The purpose of this thread is to provide a guide for users who have Proxyme preloaded in their device's firmware and want to find out how to use it effectively. Ideally, this will be a place to share experiences and ideas to further improve the tool and provide solutions to problems that people may have.
Introduction
Proxyme ( proc-zahym ) represents a system access solution comprised of the following components:
System service - provides access to privileged system environment
SSH daemon - provides secure shell (ssh) and file (scp) access (based on dropbear)
proxyme.apk - user interface module
This solution is offered as a preloaded option in firmware images and consequently cannot (should not) be installed as a regular app, either from the Play Store or being side loaded. The reason for pre-loading stems from the requirements of the system service component to be able to integrate at system level and not be bound by operating restrictions within the Android application and framework platform environment (Zygote and Dalvik sandbox). The Play Store has been enlisted as the primary and preferred source in providing updates to the user interface component; the actual app you will be interacting with.
Proxyme offers the following functionality through its user interface:
Installation/de-installation of the su binary to provide/remove root access
(useful only for other applications which require root level access)
The persistent behaviour of the su binary can be controlled by a one-shot switch
Register/de-register tag-along scripts for su enable and disable actions
(more details on this below)
Control availability and location of busybox toolbox
Start/Stop SSH daemon
Configure listening port for the SSH daemon
Configure user accounts for the SSH daemon
Submit and execute a shell script
SU Binary
The option to enable or disable the su binary switch (on/off) in the user interface is the equivalent of rooting and unrooting the device. When enabled, you are providing root access to apps which require it to perform correctly. Currently, Proxyme does not have built-in support for monitoring and 'policing' the actual access to root.
Auto Root @ Boot
This switch in the Proxyme app allows you to indicate whether the su binary should be installed or removed during a reboot or startup of the device. Setting it to the 'on' position will make the su binary persistent throughout reboot cycles and leave your phone permanently 'rooted'.
Registering Tag-along Scripts
Whenever you enable or disable the su binary with the on/off switch in the user interface, there exists an option to execute a user script just prior to and one unique to each action. This is possible by pre-registering a script for one of or both enable/disable actions. A script can virtually perform anything and is always executed within root context. Note that you must be very cautious about the scripts you are registering and be certain about their intentions, because a rogue script could cause irreparable damage to you device.
Each script has the option to override, and thus block, the intended action (enable or disable) by setting a system property named proxyme.override to anything but blank.
One purpose of having tag-along scripts would be to 'freeze' and 'unfreeze' specific root-shy apps, which do not 'like' rooted systems. This is one area where we can share the experience of pre-coded scripts for certain target apps and I do hope it will be put to good use.
To submit a script file, tap on one of the SU Enable Script or SU Disable Script text elements to start browsing for a file.
Busybox
Busybox is just that, busybox. Options are available to determine one of two hard-configured locations where it can be installed and to enable or disable it.
More to follow later...
SSH Daemon
The SSH daemon is based on dropbear. It has been modified to support logon accounts in Android, which are configured with the following parameters:
username
password
home directory
which shell to use
user ID
group ID
For whatever reasons, you can restrict access by specifying non-root user and group (0:0) IDs. The IDs you can choose from are derived from a system list which was used and known within Android at the moment of booting the device. If you have installed new apps in the meantime and would like to use their newly assigned IDs, then please reboot the phone to update this list.
Executing Shell Scripts
The ability to submit and execute a shell script from the user interface can be considered a convenient and quick way to get some tasks done. Take note however that your scripts are run in a privileged environment under the root account and that there are risks involved. A rogue or insufficiently tested script can cause major problems if/when it makes changes to key system partitions, which are normally mounted read only for obvious reasons.
Most rom images will include a sample de-bloating script,which removes ROM specific branding apps. The script. /sdcard/Proxyme/debloat.sh, shows how this is done and could serve as a base for more extensive clean-up of firmware components, if you so desire.
Operational Notes
Whenever a device boots from a factory reset condition (i.e. after wiping data), there will be no UID/GID list available in the user management screen. The reason for this is that the SuMeD setup process will complete before the app data store, the location where aforementioned list is stored. has been initialised. Restart the device in order to make this list available.
Behind The Scenes
For details regarding how Proxyme's system service components are integrated in a firmware image, please follow this trail...
Device Support
Before taking the next step to flash your phone/device, please be aware of the risks involved with performing such an operation. Prepare the device properly, i.e. sufficient battery charge, and be well informed of the correct flashing procedure(s) for your device's make and model. On Samsung devices, rooting will probably trigger 'custom' flag(s) and consequently render the warranty void. No matter how adventurous you may feel, it is always a bad idea to try to flash a firmware image which is not intended for your device. Having said all that, note that you will be flashing your phone at your own risk. You are solely responsible for anything you do to your phone/device, so make sure you are well informed and well prepared before deciding to flash or install anything on it.
The following list will be updated as soon as new firmware images are prepared for new and old devices.
Samsung Galaxy Note 10.1 2014
SM-P600 - (reference post)
Samsung Galaxy J
SC-02F (Docomo) - (reference thread)
SGH-N075T (Taiwan) - (reference thread)
Samsung Note 3
SM-N9005 - (reference post)
SM-N900A - (reference post - unconfirmed)
Samsung Galaxy S4
SHV-E330K - (reference thread)
SHV-E330L - (reference thread)
SHV-E330S - (reference thread)
SGH-I337 - (reference post - unconfirmed)
SC-04E - (reference post)
Samsung Galaxy Grand 2
SM-G710L - (reference post)
Samsung Galaxy S3
GT-I9300 - (reference post)
SC-03E - (reference thread)
SHV-E210K - (reference thread)
SHV-E210L - (reference thread)
SHV-E210S - (reference post)
SHW-M440S - (reference post)
Samsung Galaxy S2 LTE
SHV-E110S - (reference thread)
Samsung Galaxy S2
SHW-M250K - (reference post)
Planned Changes
built-in control of su access (much like what Superuser currently does)
choice of built-in simple file browser or use intents to initiate external app(s) for browsing and selecting files
...
Proxyme - Behind The Scenes
This section details how Proxyme's system service components are integrated in a firmware image.
If you are not up to speed with how a typical Android system is constructed, then I would like to suggest you at least make yourself familiar with this topic in order to fully understand what to do with the following text.
The system service components are integrated in the /system partition (mount point) in Android. In the case of changing a live system this will require mounting the appropriate partition read/write before applying the updates. If a static firmware image is to be updated, then extract the component which represents the /system partition from the package and apply the updates before re-packing the firmware image.
The following list describes the major system service components:
hijacker - this is a module you need to write, which has the role of initiating the system service in a privileged environment.
hjprepper - this module is started by the hijacker to prepare the environment prior to starting SuMeD
SuMeD - this one is what it's all about. The Proxyme app relies on this daemon to be up and running in order to perform any of its privileged functions
SSHD - the SSH daemon is represented by an updated implementation of dropbear on Android
Hijacker
The hijacker is a program you would normally have to write to replace an existing program in your rom, which is started during the boot process by for example initd. This part of the integration process requires your (creative) input, since you need to analyse the rom you are working on and figure out how and where to position the hijacker module. If you do find an existing module to hijack, make sure to always call that original module from your hijacker once it has managed to execute the hjprepper program. In some roms it suffices to start hjprepper from a shell script, which is run with root access... they exist, you just have to look for them.
This is what your hijacker could look like in C
Code:
#define PROP_HIJACK "proxyme.hijack.system"
#define HIJACKEE "/system/bin/original-program"
#define PREPPER "/system/xbin/hjprepper"
int main( int argc, char *argv[] )
{
char *lArgv[5];
char **lArgList;
int lArgCnt;
pid_t pid;
lArgList = (char **)malloc( sizeof(void *) * (argc + 1) );
for ( lArgCnt = 0; lArgCnt < argc; lArgCnt++ )
{
lArgList[ lArgCnt ] = argv[ lArgCnt ];
}
lArgList[ lArgCnt ] = NULL;
/* Fork parent process */
pid = fork();
if ( pid < 0 )
{
property_set( PROP_HIJACK, (char *)"Hijacker Startup... spawning failed, prep first before xfer" );
system( "/system/xbin/hjprepper" );
execv( HIJACKEE, lArgv );
exit( EXIT_SUCCESS );
}
else if ( pid > 0 )
{
property_set( PROP_HIJACK, (char *)"Hijacker startup... spawned, parent ascends phase 2" );
execv( HIJACKEE, lArgv );
exit( EXIT_SUCCESS );
}
if ( execl(PREPPER, PREPPER, (char *)NULL) < 0 )
{
property_set( PROP_HIJACK, (char *)"Hijacker startup... failed to call prepper" );
}
exit( EXIT_SUCCESS );
}
hjprepper
This program is responsible for setting up an operating environment for the SuMeD daemon. If you have full control over a rom's boot image, then include a call in your init process to start this module once during boot. If not, then use a hijacker program or look for existing and suitable scripts to initiate hjprepper.
hjprepper starts the SuMeD daemon once it completes the setup and configuration procedure.
SuMeD
This bad boy is responsible for the user requested actions through interaction with the Proxyme app.
Prebuilt Packages
To get you started, there are pre-built modules available,which you can download here. Currently, availability is limited to Android 4.3 and 4.4.2 only. The following zip archives are organized in a folder tree structure,which serves as a guide for where to place the modules within the /system path.
4.3 Prebuilts
4.4.2 Prebuilts
Filler 2
Filler 2
Filler 3
Filler 3
Please add support in latest SHV-E110S 4.1.2 rom(s)
Title says/asks it all...
Can You guide build pre-rooted rom by proxyme? Thank you very much.
linhbs said:
Can You guide build pre-rooted rom by proxyme? Thank you very much.
Click to expand...
Click to collapse
Behind The Scenes section has been added to the OP.
Can this method be used to prebuilts S3, S4, Note3 not Korea? Thanks so much.
linhbs said:
Can this method be used to prebuilts S3, S4, Note3 not Korea? Thanks so much.
Click to expand...
Click to collapse
Yes. You need to figure out how to get the SuMeD daemon started and that depends on the rom you want to integrate it in. The Behind The Scenes post highlights what areas to focus on when doing this.
Note that the first post includes 2 firmware images (both Android 4.3 and 4.4.2) for the international Note3 (SM-N9005). It's a no-brainer to copy the files from the appropriate directories to an equivalent and same level version firmware for another region of the same device.
Please add support N900A 4.4.2. Thank you very much.
linhbs said:
Please add support N900A 4.4.2. Thank you very much.
Click to expand...
Click to collapse
Has 4.4.2 been released on that device? If yes, a download link for the official stock firmware will help speed up the process. If not, then we wait or you could send a PM to davidcsv with the 10 or 11 digit s/n and he will monitor and download the latest release as soon as it becomes available...after that your new firmware image will be uploaded within a day.
Link: http://www.androidfilehost.com/?fid=23321874045862490. Thank you for your interest!
linhbs said:
Link: http://www.androidfilehost.com/?fid=23321874045862490. Thank you for your interest!
Click to expand...
Click to collapse
N900AUCECMLG (preloaded with Proxyme) (2014-01-04)
This rom implicitly performs a factory reset, so backup your data before flashing it. Unpack the zip archive and specify the resulting .tar.md5 filename in the PDA/AP section of the latest version of Odin.
Use Proxyme to execute the /sdcard/Proxyme/debloat.sh script to get rid of the k n o x messages.
mega.co.nz
torrent, mirror
Apparently, this firmware image is a pre-release/leaked image and not the final deal. It includes an updated bootloader and related components, meaning that it will not be straightforward to revert back to an older version of the firmware. If you encounter problems with this Proxyme preloaded image, then I'd suggest flashing the image from the original download link.
All feedback is welcome and will be appreciated. Enjoy!
Thank you very much. I ask you to add proxyme in I337 4.4.2 rom. Thank you very much.
Link: http://www.androidfilehost.com/?fid=23329332407566813
linhbs said:
Thank you very much. I ask you to add proxyme in I337 4.4.2 rom. Thank you very much.
Link: http://www.androidfilehost.com/?fid=23329332407566813
Click to expand...
Click to collapse
I337UCUFMLD (preloaded with Proxyme) (2014-01-02)
This rom implicitly performs a factory reset, so backup your data before flashing it. Unpack the zip archive and specify the resulting .tar.md5 filename in the PDA/AP section of the latest version of Odin.
Use Proxyme to execute the /sdcard/Proxyme/debloat.sh script to get rid of the k n o x messages.
mega.co.nz
torrent, mirror
Apparently, this firmware image is also a pre-release/leaked image and not the final deal. It too includes an updated bootloader and related components, meaning that it will not be straightforward to revert back to an older version of the firmware. If you encounter problems with this Proxyme preloaded image, then I'd suggest flashing the image from the original download link. A Google search shows that this image does have a few minor issues, so beware.
All feedback is welcome and will be appreciated. Enjoy!
Thank so much. I find the phone test. Will respond to you.
SC-04E Stock Firmware Proxyme Rooter images
Root Ready Stock Images
(Unfortunately, flashing these ROMs will trigger KNOX)
Kitkat 4.4
SC04EOMUFNI3 (Proxyme) (Build Date 2014-09-19)
This zip archive contains an Odin flashable file. It is not the complete stock image, so you MUST have OMUFNI3 already running on your phone or you will need to download it from the above reference sites, which carry complete stock firmware images, and flash it before continuing with this file. Instructions are included in the zip archive.
uploaded.net
mediafire
torrent, mirror2
I337:
- Before flash rom: I337UCUEMK2 version 4.3
- After flash rom I337UCUFMLD (preloaded with Proxyme) fail.
Good.
linhbs said:
I337:
- Before flash rom: I337UCUEMK2 version 4.3
- After flash rom I337UCUFMLD (preloaded with Proxyme) fail.
Click to expand...
Click to collapse
Please post the complete log from the message box in Odin. One more question, is your phone 16GB or 32GB model?
update: and also try again with newer version of Odin v3.09 instead of v3.07
INTRODUCTION:
The Kali NetHunter is an Android ROM overlay that includes a robust Mobile Penetration Testing Platform. The overlay includes a custom kernel, a Kali Linux chroot, and an accompanying Android application, which allows for easier interaction with various security tools and attacks. Beyond the penetration testing tools arsenal within Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and much more. For more information about the moving parts that make up NetHunter, check out our NetHunter Components page. NetHunter is an open-source project developed by Offensive Security and the community.
IMPORTANT NOTE:
1. Your warranty is void now as you have unlocked your bootloader.
2. Although Kali Nethunter should be safe to use, I am not responsible for whatever happens to your device, router, or whatever networking infrastructure because of You misusing the available facilities of Kali.
3. Remember that while Kali can be absolutely safe, if you handle root access improperly, no one will help you.
4. Make sure you read all of the info here and have some basic knowledge about networking, kernels and Linux/Unix.
5. Even if you're able to find a vulnerability on a different host , don't misuse the advantage you have.
6. Report the issue to the device's owner..
Kali NetHunter Application
Home Screen - General information panel, network interfaces and HID device status
Kali Chroot Manager - For managing chroot metapackage installations.
Check App Update - For checking Kali NetHunter Android App updates.
Kali Services - Start / stop various chrooted services. Enable or disable them at boot time.
Custom Commands - Add your own custom commands and functions to the launcher.
MAC Changer - Change your Wi-Fi MAC address (only on certain devices)
VNC Manager - Set up an instant VNC session with your Kali chroot.
HID Attacks - Various HID attacks, Teensy style.
DuckHunter HID - Rubber Ducky style HID attacks
BadUSB MITM Attack - Nuff said.
MANA Wireless Toolkit - Setup a malicious Access Point at the click of a button.
MITM Framework - Inject binary backdoors into downloaded executables on the fly.
NMap Scan - Quick Nmap scanner interface.
Metasploit Payload Generator - Generating Metasploit payloads on the fly.
Searchsploit - Easy searching for exploits in the Exploit-DB.
3rd Party Android Applications
NH-App-Terminal
DriveDroid
USB Keyboard
Shodan
Router Keygen
cSploithttps://github.com/offensive-security/kali-nethunter/wiki/NH-App-Csploit
DOWNLOADS
1. For Nougat Based Custom ROMs/Stock ROMs :
Android Filehost
2. For Marshmallow Custom ROMs/Stock ROMs:
Android Filehost
3. Kernel(only for moto g4 plus)
coming soon (got zImage last step is remaining
INSTALLATION
IMPORTANT NOTE: Kali NetHunter is NOT an Android ROM, but it is an overlay ( you have to flash it above android).
The builds currently provided are to be used on Nougat based custom ROM)s (which use the LineageOS kernel) as well as for Stock ROMs also.(examples include all of our N/MM custom ROMs like Lineage, AEX, AICP, AOKP, DU and Stock ROMs) :
1. Make sure you are running the latest available build of the ROM you have installed.
2. Root is required. i.e SuperSu.
3. Reboot to TWRP.
4. Make sure you backup Boot, System and Data partitions, just in case you want to remove Kali, you can restore it.
5. Wipe Cache and Dalvik Cache. Do NOT wipe your data partition.
6. Install the zip file.
7. Reboot to System.
POST INSTALLATION:
1. You have to download the real packages knows as Kali Chroot Packages which might be around 700-800 MB in size.
Kali Nethunter Full Chroot Download
2. After downloading put it into your internal storage(don't place it in any folder).
3. Open the NetHunter App and start the Kali Chroot Manager(it will take 10 to 15 mins to extract and install full packages).
3. Set up Hacker Keyboard.
4. Configure Kali Services, such as SSH.
5. Set up custom commands.
6. Initialize the Exploit Database.
Supporting external wireless adapter(only for moto g4 plus)
1.TP-Link TL-WN722N V.2 with realtek drivers(RTL8187CU/RTL8188CU) currently atheros chipset is not supported for g4 plus
NOTE
You can flash it in any android devices everything will work but external wifi adapter and HID attack will not work. so if you are happy with it then go for it and enjoy:good:
For VNC Installation
1. apt-get install tightvncserver
2. Run VNC Server
vncserver :1 -geometry 1280x720 -depth 16
Arguments:
:1 (Display 1,2,3,4 etc..)
-geometry (Resolution width x height)
-depth (16, 24, Color Depth, use 16)
3. Connect to VNC
4. Open AndroidVNC
Alias: Kali Linux
Password: The password you set before
Address: 127.0.0.1 or your IP
Port: 5901 (Depend on display ex. Display 2, Port 5902)*
Username: root
For Metasploit
Initialize the database
1. msfdb init (you must initialize it every time if you do not set "Start at boot" in the Kali Services Tab on Nethunter App)
2. Run Metasploit
msfconsole or use setoolkit
FUTURE WORK
1. Support for external wireless adapter for more devices
2. HID support for more devices
Please comment for the kernel for supporting external wireless adapter and HID support
If you like my work please consider thanks.
Just copy paste from https://forum.xda-developers.com/moto-g4-plus/development/kalilinux-nethunter-t3639411?
Appears to be a duplicate of KaliLinux NetHunter v1.0 [Kali v2.0/Backtrack 5][athene]
Closed.
Hello Everyone
So I was wondering (I've searched the site,with no luck finding what I need)
I would like to customize and build the Android OS for my mobile phone.
My Physical Test Device Info:
- Samsung Galaxy J1 Ace, SM-J111F
- Running Android 5.1.1 (I've upgrade the rom from 4.x.x to 5.1.1)
Customizations would include:
- Password Protect The Recovery Menu (Like BitLocker's Password Prompt)
- Password Protect The OTA (Over The Air) Download Menu (Like BitLocker's Password Prompt)
- Password Protect The ABD Flashing (Enter Password Through The ABD Command Prompt, Before A User Could do any updates or data uploads/download to the Device)
Please could you let me know what files might need changing also any info relating to any tutorial which I can follow.
Kinda Starting from scratch (I have no android OS development experience, except for a few apk apps from Unity3D)
I'm a software engineer, I've worked with Embedded Systems Running C and C++. a few webs apps and some backend C# systems.
Thank you so much for the help and support in Advance!
Hello guys!
I started a new project with adb+python a few days ago.
You can find my tool here:
https://github.com/Frxhb/python_adb
Small Description:
This program, which is still in development, uses adb tools + some python commands to modify your device. Right now it only works on Linux.
It uses python3 + pure-python-adb and adb-platform-tools.
Right now you can:
Install/uninstall apk
Reboot your phone
normal
into bootloader
into recovery
List installed packages
Start ADB-shell
Feedback:
If you guys want, you can test this program out and give me feedback. Sure I will add more and more function soon to this program. I already tested it on linux-mint and raspbian os with:
Xiaomi Mi 10 T Lite
Samsung Galaxy S7
Gigaset GS370 Plus
Goals:
My goal in the future is to implement this program into a graphical user interface (GUI) to have a better user experience.
How to run:
Just read the README.md and do the steps to run this program ( https://github.com/Frxhb/python_adb/blob/master/README.md )
As I mentioned in README, this tool is just available right now for LINUX users.
Please give me feedback if you have tested it. Thanks in advance.
Frxhb
placeholer #1
placeholder #2
placeholder #3
Hi @Frxhb. Nice project!
How the hell did you make that ASCII art?
Keep up the great work!
Q: What is Kali-linux-touch
A: Kali-linux-touch is a rom add-on that will borrow techniques used by Ubuntu Touch for system and hardware integration that will bring full support of Kali-linux to any device that has Lineage-16 and up kernel and device source code
Q: What features will it bring to my device?
A: Hopefully all the pentest features available under Kali-linux in a portable mobile platform to use at your own discretion
But remember with great power comes great responsibilty. Always keep keep the privacy of others in mind and remember that some of the programs tactics tools and techniques used by kali-linux are illegal in most places. Keep that in mind as you build and use kali-linux on your device.
We here at porting_Kali-linux-touch are not responsible for the improper or illegal use of the kali-linux tools.
Always respect the privacy of others!!!
Q: Does your device support Kali-linux-Touch?
A: at this moment no devices are supported and only individuals who want the security of kali-linux are encouraged to participate.
Due to security concerns this project may never have an outright port so its up to the user to build up thier own rootfs to use with the Halium build system and to port your device individually yourself.
On that note please do not post links to your own rootfs or rootfs.img builds as it violates the security and integrity of the system and all individuals who may use it.
Q: How do i get started?
A: You can start by initializing the repo for halium 9 and building a boot image and system image for your device. Every thing after that will require hard work and dedication to understanding how the hardware and software interact so we can bring up a graphical interface to your device.
Q: What special needs are required for my kernel?
A: Quite a few. most kernels will need patches for certain aspects of kali linux to work properly this includes systemd, wifi injection, usb support, bluetooth support and HID support.
The firsr part of integration is all about the kernel and you will want to make sure you have all the needed kernel configs to make sure the final product is up to par with all the features kali linux offers
Q: What works and where is the most attention needed to get Kali-linux-working?
A: Right now we need help in getting the rootfs prepared correctly with the proper configs and packages to get it to work with an android touch based system. This includes integrating the hardware and software into the rootfs and bringing up a graphical ui
Q: where can i get the rootfs needed to start working on porting to my device?
A: The first thing to think about when it comes to Kali-linux is security security security. It would be foolish for me to post a link for a rootfs and even more foolish for any one to download and try to use that rootfs.
Because of what kali is and what can be done with it, the rootfs has been under constant attack by black hat hackers over the years with the intention of fooling people into downloading a rootfs that they have patched themselves to steal data and secure information from you.
Because of that intent you should always download your rootfs from a trusted reliable source and as for this project build it up yourself for use with the halium system to insure your own safety and security
this group will serve as a guide as to how to best build up your own rootfs in order to create a rootfs.img to use as your port.
you can find the group on telegram here:
Kali Mobile
group dedicated to bringing a full version of Kali-linux to android devices
t.me