Exposing bluetooth HCI/Link Layer on Pixel 2 - Google Pixel 2 Questions & Answers

Hello,
I am attempting to control HCI commands and events directly from the command line (I have access to a few OS's, so bash/cmd are both an option). My test device specifically is a rooted pixel 2.
I've looked into using hcitool, but its no longer a part of the Android OS.
I've looked into using bluedroid test tool, but its no longer a part of the Android OS.
I've looked into using Android Comm Test Suite, but I am unable to secure root permissions without starting an adb shell, and the scripts run outside of the shell - so that hasn't worked out.
I've looked into using Intents/Activities from the com.android.bluetooth apk, running adb shell am -a (activity) or -n (package./activity) but haven't gotten meaningful results from the available commands.
I want my solution to be as generic and portable as possible (work for as many android devices and versions as possible), but I've only found two 'solutions' to this problem thus far.
Currently my options look like:
1) GUI automation (emulating user input to change parameters via nrfConnect or some similar app that would result in changes to HCI/LL level parameters), but this is device specific to the extreme and might break for even simple updates.
2) Building an application that has many functions controlling different bluetooth parameters and interactions, then creating its AndroidManifest.xml file in such a way as to be able to more or less call these functions from the command line.
If there are simpler ways to control these events and commands (alternatives to the now deprecated hcitool) please let me know.
If there are any problems with the two approaches I've listed above, please let me know.
Thank you in advance for any advice.

Related

Learning about Android as an OS

I hope this isn't a stupid question. But I couldn't find any real info regarding this. And after reading the Mysteries of Science thread it seemed to me, there really isn't much information regarding such things. So:
I noticed that for almost all Linux based OS you can find in-depth descriptions on how the OS works on a basic level. For example where specific settings are stored.
The guides at android.com deal with app development, but don't specify how you use the OS as a root user. For example, if I want to change WLAN settings, there must be a way to do that without using the GUI or by using special classes but by editing a config file. Or where does Android store the startup settings, i.e. which apps to start at boot time or at specific system events. Or where do apps register as default app for viewing certain filetypes. There is a description how to code it, but not how Android stores that information and how it can be edited/viewed manually.
Since it's linux based I guess there are plain text config files for all those things. But where...? Was such information ever released by Google?
bur2000 said:
For example, if I want to change WLAN settings, there must be a way to do that without using the GUI or by using special classes but by editing a config file.
Click to expand...
Click to collapse
You can change network interface with 'ifconfig' command.
You can get ifconfig command by installing busybox.
There are commands that can be used, but this is still a bit liek try&error. So it seems there is no full documentation on how Android works?
Has Google ever addressed this, do they plan to release such documentation?

Ip route/mksh toast notification info

Lately these toast notes have been popping up. But what are they? Ive done some digging and this is what i've found.
First off ICS roms use mksh shell as default. In ICS, mksh use /system/etc/mkshrc as the default profile if we log into
android with adb shell.
So if you want to export some environment variable, you can change this file.
And you can change the default profile file path by changing MKSHRC_PATH
in Android.mk.
You should be able to run "adb shell cmd", then the mkshrc will not be used.
.
(ip route 224.0.0.0/4 toast)
What is it? Well thanks to XDA member phealy we have the real answer. 224.0.0.0/4 is the standard IP multicast range - this command just forces multicasting out of the wifi interface (since AFAIK cell carriers don't allow multicasting on their data connections). This prevents multicast traffic from attempting to use the mobile network connection and failing.
Source----> (http://en.wikipedia.org/wiki/Multicast_address)
(mksh toast)
mksh is a command interpreter intended for both interactive and shell script use. Its command language is a superset of the sh(C) shell language and largely compatible to the original Korn shell.
mksh is the MirBSD Korn Shell, largely similar to the original AT&T ksh, pdksh’s actively developed successor, portable. It includes bug fixes and improvements in order to produce a modern, robust shell good for interactive and especially script use. It has UTF-8 support and extended compatibility to other modern shells.
source of mksh info-----> http://lists.linaro.org/pipermail/linaro-dev/2011-November/008785.html
So as it seems both are not malicous,and don't cause any internal damage. Not 100% verified,it's yet to be fully determined.
I'd be interested in knowing if any progress has been made on this. Thanks.
Any progress
Is there any progress on authentication of this request. Is it totally safe?
nabeeldall said:
Is there any progress on authentication of this request. Is it totally safe?
Click to expand...
Click to collapse
It's safe.
Sent from my HTC One
42
Just in case someone digs out this thread while looking for this…
that thread has them answers! ☺

[LIB] Java ADB Library (AdbLib)

Overview
About a month ago I got the urge to do some reverse engineering of ADB so that I could write an Android app that would be able to talk to devices the same way that the adb command-line tool distributed with the Android SDK does (without requiring root!).
The app that came about from this work has been on the Play Store about a month: https://play.google.com/store/apps/details?id=com.cgutman.androidremotedebugger
I had planned to do an open-source release of the library that I wrote for the app, but hadn't found the time to tidy up the code until recently. So today is my official announcement of the open-source release of my ADB work.
TL;DR full sources and detailed JavaDoc are here: https://github.com/cgutman/AdbLib
Functionality
AdbLib implements a connection object (AdbConnection) that sits atop a standard Java Socket class which it uses as the underlying transport for the ADB connection and all streams operating over it. The AdbConnection object contains methods for the creation of AdbStreams which represent the underlying data streams of ADB. AdbConnection also maintains the connection thread responsible for processing and responding to packets from the target device.
The AdbConnection object has an associated AdbCrypto object which abstracts the 2048-bit RSA key authentication used on Android 4.2.2 and later. AdbCrypto also has the capability of saving and loading key pairs, along with generating a fresh key pair. AdbCrypto requires an implementation the AdbBase64 interface which does the conversion of the RSA public key to a Base-64 encoded string that is transmitted to the 4.2.2+ device the first time it connects.
There's also low level AdbProtocol class which has many useful definitions and functions for receiving, validating, and generating ADB packets. This class's methods and fields are used by AdbConnection for packet processing and generation.
Conclusion
Hopefully you guys can do something cool with this library. It's under the BSD license so there shouldn't be any problem getting it included in any projects. I'd be happy to help with any bugs found or provide assistance integrating the library into projects. I also accept patches/pull requests
I've also published the Wireshark dissector I wrote to analyze the ADB protocol: https://github.com/cgutman/wireshark-adb-dissector
@cgutman thanks for this. I am examining how I can integrate this into CASUAL. It would be good for keeping the ADB process count low.
Would you be kind enough to document the flow here? I'm reading the code and I'm 1/2 way getting it, but I want a solid plan before I do a full-scale integration. Do you think you can do a flow of some sort?
Here's how I would be interested in using this library, from the desktop side. Would I hit any limitations here?
adb detect-device loop on port 5555
adb devices -- get number of devices detected
adb push -- fileinputstream from local file to /sdcard/
adb reboot recovery
adb wait-for-recovery
adb shell "echo foo>/data/cache/bar"
adb shell killall recovery
adb reboot
adb wait-for-device
It would be really neat to be able to contribute some things to this project and if this has basic functionality to be able to perform the above from the desktop side, I would be interested in generating several helper methods/classes which will act more familiar to those who are used to the command-line binary. I would also add features not found in command line like adb wait-for-any.
AdamOutler said:
@cgutman thanks for this. I am examining how I can integrate this into CASUAL. It would be good for keeping the ADB process count low.
Would you be kind enough to document the flow here? I'm reading the code and I'm 1/2 way getting it, but I want a solid plan before I do a full-scale integration. Do you think you can do a flow of some sort?
Here's how I would be interested in using this library, from the desktop side. Would I hit any limitations here?
adb detect-device loop on port 5555
adb devices -- get number of devices detected
adb push -- fileinputstream from local file to /sdcard/
adb reboot recovery
adb wait-for-recovery
adb shell "echo foo>/data/cache/bar"
adb shell killall recovery
adb reboot
adb wait-for-device
It would be really neat to be able to contribute some things to this project and if this has basic functionality to be able to perform the above from the desktop side, I would be interested in generating several helper methods/classes which will act more familiar to those who are used to the command-line binary. I would also add features not found in command line like adb wait-for-any.
Click to expand...
Click to collapse
already sounds like this could become very useful, an option to pull partitions from the device would be nice aswell!
ricky310711 said:
already sounds like this could become very useful, an option to pull partitions from the device would be nice aswell!
Click to expand...
Click to collapse
I've already got that option in CASUAL. Download any CASUAL from last night on, and you can use CASUAL.jar --execute "$PULL /dev/block/whatever, local file". The $FLASH command works the same, but it requires that you invert the args. It establishes a direct connection via TCP over USB and flashes the partition.
Will definayltely check it out, any chance of autodetection in the future?
For example umm
$pull boot
Autodetects mmcbl0p5?
Or is it just something we are gonna have to live with?
Sent from my GT-I9300 using xda app-developers app
ricky310711 said:
Will definayltely check it out, any chance of autodetection in the future?
For example umm
$pull boot
Autodetects mmcbl0p5?
Or is it just something we are gonna have to live with?
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
That would be another feature all together... I can make that happen on newer devices. But this method WILL require root access of some kind on the device. Its really intended for flashing a recovery as part of a root exploit and making a backup of said recovery.
That would be great, I know this can be done on a rooted phone with pushing a utility to xbin or sbin and using shell to copy the boot.img to sdcard then pulling it?
Sent from my GT-I9300 using xda app-developers app
AdamOutler said:
@cgutman thanks for this. I am examining how I can integrate this into CASUAL. It would be good for keeping the ADB process count low.
Would you be kind enough to document the flow here? I'm reading the code and I'm 1/2 way getting it, but I want a solid plan before I do a full-scale integration. Do you think you can do a flow of some sort?
Here's how I would be interested in using this library, from the desktop side. Would I hit any limitations here?
adb detect-device loop on port 5555
adb devices -- get number of devices detected
adb push -- fileinputstream from local file to /sdcard/
adb reboot recovery
adb wait-for-recovery
adb shell "echo foo>/data/cache/bar"
adb shell killall recovery
adb reboot
adb wait-for-device
It would be really neat to be able to contribute some things to this project and if this has basic functionality to be able to perform the above from the desktop side, I would be interested in generating several helper methods/classes which will act more familiar to those who are used to the command-line binary. I would also add features not found in command line like adb wait-for-any.
Click to expand...
Click to collapse
AdbLib is a low-level abstraction of an ADB connection and its associated streams. It might not be exactly what you're looking for here. It's not really meant to be used as a direct replacement for the full adb command line client, since for one, it only handles ADB devices over the network.
There's no concept of detecting devices since connections are driven by you specifying a target to connect to. Conceivable you could push files with AdbLib (since it's just pushing data over a stream) but I haven't analyzed that protocol enough to know how it expects the file data to be sent.
Similarly, some of the special adb commands like "reboot" and "reboot recovery" should theoretically just be streams too, but I haven't analyzed the way the protocol deals with those commands.
The shell commands should be simple to send over AdbLib (since that's what it was originally designed for). To do this, you create a socket connected to your ADB target and pass it to AdbConnection.create() with an AdbCrypto object that contains a key pair that was either newly generated or loaded from a file. You then cal AdbConnection.connect() to begin the connection handshake process. When that returns, the handshake is finished. You can call AdbConnection.open("shell: killall recovery") and that will create a stream connected to the killall process (so you can send and receive output via stdin, stdout, and stderr). When the process terminates, your stream will close.
Sorry for reviving this old thread, but if anybody is interested in using AdbLib library, it's now available on maven central repo. It is slightly modified version of the library, but API hasn't changed much.
I'm reviving this thread once again
I used this adb library to create a Tasker Plugin!
https://play.google.com/store/apps/details?id=com.ADBPlugin
Please have a look
@cgutman Just a quick question. How do you send the ctrl+c from your app using this library? I can't seem to find it

[Completed] I have an issue. I do not know if my code modification or my device is to blame.

Info:
my device is rooted (fully) and my phone consist of Supersu, Nethunter terminal, bcmon, Reaver.
(below are the codes i modified for my device)
The history
when I first started running reaver i would receive many errors; [...not found] [...can't enable] [...can't change permissions (appearently you can't change permissions within sdcard folder... anyways, moving on.)]
[...no internet connection found]
my point is after looking at the custom scripts I had installed (with notepad++) i noticed that the actual scripts were the big issue. so I started changing things one by one in-order to not mess-up everything. yeah sure, I made some errors that made things last longer- way longer than normal. Nevertheless, at some point I actually started making things better and slowly started knocking down those errors!! until i hit the 'test' button and sure enough
"Cannot link executable... libfake_driver.so is 32 instead of 64.... only PIE are supported."
Truth Be Told
as you might can tell from the kind of question I'm asking, I am not an expert.
And I understand these kind of questions comes with others looking at the questioner as annoying- and with the thought of 'these beginners just want everyone to give answers instead of learning themselves...' It's NOT COMPLETELY wrong, since now days a comment like such is ... pretty much true-
So i'll say this: Not Every One Is The Same.
I am a programmer. my programming is mostly within game design/ game development so if more coding is needed to solve my issue at hand, then let me know and please (at the lease) point me in the right direction.
if I need to google something, please clarify what to search. For I am just one person, so it is possible I haven't thought of something to type in- however, that does not mean I haven't type MANY searches in already.
The Question
Am I able to use Rfa and bcmon on nexus 5x, and if so, then what is needed to get my phone operating (the app(s)) correctly? This is the complete error i am receiving in RfA.
CANNOT LINK EXECUTABLE: "/system/app/bcmon/assets/libs/libfake_driver.so" is 32-bit instead of 64-bit page record for 0x7f98e8c010 was not found (block_size=64)
error: only position independent executables (PIE) are supported.
My Done Work
with the rfa settings you can choose to use custom scripts the following shows the scripts i used and it's placement.
these scripts i had to modify to get the device's errors fixed ( not all though )
Activation Script:
#!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/sdcard/bcmon/assets/libs
LD_PRELOAD=/data/sdcard/bcmon/assets/libs/libfake_driver.so sh
cd /sdcard/bcmon/assets/tools
./enable_bcmon
echo “rfasuccess”
exit
Warm-up Script
#!/bin/bash
LD_LIBRARY_PATH=/sdcard/bcmon/assets/libs
LD_PRELOAD=/sdcard/bcmon/assets/libslibfake_driver.so sh
cd /sdcard/bcmon/assets/tools
Stop Script
#!/bin/bash
svc wifi enable
echo “rfasuccess”
Will you care to help me?
Hi,
Try posting your question here:
http://forum.xda-developers.com/google-nexus-5/help
The experts there may be able to help.
Good luck!

I have an issue. I do not know if my code modification or my device is to blame.

Info:
my device is rooted (fully) and my phone consist of Supersu, Nethunter terminal, bcmon, Reaver.
(below are the codes i modified for my device)
The history
when I first started running reaver i would receive many errors; [...not found] [...can't enable] [...can't change permissions (appearently you can't change permissions within sdcard folder... anyways, moving on.)]
[...no internet connection found]
my point is after looking at the custom scripts I had installed (with notepad++) i noticed that the actual scripts were the big issue. so I started changing things one by one in-order to not mess-up everything. yeah sure, I made some errors that made things last longer- way longer than normal. Nevertheless, at some point I actually started making things better and slowly started knocking down those errors!! until i hit the 'test' button and sure enough
"Cannot link executable... libfake_driver.so is 32 instead of 64.... only PIE are supported."
Truth Be Told
as you might can tell from the kind of question I'm asking, I am not an expert.
And I understand these kind of questions comes with others looking at the questioner as annoying- and with the thought of 'these beginners just want everyone to give answers instead of learning themselves...' It's NOT COMPLETELY wrong, since now days a comment like such is ... pretty much true-
So i'll say this: Not Every One Is The Same.
I am a programmer. my programming is mostly within game design/ game development so if more coding is needed to solve my issue at hand, then let me know and please (at the lease) point me in the right direction.
if I need to google something, please clarify what to search. For I am just one person, so it is possible I haven't thought of something to type in- however, that does not mean I haven't type MANY searches in already.
The Question
Am I able to use Rfa and bcmon on nexus 5x, and if so, then what is needed to get my phone operating (the app(s)) correctly? This is the complete error i am receiving in RfA.
CANNOT LINK EXECUTABLE: "/system/app/bcmon/assets/libs/libfake_driver.so" is 32-bit instead of 64-bit page record for 0x7f98e8c010 was not found (block_size=64)
error: only position independent executables (PIE) are supported.
My Done Work
with the rfa settings you can choose to use custom scripts the following shows the scripts i used and it's placement.
these scripts i had to modify to get the device's errors fixed ( not all though )
Activation Script:
#!/bin/bash
svc wifi disable
LD_LIBRARY_PATH=/sdcard/bcmon/assets/libs
LD_PRELOAD=/data/sdcard/bcmon/assets/libs/libfake_driver.so sh
cd /sdcard/bcmon/assets/tools
./enable_bcmon
echo “rfasuccess”
exit
Warm-up Script
#!/bin/bash
LD_LIBRARY_PATH=/sdcard/bcmon/assets/libs
LD_PRELOAD=/sdcard/bcmon/assets/libslibfake_driver.so sh
cd /sdcard/bcmon/assets/tools
Stop Script
#!/bin/bash
svc wifi enable
echo “rfasuccess”
Will you care to help me?

Categories

Resources