Hi guys,
I'd like to be able to change the mac address of my device to be able to use airport Wifi while on transit.
Here is what I do using tasker
1) Turn off wifi
2) Launch the shell script below
Code:
array=( 1 2 3 4 5 6 7 8 9 0 A B C D E F )
newmac=${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}
chattr -i /persist/wlan_mac.bin
sed -i "1 s/=.*/=64A2F9$newmac/" /persist/wlan_mac.bin
chattr +i /persist/wlan_mac.bin
3) Turn on wifi
But it doesn't work
/persist/wlan_mac.bin is successfully modified by the script but real mac address isn't.
Need your help!
chattr binary is not present on Oxygen Os...
So file gets overwritten while setting airplane mode on and off
It works!
Installed busybox magisk module (which includes chattr binary) and replaced chattr by busybox chattr!
Also modified script by adding command line toggle for airplane mode.
Code:
#!/system/bin/sh
array=( 1 2 3 4 5 6 7 8 9 0 A B C D E F )
newmac=${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}
busybox chattr -i /persist/wlan_mac.bin
sed -i "1 s/=.*/=64A2F9$newmac/" /persist/wlan_mac.bin
busybox chattr +i /persist/wlan_mac.bin
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
i can't thank you enough! i was looking for a way to hard change my mac and none of the rooted apps were working for me. just stumbled upon this thread and it's working good.
Can you guys guide me on How to run That script .. I've already installed BusyBox ..
Thank you so much
Dimitrimem said:
Can you guys guide me on How to run That script .. I've already installed BusyBox ..
Thank you so much
Click to expand...
Click to collapse
Save this into text file, upload to internal memory, name and extension is relevant (mac.sh for example, load to internal memory.
In terminal emulator:
Open directory with file:
cd /sdcard
Add rights to execute:
chmod +x mac.sh
Run:
su sh mac.sh
OnePlus 6 @ Tapatalk
I have BusyBox installed .. how do I replace chattr with the BusyBox one or that's done by default .. I
I managed to save the script and run it from terminal emulator .. however the Mac Address don't changes
Hey there,
Looks like this method doesn't work anymore with pie.
Modifying /persist/wlan_mac.bin has no effect but managed to change mac temporarily (until next reboot) by using the commands below:
Code:
svc wifi disable
ip link set wlan0 addr 01:02:03:04:05:06
svc wifi enable
Modifying hostname method has also changed. It doesn't survive reboot either
Before PIE:
Code:
resetprop -v ro.product.name "newHostname"
#Toggle airplane mode
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
After PIE: net.hostname gets its value from system settings after toggling airplane mode on/off
Code:
settings put system oem_oneplus_devicename newHostname
#Toggle airplane mode
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
[/CODE]
Have you guys succeeded in modifying these permanently?
Karboush the first code actaully worked for me so thnak you .. i wish there was a script for this that actually can randomly change the macaddress .. would be great
thank you <3
Karboush said:
Hey there,
Looks like this method doesn't work anymore with pie.
Modifying /persist/wlan_mac.bin has no effect but managed to change mac temporarily (until next reboot) by using the commands below:
Code:
svc wifi disable
ip link set wlan0 addr 01:02:03:04:05:06
svc wifi enable
Modifying hostname method has also changed. It doesn't survive reboot either
Before PIE:
Code:
resetprop -v ro.product.name "newHostname"
#Toggle airplane mode
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
After PIE: net.hostname gets its value from system settings after toggling airplane mode on/off
Code:
settings put system oem_oneplus_devicename newHostname
#Toggle airplane mode
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
[/CODE]
Have you guys succeeded in modifying these permanently?
Click to expand...
Click to collapse
Time to revive a dead thread. The new method using
Code:
svc wifi disable
ip link set wlan0 addr 01:02:03:04:05:06
svc wifi disable
Doesn't seem to work anymore. After I set the new Mac address I get an error saying
"RTNETLINK answers: Device or resources busy"
Does anyone know a fix for this or if I'm doing anything wrong? Thanks.
From what I understand, Pie uses a random mac address for each specific wifi connection and no longer reveals your true id.
Android Pie by default doesn't change your Mac address when connecting to wifis. The option can only be turned on by editing the system config.xml file, which idk how to do. h ttps://source.android.com/devices/tech/connect/wifi-mac-randomization
Anyone know how to edit it and turn on the option?
Well, after a bit of experimenting I found out a solution to this, bit some issues.
When you want to change your mac address put the phone into airplane mode. The. Put the code
Code:
ip link set wlan0 addr XX:XX:XX:XX:XX:XX
There are some specifications though. Any letters put into it, hexidecimal or not, will make it invalid. And any zeros at the beginning of a pair will also make it invalid, so 01:02:03:04:05:06 would be invalid but 10:20:30:40:50:60 would be valid. The parsing must have changed. Anyone got any solutions to get letters in?
I'm using macchanger and my phone is rooted with magisk .. that easy .. all I had to do is change from iproute to airroute for the " method" works like a charm ?
Dimitrimem said:
I'm using macchanger and my phone is rooted with magisk .. that easy .. all I had to do is change from iproute to airroute for the " method" works like a charm ?
Click to expand...
Click to collapse
Did you have to do anything in particular to make this work? I am on 9.0.4 rooted with Magisk, using this app with mode set to airtable and it does not seem to work. The app is confirmed granted root access per Magisk.
The only thing I'm doing is set airplane mode and wifi enabled .. when I run the app the phone comes out of airplane mode .. not sure I see the "airtable" feature on this app ... Anyways wish you luck
Dimitrimem said:
The only thing I'm doing is set airplane mode and wifi enabled .. when I run the app the phone comes out of airplane mode .. not sure I see the "airtable" feature on this app ... Anyways wish you luck
Click to expand...
Click to collapse
I am using the latest BETA if that makes a difference
after updating to pie I can't change my Mac address anymore. tried it a few ways via terminal and tried at least 3 different apps.
it seems that as soon as I do ifconfig wlan up, or disable airplane mode, it gets reverted back.
if I do ifconfig wlan0 he ether 00:11:22:33:44:55 while the interface is up, it fails to authenticate me to the network
I may have to revert to Oreo
EDIT:
so after reverting to oreo, i still was unable to change the mac using the app that worked before. I found the values for the mac adderss in the file in /persist/wlan_mac.bin.
now, i tried changing these values but they kept getting re-written when i flipped Airplane mode off. so added the immutable flag to it after editing it. now the change is persistent accross boot
so after editing the file, do
chattr +i /persist/wlan_mac.bin
Click to expand...
Click to collapse
and whatever values you have for the interfaces should stick after you boot
i wonder if this would've worked if i tried it in android 9.... too lazy to factory reset again to try it out
keep in mind i was working with a oneplus 3t.
Related
This is for CyanogenMod and its derivates. Stock ROMs should be fine.
If you are inrested in editing your MAC address, there's a guide linked below. I don't know if stock ROMs will automcatically correct the MAC. In this case I think you have to edit /efs/imei/.nvmac.info (read more something about /efs before playing with it!)
Click to expand...
Click to collapse
The easiest way to do the calibration is:
Turn wifi ON and run
Code:
tiwlan_plts -n
This is the script called from a oneshot init service in my init.latona.rc if someone is interested. It will calibrate and correct the MAC automatically, even after a data wipe:
Code:
#!/system/bin/sh
if [ ! -f /data/misc/wifi/nvs_map.bin ]; then
insmod /system/lib/modules/tiwlan_drv.ko
/system/bin/tiwlan_loader -i /system/etc/wifi/tiwlan.ini -f /system/etc/wifi/firmware.bin
/system/bin/tiwlan_plts -n
rmmod tiwlan_drv
fi
____________________________________
Older method
Click to expand...
Click to collapse
UPDATE: I found an easy way to get the real MAC.
Download the apk attached or run the following commands:
Code:
su
mount -o remount,rw /system
ln -s /system/lib/modules/tiwlan_drv.ko /system/etc/wifi/tiwlan_drv.ko
#Make sure wifi is off
./mfgloader -l #Take the binary from a stock ROM
./mfgloader -u
rm /system/etc/wifi/tiwlan_drv.ko
mount -o remount,ro /system
After that your MAC address shoud begin with D0:C1:B1 and not 08:00:28.
To see your current MAC: System Settings > About phone > Status (turn wifi on)
Click to expand...
Click to collapse
____________________________________
This is the first post with some more informations about the calibration
Click to expand...
Click to collapse
While I was reading some logs, I noticed these lines
Code:
TIWLAN: 1089.979242: Starting to process NVS...
TIWLAN: 1089.983698: No Nvs, Setting default MAC address
TIWLAN: 1089.989007: pHwInit->uEEPROMCurLen: 1c
TIWLAN: 1089.993462: ERROR: If you are not calibating the device, you will soon get errors !!!
...
TIWLAN: 1094.726827: Station ID : 08-00-28-12-03-58
...
You can see that the device is not calibrated and that the default MAC address is assigned.
Each device should have a unique MAC address, two devices with the same MAC address in the same network will give problems.
________
UPDATE
I made two flashable files:
wlan_calibration.zip will only do the calibration
wlan_calibration_rand.zip will do the calibration and will randomize the last three octets of the address
Click to expand...
Click to collapse
If you still want to do it on your own, here the guide:
_______________
WLAN Calibration
Here the steps you need to follow (taken from: WLAN Calibration):
1) Turn wifi off
2) From ADB/terminal emulator run the following commands [1]:
Code:
$ su
# cd /data/misc/wifi
# insmod /system/lib/modules/tiwlan_drv.ko
# start wlan_loader
# ifconfig tiwlan0 up
# tiwlan_cu -b
/ w p 1 l 2 f 2
/ t b v 21
/ t b t 1 0 0 0 0 0 0 0
/ q
# rmmod tiwlan_drv
This will create this file: /data/misc/wifi/nvs_map.bin. If it's not there, you did something wrong.
After that you should not get the error while turning wifi ON.
________
MAC address fix
Even after the calibration, you'll still have the default MAC address (Station ID : 08-00-28-12-03-58). But no problem, you can 'easly' change it: Editing the MAC Address.
You need to get the newly created /data/misc/wifi/nvs_map.bin and edit it with an hex editor as described in the guide linked above.
I still don't know if the calibration will improve anything, but it surely won't hurt:
For optimal Wi-Fi performance it is mandatory to calibrate the Wi-Fi hardware
Click to expand...
Click to collapse
NOTE: nvs_map.bin is in /data, so if you do a factory reset you have to do this again.
___
[1]
ADB: System settings > Developers options (ON) > Root access > Apps and ADB
Wow...good solution buddy. I think u shouldpost this in development thread. People dont look much in general thread.
this should be added to the cm9/10 instalation .zip file
I did flash the zip file, ran the other commands thru terminal and see the file /data/misc/wifi/nvs_map.bin.
I don't understand the next step to be done.
I cannot open the bin file using hexeditor, I gave it root access.
And, in case i open it what mac address should i use? Is some address hard coded to each phone?
Hetalk said:
I did flash the zip file, ran the other commands thru terminal and see the file /data/misc/wifi/nvs_map.bin.
I don't understand the next step to be done.
I cannot open the bin file using hexeditor, I gave it root access.
And, in case i open it what mac address should i use? Is some address hard coded to each phone?
Click to expand...
Click to collapse
I don't know how MAC are assigned, I simply randomized the last part of the address (I kept the first part: 80:00:28).
Anyway I just uploaded a new zip file to make things even simpler. It will automatically randomize the last four three groups. If you want to use it, you need to delete /data/misc/wifi/nvs_map.bin first. EDIT: I changed the script, now you can do the calibration without removing the file.
Anyway I don't know what's wrong with your editor, I did it from my computer.
I tried using hex editor from play store.
I'll try the new zip tomorrow..
As I wrote in the OP, today I found the way to get the original MAC.
I don't know what is needed to make the commands work while in recovery (services needed etc...), so I made a dummy app (I simply adapted the code of an app I made few days ago to do a similar thing).
No fancy icon (it's the default one), no checks, ugly etc... It simply does the job (my Java knowledge is almost zero)
EDIT:
I almost forgot to say that the real MAC is in /efs/imei/.nvmac.info. It was the first place where I looked, but it's an hidden file an I didn't see at first.
bam....
Dear @loSconosciuto
I following this guide to solve the problem that actually I have in my phone with CM 11. In the Status menu, "non available" appears in my device WIFI mac. I following the guide step by step and I couldn't change it.
Could you help me?
carniman78 said:
Dear @loSconosciuto
I following this guide to solve the problem that actually I have in my phone with CM 11. In the Status menu, "non available" appears in my device WIFI mac. I following the guide step by step and I couldn't change it.
Could you help me?
Click to expand...
Click to collapse
This guide is for the kernel 2.6.35 which uses a completely different driver, it's quite an old thread. The calibration is done in a different way and I don't think that's the problem.
I'm not using CM11, so it's quite hard for me to know exactly what's wrong.
loSconosciuto said:
This guide is for the kernel 2.6.35 which uses a completely different driver, it's quite an old thread. The calibration is done in a different way and I don't think that's the problem.
I'm not using CM11, so it's quite hard for me to know exactly what's wrong.
Click to expand...
Click to collapse
Ok, sir. Thank you for your help.
Hi there
trying to fix Samsung s4 active i9295 wifi problem. at least got the MAC address showing (was 02:lots of zeroes) still unable to start wifi. is there anything else I should search for? tiwlan_drv.ko was not there so I downloaded it sepparately. do I need some more modules to be added? using stock 4 file engineering FW Android 5.0.1
I am not responsible for anything that may come of or from this information. Use at your own risk!
Step #1)
Create security lock through Settings (pattern, pin, password).
Step #2)
Add VPN connections
Step #3)
Plug the phone in and run these commands (requires adb to be setup properly and drivers). I am sure there is a way to do this directly on the phone but this is easier for me.
Commands to remove security:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=0 where name='lockscreen.password_type';
.exit
exit
Finished!
For me no reboot was required and you do not have to restore pattern in order to create more VPN connections.
Optional Step:
If you decide that you want to restore the security run the one that fits you.
Commands to restore pattern:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=65536 where name='lockscreen.password_type';
.exit
exit
Commands to restore pin:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=131072 where name='lockscreen.password_type';
.exit
exit
Commands to restore password:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=262144 where name='lockscreen.password_type';
.exit
exit
Great! Thank you!
really helpful, i've been fed up with stupid design.
Brilliant, does it also work for ICS?
I don't have an ICS device. If I can find someone that is willing to let me take a look at their ICS device I can see.
When I restart my phone, it needs a password to access VPN menu. what should I do? I don't want to run these commands every time I restart my phone. any solutions?
does it work with exchange password policy as well?
Sent from my GT-I9300 using xda app-developers app
P30SiNa said:
When I restart my phone, it needs a password to access VPN menu. what should I do? I don't want to run these commands every time I restart my phone. any solutions?
Click to expand...
Click to collapse
Hmm did notice that before I will see whats up with that,
portnoy.vitaly said:
does it work with exchange password policy as well?
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
I am not sure but I would imagine so. I would try with pattern lock and not PIN or Password.
Says that "sqlite3: not found" ....
I justd used Forget password option and entered pin , then i didnt choose any options , and the pattern removed
Just tried this. Added vpn, removed lock pattern. It went back to slide, worked fine.
Rebooted, not visiting VPN settings it's asking me to enter credential storage...any ideas how I can a) get past this without wiping my wifi/vpns, or b) remove this but keep my vpns and slide lock?
sorset said:
Says that "sqlite3: not found" ....
I justd used Forget password option and entered pin , then i didnt choose any options , and the pattern removed
Click to expand...
Click to collapse
Same here.
Works great, thanks for sharing :good:
spumanti said:
Same here.
Works great, thanks for sharing :good:
Click to expand...
Click to collapse
Works for me, too, until I reboot :/
Doesn't work. Apparently it's problem with sqlite.
soinfo_relocate(linker.cpp:1013): cannot locate symbol "sqlite3_enable_load_extension" referenced by "sqlite3"...CANNOT LINK EXECUTABLE
Any help please?
Use Script Manager to make this done on every boot.
1. Make this a batch file:
Code:
#!/system/bin/sh
echo "update locksettings set value=0 where name='lockscreen.password_type';" | sqlite3 /data/system/locksettings.db
and save it to your sdcard
2. Use Script Manager to run it on boot and enable su (root).
3. Test it by running it from script manager and see if it runs correctly. You can try enabling PIN and it should be disabled after running this.
4. Final test: reboot your phone and see if PIN/password is disabled.
Keep in mind this gets executed after everything else, so if you try to wake your phone right away, you might still see the PIN prompt.
Another way without script manager:
1. Make this a batch file:
Code:
#!/system/bin/sh
echo "update locksettings set value=0 where name='lockscreen.password_type';" | sqlite3 /data/system/locksettings.db
and save it to your sdcard as 99pinremove
2. Run the following using adb:
Code:
adb shell
su
mount -o remount rw /system
cp /sdcard/99pinremove /etc/init.d/99pinremove
chmod 755 /etc/init.d/99pinremove
chown root:shell /etc/init.d/99pinremove
exit
exit
In 4.4 there is no such file
Code:
/data/system/locksettings.db
.. any ideas?
Hi,
IT MIGHT BRICK YOUR DEVICE.
Always ensure you have a way back.
Here is a thread about my fork of Koush's Superuser, to handle SELinux: https://github.com/seSuperuser/Superuser
So I would like your help to make this SuperUser a proud opensource SU app!
If you have an application that requires root, and which needs specific SELinux configuration please ask!
Build bot: https://superuser.phh.me/
Currently, four flavors of su are available on the build-bot:
- "eng" which puts "su" in permissive mode. This is the most compatible mode, but you should trust the apps you give root to. This does NOT put SELinux in permissive mode.
- "noverity" is eng and dm-verity disabled
- "nocrypt" is eng, dm-verity and dm-crypt disabled
- "user" is meant to give a safe su. su-apps won't be able to access to your Android Pay (for instance) informations, or keep persistent su access without your consent
Please note that user is in heavy development and isn't up to its promises at the moment.
I setup a build bot, which generates boot.img based on my solution, and pushes them to https://superuser.phh.me/
I did this build bot in a way so it is easy to add new ROMs, so don't hesitate asking for new ROM/devices support.
Supporting new devices might mean some additional work on http://github.com/seSuperuser/super-bootimg/ if they are using non-standard boot.img format, but the aim is to support as many devices as possible.
You need to install the APK from PlayStore afterwards: https://play.google.com/store/apps/details?id=me.phh.superuser
Bot-supported devices
Here are some devices, but there are many more !
- A *lot* of Archos devices
- All Nexus-es, including Pixel C (if some Nexus is missing, just ask!)
- nVidia Shield TV
- nVidia Shield Tablet
- Fairphone 2
update.zip format
The zip is available at https://superuser.phh.me/superuser.zip
It should be able to root any device supported by super-bootimg from TWRP (and possibly other custom recoverys)
You still need to install the APK afterwards. https://play.google.com/store/apps/details?id=me.phh.superuser https://f-droid.org/repository/brow...lob/master/known-imgs/nexus/hammerhead/MRA58N describes a firmware, nothing device-specific). This only requires to do some PRs to add a device, or on updated firmwares
- Testers
- UI designer: The current UI dates back from 4.1...? It is really ugly and not really usable.
- Testers
- Root-related devs: SELinux policies are still being written
- Testers
- Security reviewers
- Testers
Bug report
If some app doesn't work, please ask me, not the dev.
I consider I have to fix support for other apps, not the other way around.
ChangeLog
2016-01-31 r170: superuser.zip can be included in other update.zip
2016-01-27 r166: Add support for Viper4Android
2016-01-15 r162: Add su --bind and su --init commands
2016-01-10 r154: Files are no longer copied multiple times. Fixes MultiROM, and multiple install for update.
2016-01-06 r152: Fix support for ChromeOS-like format (Pixel C)
2016-01-01 r144: Detect chromeos-style signature, and don't try to resign it in that case
2015-12-30 r143: Improved compatibility with apps.
2015-12-28 r142: Changed naming convention to include device name and release
2015-12-28: Added "nocrypt" target
2015-12-13: Added "noverity" target to buildbot
2015-12-13: Add options for noencrypt, noverity
2015-12-03: Fix TitaniumBackup
2015-11-24: mount --bind to /system/xbin/su if it exists to override ROM's su
2015-11-23: Fix CF.Lumen
2015-11-14: Add super-bootimg's version in boot.img, several network/firewall-related permissions
2015-11-11: Access to Android's services
2015-11-10: Recursive su access
2015-11-09: Fix pm disable command
Do you mean that latest galaxy s5 neo sm-g903f might be rooted soon ?
(Exynos5 & Mali T-720)
It seems like many people still haven't understood the purpose of apps like SuperSu and Superuser. They are no exploits and don't gain your root access. What they do is they manage the root access and enable you to select which apps to grant root access, otherwise every single application on your device would have it. They are root managers. So this project won't help you in getting root for your device as long as there's no method (exploit) to gain it.
Not much activity here, but a lot on my side.
Android 6.0 is now out, with its new SELinux policy, which makes it impossible to update the policy after the boot, and dm-verity becomes mandatory (so no /system change without boot.img)
I'm thus totally retargetting my work:
- I've created https://github.com/phhusson/super-bootimg which will edit boot.img (the complicated part, because it needs A LOT of testing across many devices)
- change sepolicy
- Add su in /sbin/su
- Enable su daemon
With various options to disable dm-verity, encryption, etc. (please note that this is NOT required, since only boot.img is changed)
dude - you should kickstarter this. SuperSu is pretty much a mandatory install for every rooted device. this is big for the XDA community and we would love to support you.
Cannot express enough how much i want this project to succeed
And, at least for myself
"I also wonder about displaying an user-understandable SELinux policy, so that root applications can be "more secure
Would anyone be interested in such a feature?"
......Hell yeah, that most certainly does interest me.........controllable levels of su right?
Obviously, if its possible to do........even if android denies this possibility, an open source su is most assuredly welcome from this neck of the woods
I wish this project major luck
Edit
"(I'm thinking that I'm trying to be even more secure than "standard" non-rooted ROMs, that's perhaps a bit optimistic.)"
I love that mentality, and im enjoying immensley your discussions on github with lbdroid........i love that your taking security more seriously then most...love where your coming from on this.....major props
To better test on shell of recovery without making an update.zip , I modified the sepolicy-inject.c so that the usage() no longer blocks the "booting.sh"
on sepolicy-inject.c:377, insert a line "if ( NULL == optarg ) break;", as in my shell there will be a parameter value with null on last entry of "char** arguv", which will trigger the default switching case and exit the sepolicy-inject unexpectedly.
......
while ((ch = getopt_long(argc, argv, "a:f:g:s:t:c:Z:z:n", long_options, NULL)) != -1) {
if ( NULL == optarg ) break;
switch (ch) {
......
kennylam said:
To better test on shell of recovery without making an update.zip , I modified the sepolicy-inject.c so that the usage() no longer blocks the "booting.sh"
on sepolicy-inject.c:377, insert a line "if ( NULL == optarg ) break;", as in my shell there will be a parameter value with null on last entry of "char** arguv", which will trigger the default switching case and exit the sepolicy-inject unexpectedly.
......
while ((ch = getopt_long(argc, argv, "a:f:g:s:t:c:Z:z:n", long_options, NULL)) != -1) {
if ( NULL == optarg ) break;
switch (ch) {
......
Click to expand...
Click to collapse
I'm not sure I understand...
When calling what command do you need this?
phhusson said:
Hi,
IT MIGHT BRICK YOUR DEVICE.
Always ensure you have a way back.
I'm the author of a fork of Koush's Superuser, to handle SELinux: https://github.com/phhusson/Superuser
It is in early-stage, but thanks to recent events related to SuperSU, it got some spotlight.
So I would like your help to make this SuperUser a proud opensource SU app!
I have mostly two sides of things left to do:
- Device compatiblity/update.zip
- Application compatbility
I've tested my Superuser on Qualcomm/CAF 5.1 devices, on MTK 5.1 devices, on CAF 6.0, on Nexus 5/9 6.0, and I believe it should work on most devices which are close enough to AOSP.
I have missing steps to be compatible with SuperSU (see https://github.com/phhusson/Superuser#todo-list ).
I'd like to have feedback from app developers about which features they need the most.
If you have an application that requires root, and which needs specific SELinux configuration please ask!
There are main two types of builds, and some sub-types in it:
- @doitright did an integration in an AOSP tree, to make it suitable for ROM integration, https://github.com/lbdroid/AOSP-SU-PATCH/
- I did http://github.com/phhusson/super-bootimg/ which integrates su in a binary boot.img, and outputs a root-ed boot.img
@doitright's source solution currently has one SELinux policy, which is fully enforcing, and currently works in most cases.
My solution currently has two different policies, one which has su permissive, meaning it can do anything, which is not as safe as source-based s solution, and one which is WIP (basically unusable, because almost nothing is allowed to root).
I setup a build bot, which generates boot.img based on my solution, and pushes them to https://superuser.phh.me/
I did this build bot in a way so it is easy to add new ROMs, so don't hesitate asking for new ROM/devices support.
Supporting new devices might mean some additional work on http://github.com/phhusson/super-bootimg/ if they are using non-standard boot.img format, but the aim is to support as many devices as possible.
The plan is to have a third method for rooting:
super-bootimg will work from a recovery, so that you can root any ROM from recovery.
Thanks !
Click to expand...
Click to collapse
my question is how to change a file label to u: object_r:system_file:s0
i modify system.img to add some additional apps into /system/app/ directory i did modification then build a new system.img after flashing phone with new system.img the app was appear in menu but once i am trying to open it gives me error (com.xxxxxx.andriod) stopped working then i execute ls -Z command in /system/app/ directory to see the different and i realize that the new app i copied in system/app/ directory it has a different label than others
so i tried to change .apk file label to (u: object_r:system_file:s0) using chcon command but failed
chcon: Could not label u: object_r:system_file:s0
can you please guide me how to do it ?
zameer_yus said:
my question is how to change a file label to u: object_r:system_file:s0
i modify system.img to add some additional apps into /system/app/ directory i did modification then build a new system.img after flashing phone with new system.img the app was appear in menu but once i am trying to open it gives me error (com.xxxxxx.andriod) stopped working then i execute ls -Z command in /system/app/ directory to see the different and i realize that the new app i copied in system/app/ directory it has a different label than others
so i tried to change .apk file label to (u: object_r:system_file:s0) using chcon command but failed
chcon: Could not label u: object_r:system_file:s0
can you please guide me how to do it ?
Click to expand...
Click to collapse
Can you check in audit log?
How did you put the file?
Don't you have any other message?
Maybe in your intro you can eloborate on the naming convention of your bot built .img’s?
one which has su permissive (power?), meaning it can do anything, which is not as safe as source-based s solution (user?), and one which is WIP (eng?)
Your HTTPS link to superuser.phh.me is refusing connections?:
This webpage is not available
ERR_CONNECTION_REFUSED
ReloadHide details
Google Chrome's connection attempt to superuser.phh.me was rejected. The website may be down, or your network may not be properly configured.
Check your Internet connection
Check any cables and reboot any routers, modems, or other network devices you may be using.
Allow Chrome to access the network in your firewall or antivirus settings.
If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.
If you use a proxy server...
Check your proxy settings or contact your network administrator to make sure the proxy server is working.
If I do a flash-all.sh of mra58r, reboot to bootloader, fastboot flash boot your-boot.img, would you expect this to boot fine?
Can you detail which phones can take a custom keystore?
For https, I know it is a must, but i'm waiting for let's encrypt.
For naming convention, I have to rethink those, and i'll update first post.
Anyway it's user < power < eng.
User has only safe permissions, power has all known permissions, eng is permissive. There is nothing source based.
For custom keystore, at the moment I have only seen CAF 5.1/6.0 bootloader with verity enabled to work, and it doesn't display key ID, so it is useless everywhere.
I should get a hand on a Nexus 5X soon, to test properly and get screenshots if it works as advertised.
For your last question, yes. I always work with factory image's partitions, and only change boot.img
I welcome any suggestion about naming convention.
Some times I dont know where to post, here or the Nexus 6 doitright thread. Anyway, I found this interesting.
http://events.linuxfoundation.org/sites/events/files/slides/ABS Lollipop MR1 Verified Boot.pdf
"• We relax some security policies in eng/userdebug loaders to make life less annoying for development • Persistent Data Block ignored, device always unlockable"
If this is true of the boot.img's you build, the only one we could trust is user or are they talking bootloader? Maybe the factory bootloader (user) that google is distributing does not have the verification functionality? Is the bootloader AOSP? If so, what would prevent someone from creating a bootloader, boot.img and /system that circumvents all the verification?
I used your bot built mra58r.
Unfortunately, if forced encryption is on, local.prop does not get parsed and I dont get my custom LCD. This means unless you offer variants of the auto built boot.img with forced encryption off or the ability to pass a noencrypt parameter to the update.zip or build.sh for modifying fstab, I will be forced to modify source and build myself. As for mount -o bind /data/local/tmp/hosts /system/etc, as long as the custom hosts has chcon ubject_r:system_file:s0, things work great.
I still like idea of having the ability to establish a trust between boot.img and a config file in /data/ that do things like custom hosts file, lcd density, iptables (one of my favorites: iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 8.8.8.8:53; iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 8.8.8.8:53)
havealoha said:
Some times I dont know where to post, here or the Nexus 6 doitright thread. Anyway, I found this interesting.
http://events.linuxfoundation.org/sites/events/files/slides/ABS Lollipop MR1 Verified Boot.pdf
"• We relax some security policies in eng/userdebug loaders to make life less annoying for development • Persistent Data Block ignored, device always unlockable"
If this is true of the boot.img's you build, the only one we could trust is user or are they talking bootloader? Maybe the factory bootloader (user) that google is distributing does not have the verification functionality? Is the bootloader AOSP? If so, what would prevent someone from creating a bootloader, boot.img and /system that circumvents all the verification?
Click to expand...
Click to collapse
They are talking about the bootloader, but as it is built in the Android build system, they are using Android build system flags.
I know the Nexus 6/9 doesn't have this functionnality. I'm waiting to get a Nexus 5X in my hands to say for 5X/6P.
Either way, we can't circumvent the verification, all we can do is have a YELLOW state instead of ORANGE, which displays the fingerprint of the keystore.
I forgot this presentation from Intel, so I thought I'd give it a try on Nexus Player. Intel has a proper implementation of the bootloader of Google's recommendation, it sounds logical the Nexus Player would implement it.
Oh wait. Google's logic striked again. No they didn't implement it on Nexus Player.
There is no AOSP bootloader... Or there are three (there are two LK and one u-boot), but neither of them are supported, and neither of them support the different verified boot states.
CAF bootloader handles the four states, but doesn't display them. Thanks to you I checked Intel reference bootloader, and it DOES implement the full spec \o/. Though I have no device to test. But basically, there is no opensource arm bootloader implementing it, and that makes me rant a lot against Google.
havealoha said:
I used your bot built mra58r.
Unfortunately, if forced encryption is on, local.prop does not get parsed and I dont get my custom LCD. This means unless you offer variants of the auto built boot.img with forced encryption off or the ability to pass a noencrypt parameter to the update.zip or build.sh for modifying fstab, I will be forced to modify source and build myself. As for mount -o bind /data/local/tmp/hosts /system/etc, as long as the custom hosts has chcon ubject_r:system_file:s0, things work great.
Click to expand...
Click to collapse
Two sides:
1. For LCD density, have you tried just doing adb shell wm density? Possibly it doesn't even break SafeNet
2. My plan on the matter is to keep my current builds as is, but add a configuration file, and when I'll make an update.zip, the user will be able to change the config file directly in the update.zip
I still like idea of having the ability to establish a trust between boot.img and a config file in /data/ that do things like custom hosts file, lcd density, iptables (one of my favorites: iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 8.8.8.8:53; iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 8.8.8.8:53)
Click to expand...
Click to collapse
Well for iptables, I put it in standard su permission. Well ATM because of some bugs it's only in "power", but I expect it to get into "user" when a bug concerning pts is fixed.
phhusson said:
Two sides:
1. For LCD density, have you tried just doing adb shell wm density? Possibly it doesn't even break SafeNet
Click to expand...
Click to collapse
Yay! As su in Terminal Emulator, wm density 360 worked. The launcher didn't work until #am start -c android.intent.category.HOME -a android.intent.action.MAIN and other apps also needed to be killed before they would display at the new density like lock screen and existing notifications. There are a few issues with the status bar and nav buttons depending on what app you try to run. I assume that if you set this early enough with a hook from init.rc, (nudge nudge) say a trusted file from /data/ that there would be no problem.
LCD density set from setprop, local.prop and wm density all break SafeNet. Even worse, SafeNet now checks /sbin/ for su, requiring a mount bind to a copy of sbin without su. Next thing you know, it will check for bind mounts!
How about a build of SuperSU, su in a random directory with random names? I know, name it the hash of boot.img or the public key from the user generated keystore.
Dont read on, I fixed it , the /data/setlcd.sh 560 needed quotes around it.
I created a Terminal Emulator widget in an attempt to make it easy to switch between resolutions. Interestingly, when set with #wm density 360 and then #am restart, the density sticks across reboots, I was not expecting that!
Ive tried the widget with different combinations of explicit paths for su with options like --context and -c with wm density and am restart and even with a /data/setlcd.sh that is chmod 750 and chcon ubject_r:system_file:s0. Any tricks to accomplish this? I would expect the widget to prompt for root permission and then run my setlcd.sh taking the DPI as argument $1 I am envisioning one main .sh that has a function for each of my customizations, wm density, hosts, iptables and mount bind to a /sbin that has no su. I dont want to keep building boot.img's with special init.rc's.
The closest I have gotten is a widget with command /sbin/su with the arguments -c /data/setlcd.sh 560
This results in a terminal launching that asks for su permission and then:
$"/sbin/su" -c /data/setlcd.sh 560
sh: /data/setlcd.sh: can't execute: Permission denied
nothing in dmesg
Click to expand...
Click to collapse
So I made a test of verified boot feature here: http://forum.xda-developers.com/and...rified-boot-disk-encryption-testings-t3248161
The tl;dr is that verified boot is IMO a great feature of 5X/6P, and we have to find a way to have su enabled with this feature.
But this requires to have working OTA.
I have finally gotten the functionality I need with the exception of iptables which I understand you are working on adding. I am testing with shamu mra58r and the boot-su-power.img.
Here is my setup that features:
custom hosts file for browsing without advertisements
set the LCD density to tablet mode
quickly disable su and revert density when I want to use Android Pay
As root, I created a script in /data/android.sh and set the context to system via chcon ubject_r:system_file:s0 and chmod 700 here are its contents:
Code:
#!/system/bin/sh
#bind mounts transcend am restarts
#wm density transcends reboots
function lcd
{
/system/bin/wm density $density
/system/bin/sleep 3
/system/bin/am restart
}
function hosts
{
mount -o bind /data/hosts /system/etc/hosts
}
function nosu
{
/system/bin/wm density 560
cp /sbin /data/sbin -r
rm -f /data/sbin/su
mount -o bind /data/sbin /sbin
/system/bin/am restart
}
function dns
{
#not working yet in phh
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 8.8.8.8:53
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 8.8.8.8:53
}
density=$2
case "$1" in
lcd) lcd ;;
hosts) hosts ;;
nosu) nosu ;;
dns) dns ;;
esac
The hosts file was copied from http://winhelp2002.mvps.org/hosts.txt and placed in /data, its context was also set chcon ubject_r:system_file:s0 and chmod 644. The local host entries were modified to match those found in /system/etc/hosts. It was important that the contents of this file were terminated on each line and with a blank line at the end.
The tricky part was creating launchers on a home screen using the Terminal Emulator Widget. It seemed that you could not just type in /sbin/su, instead you had to browse to it. Screenshot of widget config attached.
I learned a few interesting things during testing.
Using a /data/local.prop with an encrypted disk resulted in the local.prop not being read during init.
Once wm density is set, it is persistent.
Using mount -o bind gives persistent mounts if you reboot using am restart from the terminal
SafetyNet now checks for su in /sbin
SafetyNet for AndroidPay checks for LCD density regardless of setting it via local.prop (if unencrypted), setprop or wm density
This will be easy for me to reproduce across all my devices without granting persistent root to any app and without adding any app but superuser and terminal emulator.
Thanks for your test! It's really interesting.
You must be the first user of something other than eng
iptables does work for me (in adb shell). Looking back, it should have been fixed by https://github.com/phhusson/super-bootimg/commit/31d3a635eea4fe66071346e05913acfb00d60144
That made me realize that if I don't do releases, I still need to know what users are using, so I added /super-bootimg which contains the git version of super-bootimg repo
For local.prop I'm happy to see you don't need it. I really feel like user shouldn't be allowed to change it (but I'm thinking only about some properties which are in /default.prop so it can't be overriden. perhaps local.prop is safe enough)
am restart is not a reboot, so it's normal mount bind stays
I think you could just mount bind an empty folder to /sbin. The only risks are if adbd/ueventd/watchdogd/healthd restarts, but they shouldn't
Any idea why busybox nslookup is not working?
[email protected]:/data # ls -Z nslookup busybox-android.bin
lrwxrwxrwx root root ubject_r:system_data_file:s0 nslookup -> busybox-android.bin
-rwxr-xr-x root shell ubject_r:system_file:s0 busybox-android.bin
[email protected]:/data # ./nslookup superuser.phh.me 8.8.8.8
Server: 8.8.8.8
Address 1: 8.8.8.8
nslookup: can't resolve 'superuser.phh.me'
1|[email protected]:/data # dmesg
[39764.686702] healthd: battery l=91 v=4144 t=28.1 h=2 st=3 c=-439 chg=
[email protected]:/data #
Well, i struggled for half a day relentlessly and finally got Reaver Working on my XOLO A500S android phone, everything is going good and fine, i got the Reaver app working on my Rooted app without bcmon and it worked and i’m ready to hack the network but just as i bypassed "Test Monitor" successfully(by loading a few scripts and debugging) and hit "Start Attack" this thing showed up, below i’ve written down the issue as it appeared and the scripts that i used to bypass Test Monitor are attached below, i’m basically a noob but good at technical things.
HELP URGENTLY!!!! I waisted a whole day trying to get it working, i’d be so grateful :laugh: if you could help me out with it! PLEASE!! :crying:
Here are those scripts i loaded and put the phone on debug mode
Custom activation script:
#!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo “rfasuccess”
exit
Custom Warm-up Script
#!/bin/bash
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
Custom stop Script:
#!/bin/bash
svc wifi enable
echo “rfasuccess”
1. this happened first but i continued anyway.
Stdout:
"rfa success"
StdErr:
Control the Wifi manager
usage: svc wifi [enable[disable] Turn wifi on or off.
svc wifi prefer
set Wifi as the preferred data network
.//srart.shl[4]: sh :not found
.//start.sh[5]: cd: /data/data/com.bcmon.bcmon/files/tools : No Such File or Directory
./start.sh[6]: ./enable_bcmon : not found
2. and then this happened in the processing window
sh: [3]: sh: not found
CANNOT LINK EXECUTABLE: could not load library "libcap.so.1" needed by "./reaver"; caused by library "libcap.so.1" not found
3. and finally when i hit stop, this message showed up
Stdout:
?rfasuccess?
StdErr:
Control the Wi-fi manager
usage: svc wifi[enable[disable]
Turn Wi-Fi on or off
svc wifi prefer
Set Wi-Fi as the preferred data network
Is there a way to enable the hotspot feature on the 4a for those of us with legacy unlimited data plans? I used to be able to use something and write to the boot.ini, but that doesn't work on my OG Pixel XL anymore. I'm currently using Magisk and a tethering plugin. Would this same setup work on the 4a?
Thanks!
I am using magisk, newest version canary and I have installed the mod; tethering enabler 11.0.0 by stangri and fox8091 as the mod I was using on the p2xl with magisk was no longer working. Tether is working.
Attached the tethering enabler file for magisk if anyone needs/wants it.
Thanks
thanks, I installed this on android 10, and thinking about going to 11, does this still work in 11?
johnwaynegacy said:
thanks, I installed this on android 10, and thinking about going to 11, does this still work in 11?
Click to expand...
Click to collapse
Did you find out if this works with Android 11?
aven_soulgazer said:
Did you find out if this works with Android 11?
Click to expand...
Click to collapse
No idea, still on 10.
I am on 11 and using it.
tweaked said:
I am on 11 and using it.
Click to expand...
Click to collapse
Hmm, not working for me on 11. The warning turning on hotspot (or USB tethering) is gone, but any connected devices do not have internet access.
There must be another property or setting to allow the traffic, maybe like ip_forward in Linux? Anyone have any ideas?
chrispayne said:
Hmm, not working for me on 11. The warning turning on hotspot (or USB tethering) is gone, but any connected devices do not have internet access.
There must be another property or setting to allow the traffic, maybe like ip_forward in Linux? Anyone have any ideas?
Click to expand...
Click to collapse
Termux app or working emulator
su
enter
global tether_dun_required 0
enter
exit
reboot
or ADB shell
crackerjack1957 said:
Termux app or working emulator
or ADB shell
global tether_dun_required 0
Click to expand...
Click to collapse
Yeah, I have both of these set (although I had to use a slightly different syntax). I have tried using the Magisk module from here, and also manually (below), with required reboots:
Code:
The current value for
net.tethering.noprovisioning is:
true
(Set by this module.)
Enter a new value or select
from the options below.
s - Prop boot stage (system.prop)
d - Delay
r - Reset prop
b - Go back
e - Exit
Enter your desired option: e
MagiskHide Props Config v5.3.6
by Didgeridoohan @ XDA Developers
=====================================
Bye bye.
=====================================
sunfish:/ # settings get global tether_dun_required
0
sunfish:/ #
I see some iptables rules related to tethering, which I also tried removing, and changing to ACCEPT, but still no traffic passes:
Code:
sunfish:/ # iptables -nL tetherctrl_FORWARD --line-numbers
Chain tetherctrl_FORWARD (1 references)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0
sunfish:/ # iptables -D tetherctrl_FORWARD 1
sunfish:/ # iptables -I tetherctrl_FORWARD 1 -s 0.0.0.0/0 -j ACCEPT
sunfish:/ # iptables -nL tetherctrl_FORWARD --line-numbers
Chain tetherctrl_FORWARD (1 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
sunfish:/ #
I will take a closer look at the iptables rules, ip rules, and routes. Something else is going on, at least for me.
Thanks for the response.
chrispayne said:
Yeah, I have both of these set (although I had to use a slightly different syntax). I have tried using the Magisk module from here, and also manually (below), with required reboots:
Code:
The current value for
net.tethering.noprovisioning is:
true
(Set by this module.)
Enter a new value or select
from the options below.
s - Prop boot stage (system.prop)
d - Delay
r - Reset prop
b - Go back
e - Exit
Enter your desired option: e
MagiskHide Props Config v5.3.6
by Didgeridoohan @ XDA Developers
=====================================
Bye bye.
=====================================
sunfish:/ # settings get global tether_dun_required
0
sunfish:/ #
I see some iptables rules related to tethering, which I also tried removing, and changing to ACCEPT, but still no traffic passes:
Code:
sunfish:/ # iptables -nL tetherctrl_FORWARD --line-numbers
Chain tetherctrl_FORWARD (1 references)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0
sunfish:/ # iptables -D tetherctrl_FORWARD 1
sunfish:/ # iptables -I tetherctrl_FORWARD 1 -s 0.0.0.0/0 -j ACCEPT
sunfish:/ # iptables -nL tetherctrl_FORWARD --line-numbers
Chain tetherctrl_FORWARD (1 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
sunfish:/ #
I will take a closer look at the iptables rules, ip rules, and routes. Something else is going on, at least for me.
Thanks for the response.
Click to expand...
Click to collapse
Forgot to mention I am on Android 10 thru Verizon legacy unlimited plan.
I see someone else mentioned it was working with Android 11 but I cannot confirm........stayed on 10 for the audio mods & OS slow down of 11.
I tried the zip module on canary magisk android 11 with no luck.
Works great on Android 10. On 11 no internet connection :/
Help me, thNx in advance
I used plain jane Magisk with no additional hacks to get me root.
Then, I use this program to turn on the tethering (wifi, ethernet, or USB):
Releases · Mygod/VPNHotspot
Share your VPN connection over hotspot or repeater! (root required) - Mygod/VPNHotspot
github.com
This is the only way I've found to work with Android 11 for me.
I just updated to the Feb release of Android 11. I followed the steps below to get tethering working. Seems to work just fine.
adb shell
su
props
Once the props load, do the following:
Enter 5, Add/edit custom props
Enter n, New custom prop
Enter net.tethering.noprovisioning
Enter true
Enter 2, post-fs-data
Enter y
Enter y to reboot
You all are odd. I just got my phone back from ubreakifix - fully wiped it. rooted it Magisk and downloaded and installed that zip again. Im using my laptop hotspotted to my phone to post now.....Android 11 feb.... Newest magisk. lol
mpannen said:
I used plain jane Magisk with no additional hacks to get me root.
Then, I use this program to turn on the tethering (wifi, ethernet, or USB):
Releases · Mygod/VPNHotspot
Share your VPN connection over hotspot or repeater! (root required) - Mygod/VPNHotspot
github.com
This is the only way I've found to work with Android 11 for me.
Click to expand...
Click to collapse
Magisk and that VPNHotspot app enabled me to use tethering again. Thank you!
It was quite a surprise to upgrade from stock 10 on my XtT2041-4 to android 11 only to be blocked from the internet unless I pay even more money each month. I wasn't able to get stock V10 back on via fastboot or the Motorola program.After loading stock v10 on the phone had a reboot loop with the blue splash screen.