.1 # setprop net.dns1 127.0.0.1
no-negcache #remember "no such domain" queries
stop-dns-rebind #reject upstream dns servers in private IP's
domain-needed #only upstream if FQDN is asked
bogus-priv #reverse lookup private IP's not upstream
#max-ttl=86400 # one day in cache (max-ttl bad option on android dnsmasq)
cache-size=500 #entries in cache (def 150)
pid-file=/data/local/tmp/dnsmasq.pid # store process id if running as daemon (some android only?)
### if no-daemon then uncomment next 2 lines, nice to monitor dns domains queried
#no-daemon # -d if no daemon then no pid needed, no-daemon good for testing logs
log-queries # -q this will log into logcat, use logcat|grep dnsmasq (exit with CTRL+\ ENTER)
### Ad Domain Filter, return 0.0.0.0 if met, add your own ###
address=/2mdn.net/0.0.0.0
address=/2o7.net/0.0.0.0
address=/ad-inside.com/0.0.0.0
address=/adbrite.com/0.0.0.0
address=/adinfuse.com/0.0.0.0
address=/admob.com/0.0.0.0
address=/admob.mobi/0.0.0.0
....
Click to expand...
Click to collapse
I have tested it on various versions of Android 2.x to 5 but only from Android 4.2 it looks like dnsmasq is working properly in daemon mode.
On lower versions dnsmasq seems to run fine but after a few hours its cpu usage goes up (from 0%) and it logs these messages:
E/dnsmasq ( 6293): Unknown cmd ''
Click to expand...
Click to collapse
Looks like a loop or bug. Why should it get any commands (even empty ones) from stdin?
You can try to run it with the no-daemon and log-queries option and let it run for a day, checking its log output and cpu usage.
Cheers
Solution: close stdin after the dnsmasq command like: dnsmasq <&-
Now it also works from adb shell.
Please help me to remove com.android.sc (known as Android/Syringe.AD System Application) on Evercoss Genpro X Pro S50 MT6735. This Trojan exisit in the officeal firmware http://evercoss.com/img/software/EVERCOSS_S50_7_0_021_P1_180314_OE_CPB.zip
I use mtk-su to gain access to remove this trojan.
EVERCOSS_S50:/ $ cd /data/local/tmp
EVERCOSS_S50:/data/local/tmp $ ./mtk-su -v
armv7l machine
param1: 0x1000, param2: 0x8040, type: 4
Building symbol table
kallsyms_addresses pa 0x40bc2460
kallsyms_num_syms 54191, addr_count 54191
kallsyms_names pa 0x40bf7330, size 646794
kallsyms_markers pa 0x40c951c0
kallsyms_token_table pa 0x40c95510
kallsyms_token_index pa 0x40c95890
Patching credentials
Parsing current_is_single_threaded
c0362760: MOVW R0, #0x8d50
c0362764: MOVT R0, #0xc102
Possible list_head tasks at offset 0x290
comm swapper/0 at offset 0x400
Found own task_struct at node 1
cred VA: 0xc667e500
init_task VA: 0xc1028d50
Parsing avc_denied
c0aeca70: MOVW R12, #0x1278
c0aeca74: MOVT R12, #0xc113
selinux_enforcing VA: 0xc1131278
Setting selinux_enforcing
Selinux is already permissive
starting /system/bin/sh
UID: 0 cap: 3fffffffff selinux: permissive
EVERCOSS_S50:/data/local/tmp # pm list package com.android.sc
package:com.android.screenrecord
package:com.android.sc -> bloatware Android/Trojan.Syringe.AD (System Application)
EVERCOSS_S50:/data/local/tmp # pm uninstall com.android.sc
Failure [DELETE_FAILED_INTERNAL_ERROR]
EVERCOSS_S50:/data/local/tmp # pm uninstall -k --user 0 com.android.sc
Success
It still exists when I query list package
EVERCOSS_S50:/data/local/tmp # pm list package com.android.sc
package:com.android.screenrecord
package:com.android.sc -> bloatware Android/Trojan.Syringe.AD (System Application)
After I reboot the device, com.android.sc will installed its self.
Any suggestion?
Thank you
Sincerey, Dedetok
build.prop
# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=NRD90M
ro.build.display.id=EVERCOSS_S50_V13_7.0_09022018
ro.build.version.incremental=1521000161
ro.build.version.sdk=24
ro.build.version.preview_sdk=0
ro.build.version.codename=REL
ro.build.version.all_codenames=REL
ro.build.version.release=7.0
ro.build.version.security_patch=2018-03-05
ro.build.version.base_os=
ro.build.date=Wed Mar 14 12:02:39 CST 2018
ro.build.date.utc=1521000159
ro.build.type=user
ro.build.user=zhuangsf
ro.build.host=freecom8
ro.build.tags=release-keys
ro.build.flavor=full_len6737m_35_n-user
ro.product.model=S50
ro.product.brand=EVERCOSS
ro.product.name=EVERCOSS_S50
ro.product.device=EVERCOSS_S50
ro.product.board=EVERCOSS_S50
# ro.product.cpu.abi and ro.product.cpu.abi2 are obsolete,
# use ro.product.cpu.abilist instead.
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.cpu.abilist=armeabi-v7a,armeabi
ro.product.cpu.abilist32=armeabi-v7a,armeabi
ro.product.cpu.abilist64=
ro.product.manufacturer=EVERCOSS_S50
ro.product.locale=en-US
ro.wifi.channels=
ro.board.platform=mt6737m
# ro.build.product is obsolete; use ro.product.device
ro.build.product=len6737m_35_n
# Do not try to parse description, fingerprint, or thumbprint
ro.build.description=full_len6737m_35_n-user 7.0 NRD90M 1521000161 release-keys
ro.build.fingerprint=EVERCOSS/EVERCOSS_S50/EVERCOSS_S50:7.0/NRD90M/1517820838:user/release-keys
ro.build.characteristics=default
# end build properties
ro.product.sub_flash=yes
ro.product.alsps=stk3x1x-new
ro.product.fingerprint=yes
ro.product.tp_ges=true
ro.product.gyroscope_support=yes
ro.product.aecamera_support=yes
ro.product.doujia=yes
ro.custom.build.version=EVERCOSS_S50_V13_7.0_09022018
ro.build.realversion=ZH096_TRX_L5032_360OS_N23112_C99ba_20180314_37m35_32G3G_DDR3_HD_G4W18L135840K_GpsS_ALS_FP_
ro.build.realversion2=OTG_GYRO_120051
ro.antos.model=wt-6-ZH096-TRX-0-EVERCOSS-S50
#
# from device/lentek/len6737m_35_n/system.prop
#
#
# system.prop for generic sdk
#
rild.libpath=mtk-ril.so
rild.libargs=-d /dev/ttyC0
# MTK, Infinity, 20090720 {
wifi.interface=wlan0
# MTK, Infinity, 20090720 }
# MTK, mtk03034, 20101210 {
ro.mediatek.wlan.wsc=1
# MTK, mtk03034 20101210}
# MTK, mtk03034, 20110318 {
ro.mediatek.wlan.p2p=1
# MTK, mtk03034 20110318}
# MTK, mtk03034, 20101213 {
mediatek.wlan.ctia=0
# MTK, mtk03034 20101213}
#
wifi.tethering.interface=ap0
#
ro.opengles.version=196609
#ro.kernel.qemu=1
#ro.kernel.qemu.gles=0
wifi.direct.interface=p2p0
#dalvik.vm.heapgrowthlimit=128m
#dalvik.vm.heapsize=256m
# USB MTP WHQL
ro.sys.usb.mtp.whql.enable=0
# Power off opt in IPO
sys.ipo.pwrdncap=2
ro.sys.usb.storage.type=mtp
# USB BICR function
ro.sys.usb.bicr=no
# USB Charge only function
ro.sys.usb.charging.only=yes
# audio
ro.camera.sound.forced=0
ro.audio.silent=0
ro.zygote.preload.enable=0
# temporary enables NAV bar (soft keys)
qemu.hw.mainkeys=1
#=0
ro.kernel.zio=38,108,105,16
#ro.kernel.qemu=1
#ro.kernel.qemu.gles=0
#ro.boot.selinux=disable
ro.sf.lcd_density=320
#240
# performance
ro.mtk_perf_simple_start_win=1
ro.mtk_perf_fast_start_win=1
ro.mtk_perf_response_time=1
ro.setupwizard.suppress_d2d_nfc=true
ro.product.otg_support=yes
#
# ADDITIONAL_BUILD_PROPERTIES
#
ro.qiku.version.hardware=P1
ro.qiku.version.date=180314
ro.qiku.version.kernel=3.18.35+.P1.180314.NRD90M
ro.qiku.version.software=7.0.001.P1.180314.WW6_TRX_TRXZH096L5032_OE
ro.qiku.version.release=7.0.021.P1.180314.TRXZH096L5032.WW6_TRX_TRXZH096L5032_OE
ro.qiku.globality=0
ro.qiku.efuse.type=0
persist.qiku.ctstest=1
ro.qiku.gms=1
persist.sys.sw.vdd=2.8
persist.sys.sw.touch.para.r=0x06
persist.sys.sw.touch.para.c=0x0c
persist.sys.sw.touch.level=0x18
persist.sys.sw.speed.max=6000
persist.sys.sw.pix.area=60
persist.sys.sw.enroll.double=1
persist.sys.sw.enroll.frm.num=0
persist.sys.sw.enroll.quality=30
persist.sys.sw.key.mod=1
persist.sys.sw.key.nav_dir=UDLR
persist.sys.sw.key.screenoff=1
persist.sys.sw.verify.retry=1
persist.sys.sw.light.mod=0
persist.sys.sw.light.devs=/dev/input/event2
persist.sys.sw.light.uevet=leds-mt65xx/leds/lcd-backlight
persist.sys.sw.idh.nums=0
persist.sys.sw.transsion.f14=0
ro.carrier=unknown
ro.mediatek.chip_ver=S01
ro.mediatek.platform=MT6737M
ro.telephony.sim.count=2
persist.radio.default.sim=0
ril.specific.sm_cause=0
bgw.current3gband=0
ril.external.md=0
ro.sf.hwrotation=0
persist.radio.fd.counter=150
persist.radio.fd.off.counter=50
persist.radio.fd.r8.counter=150
persist.radio.fd.off.r8.counter=50
drm.service.enabled=true
fmradio.driver.enable=1
ril.first.md=1
ril.flightmode.poweroffMD=1
ril.telephony.mode=0
dalvik.vm.mtk-stack-trace-file=/data/anr/mtk_traces.txt
mediatek.wlan.chip=CONSYS_MT6735
mediatek.wlan.module.postfix=_consys_mt6735
ril.read.imsi=1
ril.radiooff.poweroffMD=0
ro.frp.pst=/dev/block/platform/mtk-msdc.0/11230000.msdc0/by-name/frp
ro.mtk_protocol1_rat_config=Lf/Lt/W/G
ro.mediatek.version.branch=alps-mp-n0.mp1
ro.mediatek.version.release=alps-mp-n0.mp1-V1.0.2_len6737m.35.n_P192
ro.mediatek.version.sdk=4
ro.setupwizard.mode=OPTIONAL
ro.com.google.gmsversion=7.0_r13
ro.num_md_protocol=2
persist.radio.multisim.config=dsds
ro.mtk_besloudness_support=1
ro.mtk_wapi_support=1
ro.mtk_bt_support=1
ro.mtk_wappush_support=1
ro.mtk_agps_app=1
ro.mtk_audio_tuning_tool_ver=V1
ro.mtk_wlan_support=1
ro.mtk_gps_support=1
ro.mtk_omacp_support=1
ro.mtk_search_db_support=1
ro.mtk_dialer_search_support=1
ro.mtk_dhcpv6c_wifi=1
ro.have_aacencode_feature=1
ro.mtk_fd_support=1
ro.mtk_oma_drm_support=1
ro.mtk_widevine_drm_l3_support=1
ro.mtk_eap_sim_aka=1
ro.mtk_fm_recording_support=1
ro.mtk_send_rr_support=1
ro.mtk_emmc_support=1
ro.mtk_tetheringipv6_support=1
ro.telephony.default_network=9,9
ro.mtk_shared_sdcard=1
ro.mtk_enable_md1=1
ro.mtk_flight_mode_power_off_md=1
ro.mtk_pq_support=2
ro.mtk_pq_color_mode=1
ro.mtk_miravision_support=1
ro.mtk_wifi_mcc_support=1
ro.mtk_sim_hot_swap=1
ro.mtk_bip_scws=1
ro.mtk_world_phone_policy=0
ro.mtk_perfservice_support=1
ro.mtk_sim_hot_swap_common_slot=1
ro.mtk_cam_mfb_support=0
ro.mtk_lte_support=1
ro.mtk_cam_cfb=1
ro.mtk_rild_read_imsi=1
ro.sim_refresh_reset_by_modem=1
ro.mtk_external_sim_only_slots=0
ro.mtk_bg_power_saving_support=1
ro.mtk_bg_power_saving_ui=1
ro.have_aee_feature=1
ro.sim_me_lock_mode=0
ro.mtk_dual_mic_support=0
ro.mtk_is_tablet=0
persist.mtk_nlp_switch_support=1
persist.mtk_ims_support=1
ro.mtk_multiple_ims_support=1
persist.mtk_volte_support=1
persist.mtk.volte.enable=1
persist.mtk_vilte_support=1
ro.mtk_vilte_ut_support=0
wfd.dummy.enable=1
wfd.iframesize.level=0
ro.mediatek.project.path=device/lentek/len6737m_35_n
ro.mtk_microtrust_tee_support=1
persist.mtk.wcn.combo.chipid=-1
persist.mtk.wcn.patch.version=-1
persist.mtk.wcn.dynamic.dump=0
service.wcn.driver.ready=no
service.wcn.coredump.mode=0
persist.mtk.connsys.poweron.ctl=0
ro.com.android.mobiledata=true
persist.radio.mobile.data=0,0
persist.meta.dumpdata=0
ro.mtk_md_sbp_custom_value=0
dalvik.vm.heapgrowthlimit=128m
dalvik.vm.heapsize=256m
persist.radio.mtk_dsbp_support=1
persist.mtk_dynamic_ims_switch=0
persist.radio.mtk_ps3_rat=G
ro.boot.opt_c2k_lte_mode=0
ro.boot.opt_md1_support=5
ro.boot.opt_lte_support=1
persist.log.tag.AT=I
persist.log.tag.RILMUXD=I
persist.log.tag.RILC-MTK=I
persist.log.tag.RILC=I
persist.log.tag.RfxMainThread=I
persist.log.tag.RfxRoot=I
persist.log.tag.RfxRilAdapter=I
persist.log.tag.RfxController=I
persist.log.tag.RILC-RP=I
persist.log.tag.RIL-DATA=I
ro.boot.opt_using_default=1
mtk.vdec.waitkeyframeforplay=1
ro.sys.sdcardfs=1
persist.mtk.datashaping.support=1
persist.datashaping.alarmgroup=1
persist.runningbooster.support=1
persist.runningbooster.upgrade=1
ro.media.maxmem=500000000
ro.mtk_disable_navigation_bar=1
persist.sys.timezone=Asia/Jakarta
ro.com.google.clientidbase.am=android-evercoss
ro.com.google.clientidbase.ms=android-evercoss
ro.com.google.clientidbase=android-evercoss
persist.mtk_ussi_support=1
ro.qiku.xlocker.capture=1
persist.qiku.fingerprint=0
persist.sys.st.value=0
ro.com.android.dateformat=dd-MM-yyyy
ro.config.agenda_alert=Schedule.ogg
ro.config.alarm_alert=Feeling.ogg
ro.config.notification_sound=Evercoss_Message.wav
ro.config.ringtone=Evercoss_Ringtone.mp3
ro.config.ringtone_2=Evercoss_Ringtone.mp3
ro.config.smstone=Evercoss_Message.wav
ro.config.smstone_2=Evercoss_Message.wav
ro.qiku.bt.voicerecord=0
ro.qiku.version.tag=LC
ro.qiku.sales.channel=2
ro.qiku.display.360logo=0
ro.vendor.channel.number=WW6_TRX_TRXZH096L5032_OE
ro.vendor.name=WTWD6
ro.product.model=S50
ro.product.brand=EVERCOSS
ro.product.manufacturer=EVERCOSS
persist.sys.language=en
persist.sys.country=US
persist.qiku.allmode.operator=0
persist.qiku.version.bm=0
ro.qiku.product.devicename=EVERCOSS_S50
ro.qiku.app.safetydialog=0
ro.build.uiversion=360UI:V2.0
ro.build.ota.type=stable
ro.qiku.oldman.phone=0
persist.qiku.oldman.mode=0
persist.qiku.children.mode=0
ro.qiku.hotknot=0
ro.qiku.product.type=LE
ro.qiku.privacyspace.support=0
persist.qiku.operators.mode=0
persist.qiku.cmcc.mode=0x00
persist.qiku.defaultmode=0
persist.qiku.comm.runmode=0000
persist.qiku.cmcc.brand=0x00
persist.sys.dm=0
persist.qiku.perf_opt=0
persist.qiku.log.level=YWW4
persist.qiku.operators.isabroad=1
ro.qiku.lucky.money.alert=0
persist.sys.dalvik.vm.lib.2=libart.so
dalvik.vm.isa.arm.variant=cortex-a53
dalvik.vm.isa.arm.features=default
net.bt.name=Android
dalvik.vm.stack-trace-file=/data/anr/traces.txt
# begin fota properties
ro.fota.platform=MTK6737_7.0
ro.fota.type=phone
ro.fota.app=5
ro.fota.oem=qiku_sz6737_7.0
ro.fota.device=S50
S50
ro.fota.version=7.0.021.P1.180314.TRXZH096L5032.WW6_TRX_TRXZH096L5032_OE
ro.fota.token=a42e45927e8210def34b83a3ef65477b
# end fota properties
ro.expect.recovery_id=0x4a993bb2198cac1fe86bb34af8da1aff28888304000000000000000000000000
dedetok said:
Please help me to remove com.android.sc (known as Android/Syringe.AD System Application) on Evercoss Genpro X Pro S50 MT6735. This Trojan exisit in the officeal firmware http://evercoss.com/img/software/EVERCOSS_S50_7_0_021_P1_180314_OE_CPB.zip
I use mtk-su to gain access to remove this trojan.
Android/Trojan.Syringe.AD (System Application)
After I reboot the device, com.android.sc will installed its self.
Any suggestion?
Thank you
Sincerey, Dedetok
Click to expand...
Click to collapse
It use this to achieve its permanency.
GitHub - DroidPluginTeam/DroidPlugin: A plugin framework on android,Run any third-party apk without installation, modification or repackage
A plugin framework on android,Run any third-party apk without installation, modification or repackage - GitHub - DroidPluginTeam/DroidPlugin: A plugin framework on android,Run any third-party apk w...
github.com
Sure, it does look suspicious, but is it a trojan?
Does it show ads? Or do some other weird stuff?
System apps do not uninstall. Just remove its folder to do it, i.e. "/system/priv-app/SystemClean". This might cause boot problems though. Depends...
What you could do is install a firewall at least to disable it receiving data from qiku.com or whatever...
CXZa said:
It use this to achieve its permanency.
GitHub - DroidPluginTeam/DroidPlugin: A plugin framework on android,Run any third-party apk without installation, modification or repackage
A plugin framework on android,Run any third-party apk without installation, modification or repackage - GitHub - DroidPluginTeam/DroidPlugin: A plugin framework on android,Run any third-party apk w...
github.com
Sure, it does look suspicious, but is it a trojan?
Does it show ads? Or do some other weird stuff?
System apps do not uninstall. Just remove its folder to do it, i.e. "/system/priv-app/SystemClean". This might cause boot problems though. Depends...
What you could do is install a firewall at least to disable it receiving data from qiku.com or whatever...
Click to expand...
Click to collapse
I used Malware Bytes to scan my device, and it's reported as Syringe.AD. in apk decompile "com.android.com", it has has url string: http:// api <dot> os <dot> qiku <dot> com. I decompile the APK using JavaDecompiler online, and can be download from https://garasiku.my.id/android_malware_source/com.android.sc-1.3.3-1033_source_from_JADX.zip. But I have no skill to read the code.
"application inspector" by uniquesoft report unknown applications was installed, they are:
1. "App Settings" source code by JavaDecompiler online (APK Decompile) , and can be download from https://garasiku.my.id/android_malware_source/com.app.settings.amtapp-2.66-266_source_from_JADX.zip
2. "com.viysr.wkcx" source code by JavaDecompiler online (APK Decompile) , and can be download from https://garasiku.my.id/android_malware_source/com.viysr.wkcx-1.0-1_source_from_JADX.zip
I just looked the system.img file through the hex editor, so not that deep. It looked like it or some other app might try to hook some of the browsers. Then that firewall could be useless. Block at least https://api.os.qiku.com and https://api-en.os.qiku.com if you can. Although that qiku firm seems to be okay...
Odd that the stock firmware would contain a trojan...
But if so, it has planted there on purpose...
It's maybe included in some other stocks too...
English Community-Lenovo Community
https://community.umidigi.com/forum.php?mod=redirect&goto=findpost&ptid=16559&pid=92962
command verbose to block api.os.qiku.com and api-en.os.qiku.com:
$ adb pull /system/etc/hosts ./
edit hosts
127.0.0.1 localhost
127.0.0.1 api.os.qiku.com
127.0.0.1 api-en.os.qiku.com
::1 ip6-localhost
::1 api.os.qiku.com
::1 api-en.os.qiku.com
$ adb push ./hosts /data/local/tmp/
$ adb shell
EVERCOSS_S50:/ $ cd /data/local/tmp
EVERCOSS_S50:/data/local/tmp $ ./mtk-su
UID: 0 cap: 3fffffffff selinux: permissive
EVERCOSS_S50:/data/local/tmp # mount -o rw,remount /system
EVERCOSS_S50:/data/local/tmp # cat hosts
127.0.0.1 localhost
127.0.0.1 api.os.qiku.com
127.0.0.1 api-en.os.qiku.com
::1 ip6-localhost
::1 api.os.qiku.com
::1 api-en.os.qiku.com
EVERCOSS_S50:/data/local/tmp # cp hosts /system/etc/
EVERCOSS_S50:/data/local/tmp # cat /system/etc/hosts
127.0.0.1 localhost
127.0.0.1 api.os.qiku.com
127.0.0.1 api-en.os.qiku.com
::1 ip6-localhost
::1 api.os.qiku.com
::1 api-en.os.qiku.com
EVERCOSS_S50:/data/local/tmp # mount -o ro,remount /system
dedetok said:
command verbose to block api.os.qiku.com and api-en.os.qiku.com:
$ adb pull /system/etc/hosts ./
edit hosts
Click to expand...
Click to collapse
Yes, that does that does the trick - blocks those urls....
But I think that it's just a false alarm.
You seem to have this in it...
360os - 概述 - 360手机
360 OS基于Android 5.1深度定制,以多种出色而自然的方式,让你的Android系统变得更加好用。
www.qiku.com
360OS - 全球领先OS智能生态服务提供商
360OS是全球领先的OS智能产品及生态服务提供商,致力于驱动以OS+为核心的智能互联。以OS+安全产业互联网、OS+AI、OS+UI的商业闭环模式,覆盖全球多个地区市场生态。
www.360os.com
360 OS - All you need to Know about Android based 360 OS
Here is all you need to about 360 OS. 360 OS is new Android based OS. Have a look at unique features in 360 OS.
www.digitalstacks.org
was a double post because of the error message while posting..
Oops! We ran into some problems. Please try again later. More error details may be in the browser console.
Click to expand...
Click to collapse
CXZa said:
Yes, that does that does the trick - blocks those urls....
But I think that it's just a false alarm.
You seem to have this in it...
360os - 概述 - 360手机
360 OS基于Android 5.1深度定制,以多种出色而自然的方式,让你的Android系统变得更加好用。
www.qiku.com
360OS - 全球领先OS智能生态服务提供商
360OS是全球领先的OS智能产品及生态服务提供商,致力于驱动以OS+为核心的智能互联。以OS+安全产业互联网、OS+AI、OS+UI的商业闭环模式,覆盖全球多个地区市场生态。
www.360os.com
360 OS - All you need to Know about Android based 360 OS
Here is all you need to about 360 OS. 360 OS is new Android based OS. Have a look at unique features in 360 OS.
www.digitalstacks.org
Click to expand...
Click to collapse
No ...... It is Not False alarm....
I use App Inspector to monitor any change on my Evercoss S50 ( I have 3 similar devices ). I know exactly what happened to those handsets.
These 2 apks were installed before I changed /system/etc/hosts.
Maybe S50 using 360 OS..... You can download the firmware http://evercoss.com/download/detail/s50 and help me where those 2 files came from.
Please share the patch for the rest of S50 users.
Ops, blocking via /system/etc/hosts did very effective. I still got the "malware" dropped in my device with name "App UI" (Screen shoot)
The easiest way is to use NoRoot Firewall created by Grey Shirts.
In Home Screen there is option to checked "Auto start on boot"
You need to enable VPN, NoRoot Firewall will create local VPN on your phone to filter any application connected to internet.
in Apps, you need to set which application allow or not to connect to internet
For my device I blocked (sign with red X)
1. 360 security
2. Aging Test, Android SYstem, BT Tool,......
3. Anti-Theft
4. CaptivePortalLogin
5. com.mediatek.ims, ....
6. ConfigCenter
7. ConfigUpdater
8. Initiator
9. Intent Filter Verification Service
10. Market Feedback Agent
11. Power Master
12. System
13. System-UI
14. Work profile setup
May be the list is to much.... LOL.... but you won't get "App UI" dropped into your phone anymore....
The other way is to use /system/bin/iptables......
These are backgroud connections capture in NoRoot Firewall by Grey Shirts
Anti Theft
ip 36.110.234.87 port 80 whois: CHINANET-BJ 36.110.0.0 - 36.110.255.255 CIDR 36.110.0.0/16
ip 104.192.109.67 port 5227 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 211.151.195.194 port 80 whois: CHINA-21VIANET 211.151.0.0 - 211.151.255.255 CIDR 211.151.0.0/16
com.android.sc
ip 47.90.110.234 port 80 whois: AL-3 47.88.0.0 - 47.91.255.255 CIDR 47.88.0.0/14
ip 104.192.110.206 port 80 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 104.192.110.243 port 80 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 124.156.123.59 port 443 whois: ACEVILLEPTELTD-SG 124.156.96.0 - 124.156.191.255 CIDR 124.156.96.0/19 124.156.128.0/18
ip 180.163.251.181 port 80 whois:CHINANET-SH 180.160.0.0 - 180.175.255.255 CIDR 180.160.0.0/12
Config Center
ip 104.182.110.205 port 443 whois: SIS-80-7-29-2014 104.176.0.0 - 104.191.255.255 CIDR 104.176.0.0/12
Initiator
ip 101.198.192.187 port 80 whois: QIHOO 101.198.196.0 - 101.198.199.255 CIDR 101.198.196.0/22
ip 101.198.192.189 port 80 whois: QIHOO 101.198.196.0 - 101.198.199.255 CIDR 101.198.196.0/22
Create script s50_iptables.sh
#!/bin/sh
echo "Inserting iptables"
if [ "$(/system/bin/iptables -S INPUT | grep -ce '36.110.0.0/16 -j DROP')" != 0 ]
then
echo "Skiped 36.110.0.0/16 -j DROP"
else
/system/bin/iptables -I INPUT -s 36.110.0.0/16 -j DROP
echo "Added 36.110.0.0/16 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '104.192.108.0/22 -j DROP')" != 0 ]
then
echo "Skiped 104.192.108.0/22 -j DROP"
else
/system/bin/iptables -I INPUT -s 104.192.108.0/22 -j DROP
echo "Added 104.192.108.0/22 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '211.151.0.0/16 -j DROP')" != 0 ]
then
echo "Skiped 211.151.0.0/16 -j DROP"
else
/system/bin/iptables -I INPUT -s 211.151.0.0/16 -j DROP
echo "Added 211.151.0.0/16 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '47.88.0.0/14 -j DROP')" != 0 ]
then
echo "Skiped 47.88.0.0/14 -j DROP"
else
/system/bin/iptables -I INPUT -s 47.88.0.0/14 -j DROP
echo "Added 47.88.0.0/14 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '124.156.96.0/19 -j DROP')" != 0 ]
then
echo "Skiped 124.156.96.0/19 -j DROP"
else
/system/bin/iptables -I INPUT -s 124.156.96.0/19 -j DROP
echo "Added 124.156.96.0/19 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '124.156.128.0/18 -j DROP')" != 0 ]
then
echo "Skiped 124.156.128.0/18 -j DROP"
else
/system/bin/iptables -I INPUT -s 124.156.128.0/18 -j DROP
echo "Added 124.156.128.0/18 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '180.160.0.0/12 -j DROP')" != 0 ]
then
echo "Skiped 180.160.0.0/12 -j DROP"
else
/system/bin/iptables -I INPUT -s 180.160.0.0/12 -j DROP
echo "Added 180.160.0.0/12 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '104.176.0.0/12 -j DROP')" != 0 ]
then
echo "Skiped 104.176.0.0/12 -j DROP"
else
/system/bin/iptables -I INPUT -s 104.176.0.0/12 -j DROP
echo "Added 104.176.0.0/12 -j DROP"
fi
if [ "$(/system/bin/iptables -S INPUT | grep -ce '101.198.196.0/22 -j DROP')" != 0 ]
then
echo "Skiped 101.198.196.0/22 -j DROP"
else
/system/bin/iptables -I INPUT -s 101.198.196.0/22 -j DROP
echo "Added 101.198.196.0/22 -j DROP"
fi
echo "Done"
To run the script, open Termux and run mtk-su to gain root
Download the script
# wget http://garasiku.my.id/folder/s50_iptables.sh.txt
Rename and change permission
# mv ./s50_iptables.sh.txt ./s50_iptables.sh
# chmod 744 ./s50_iptables.sh
Run it
# ./s50_iptables.sh
To check it run
# /system/bin/iptables-save | grep INPUT
Or
# /system/bin/iptables -S INPUT
Known Problem: After restarting or boot the device, the firewall rules will be flush! In the future, I will fix to to put it in /system/etc/init and run it when the device finish booting.
To run on ADB, replace #!/bin/sh to #!/system/bin/sh.
Credit:
MTK-SU by Diplomatic
NoRoot Firewall by Grey Shirts
Application Inspector by UBQSoft
I put my work on garasiku.my.id
Okay. this is weird. Viruses from the factory.
Tried searching that app file name from all files. Got stuck because anti-virus. Trojan in /system/lib/libcheckperlib.so
File name search finds that you're not the only one.
Might be that you cannot make it clean if it's deep in the system.
Yet another [almost] non-removable trojan for Android
At the end of 2019, system-monitoring routines on some of our customers' smart phones detected changes in the file /system/lib/libc.so.
news.drweb.com
Fortunately evercoss has a solution... LOL
Cara Jitu Menghapus Virus Trojan di Smartphone Android
Banyak kerugian dari virus Trojan yang tidak segera ditangani, termasuk bocornya data personal. Inilah solusi menghapus virus trojan di smartphone EVers!
blog.evercoss.com
Have you re-flashed it? Does the same start again even if those urls are blocked?
CXZa said:
Okay. this is weird. Viruses from the factory.
Tried searching that app file name from all files. Got stuck because anti-virus. Trojan in /system/lib/libcheckperlib.so
File name search finds that you're not the only one.
Might be that you cannot make it clean if it's deep in the system.
Yet another [almost] non-removable trojan for Android
At the end of 2019, system-monitoring routines on some of our customers' smart phones detected changes in the file /system/lib/libc.so.
news.drweb.com
Fortunately evercoss has a solution... LOL
Cara Jitu Menghapus Virus Trojan di Smartphone Android
Banyak kerugian dari virus Trojan yang tidak segera ditangani, termasuk bocornya data personal. Inilah solusi menghapus virus trojan di smartphone EVers!
blog.evercoss.com
Have you re-flashed it? Does the same start again even if those urls are blocked?
Click to expand...
Click to collapse
thank you for your help.
flashing device does not help. after it connect to internet, it starts pull some apk from internet.
I'll try to search /system/lib/libcheckperlib.so as your sugestion.
CXZa said:
Okay. this is weird. Viruses from the factory.
Tried searching that app file name from all files. Got stuck because anti-virus. Trojan in /system/lib/libcheckperlib.so
File name search finds that you're not the only one.
Might be that you cannot make it clean if it's deep in the system.
Yet another [almost] non-removable trojan for Android
At the end of 2019, system-monitoring routines on some of our customers' smart phones detected changes in the file /system/lib/libc.so.
news.drweb.com
Fortunately evercoss has a solution... LOL
Cara Jitu Menghapus Virus Trojan di Smartphone Android
Banyak kerugian dari virus Trojan yang tidak segera ditangani, termasuk bocornya data personal. Inilah solusi menghapus virus trojan di smartphone EVers!
blog.evercoss.com
Have you re-flashed it? Does the same start again even if those urls are blocked?
Click to expand...
Click to collapse
Yes, /system/lib/libcheckperlib.so contains Android.DownLoader.4930 trojan.
I deleted it and let device without net filtering to monitor any change in android system.
Thank you for your clue.
After removing /system/lib/libcheckperlib.so that contains Android.DownLoader.4930 trojan, and monitor the device for two months, there is no more unwanted installed on device.
Here is step to remove /system/lib/libcheckperlib.so that contains Android.DownLoader.4930 trojan:
Requirement:
rooted android or temporary root using mtk-su create by Diplomatic
pc with adb or Termux
This are steps to remove malware Android.Downloader.4930 /system/lib/libcheckperlib.so using Termux created by Grey Tshirts:
Create these bash script and save it as s50_patch2021.sh
#!/system/bin/sh
FILE="/system/lib/libcheckperlib.so"
echo "checking $FILE"
if [ -f $FILE ]; then
echo "File $FILE exists."
echo "Try remount system rw."
/system/bin/mount -o rw,remount /system
echo "Backing up $FILE."
/system/bin/mkdir /sdcard/dedetok
/system/bin/cp $FILE /sdcard/dedetok
echo "Removing $FILE"
/system/bin/rm $FILE
echo "Remount system ro"
/system/bin/mount -o ro,remount /system
echo "Done, reboot your Evercoss S50"
else
echo "File $FILE does not exist."
fi
Or you can download it from this site. Open Termux and type
$ wget http://garasiku.my.id/folder/S50_patch2021.sh.txt
rename it
$ mv ./S50_patch2021.sh.txt ./S50_patch2021.sh
change permission
$ chmod 744 ./S50_patch2021.sh
run mtk-su and run the cript
# ./S50_patch2021.sh
reboot your phone
Don't forget to run your antivirus after reboot your phone. android is not save operating system. Use application inspector to inspect unwanted application and remove it.
Garasiku - Evercoss Genpro X Pro S50 removing malware Android.Downloader.4930 /system/lib/libcheckperlib.so
Garasiku
garasiku.my.id