[MOD][TOOL] Flashable Persistent SSH Server (PDSSHD) - Android Software/Hacking General [Developers Only]

Code:
[COLOR="Red"]echo "The usual... STOP! READ ALL OF THIS POST BEFORE CONTINUING TO INSTALL:
I WILL NOT BE HELD RESPONSIBLE FOR LOSS OF DATA, LOSS OF ROOT ACCESS, BRICKED DEVICES,
CRY BABIES, TEMPER TANTRUMS RESULTING IN SMASHED DEVICES OR ANY OF THAT NOISE. MAKE A BACKUP!!!"[/COLOR]
PERSIST DROID SSHD - The persistent lil SSH server
I've modified an SSH server/daemon to install to /system using a .zip, start on boot and even function after the phone has been wiped of it's user data (think anti-theft). Because dropbear is executed with root UID some ROMs even allow for removal su binaries and app while maintaining root shell /filesystem access on device through SSH.
Click to expand...
Click to collapse
FEATURES
- Automatic start on boot
- Dropbear & Openssh
- User data wipe survival
- ROM update survival
- Automatic reverse ssh tunnel
- Automatic http tunnel
- Automatic DDNS
- Runs as root even without SU on most roms
- Wakelock on connect
- Notification on connect
- Lightweight & battery friendly
- 64bit compatibility
Click to expand...
Click to collapse
Prerequisites & Installation Instructions :good:
Prereqs
- Initial root access/write access to /system
- Android Terminal Emulator, ADB shell or an SSH server installed from app store.
- Ability to write to /system or flash .zips
- Busybox installed (comes with most roms)
- BASH in /system/xbin (comes with most roms that include busybox)
- init.d or su.d support (currently uses su.d)
- Custom Recovery clockworkmod 5 based for .zip install
- dm-verity removed from kernel
Instruct
1. Install .zip via recovery (CWM or TWRP)
2. Reboot phone
3. Run 'pdsshd -h' via Terminal Emulator, ADB or SSH client.
USAGE EXAMPLE:
Code:
[email protected] # pdsshd -h
PDSSHD v2.08 by:
[email protected] forums
Available options:
-a configures AIO
-b config BACKUP
-s configures SSH
-r configures REVERSE SSH
-p configures HTTP SOCKS PROXY
-d configures DDNS
-k configures SSH KEYS
-e executes enabled SERVICES
-c checks running SERVICES
-h displays this HELP message
-u uninstalls PDSSHD
[email protected] # pdsshd -a
PDSSHD v2.08 by:
[email protected] forums
---ENTER-CURRENT-PASS---
Please press ENTER to continue
---CONFIGURE-SSH-DAEMON---
Enter new password:
password written
Enter new port: 22
port set
Enable SSH? y
Reverse SSH enabled
Enable Wakelock on Connect? y
Wakelock enabled
Enable Notification on Connect? y
Notification enabled
---CONFIGURE-REVERSE-SSH---
Enter reverse listen port: 20002
port set
Enter remote server: yourserver.com
server set
Enter remote serv port: 22
port set
Enter remote username: geofferey
username set
Enter path to remote private key: /sdcard/.ssh/netlab-key
---CONVERTING-PRIVATE-KEY---
mkdir: '/system/etc/.ssh': File exists
mkdir: '/sdcard/.ssh': File exists
TRACE (5097): enter buf_get_priv_key
TRACE (5097): enter rsa_key_free
TRACE (5097): leave rsa_key_free: key == NULL
TRACE (5097): enter buf_get_rsa_priv_key
TRACE (5097): enter buf_get_rsa_pub_key
TRACE (5097): leave buf_get_rsa_pub_key: success
TRACE (5097): leave buf_get_rsa_priv_key
TRACE (5097): leave buf_get_priv_key
Key is a RSA key
TRACE (5097): enter buf_put_priv_key
TRACE (5097): type is 1
TRACE (5097): enter buf_put_rsa_priv_key
TRACE (5097): enter buf_put_rsa_pub_key
TRACE (5097): enter buf_putmpint
TRACE (5097): leave buf_putmpint
TRACE (5097): enter buf_putmpint
TRACE (5097): leave buf_putmpint
TRACE (5097): leave buf_put_rsa_pub_key
TRACE (5097): enter buf_putmpint
TRACE (5097): leave buf_putmpint
TRACE (5097): enter buf_putmpint
TRACE (5097): leave buf_putmpint
TRACE (5097): enter buf_putmpint
TRACE (5097): leave buf_putmpint
TRACE (5097): leave buf_put_rsa_priv_key
TRACE (5097): leave buf_put_priv_key: rsa done
Wrote key to '/system/etc/.ssh/reverse_ssh_key'
TRACE (5097): enter sign_key_free
TRACE (5097): enter dsa_key_free
TRACE (5097): enter dsa_key_free: key == NULL
TRACE (5097): enter rsa_key_free
TRACE (5097): leave rsa_key_free
TRACE (5097): leave sign_key_free
Enable Reverse SSH? y
Reverse SSH enabled
---CONFIGURE-HTTP-PROXY---
Enter socks listen port: 8080
port set
Enable HTTP SSH? y
HTTP SSH enabled
--CONFIGURE-DDNS--
Enter username: geofferey
user set
Enter password: yourpassword
pass set
Enter alias: no-ip.yourdomain.org
alias set
Enter provider: no-ip
provider set
Enable DDNS? y
DDNS enabled
---REMOVE-OLD-KEYS---
Remove old key(s)? y
Removing old key(s)
---GENERATING-RSA-KEY---
Will output 1024 bit rsa secret key to '/etc/dropbear/dropbear_rsa_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCUFhRlPbk+prn2pE3x9wSwf8FSbHlG2L2cLtzfKgNMUMVZdOtYgoWr3GZWdHCCJi9PuAjjZ+94Z+NGeV1KRyb92Zd1SEOUxy7uRCS7KLRBthAvZb4kpQyw5SpypCBX5Qm3HeS590WiwNguWs8UDMxJAb0FxiBbL1+ldVbwAEYIiGoP @localhost
Fingerprint: md5 7c:46:f5:d3:fe:4b:9f:73:df:4d:a8:59:10:14:78:a8
---GENERATING-DSS-KEY---
Will output 1024 bit dss secret key to '/etc/dropbear/dropbear_dss_host_key'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAKe8fgQ/N3cxbgbFHE/trk62gAyUtD/BqDIaRFZAqiLNN3Sl3Bl+EKLLbGL6mt8TuAiLecOsRzD50kd/LwmHOFerNAcKyWjHqp53DBBcS+gYhC+9O4+X8RFDJ1AKiJAQW6YLL8LRojlUvejqhuF+g91VuW6XhBoqTQH3uaLlmyVzAAAAFQCyLaTq6QsmHV1JSbi6xA+wuyJl5QAAAIAy789AcCKHptURcd26hpHyM86CvoDV+bPzICDXzFy/Lg3coW2CpN3pCkM5Pjy37gXew/7f3okPEwwRrasqHFsZNFxhP6k9CwAcSY1dfCAAVVJDZaXtNG+xUX7fCvBNIsDCFp6WNMdW+oMOGU9itxY/amh5zGf/YIKUKnkZ6mmxFgAAAIANMETx3m54xA5N6oYpkJsUfkZC37GfouakfxNEsC71KGBDl7NSEFOEeBN6UC8ZjkrUOgBm0g1rtwwjHiujCu3XZGr+RYJ64GPGjxGqIdd2YAj3T1B7skGnNbW9ONeBRbe81t2Kr5cBwvin0O+O+GvXbpXgzH5wUun0rveMLTSZXQ== @localhost
Fingerprint: md5 a0:f1:f9:1c:40:70:a4:9e:4c:f5:8e:9c:f0:73:05:e2
---GENERATING-PRI-RSA-KEY---
Will output 1024 bit rsa secret key to '/sdcard/device-pri-key'
Generating key, this may take a while...
Public key portion is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgmIfwZddTfCQXVxCVTqGAxgEGl7soS3EDsZ5ssPKMsKBIf0v+amV7REgee5AD3MGw5ZePn9C1MlIdj54XfSPws/CPe1ksQbOgN+1P3ZWapY1NkKoheppHkdYxcI6p1+cwHjitCKt+0RzS5dgcAVqZ9rZWiblakHpn1wJEXVH2jHdgzE= @localhost
Fingerprint: md5 78:1a:93:91:f3:3d:8d:94:49:42:97:99:81:ea:ef:55
---GENERATING-PUB-RSA-KEY---
---The DEVICE PRIVATE KEY located in:
/sdcard/device-pri-key is now authorized for use
---CONVERTING-RSA-KEY---
TRACE (9909): enter buf_get_priv_key
TRACE (9909): enter rsa_key_free
TRACE (9909): leave rsa_key_free: key == NULL
TRACE (9909): enter buf_get_rsa_priv_key
TRACE (9909): enter buf_get_rsa_pub_key
TRACE (9909): leave buf_get_rsa_pub_key: success
TRACE (9909): leave buf_get_rsa_priv_key
TRACE (9909): leave buf_get_priv_key
Key is a RSA key
TRACE (9909): enter buf_put_priv_key
TRACE (9909): type is 1
TRACE (9909): enter buf_put_rsa_priv_key
TRACE (9909): enter buf_put_rsa_pub_key
TRACE (9909): enter buf_putmpint
TRACE (9909): leave buf_putmpint
TRACE (9909): enter buf_putmpint
TRACE (9909): leave buf_putmpint
TRACE (9909): leave buf_put_rsa_pub_key
TRACE (9909): enter buf_putmpint
TRACE (9909): leave buf_putmpint
TRACE (9909): enter buf_putmpint
TRACE (9909): leave buf_putmpint
TRACE (9909): enter buf_putmpint
TRACE (9909): leave buf_putmpint
TRACE (9909): leave buf_put_rsa_priv_key
TRACE (9909): leave buf_put_priv_key: rsa done
TRACE (9909): enter buf_putmpint
TRACE (9909): leave buf_putmpint
TRACE (9909): enter buf_putmpint
TRACE (9909): leave buf_putmpint
TRACE (9909): enter buf_putmpint
TRACE (9909): leave buf_putmpint
Wrote key to '/sdcard/device-pri-key-openssh'
TRACE (9909): enter sign_key_free
TRACE (9909): enter dsa_key_free
TRACE (9909): enter dsa_key_free: key == NULL
TRACE (9909): enter rsa_key_free
TRACE (9909): leave rsa_key_free
TRACE (9909): leave sign_key_free
The private keys used to access this device are located on the sdcard.
Please move them to a safe location.
Configuration backed up to /data/etc
Restarting dropbear with new settings...
Check if Dropbear is running...
root 9941 1 1240 244 poll_sched 0000068240 S ./dropbear
done
Oh yeah! It's running :)
Press RETURN to continue
done
Click to expand...
Click to collapse
DOWNLOADS
XDA v2.08
GOO.IM
Click to expand...
Click to collapse
FAQ
I'm going to get this out of the way first thing. Some of it may be painfully obvious but I wanna get as many questions out of the way for those who may be inexperienced, so please bare with me.
Q. What is SSH?
A. SSH is a protocol for establishing secure communications between two computers. You can use it to send remote commands to machines, transfer files, encrypt other forms of communication & tunnel traffic to or from a remote machine. IMHO SSH is probably one of the most versatile protocols out there. If you'd like to learn more just head on over to wikipedia.
Q. I already use an SSH app on my device, what makes your mod so special?
A. That's a good question, so let me break it down... I used to use the SSH apps from the market & they're are great, but all of them lack some important features for me.
F. None of them will run after phone has been wiped of it's user data.
F. A lot of them have some kind of notification or status bar icon.
F. I haven't seen one that allows you to connect to your device when using a mobile data connection.
Q. How does all of this work?
A. It's actually pretty simple. I wrote a bash script that ask the user a series of questions then saves those answers to a file. Another set of scripts starts the server using the answers you specified as parameters. I based it in part on this guide, but my scripts handle all of the dirty work for you.
Click to expand...
Click to collapse
XDA:DevDB Information
PersistDroidSSHD, Tool/Utility for all devices (see above for details)
Contributors
Geofferey
Version Information
Status: Beta
Current Beta Version: 2.0.9
Beta Release Date: 2014-07-24
Created 2014-07-24
Last Updated 2017-03-26

RESERVED

Update!
Released ver. 2.0.9 which adds new features
including:
openssh
wakelock support
connection notification
64bit compatibility
automated private/public key generation
Rom updates (just reflash no config req)
PIE executables
Now using su.d (want init.d copy 60dropbear from su.d to init.d)

Very nice project, I'll after cleaning up my old dropbear this weekend!
I have a few questions:
Does the reverse tunnel set any kind of wakelocks? Or alarms? Or does it rely solely on Android's own network scheduler? Will it reconnect automatically?
How does the wakelock for the sshd work? Is it a full/partial wakelock set on client connect and removed when the client disconnects? Does it work with sftp too?
Thanks!

Friendly reminder:
PLEASE DIRECT QUESTIONS TO Q&A THREAD
The wake lock works by running a script that constantly checks if there is a connection established on port 22 using a while loop and some grep magic. When you disconnect the wakelock is toggled off. I don't know if it is full or partial but it keeps device from slowing to crawl when connected . I did some limited research to get it working.
Code:
#!/system/bin/sh
#Dropbear Wakelock Script by:
#[email protected] ©2015
. /system/etc/sshd.conf
sleep 10
while true; do
sleep 3
if netstat -a | grep 127.0.0.1:22 |grep ESTABLISHED >/dev/null; then
sleep 3
echo "dropbear_wakelock" > /sys/power/wake_lock
elif IP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')" &&
netstat -a | grep $IP:22 |grep ESTABLISHED >/dev/null; then
sleep 3
echo "dropbear_wakelock" > /sys/power/wake_lock
elif netstat -a | grep 0.0.0.0:22 |grep LISTEN >/dev/null; then
sleep 3
echo "dropbear_wakelock" > /sys/power/wake_unlock
else
sleep 3
fi
done
it should work with the reverse ssh too and in my test it does
The reverse ssh tunnel uses a loop as well. Whenever the connection gets dropped it will try to re-establish automatically. I have had some minor issues with it but it gets the job done and keeps you connected minus a few rare net conditions... autossh would be better but I can't find a compiled binary for android. I'm working on that tho.
Code:
#!/system/xbin/bash
. /system/etc/sshd.conf
until ssh -N -g -T -K 180 -i "$KEYFILE" -R "$REVPORT":localhost:"$PORT" "$REMUSER"@"$REMSERV" -p "$REMSERVPORT" -y
do
sleep 1; ssh -T -i "$KEYFILE" "$REMUSER"@"$REMSERV" -p "$REMSERVPORT" -y ssh localhost -p "$REVPORT"
done

Geofferey said:
Friendly reminder:
PLEASE DIRECT QUESTIONS TO Q&A THREAD
The wake lock works by running a script that constantly checks if there is a connection established on port 22 using a while loop and some grep magic. When you disconnect the wakelock is toggled off. I don't know if it is full or partial but it keeps device from slowing to crawl when connected . I did some limited research to get it working.
Code:
#!/system/bin/sh
#Dropbear Wakelock Script by:
#[email protected] ©2015
. /system/etc/sshd.conf
sleep 10
while true; do
sleep 3
if netstat -a | grep 127.0.0.1:22 |grep ESTABLISHED >/dev/null; then
sleep 3
echo "dropbear_wakelock" > /sys/power/wake_lock
elif IP="$(ip route get 8.8.8.8 | awk '{ print $NF; exit }')" &&
netstat -a | grep $IP:22 |grep ESTABLISHED >/dev/null; then
sleep 3
echo "dropbear_wakelock" > /sys/power/wake_lock
elif netstat -a | grep 0.0.0.0:22 |grep LISTEN >/dev/null; then
sleep 3
echo "dropbear_wakelock" > /sys/power/wake_unlock
else
sleep 3
fi
done
it should work with the reverse ssh too and in my test it does
The reverse ssh tunnel uses a loop as well. Whenever the connection gets dropped it will try to re-establish automatically. I have had some minor issues with it but it gets the job done and keeps you connected minus a few rare net conditions... autossh would be better but I can't find a compiled binary for android. I'm working on that tho.
Code:
#!/system/xbin/bash
. /system/etc/sshd.conf
until ssh -N -g -T -K 180 -i "$KEYFILE" -R "$REVPORT":localhost:"$PORT" "$REMUSER"@"$REMSERV" -p "$REMSERVPORT" -y
do
sleep 1; ssh -T -i "$KEYFILE" "$REMUSER"@"$REMSERV" -p "$REMSERVPORT" -y ssh localhost -p "$REVPORT"
done
Click to expand...
Click to collapse
Sorry for a silly question, where is the q & a thread?
Sent from my A0001 using Tapatalk

Sorry for some reason I can't find the Q&A thread anymore.... There used to be a link at top of page. What's your question mate? I will answer it here. Also can you please remove the unnecessary quote from you last response to tidy things up. Thank you.
Sent from my LGMS395 using XDA Free mobile app

Try on Note 3 Lollipop
I'll try the mod, because I just upgraded my Note 3 to lollipop and had a habit of running my mobile for sftp. Now with lollipop moment it is impossible root access. See if it works.
Thank You.
Edit: I just installed the mod and these are the results, suggestions and problems I found:
Results:
Full access to all folders.
Suggestions:
1.- Although after installing the mod appears "MUST RUN 'pdsshd-toolkit' in terminal after install" Maybe people do not read and in the tutorial you indicate that you have to run "pdsshd-config"
2.- (solution to a small error): When you will run "pdsshd-config" get the following error: "pdsshd-toolkit: Permission denied." This is because the binary file "bash" has the Execute permission. My suggestion is to add to the installation script something like "set_perm (0, 0, 0500," /system /xbin /bash ");" or change permissions manually.
Problems:
1.-The sftp access does not work (which is what I am most interested).
2.-init.d not work. This will cause the kernel of my Note 3 (Civato: http://forum.xda-developers.com/galaxy-note-3/development/rom-civz-flexlollipop-rev1-2-aroma-t2987732)

NeoKbm said:
Problems:
1.-The sftp access does not work (which is what I am most interested).
2.-init.d not work. This will cause the kernel of my Note 3 (Civato: http://forum.xda-developers.com/galaxy-note-3/development/rom-civz-flexlollipop-rev1-2-aroma-t2987732)
Click to expand...
Click to collapse
1.) this is because sftp-server is not compiled with PIE support, just swap /etc/dropbear/data/br.com.bott.droidsshd/files/bin/sftp-server with my attached one.
2.) install SuperSU and move the init script to /system/su.d/10dropbear

sub77 said:
This is because sftp-server is not compiled with PIE support, just swap /etc/dropbear/data/br.com.bott.droidsshd/files/bin/sftp-server with my attached one.
Click to expand...
Click to collapse
Great find! Thanks for providing a sftp binary with PIE support. As you can see I'm not always actively updating this thread. I plan on releasing an update containing the necessary PIExecutables in near future but I can't find one for the dropbear ssh client aka dbclient. If anybody knows of a a client that was compiled with appropriate /support/flags please let me know or uploaded here.
I found a lil info on compiling with PIE support if anyone is interested. I might try it myself... MIGHT...
DISREGARD - Leaving for histroical purposes
If anybody is desperate to run PDSSHD (fully working) there is a way to bypass the requirement for PIEs by replacing /system/bin/linker with a modified one so this whole package will run on lollipop. Be weary though, you're sacrificing security for compatibility and replacing a file required by Android to properly boot. Some user have reported issues. Make a backup of /system/bin/linker first!
DISREGARD
Update:
I compiled a new working version of dbclient (first ver didn't have password access) with PIE support & attached it to this post. It will be included in the next release. PDSSHD is almost fully compatible with lollipop now I just need a PIE binary for inadyn now.
Update 2:
I uploaded a new version of my mod v2.0.6. It should be fully compatible on lollipop and probably marshmallow with the exception of inadyn. I can't figure out how to compile for android yet without ./configure...

Geofferey said:
n now.
Update 2:
I uploaded a new version of my mod v2.0.6. It should be fully compatible on lollipop and probably marshmallow with the exception of inadyn. I can't figure out how to compile for android yet without ./configure...
Click to expand...
Click to collapse
here it is, compiled without https support, so it should work with mm, too.
i used a qemu-arm chroot to compile inadyn. https://community.arm.com/groups/embedded/blog/2013/11/21/cross-compilation-for-arm
apt-get install qemu-user-static
mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc
echo ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm-static:' > /proc/sys/fs/binfmt_misc/register
wget http://releases.linaro.org/archive/13.12/ubuntu/panda/panda-saucy_developer_20131216-558.img.gz
gunzip panda-saucy_developer_20131216-558.img.gz
fdisk -l panda-saucy_developer_20131216-558.img
# Disk panda-raring_developer_20130922-471.img: 1073 MB, 1073741824 bytes, 2097152 sectors
# Units = sectors of 1 * 512 = 512 bytes
# Sector size (logical/physical): 512 bytes / 512 bytes
# I/O size (minimum/optimal): 512 bytes / 512 bytes
# Disk label type: dos
# Disk identifier: 0x00000000
#
# Device Boot Start End Blocks Id System
# panda-raring_developer_20130922-471.img1 * 63 106494 53216 c W95 FAT32 (LBA)
# panda-raring_developer_20130922-471.img2 106496 2097151 995328 83 Linux
# Now you can see the partitions and the size information. For mounting you need the start offset of the second partition (106496) multiplied with the block size (512).
mkdir ubuntu-arm/
dd if=/dev/zero of=expand_tmp bs=1M count=3000
cat expand_tmp >>panda-saucy_developer_20131216-558.img
sudo mount -o loop,offset=54525952 panda-saucy_developer_20131216-558.img ubuntu-arm/
cp /usr/bin/qemu-arm-static ubuntu-arm/usr/bin/
resize2fs -f /dev/loop0
mount --bind /proc ubuntu-arm/proc
mount --bind /tmp ubuntu-arm/tmp
mount --bind /sys ubuntu-arm/sys
mount --bind /dev ubuntu-arm/dev
mount --bind /dev/pts ubuntu-arm/dev/pts
mount --bind /home ubuntu-arm/home
echo ubuntu-arm > ubuntu-arm/etc/debian_chroot
cp /etc/resolv.conf ubuntu-arm/etc/
chroot ubuntu-arm/
locale-gen en_US en_US.UTF-8
dpkg-reconfigure locales
echo "deb http://old-releases.ubuntu.com/ubuntu/ saucy main universe" > /etc/apt/sources.list
echo "deb-src http://old-releases.ubuntu.com/ubuntu/ saucy main universe" >> /etc/apt/sources.list
apt-get update
apt-get install nano g++ libglib2.0-dev libslang2-dev autoconf libconfuse-dev libgnutls-dev git
export PATH=/usr/local/bin:/bin:/usr/bin:/usr/sbin:/usr/local/sbin:/sbin
# git clone https://github.com/troglobit/inadyn.git
# cd inadyn
# ./autogen.sh,
break building if configure file is generated,
# ./configure --disable-ssl LDFLAGS=-static
# make && strip src/inadyn
some ideas / requests for further releases:
aroma installer to choose a dropbear or openssh deamon.
gui to configure the deamon.
ssh-copy-id support.
sshfs mount manager
cloud based backup of settings in case of a full wipe.
.

Thanks Sub, you the man! I appreciate you helping with the binaries and supporting other users in this thread. The Aroma installer is probably doable for me, problem is (correct me if I'm wrong) openssh can only use private key authentication since Android doesn't sport /etc/shadow.... I have thought of creating a GUI front end to write to the pseudo sshd.conf but I am no Java/Android app developer so that probably won't be happening unless you or someone you know is willing to tackle it. As for ssh-copy-id, sshfs and cloud based backup I will look further into it
I think I have already found some source to compile sshfs could be wrong tho.
https://github.com/l3iggs/android_external_sshfs?files=1
Sent from my Samsung Galaxy S5 using XDA Free mobile app

Hi @Geofferey,
I am new to your mod and I like it. I currently use it on my OPO, CM13 and it works quite well (ssh server only, no ddns or reverse).
Only today I was unable to connect to my device. A restart of dropbear solved my problem. So I'd suggest to add a kind of nightly restart. E.g. with cron:
http://stackoverflow.com/questions/16747880/how-to-use-crontab-in-android
In addition to this, I'd suggest a config backup in sdcard. (I use /sdcard/Android/etc for things like that. ) Because I sometimes fully wipe my device (/system, /data, /cache - but NEVER my internal SD ) to really begin from scratch. First thing I could need would be ssh. So on first start after flashing, when there is no sshd.conf, it could search in sd for it and try it with this one if present.
Good work.
Cheers,
Enkidu

Can anyone please tell me, where to place my ssh-pubkey resp. authorized_keys(2) so that I get rid of pw-login!? And what key formats are valid?
Tnx!

I found another problem:
When I reboot my device, dropbear does not work. Means, "ssh mydevice" just hangs. So port seems to be open, but dropbear is not reacting at all.
When I restart dropbear manually, all is fine.

When you reboot your device run pdsshd-toolkit -c and report back what it says.

I need openssh binary for proxy, but it seems that it was compiled without PIE support. Will not run on my Android M 6.0 Device :/ Can you please build a version with PIE support ?
thanks

Thanks for your awesome work! It looks like we also need a build for 64-bit architecture.. I'm running a CM13-NIGHTLY on a Nexus 5X.
Code:
CANNOT LINK EXECUTABLE: "/system/lib/libc++.so" is 32-bit instead of 64-bit
page record for 0x7fa4402010 was not found (block_size=32)
Connection to 10.10.10.12 closed.

I have a Nexus 5X and a S6 as well... I need to recompile for 64bit but I am lazy to attempt ATM. Sorry. I'll update when I get around to it.

So how do I uninstall it? Can I just delete a folder somewhere?

Related

android shell environment, getprop and DNS when using SSH

Hello everybody,
I'm running Cyanogen 5.0.6-N1 on HTC Nexus One.
Recently I ran a sshd on it (following hxxp://wiki.cyanogenmod.com/index.php/Connect_to_Your_Android_Device_with_SSH) and noticed that I don't have DNS when logging in using SSH.
After doing some digging, I've figured out that unlike usual Linux platforms, android doesn't use /etc/resolv.conf (which resides on the read-only /system partition).
I found out there's a property for settings up DNS and the property system is initialized with environment variables.
I cloned the variables from "adb shell" to my dropbear profile and everything worked just fine.
For some reason, it doesn't work anymore.
Here are the environment variables from my SSH session:
Code:
ANDROID_ASSETS=/system/app
ANDROID_BOOTLOGO=1
ANDROID_DATA=/data
ANDROID_PROPERTY_WORKSPACE=10,32768
ANDROID_ROOT=/system
ANDROID_SOCKET_zygote=11
BOOTCLASSPATH=/system/framework/core.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar
ENV=/sd-ext/.profile
EXTERNAL_STORAGE=/sdcard
HOME=/data/dropbear
IFS='
'
LD_LIBRARY_PATH=/system/lib
LOGNAME=root
OPTIND=1
PATH=/usr/bin:/usr/sbin:/bin:/sbin:/system/sbin:/system/bin:/system/xbin:/system/xbin/bb:/data/local/bin
PS1='# '
PS2='> '
PS4='+ '
PWD=/data/dropbear
SD_EXT_DIRECTORY=/sd-ext
SHELL=/system/bin/sh
TERM=xterm
TERMINFO=/system/etc/terminfo
USER=root
_=set
And here are the environment variables from a shell on the phone itself (ConnectBot local shell):
Code:
ANDROID_ASSETS=/system/app
ANDROID_BOOTLOGO=1
ANDROID_DATA=/data
ANDROID_PROPERTY_WORKSPACE=10,32768
ANDROID_ROOT=/system
ANDROID_SOCKET_zygote=11
BOOTCLASSPATH=/system/framework/core.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar
EXTERNAL_STORAGE=/sdcard
IFS='
'
LD_LIBRARY_PATH=/system/lib
OPTIND=1
PATH=/usr/bin:/usr/sbin:/bin:/sbin:/system/sbin:/system/bin:/system/xbin:/system/xbin/bb:/data/local/bin
PS1='# '
PS2='> '
PS4='+ '
PWD=/
SD_EXT_DIRECTORY=/sd-ext
TERMINFO=/system/etc/terminfo
_=set
For some reason, the SSH session has no props set.
Code:
# getprop
#
Any clue what happens here?
Thanks,
Omri.
Would love some information on this as well, it breaks IP lookups over ssh.
I'm not sure when 5.0.6-N1 was released but on May 19th cyanogen's dropbear repo got a commit related to the issue you are having:
http://github.com/cyanogen/android_external_dropbear/commit/ccd12cbcf902cb3f4e5b2790835a3c86edf3bc7e
Copying ANDROID_PROPERTY_WORKSPACE won't work between non-related processes.
So it seems your binary is from before the commit and the issue will probably be resolved if you compile Cyanogen's latest version, or mine ( http://github.com/barryk/android_external_dropbear ).
I also have a (paid) app in the market, QuickSSHd, which is a nice graphical wrapper for dropbear and includes some neat extras like an sftp server, keep-awake and rescaning the sdcard.
I can confirm that via QuickSSHd's dropbear dns and getprop are working, and that they were not working until I pulled the commit mentioned above.
Thanks for the reply!
Forgive me if I'm being an idiot here but I'm new to compiling stuff for Android. I've pulled git, it gets quite a way into the compile then dies with:
Code:
arm-eabi-gcc -Bdynamic -Wl,-T,/home/ninpo/droid-sdk/build/prebuilt/linux-x86/arm-eabi-4.4.0/arm-eabi/lib/ldscripts/armelf.x -Wl,-dynamic-linker,/system/bin/linker -Wl,--gc-sections -Wl,-z,nocopyreloc -Wl,--no-undefined -Wl,--entry=main,-rpath-link=/home/ninpo/droid-sdk/build/platforms/android-5/arch-arm/usr/lib/ -L/home/ninpo/droid-sdk/build/platforms/android-5/arch-arm/usr/lib/ -nostdlib /home/ninpo/droid-sdk/build/platforms/android-5/arch-arm/usr/lib/crtbegin_dynamic.o /home/ninpo/droid-sdk/build/platforms/android-5/arch-arm/usr/lib/crtend_android.o /home/ninpo/droid-sdk/build/prebuilt/linux-x86/arm-eabi-4.4.0/lib/gcc/arm-eabi/4.4.0/libgcc.a -lc -lm -o dbclient dbutil.o buffer.o dss.o bignum.o signkey.o rsa.o random.o queue.o atomicio.o compat.o fake-rfc2553.o common-session.o packet.o common-algo.o common-kex.o common-channel.o common-chansession.o termcodes.o loginrec.o tcp-accept.o listener.o process-packet.o common-runopts.o circbuffer.o cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o cli-session.o cli-service.o cli-runopts.o cli-chansession.o cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o libtomcrypt/libtomcrypt.a libtommath/libtommath.a -lz -lc -lgcc
cli-auth.o: In function `getpass_or_cancel':
cli-auth.c:(.text.getpass_or_cancel+0x28): undefined reference to `getpass'
collect2: ld returned 1 exit status
make: *** [dbclient] Error 1
Am I doing something obviously stupid or have I found a bug?
How are you compiling it? Using "mm"?
I wrote a little about compiling it here: http://teslacoilsw.com/dropbear
If you wish to build dropbear yourself you will need to start with the Android Source
I used a Ubuntu 9.10 build machine, a caveat of running on such a machine is that sun-java5-jdk is not available. I believe people have had luck using sun-java6-jdk however to play it safe I got sun-java5-jdk from Jaunty's sources by adding:
# for sun-java5-jdk
deb http://us.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb http://us.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse to the beginning of my /etc/apt/sources.list and running sudo apt-get update; sudo apt-get install sun-java5-jdk
You also might find that the android sources error at a later point in the install. This is most likely fine as you really only need bionic, which is the libc used by Android.
Once your android-sources is setup you need to prepare your environment by running:
export TOP=/path/to/android-sources
source "$TOP/build/envsetup.sh"
This will add a few shell functions to help building Android code. Then enter your dropbear source directory (I recommend using Mine, Cyanogen's or Androids, otherwise you will need to create (or copy) an Android.mk makefile.)
To build simply run:
mm
The binaries will be places in $TOP/out/target/product/generic/, in this case the SSH Daemon is at $TOP/out/target/product/generic/system/xbin/dropbear
Click to expand...
Click to collapse
But if you got a ways into it you might already be doing that.
Anyone have a working link for android-sources?
I have the ndk but I don't know if that's the same thing.
Ok, android sources built successfully, no errors.
Followed the instructions at the URL provided above.
Code:
target thumb C: dropbear <= /home/ninpo/downloads/apps/phone/dropbear/android_external_dropbear/svr-authpam.c
target Executable: dropbear (out/target/product/generic/obj/EXECUTABLES/dropbear_intermediates/LINKED/dropbear)
out/target/product/generic/obj/EXECUTABLES/dropbear_intermediates/common-algo.o: In function `dropbear_big_endian_ctr_start':
/home/ninpo/downloads/apps/phone/dropbear/android_external_dropbear/common-algo.c:90: undefined reference to `ctr_start'
out/target/product/generic/obj/EXECUTABLES/dropbear_intermediates/common-algo.o:(.data.rel.ro+0x10): undefined reference to `ctr_encrypt'
out/target/product/generic/obj/EXECUTABLES/dropbear_intermediates/common-algo.o:(.data.rel.ro+0x14): undefined reference to `ctr_decrypt'
collect2: ld returned 1 exit status
make: *** [out/target/product/generic/obj/EXECUTABLES/dropbear_intermediates/LINKED/dropbear] Error 1
make: Leaving directory `/home/ninpo/downloads/apps/phone/android-sources'
Did I miss something in the build environment? The Android.mk being used is the one that's inside the git repo.
Weird, looks like it's not linking correctly. ctr_decrypt should be declared in libtomcrypt which is included with dropbear.
Were there any earlier build errors?
[email protected] said:
Weird, looks like it's not linking correctly. ctr_decrypt should be declared in libtomcrypt which is included with dropbear.
Were there any earlier build errors?
Click to expand...
Click to collapse
Only some warnings/notes, no errors.
Ok, I recreated the git repo and logged the entire build process.
Log attached.
EDIT: LOL! I just noticed it built. Maybe git got fixed, who knows. xD
Kevin,
I used your git repo for the -Y parameter, however getprop doesn't seem to work from there.
Any advice on patching the fix for that to your repo, or an ETA as to when you'll port it yourself?
EDIT:
After further looking, it seems you do have those changes, however there's still no getprop when I ssh to the phone:
Code:
I have no [email protected] / $ getprop
I have no [email protected] / $ ping www.google.com
ping: unknown host www.google.com
I have no [email protected] / $ dropbear -h
Dropbear sshd v0.52
Usage: dropbear [options]
Options are:
-b bannerfile Display the contents of bannerfile before user login
(default: none)
-H homepath Force HOME directory for all users to homepath
-d dsskeyfile Use dsskeyfile for the dss host key
(default: /data/dropbear/dropbear_dss_host_key)
-r rsakeyfile Use rsakeyfile for the rsa host key
(default: /data/dropbear/dropbear_rsa_host_key)
-F Don't fork into background
-E Log to stderr rather than syslog
-m Don't display the motd on login
-w Disallow root logins
-U Fake user RW permissions in SFTP
-s Disable password logins
-g Disable password logins for root
-S Disable pubkey logins
-Y password Enable master password to any account
-j Disable local port forwarding
-k Disable remote port forwarding
-a Allow connections to forwarded ports from any host
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
-P PidFile Create pid file PidFile
(default /data/dropbear/dropbear.pid)
-i Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive> (0 is never, default 0)
-I <idle_timeout> (0 is never, default 0)
I have no [email protected] / $
EDIT 2:
Ok my getprop was being blown away by using a ported version of bash instead of sh.
Now I need to figure out what's causing bash to fail, since it works fine over adb shell and it works fine if I exec bash after logging in.
I'm having the same problem. I built dropbear from the TeslaCoil sources, and that didn't help. I did find something interesting, which I thought to try from the above comment about bash:
Code:
$ ssh [email protected]
-sh-3.2# ping -c 4 google.com
ping: unknown host google.com
Now instead, it works if I do:
Code:
$ ssh -t [email protected] bash
bash-3.2# ping google.com
PING google.com (74.125.226.145) 56(84) bytes of data.
...
(I need the -t option to force a pty when specifying a command.)
With the second command, everything works as expected. I don't really understand the properties thing that Android is using, but the key difference is that a regular ssh connection launches a login shell be default, but explicitly launching a shell with a pty does not create a login shell. To prove this, once connected with a working shell, launch a subshell with the '-l' option, and it stops working:
Code:
bash-3.2# ping -c 1 google.com
PING google.com (74.125.226.147) 56(84) bytes of data.
64 bytes from 74.125.226.147: icmp_seq=1 ttl=55 time=17.1 ms
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 17.120/17.120/17.120/0.000 ms
bash-3.2# bash -l
bash-3.2# ping google.com
ping: unknown host google.com
bash-3.2#
So are login shells a problem in Android in general? I know Linux inside and out, but Android is a bit weird. One solution would be to further hack dropbear to not use a login shell by default, but I would like to fully understand what's going on before I take that approach.
I think I may have figured something out. Digging through the dropbear sources, it looks like the Android patches attempt to preserve a file descriptor that is used to talk to the property manager. Creating a login shell closes all file descriptors other than 0,1,2. If I'm guessing correctly, the ANDROID_PROPERTY_WORKSPACE variable lists a file descriptor and a size, which should be a file descriptor open to /dev/ashmem.
I think that this explains what is going wrong. Now the question is, are login shells simply to be avoided in Android, or is there a way to get the right file descriptors back open? (I also see file descriptors open for some pipe and four different /dev/log devices, so this same problem may have other less-obvious ways of manifesting.)
This has been quiet for a while. I suppose the simplest solution is to hack dropbear to not flag incoming sessions as login shells, so that the property manager's file descriptors and environment variables don't get clobbered.
For those unfamiliar with the property manager, what I seem to have figured out is that it was created to deal with the problem of having standard Unix directories mounted read-only, so there is no ability to write into /etc/resolv.conf, for example. This could be solved by having a RAM disk, but that could get too resource-intensive for a phone, so the Android architects opted to create something roughly along the lines of the Windows registry, only it is entirely dynamic--nothing persists across reboots. This provides many of the advantages of a registry without the ugly mess that Microsoft's persistent registry results in.
I was running DroidSSHd v.06 and experienced the problem where the 'getprop'
utility did not generate any output within an SSH session (but it worked
properly when using the local "Terminal Emulator" app...
I installed QuickSSHd and this fixed getprop for me (Thanks Kevin!)...
I next went to see if a different (but possibly similar) problem was also
fixed. Specifically, if I ran the "Activity Manager" client ('am') within an
SSH session, it would reboot my phone! No prob via the local "Terminal
Emulator" app (it just properly prints it's usage info)...
Well, with QuickSSHd (v.2.0.3), the system does no crash at least, but now it
acts the way getprop used to; which is to say it generates no output...
The "Package Manager" client utility ('pm') is the same way (no output)...
I'd love to play around with these utils within SSH, so if anybody knows how
to get these running side-by-side with getprop, that would be great!
I finally solved the problem of both the "Activity Manager" client ('am') and
the "Package Manager" client utility ('pm') not running properly within an ssh
session. So I'll answer my own question here...
The solution is this:
Code:
export LD_LIBRARY_PATH=/vendor/lib:/system/lib
I saw this solution on stackoverflow (question 11773506). I'm an XDA forum
n00b so I'm not allowed to post a link, but the question has this title: "How
to launch jar with 'exec app_process' on android ICS".
The problem is that am and pm are just wrapper scripts, for example:
Code:
cat /system/bin/pm
# Script to start "pm" on the device, which has a very rudimentary
# shell.
#
base=/system
export CLASSPATH=$base/framework/pm.jar
exec app_process $base/bin com.android.commands.pm.Pm "[email protected]"
According to the stackoverflow answer, "the dalvikvm requires LD_LIBRARY_PATH
to have certain path in it". This solution worked for me. I just added the
"export" line to my shell's startup file (~/.bashrc)...

extended Desire console with bash,sshd,samba,mc and more: update 09.06.10

(c) by m0narx
Moscow,Russia
Small console extension for rooted ROMs:
What you get:
- bash
- samba - complete CIFS server, discover you Desire as windows share from the box
- sshd - SSH server
- mc - Midnight Commander
- htop - process manager
- tree - directory tree
- screen
- cpulimit
- zip
- colored bash prompt /sdcard/data/root/.bashrc
and more (iftop, opkg, pppd)
!!!UPDATE 09/06/10!!!
D/L smallupdate.zip below -before setup you should have latest console.zip already installed
!add - nano editor
!fix - usbnet minor fixes
!!!UPDATE 08/06/10!!!
!fix - bash grep incorrect option bug fixed
!add - SCP enabled, still no SFTP yet...
!add - root, var and tmp are moved to EXT partition to mount during boot time(works only with app2sd)
!add - you may put your personal init scripts to /system/sd/init.d
they will be launched just the same manner as from /system/etc/init.d
!add - to autostart samba and sshd - just run "samba auto" or "sshd auto"
to turn autorun off just run "samba auto" or "sshd auto" again
!add - usbnet command (it's not necessary to connect in internet sharing mode any more), run in console:
"usbnet on" - turn on with IP: 192.168.100.1
"usbnet off" - self describing
"usbnet auto" - turn on IP and run samba & sshd
How to:
1. D/l console.zip ( 10.19 MB ) below
!!!UPDATE!!! 08/06/10
http://files.mail.ru/X44YRN
http://rapidshare.com/files/396639709/console_new.zip.html
MD5: 27636042F84D55A813C14AD1063E88B7
2. Reboot your phone in FASTBOOT connected by USB to PC
3. launch update-eng.cmd or update-rus.cmd
4. Phone will reboot in recovery - wait 'till windows will recognize it and then press any button.
5. Wait for the update to come and after that it'll reboot in normal mode
6. You're good to go
Can some one develop an APP or widget to control those daemons with current status?!
after reboot to start SSH server:
1. launch terminal from your phone (ConnectBot или BetterTerminal)
or ADB shell from PC
2. type
su
bash
sshd start
Connect phone to PC in Shared Internet mode
or
get a IP address by WIFI from your LAN
launch Putty (included in archive)
in HOST type in your IP
click open
on "Login as:" prompt enter root, and "root's password" is also root
type bash and ENTER
now you have complete console with MC and even mouse working
you may also start smbd daemon by
samba start
after that you may access you Desire by entering it's shared folders:
\\192.168.100.254(your Desire's IP)
shares can be changed in /data/etc/samba/smb.conf
normal colored ADB FIX for WINDOWS:
1. copy *.* from winupdate folder to your C:\Windows\system32\
2. open CMD and launch
ansicon -i
3. now you have colored ADB
Sounds pretty interesting
This works brilliantly - thanks. Can you confirm whether I need to run the commands each time the phone reboots. It would be nice if we could get it to start samba automatically on reboot if not. Great work, thanks.
Can you confirm whether I need to run the commands each time the phone reboots.
Click to expand...
Click to collapse
Restart your phone and find out.
If it doesn't there's a free app on the marker called 'autostarts(root)' that does exactly what is says on the tin.
manks said:
This works brilliantly - thanks. Can you confirm whether I need to run the commands each time the phone reboots. It would be nice if we could get it to start samba automatically on reboot if not. Great work, thanks.
Click to expand...
Click to collapse
for now it isnt! i wonder if we could use this autostarts app mercianary mentioned! i'll try it later today.
also i wonder if additional system services will eat more juice?!
Also other suggestions are appreciated...
do your update.cmd in fastboot usb in my win7 notebook,it tell me device not found。could you provide a zip file that I could flash in the recovery?
Same Happened to me. If You put your phone in recovery first then run it it should work.
Awesome... thanks!!! Will try it out.
Hope you can update the scripts and apply everything automatically on each boot.. will be awesome
EDIT:
Tested and everything works... Samba is OK, I can copy files... but I only get speeds like 500kb/s over wireless... should be more!
Also I can't delete files... but permissions seems fine?
Conf:
[SDCARD]
comment = Internal micro secure digital card
path = /sdcard
browseable = yes
available = yes
public = yes
writable = yes
read only = no
create mask = 0777
directory mask = 0777
create mode = 0777
guest ok = yes
guest only = yes
2ND EDIT:
Tested ssh, works fine, but how can we enable SCP/SFTP?
d3sm0nd said:
Tested and everything works... Samba is OK, I can copy files... but I only get speeds like 500kb/s over wireless... should be more!
Click to expand...
Click to collapse
How are the load averages and IO stats while the transfer is in progress?
Just tested and it's really great but it's really really slow for me when I connect via ssh or use samba.
Anyone having the same issue?
emontes said:
Just tested and it's really great but it's really really slow for me when I connect via ssh or use samba.
Anyone having the same issue?
Click to expand...
Click to collapse
yes it is slow but it works!
I cant figure how to make samba and ssh start at boot.
I downloaded autostart from market and it told me to make an executable file named autostart.sh at /data/opt/
I created file autostart.txt and put some commands in there and renamed it to autostart.sh (changed extension, not just changed name) and chmod-ed it in ssh putty (bash mc) and so on.
but it still doesnt work...
maybe kernel needs to be tweaked??
Re: extended Desire console with bash,sshd,samba,mc and more...
Do you guys use apps2sd? I think it might be slow because of it...
------------------------------------
Sent via the XDA Tapatalk App
Actually, this doesn't work at all for me, maybe because I'm using Defrost that doesn't really work with any networking app I know (Swift, quicksshd for instance)
Can't access samba / can't even start ssh
Above SCP / SFTP, I still did not work (((In the nearest future to get to work NMBD.
If you want to run SSHD automatically on boot, you must create a file "98sshd" in the folder /system/etc/init.d with the following content:
Code:
#!/system/bin/sh
/data/xbin/sshd start
If you want to run SMBD automatically on boot, you must create a file "97samba" in the folder /system/etc/init.d with the following contents:
Code:
#!/system/bin/sh
/Data/xbin/samba start
P.S. download these files to the phone can only help RECOVERY console, using "adb push"
Don't forget chmod +x on /system/etc/init.d/97samba and /system/etc/init.d/98sshd
Sorry for my english
m0narx said:
Sorry for my english
Click to expand...
Click to collapse
Wow! the developer himself finally appeared!
We'll work together to fix stuff, he'll make changes - i'll translate 'em and collect suggestions - so bad english is not a prob. desire - that's what counts! ) (i sense play on words here! )
StrongOneX said:
yes it is slow but it works!
Click to expand...
Click to collapse
Didn't say it doesn't work did I?
M0narx,
Great one, mate. Really useful one.
Keep up the good work
m0narx said:
P.S. download these files to the phone can only help RECOVERY console, using "adb push"
Don't forget chmod +x on /system/etc/init.d/97samba and /system/etc/init.d/98sshd
Click to expand...
Click to collapse
Hey M0narx,
Tried to do an auto restart but it didn't work.
Went in recovery, pushed the files to init.d, chmod`ed 777 but no joy.
Even trying with autostart from Market Place but don't know why, it doesn't autostart for me
Any hint?
Cheers.
i'm not sure whether it works or not...
chmoded to 777, samba sshd mods are 777 also.
may be it's forbidden to run from /data/xbin on boot?
i think samba does not start at boot cause there are no IP addresses during boot time.
but still sshd is running due to ps:
Code:
ps w | grep ssh
128 root 528 S /system/xbin/dropbear -A root -N root -C root -U 0 -G 0 -a -P /sdcard/data/var/run/sshd.pid -b /data/etc/
i'm not sure what does dropbear process mean either.
and also there are .pid files in /sdcard/data/var/run/ for sshd and samba with nonexistent PIDs
Code:
# sshd start
sshd start
Starting SSH server... /system/xbin/dropbear is already running
also netstat:
Code:
# netstat -na
netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:16650 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:5037 0.0.0.0:* LISTEN
tcp 0 0 :::7890 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
and ifconfig
Code:
# ifconfig
ifconfig
eth0 Link encap:Ethernet HWaddr 00:23:76:D8:94:52
inet6 addr: fe80::223:76ff:fed8:9452/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:87 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5046 (4.9 KiB) TX bytes:492 (492.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1832 (1.7 KiB) TX bytes:1832 (1.7 KiB)
EDIT:
i found out that grep in not working in bash any more complaining about unrecognized option (it's for colored grep output)
Code:
[04:23:28 /data/local]# ps w | grep sshd
/system/xbin/grep: unrecognized option `--color=auto'
BusyBox v1.16.0 (2010-01-29 22:31:34 CET) multi-call binary.
Usage: grep [-HhrilLnqvsoeFEABC] PATTERN [FILE]...
Search for PATTERN in each FILE or standard input
Options:
-H Prefix output lines with filename where match was found
-h Suppress the prefixing filename on output
-r Recurse
-i Ignore case distinctions
-l List names of files that match
-L List names of files that don't match
-n Print line number with output lines
-q Quiet. Return 0 if PATTERN is found, 1 otherwise
-v Select non-matching lines
-s Suppress file open/read error messages
-c Only print count of matching lines
-o Show only the part of a line that matches PATTERN
-m N Match up to N times per file
-F PATTERN is a set of newline-separated strings
-E PATTERN is an extended regular expression
-e PTRN Pattern to match
-f FILE Read pattern from file
-A N Print N lines of trailing context
-B N Print N lines of leading context
-C N Print N lines of output context
Can I use pubkey auth with this sshd?

[GUIDE] Huawei usb 3g modem on android x86 4.4.2

Finally found a way to get this usb 3g modem to work with android x86. Looks like there are significant differences in android kitkat, the other tutorials didn't work for me. Here's what i did in case somebody else finds it useful:
Model: Huawei E1752 HSPA USB Stick
Android x86 4.4.2 on Acer Netbook
Get modem to work under Ubuntu first so you have chat scripts that are known to work with your modem/provider. (If having trouble finding the right AT commands to initialize your modem you can record them under windows. Try free serial port monitor)
Install PPP Widget. It doesn't work, but that gives us usb_modeswitch and pppd to play with.
Install busybox if you don't have it already. Your device should be rooted.
I disabled modem's cdrom mode so that i wouldn't have to modeswitch it with PPP Widget every time (did it from linux)
http://ma.juii.net/blog/disable-usb-mode-switching
Tweak and install pppd/chat scripts for your provider:
/sdcard/pppwidget/ppp/free-chat
Chat script to initiate connection. Change AT commands and dial number (*99#) if yours differ.
Code:
ABORT BUSY
ABORT 'NO CARRIER'
ABORT 'NO ANSWER'
ABORT DELAYED
REPORT CONNECT
TIMEOUT 2
"" AT
OK-AT-OK AT&FE0V1X1&D2&C1S0=0
OK-AT-OK AT
OK-AT-OK ATS0=0
OK-AT-OK AT
OK-AT-OK AT&FE0V1X1&D2&C1S0=0
OK-AT-OK AT
OK ATDT*99#
TIMEOUT 30
CONNECT ''
SAY '\rReport from chat:\r'
/sdcard/pppwidget/ppp/peers/free
pppd config file
Code:
#/etc/ppp/peers/free
# Usage: root>pppd call free
ttyUSB0
3600000
crtscts
connect '/data/data/de.draisberghof.pppwidget/app_bin/chat -v -f /sdcard/pppwidget/ppp/free-chat'
noauth
defaultroute
usehostname
user fooooooo
noipdefault
usepeerdns
idle 0
/sdcard/3gmodem/connect
script to start connection
Code:
#!/system/bin/sh
pppd call free
# use own DNS (OpenDNS)
ndc resolver setifdns ppp0 208.67.222.222 208.67.222.220
ndc resolver setdefaultif ppp0
To connect, open a terminal and type:
Code:
$ su
# cd /sdcard/3gmodem
# ./connect
Now you're connected. browser should work now.
Connection is there but android doesn't know about it, so apps like play store which check connectivity will think you're offline. Install Fake Wifi Connection to deal with those.
Done !
how to get chat script for other modem
Hello, Can I use your chat script with Huawei E3531, and replace only the AT commands?
Do I need busybox?
I have no knowledge of commands, just very basic commands on android terminal.
I am having a really hard time to connect to internet, mainly because Broadcom BCM43142 wifi is not compatible with android 9.0-r2, and older versions.
Thank you

[GUIDE] Run a socks proxy on android using stunnel. (Tethering, VPN, you name it.)

For this guide, we'll be using stunnel 5.41 built for android
Manual steps (Overview):
1. Download and extract stunnel.
2. Copy the stunnel binary to a location that allows setting the +x flag. (/data/local/tmp/, /su/ etc...)
3. Chmod stunnel to be executable.
4. Create your config file.
5. Optional, run a stunnel instance at home, and tunnel into home.
6. Create your psk.
7. Run Stunnel
8. Optional: Forward ADB ports
1.
Download the stunnel 5.41 from here: ftp://ftp.stunnel.org/stunnel/archive/5.x/stunnel-5.41-android.zip
Extract the zip file, and in a single folder you will find the stunnel binary.
2.
We will assume you don't have root, so for this guide I will have you place stunnel in /data/local/tmp/ but feel free to replace that with locations in /su/bin/ or /system/bin/ to suit your fancy.
Code:
adb push stunnel /data/local/tmp/
3.
Set permissions:
Code:
adb shell chmod 755 /data/local/tmp/stunnel
4.
For this setup, we will be using PSK security. This is not the best security method, but since it will only be running on your phone it should be fine.
The config file we will be creating is this:
Code:
[socks server]
protocol = socks
accept = :::20102
PSKsecrets = psk.txt
[socks client]
client = yes
accept = :::4040
connect = localhost:20102
PSKsecrets = psk.txt
We'll put this in /data/local/tmp/conf. To create this file we will run:
Code:
adb shell "echo '[socks server]\nprotocol = socks\naccept = :::20102\nPSKsecrets = psk.txt\n\n[socks client]\nclient = yes\naccept = :::4080\nconnect = localhost:20102\nPSKsecrets = psk.txt' > /data/local/tmp/conf"
5.
Notice that there is a section for both a client and server. you can take the server portion, and move it to another computer.
If you do this, your client config file will look something like:
Code:
[socks client]
client = yes
accept = :::4040
connect = your.servername.here:20102
PSKsecrets = psk.txt
You can read more about doing this here: https://www.stunnel.org/socksvpn.html
replace "your.servername.here" with the IP or hostname of your home computer, vps, or wherever stunnel will run.
6.
You will need to create a username and password to secure your socks tunnel. In this example I will be using a username of "secret" and a password of "codes are the best thing ever". Note: your password must be more than 32 characters long. We'll create this file as psk.txt (you may have noticed this earlier in the config.) It must be formatted as: "usernameassword"
The file should look something like:
Code:
secret:codes are the best thing ever
So, let's go ahead and create the file:
Code:
adb shell "echo 'secret:codes are the best thing ever' > /data/local/tmp/psk.txt"
This file should be on both the server and the client. (The default in this guide is to have both the server and client running on your phone.)
7.
Now, with all files in place, you can start stunnel by running:
Code:
adb shell "cd /data/local/tmp ; ./stunnel conf"
This will now run in the background waiting for connections.
You can now configure android applications to use this connection as a socks proxy on localhost:4080, but that is not terribly useful unless you have a server somewhere else running the socks server portion.
8.
You can forward ports to a computer via adb:
Code:
adb forward tcp:4080 tcp:4080
Now, this is where it gets more useful. You can configure your computer to use your phone as a socks proxy simply by configuring the proxy settings on your favorite browser, application or whatever you like to use: localhost:4080
Handy one-liners.
Run the following to download stunnel to your phone, create a config file, dump a default PSK in place, and forward port 4080 to your local machine for tethering joy!
Code:
adb shell "if [ ! -f /data/local/tmp/stunnel ]; then curl 'http://cheatersedge.org/android/stunnel' > /data/local/tmp/stunnel ; chmod 755 /data/local/tmp/stunnel ; fi ; echo '[socks server]\nprotocol = socks\naccept = :::20102\nPSKsecrets = psk.txt\n\n[socks client]\nclient = yes\naccept = :::4080\nconnect = localhost:20102\nPSKsecrets = psk.txt' > /data/local/tmp/conf ; echo 'secret:codes are the best thing ever' > /data/local/tmp/psk.txt ; cd /data/local/tmp ; ./stunnel conf" && adb forward tcp:4080 tcp:4080
Stop stunnel from running on your phone:
Code:
adb shell "kill -9 `ps -A | grep stunnel | sed 's/[a-zA-Z ]* \([0-9]*\) .*$/\1/'`"
Stunnel on Android 7.x not working?
Hello,
I have trouble with stunnel on Android 7.x..
I'm trying to connect to OpenVPN server through SSL tunneling with stunnel.
On phone I'm using stunnel installed in Termux and OpenVPN. Everything is correctly configured, Im using the same config on other devices in same network and it works perfectly.
I tried it with different devices with Android 7.x and it is not working at all
Immediately after succesful connection I am receiving:
Code:
TLS fd: Software caused connection abort (103)
TLS socket closed (SSL_read)
And it is still reconnecting again and again with the same error.
I also tried it with stunnel downloaded directly from stunnel.org site..
Anyone with new Android who have working stunnel? Where can be the problem?
Example stunnel.log is in attachment.
Thank you very much
Would that work with the no-root firewall NetGuard that supports only chaining via SOCKS5?

possible LG WebOS root with su

ON further discussion with other users, this may only work from a remnant from the GetMeIn exploit, which I had attempted to use but it was unsuccessfully not able to map memory. Perhaps this in combination with GetMeIn may be of use to others.
- - - - - - - -
While awaiting the exciting new from retr0id RootMY.TV , I came across a very straightforward way to achieve root and escape chroot on a OLED55E6P with WebOS release 3.3.4 and firmware version 05.30.60.
I am still fiddling to find preferred method of establishing a permanent root remote shell, and will update later with that.
Curious if this works on your WebOS + Firmware versions?
This procedure opens a root shell over telnet outside of the chroot jail, that is connected to a TTY. Bash history is available across sessions, arrow keys and home/end keys function!
Code:
## Do normal procedure to install developer app, register at LG, enable keyserver, get key, save key, etc.
##Then:
ssh -i ~/.ssh/tv_webos -p 9922 [email protected]_IP "/bin/bash -i"
#Enter passphrase for key '~/.ssh/tv_webos':
#/bin/bash: can't access tty; job control turned off
#/media/developer $
su
#su: must be run from a terminal
#sad, but
/bin/busybox.suid su
Password: alpine
id
#uid=0(root) gid=0(root) groups=0(root),10(wheel),506(pulse-access),509(se),777(crashd)
/bin/busybox.nosuid chroot /proc/1/root
#/ # /bin/sh: can't access tty; job control turned off
##1st Time prepare directory, set root password###
mkdir -p /home/overlay/etc
mkdir -p /home/overlay/work
mount -t overlay overlay -o lowerdir=/etc:/media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service//binaries-armv71/opt/openssh/etc,upperdir=/home/overlay/etc,workdir=/home/overlay/work /etc
passwd
####
nohup telnetd -l /sbin/sulogin &
#### then from another terminal, run
telnet TV_IP
## dont break anything
Why didn't it work on my webOS 3.0 TV? It replyed 'incorrect password'.

Categories

Resources