Yay! xdebug support on php! - General Topics

I've been playing for a while with a number of droid based server apps: BitWeb, nand, nginx, ksweb, ultimate servers pro, etc.
The one thing I still missed was support for xdebug. I tried cross compiling a module myself, but with my limited knowledge of c/c++ it would have taken more time than I had to commit to the project. I've been primarily using Ultimate Servers Pro now due to the number of servers they let you configure at once from a single app but also purchased a copy of the BitWeb engine prior to trying USP. Every once in a while I do a search of Google Play for Xdebug and lo-and-behold, this time something actually came up and it was BitWeb that I already owned!
Checking into their server kit again, I was able to confirm that xdebug is working (although remote access is defaulted to off but can be set to true in the php.ini) so I got curious. Since I own both apps, I fired up USP and turned on the ssh server, shelled in and went into /data/data/com.andi.serverweb/php (NOTE: there will be nothing there until you run the BitWeb app at least once) I then backed up the icecoldapps php executable and copied the one from bitweb into the serverpackc php directory, set the ownership and permissions the same as the original had been and fired up USP's web server and confirmed it works fine.
So if anyone else wants to have xdebug support, be sure to check out BitWeb server and keep in mind that re-locating his php binary to other server packages does appear to work.
As an additional side now, I've included a copy of a sample lighttpd conf (the 'altered' lines are similar to tested modifications I have been able to get working fine on multiple lighttpd/php/mysql based apps) showing an example of how you can get multiple Zend instances working on your phone.
SW

composer observation
Something else I've noticed - composer.phar won't work due to lack of crypto.

Related

Android Fork Bomb

Just out of curiosity does anyone know if any android devices can be affected by a fork bomb sent via text or email?
It is Linux so I'm guessing it will be affected. Maybe it won't be like OMG but it will be some what affected.
If a text or email could execute a custom script on being received, there is probably a lot worse that it could do than a fork bomb... Might be possible to get two views to keep calling each other, in which case the bundle for that program will expand until it runs out of memory and android will kill the app. This is very much an app specific bug though, and isn't related to the "fork bomb" of a program making a new instance of itself.
I thought Android runs on the sandbox environment for applications, which means the app can't execute much permissions as compared to Windows.
Just my $0.02
Yes, the apps are sandboxed for the most part.
Now that I think on it, there is a launch flag to open a new instance of a program leaving any currently running ones alone, which could be used to make a forkbomb. In this case, it would not be stopped by memory as the earlier instances will shut down but the exponentially increasing new instances will keep going, probably making the phone unusable until a reboot.
This can only be done by compiling and launching a signed app though, no email client can do this unless it has a backdoor to trigger this code from itself or from a trojan-esque feature to download, install, and launch apps on its own. The user would be promted to ok the new app's permissions anyway, unless it uses and gets permission for root access.
Basically, forkbombs are possible, but not by email or text with stock or nonmalacious programs.
Task Management
If the script gained root access, it'd be just the same as on a Linux machine. But I believe the DalvikVM simply kills any apps/processes it needs to in order to keep the system running smoothly (in theory).
well it works...
https://github.com/nicandris/com.example.forkbomb

Fix for GB getting mobile version of website despte desktop UA string

I've noticed since upgrading my Droid X to Gingerbread that many websites that were previously fooled by setting the User Agent (in Dolphin HD) to "desktop" are no longer fooled and can now detect that I'm on a mobile device. This can be quite irritating as the mobile version of many sites is horrible.
To see if this article pertains to you, if you're set for a desktop user agent string, go to http://www.bbc.co.uk and see if you get the mobile version of the page or the desktop version. If you get the mobile version despite your user agent setting, this hack may help you.
When this first happened to me I decided to find out how the sites were detecting the fact that I'm on a mobile device. Generally a website only knows what you tell it about yourself, and what you tell it about yourself is 100% in the HTTP headers your browser sends (or that get added by a proxy server if you use one). So the first logical place to look was to see what all headers the browser was sending. Note: for any who might object that it also knows things about you by your cookies, your cookies are actually sent as HTTP headers as well.
I have a CGI script on one of my web servers that I use to see what all headers my browser is passing. There are plenty such scripts/sites on the web -- here is a decent one (it's not mine) if you want to see what your browser sends. Examining the headers, one stuck out like a sore thumb:
Code:
HTTP_X_WAP_PROFILE='http://uaprof.vtext/com/mot/mb810/mb810.xml'
Geez, that's a pretty dead giveaway isn't it? I checked a phone running FroYo and it does not send that header, so that further confirms this is the header these sites use to detect me as a mobile (since they don't detect me as a mobile under FroYo and do under Gingerbread).
I then Googled HTTP_X_WAP_PROFILE and found numerous coding resources where they suggest looking to see if that header exists and/or is set to anything in order to detect mobile browsers. Bingo.
Great - so how to get rid of it? My first thought is that since the header is clearly identifying me as a Droid X (MB810), there has to be something in the phone that is providing the data. Since I observed that the header is present whether I access the net via WiFi or via 3G, that further confirmed that this is all happening in the phone and not being added by Verizon in transit.
The first sensible place to look was /system/build.prop. Turns out that the first sensible place to look was the right place to look as I found this line:
Code:
ro.mot.hw.uaprof='http://uaprof.vtext/com/mot/mb810/mb810.xml'
Well, that's about as perfect as you could ask for. Not knowing if the phone might be touchy about completely removing this setting, my first attempt was to change the line to read like this:
Code:
ro.mot.hw.uaprof=''
I found that you must reboot the phone for the setting to take effect (no real surprise there). Unfortunately, afterward, when I examined the headers being sent by the browser, they now contained this:
Code:
HTTP_X_WAP_PROFILE=''
With that setting, the various websites still detected me as a mobile browser (which you would expect). Next I tried changing the build.prop to this:
Code:
ro.mot.hw.uaprof=
* Note - there is nothing after the equal sign - not a space or anything, just a carrriage return.
This (pleasantly) resulted in the HTTP_X_WAP_PROFILE header being completely absent -- the ideal outcome. Happily, the various websites that were detecting me as a mobile no longer did. Success!
In the interest of being thorough, I tested just removing the ro.mot.hw.uaprof setting altogether (by commenting out the line). I figured that probably was not the best plan, but I wanted to see what would happen. When I did that, the following header was the result:
Code:
ro.mot.hw.uaprof='http://uaprof.motorola.com/phoneconfig/MotoMB200/profile/MotoMB200.rdf'
Interesting default value -- and of course I was again identifiable as a mobile device.
So, the fix for this is pretty simple. The exact property that needs to be modified in your build.prop would of course vary if you're not running a Motorola build, but I'd expect it to be readily identifiable. Of course you have to be rooted to do this, and of course you should make a backup copy of your build.prop before you modify it, and of course you should think about what your fallback recovery is going to be if you foul up your build.prop and end up in a boot loop or something. Can you boot into Recovery and then fix the file with ADB, etc. -- it all depends on how your phone is set up.
For those that like step-by-step, here's precisely what I did:
Open Root Explorer (or other "root aware" editor)
Navigate to /system
Mount system as R/W
Open build.prop in text editor
Find the ro.mot.hw.uaprof line
Put a # at the beginning of the existing line (to make it into a comment)
Insert a new line below the existing line that says "ro.mot.hw.uaprof=" (without the double quotes -- no characters after the equal sign)
Save and exit editor
Mount system as R/O
Reboot phone
By doing it this way I end up with a backup copy of the original string in case I want to easily put it back. Root explorer automatically saves the original build.prop as build.prop.bak, but if you're really cautious you might want to actually make a copy of the file to your SD card or something.
At this point, in Dolphin HD, with my user agent string set to Desktop, all of the web sites that had begun seeing me as a mobile device now serve the normal desktop page (as desired). If I want to see the mobile version (for some reason) I can just switch Dolphin HD back to Android mode (user agent string) and then I get the mobile version.
Hope this helps someone. Sorry it was so long -- almost everything I write up is.
P.S. If you do this successfully on a non-Motorola phone, post here and let others know.
firstly,, BIG THANKS
I am running a GB2.3.3build.596 P3D 2file root DroidX..
when i open ROOT EXPLORER in r/w mount and open the build.prop i can not type anything..and this mobile site only crap was the reason i took 2 days of forum reading at 3 forums before i went ahead and sbf'd back to froyo from a stock Verz 2.3.3GB to then root ,and then to install the 2 P3D files to have a .596 build GB rooted phone
any suggestions, maybe another editor ware? total newb

A Parallel Appstore for WIndows 8/RT for ported Apps and Re-Compiled Apps

Hi Team,
I would like to donate a hosting for a parallel appstore. Please send a msg, I will give you the cpanel username and password. Also, this might be time to think of a domain name I can register one for you. Cheers.
DarkZ
darkstarz said:
Hi Team,
I would like to donate a hosting for a parallel appstore. Please send a msg, I will give you the cpanel username and password. Also, this might be time to think of a domain name I can register one for you. Cheers.
DarkZ
Click to expand...
Click to collapse
pls see this post...
http://forum.xda-developers.com/showpost.php?p=36670567&postcount=19
I think it would be best if we have just one app store, but multiple servers. that way we can standardize distro formats etc and its easy for devs and users.
im working on a tool to package apps in the format for rtdstore and then I shall update the store to handle multiple repos.
while I have no use for the server u are offering as I have my own server, hopefully someone else will be able to use it for an alternative repo
djboo said:
pls see this post...
http://forum.xda-developers.com/showpost.php?p=36670567&postcount=19
I think it would be best if we have just one app store, but multiple servers. that way we can standardize distro formats etc and its easy for devs and users.
im working on a tool to package apps in the format for rtdstore and then I shall update the store to handle multiple repos.
while I have no use for the server u are offering as I have my own server, hopefully someone else will be able to use it for an alternative repo
Click to expand...
Click to collapse
No offense, but we need to get a standardized protocol for talking to and from the servers drafted and going before we get tools designed to use it.
The enthusiasm is good, but you're going about it the wrong way.
netham45 said:
No offense, but we need to get a standardized protocol for talking to and from the servers drafted and going before we get tools designed to use it.
The enthusiasm is good, but you're going about it the wrong way.
Click to expand...
Click to collapse
None taken, but I think you've misunderstood. I've already designed a protocol for option C. My plan is to use flat files for 90% of everything, and the places where its not static, the possibility to use a dos batch file to 'update' the repo on changes, allowing people to use dropbox to host a repo, or use a php/asp script for people with better hosting. The thought process around this is that it means a dev can host a repo just for their app without having to own a server, but people who want to contribute more have the ability for it to be a bit more automatic.
My only flaws at the moment are what to do when more than one repo has the same app (how will updates be managed etc) and how to avoid conflicts (when two repos have an app with the same name but its not the same thing) - both of which will probably be managed with a simple GUID - hense the packager i am working on - making the apps GUID available without the client having to download the app.
Main reason why I want to update the app before sharing all this publicly is that i dont want to share it till i know it works
djboo said:
None taken, but I think you've misunderstood. I've already designed a protocol for option C. My plan is to use flat files for 90% of everything, and the places where its not static, the possibility to use a dos batch file to 'update' the repo on changes, allowing people to use dropbox to host a repo, or use a php/asp script for people with better hosting. The thought process around this is that it means a dev can host a repo just for their app without having to own a server, but people who want to contribute more have the ability for it to be a bit more automatic.
My only flaws at the moment are what to do when more than one repo has the same app (how will updates be managed etc) and how to avoid conflicts (when two repos have an app with the same name but its not the same thing) - both of which will probably be managed with a simple GUID - hense the packager i am working on - making the apps GUID available without the client having to download the app.
Main reason why I want to update the app before sharing all this publicly is that i dont want to share it till i know it works
Click to expand...
Click to collapse
I'd share it before you code it to make sure it'll all work, personally.
As far as the repo list goes, are you planning on hosting a list of default repos that users just change, or are you expecting everyone to enter every repo manually?
netham45 said:
I'd share it before you code it to make sure it'll all work, personally.
As far as the repo list goes, are you planning on hosting a list of default repos that users just change, or are you expecting everyone to enter every repo manually?
Click to expand...
Click to collapse
I'm aiming for both. That way a repo can announce his repo once he has something to show without waiting for me to add it, but I have the control to only add repos that are trusted.
the crux of the repo format is thus:
a single XML file that lists all of the apps on a repo - contains core details like app name, version number, guid etc. These details are extracted from the packaged files - I will supply an EXE that can construct these XML files - and later will also supply a PHP file (I'm currently using asp.classic out of habbit despite being a c# coder - but PHP makes more sense because just about every web server ever supports PHP)
All of the packages will go in the same folder as the XML. The Exe/PHP will also produce text files for each package that includes the further details about the app. This is to keep the primary XML smaller as this will need to be updated by the client app for each repo on start up. I'm consindering having the XML as a zip file to reduce server load too.
As for the package format, Its going to be an XML and ZIP file bundled together, simple toc stuff - create XML, read its size, create new file, first 4 bytes are the XML size, then the XML file, then the ZIP of the package bundled together. This will then have a custom extension which can be associated to an installer app (the Store app obviously will support the format too - and not require an installer)
The installer will be able to be used standalone - but wont be aware of the store at all - meaning it wont update the current installed apps.
Image of package creator:
http://i.imgur.com/Tpaq9.png
Hopefully, you can see that the repo is totally dependant on the package format working. Once the core options work, since its all XML it should be extendable, but without those basics, its not going anywhere.
However, once the repo format is sorted, and the source for the installer is done (and shared) - my store app need not be the only one, no reason why other people who want to write a store cant use this format - last thing i want is 20 different repo/installer formats.
Sounds good enough. The only thing I have to mention is that if the server supports gzip output and your client can handle gzip input the compression of the .xml files is pointless.
And, are you planning on employing any sort of PGP verification methods? It'd be nice.
I can provide a server which is located in HK if need. Thanks all.
Sent from my GT-N7105 using Tapatalk 2

SmartFinder for Android (Alternative to Android File Transfer on OS X )

I ran a quick search and haven't seen this mentioned anywhere else yet, so sharing this info here for Mac users.
I just downloaded and fired up a free app (SmartFinder for Android) from the Mac App Store...looks to have come out just a week or two ago. Appears VERY promising, at least as an alternative to the rudimentary Android File Transfer that we've been stuck with for years. Seems quick and provides a proper classification and grouping of files (e.g., Pictures, Video, Music, Files), which can actually all be opened directly from within the app (unlike with AFT). Should make things a lot easier and just all-around more enjoyable compared to what we've been limited to in the past.
One thing I did notice, however, is that a small piece of software is actually also loaded onto the device when accessing for the first time. This is presumably to make things work properly and the required permissions are minimal and can be restricted anyway, so it doesn't seem too concerning. Still, it would be nice to see the developer mention this in the description.

Unsolved tech...

Hello guys,
I have been searching for answers to some of the tech stuff, but couldn't find them.
Here are some of those questions. Hope some of you would have answers to these. Thanks in advance!
ANDROID
1. How to share files between multi-users on Android 11?
Before Android 11, it was possible to save files inside the Android/ obb folder, and these files were visible for all users on the device. In Android 11, this is no longer working as the 'obb' folder appears to be exclusive to each user.
I know this is possible via USB OTG or a cloud service, but is there a solution without these?
2. How to copy/ backup game data for non-rooted devices?
Helium Backup doesn't seem to work. I have played a game for long on my Mediapad, and I would like to copy that game to my phone. Unfortunately, my Mediapad is not rooted and losing all that game progress has become a nightmare. I have written to the app developer to provide some sort of backup using either Google Play Games or social media integration like Facebook/ Twitter, but haven't received any response.
3. How to force apps (esp. file managers & gallery apps) to use in-app media viewer without changing system default.
For example, I may use the stock gallery app as default for viewing media. But if I am using another gallery app or a file manager that is capable of viewing media files using its own media viewer, I would rather want it use it than open the default app. Is there a way to do it?
4. Replace stock file manager (a system app) with another app from Google Play Store or other sources. Is this possible?
I am not asking how to convert a user app into system app. I know that part. I tried replacing the apk file of the stock file manager with a 3rd party apk, even renamed it, but it didn't work.
5. Extract a system app from one device and install it on another device without root. Is this possible?
I have tried it, but apk installation fails. For example, Samsung Gallery app on OnePlus phones.
iOS
1. How to install .ipa (iPhone app) on an iPhone (not jail-broken) without a laptop (iTunes)?
2. Is it possible to have SFTP server for iPhone?
All Operating Systems
1. How to provide LAN only access for non-rooted devices as well as in Windows & iOS?
For rooted devices, we have apps like AFWall+ that can do it. But is there a way to do it for devices without root, as well as for Windows and iOS?
For non-rooted devices, we have apps like Netguard that support 'Allow LAN access' whilst blocking internet access.
Are there any alternatives and solutions for other platforms?
2. How safe is it to enter login credentials in an app to allow it access to network drives?
I use several apps (on various platforms) to connect to my laptop over SMB. This requires me to provide the app with my Windows Login Credentials, which is a Microsoft account. Am I risking my account by providing this info to the app? Is it safe to enter login credentials of cloud services in file manager apps?
Just bumping this thread as it seems to have been lost/ unnoticed.
@Ultramanoid can you answer some of these?
Sridhar Ananthanarayanan said:
@Ultramanoid can you answer some of these?
Click to expand...
Click to collapse
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Ultramanoid said:
Can't help much, sorry. As to Android, some notes :
1. Never have used an OEM / Google's version of Android, or anything other than rooted single-user systems.
2. In addition to the previous answer, I'm not a gamer.
3. I usually don't ever set defaults with some rare exceptions, so I am always given a choice of what I want to use to handle a file. It may vary depending on many things; I may want to edit an SVG file as text, or view it as an image, for instance. There are applications / services that will intercept intents to allow you to do this sort of thing as well, but I can't recommend a specific one, never use them myself.
4. Possible, but will break Android as by now the system requires it as a file picker in many instances without recognizing alternatives and developers of most applications do expect it as well and their services will not work without it. Don't do it. With recent Android storage changes, including the scoped storage debacle, this is not a viable option anymore.
5. Depends, but not likely as a general rule, specially for OEM garbage, which relies on their own proprietary modifications of Android, their libraries, frameworks, et al. You'd have to carry those over to the destination too, which may not even be possible. Use OEM-independent and not Google Services reliant applications. ( Edit : you'll find some of those applications built to install on all devices here on XDA by single developers, "SONY camera for all devices" and that sort of thing, not recommended anyway, not well supported or long-lived experiments. )
Click to expand...
Click to collapse
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Sridhar Ananthanarayanan said:
Thanks very much. But I wish you answered the last 2 questions as well.
If time permits, would you be interested in telling us how you use your phone? I mean which device, which OS and what apps you use. I would like to give that a try (on a spare device) and see if it is possible for me to live without Google.
Click to expand...
Click to collapse
Didn't answer because it won't be helpful.
As to the 1st, I don't use LAN, and I don't keep data in any device or computer unless in use. External independent encrypted storage to be used wherever, whenever, independent of device, cables if needed.
As to the second, it's a matter of common sense, being informed of vulnerabilities and aware of reputation, and trust. Would you trust Chrome or Mozilla with data if you're online banking ? Seems reasonable -- but be aware of major vulnerabilities that may be going on. Would you trust an application released yesterday by a single developer for the same ? Probably not a good idea.
Finally, I doubt what I use and how I use it would be acceptable for you, or most people. In essence you could : Install latest firmware, wipe device, install latest security patched Lineage build for it, remove vendor / Lineage applications, get full root, remove anything you don't need or use which could have vulnerabilities; frameworks, libraries, binaries, etc ( Bluetooth, SMS, Android system-wide downloader, system-wide WebView, NFC, and on and on .. ), install your own binaries, fonts, hosts file, and applications where appropriate ( /bin /etc et al ), install Termux and all Linux packages required for your use, everything open source whenever possible, and stay away from any Google services / Play / applications with ANY trackers, analytics, data mining or even crash report capabilities; zero tolerance. Internet permission only for a secure web browser -- and terminal if / when needed. Half of what I do or use goes through terminal to be honest. In short, for me an Android device is a full Linux laptop replacement with added perks : Always on and on me, camera, GPS, pedometer, unlimited LTE data, and emergency calls for medics / police. ( Edit : And Japanese EEW alarm of course ! Only notification I use. We learned our lesson well in 2011. )
You can use ApkExport to extract any apk including system apks. I've transferred apks between other devices devices with it.
Never had need of doing that though with a system apk.

Categories

Resources