Database Info

Bluetooth tethering armooo1.5 - moded JF1.5

This is a set of changes to JF1.5 ADP image to enable pan bluetooth tethering. The pan service will be available whenever bluetooth it turned on as you would expect from most other phones.
It includes all the normal changes from JF1.5
Changes
armooo1.50.1
Added support for multiple clients (updated pand_up.sh, pand_down.sh).
Added logging.
Added /system/xbin/pand.start. Works around what looks like an init bug with long lines.
Updated /system/init.rc to use pand.start and logwrapper.
armooo1.50
The pand service was added to /system/init.rc .
The library bluedroid (/system/lib/libbluedroid.so) was updated to start and stop the pand service.
Pan support scripts were added to /system/xbin (pand_up.sh, pand_down.sh).
Added dnsmasq to /system/xbin.
Changes for JFv1.50 ADP1.5 Build Environment
armooo1.5 ADP1.5

So now the question is how can I get this on another build besides the JF?

is this a non-wipe update, and will it break wifitether by harry_m?

twistedumbrella
You should be to manualy install the files in armooo1.50.tar.gz. It will need pand, iptables, awk and a kernel with netfilter/iptables. All of which were in the JF image I am not sure about the others.
andonnguyen
I was able to upgrade from JF1.5 ADP to this image without wiping. As long as you are not trying to use wifitether and the bluetooth tethering at the same time is should not be a problem. Stopping wifitether or disconnecting a bluetooth connection will disable ip forwarding and remove iptables rules which could cause problems.

Thanks it's working perfectly on Dude's build.
I prefer this over network as Ubuntu laptop don't like ad-hoc network and I never managed to connect.
I wonder if someone one if this PAN thing can provide connection to multiple computer simultaneously or is it just one?
Thanks again! good job

An integration in TheDude firmware is available here : http://android.smartphonefrance.info/actu.asp?ID=133 (In french).

armooo said:
twistedumbrella
You should be to manualy install the files in armooo1.50.tar.gz. It will need pand, iptables, awk and a kernel with netfilter/iptables. All of which were in the JF image I am not sure about the others.
andonnguyen
I was able to upgrade from JF1.5 ADP to this image without wiping. As long as you are not trying to use wifitether and the bluetooth tethering at the same time is should not be a problem. Stopping wifitether or disconnecting a bluetooth connection will disable ip forwarding and remove iptables rules which could cause problems.
Click to expand...
Click to collapse
Tried moving the files over and got stuck in a boot loop. Couldn't get the init.rc to work. Didn't try just loading the rest of the files. Wasn't sure if that would work. I'll have to give it a try. Thanks.

twistedumbrella said:
Tried moving the files over and got stuck in a boot loop. Couldn't get the init.rc to work. Didn't try just loading the rest of the files. Wasn't sure if that would work. I'll have to give it a try. Thanks.
Click to expand...
Click to collapse
The image you are using may have different loopback mounts in /system/init.rc you should only need to copy the pand service.

Does anyone know how to use it?
After I updated the firmware, and launch pand_up.sh
an error show on next line:
error: SIOCSIFNETMASK (No such device)
I tried to pair with my MBP, it will show PAN network, but no IP address shows up

armooo said:
The image you are using may have different loopback mounts in /system/init.rc you should only need to copy the pand service.
Click to expand...
Click to collapse
Yeah, I am using a different apps2sd method and general startup than the JF. My image is based on 5.0.2H but I wasn't sure if the service would run without having that. I will try it without. I am sure it'll still work just wasn't sure how efficiently. Thanks again.

Thanks for the update!
In case someone is having issues installing this, here is a little how-to I've been using with Dude's latest rom.
using extracted armooo1.50.1_ADP1.5.zip as YOUR_armoo1.5_adap1.5_DIRECTORY
adb remount
adb push YOUR_armoo1.5_adap1.5_DIRECTORY/system/init.rc /system/init.rc
adb push YOUR_armoo1.5_adap1.5_DIRECTORY/system/lib/libbluedroid.so /system/lib/libbluedroid.so
adb shell umount /system/xbin
adb push YOUR_armoo1.5_adap1.5_DIRECTORY/system/xbin/xbin.cramfs /system/xbin/xbin.cramfs
adb shell reboot
Click to expand...
Click to collapse

what does it actually let us do??
does it allow bluetooth file sharing?

It's simply internet sharing through bluetooth.
Key advantage is that there is not extra app/layer, it's included in Android as bluetooth is on.

Hi!
I tried to include this in JF 1.43 RC9.
Integrated the xbin stuff in xbin.cramfs and the bnep.ko module in modules.cramfs.
Didnt know how to get the module auto-loaded, so added the insmod command to pand.start.
The module is loaded correctly, however the pand service is not added.
running pand.start manually yields some kind of success, the pan service is visible and connectable to, but not allowing to get any kind of transfer, no ip
any advice would be great. i would prefer staying with 1.43 until jf comes out with his 1.5 RC9 version, but i also really would like to get this running to not have to use wifi tethering anymore...
thanks in advance

lilithpro said:
Hi!
I tried to include this in JF 1.43 RC9.
Integrated the xbin stuff in xbin.cramfs and the bnep.ko module in modules.cramfs.
Didnt know how to get the module auto-loaded, so added the insmod command to pand.start.
The module is loaded correctly, however the pand service is not added.
running pand.start manually yields some kind of success, the pan service is visible and connectable to, but not allowing to get any kind of transfer, no ip
any advice would be great. i would prefer staying with 1.43 until jf comes out with his 1.5 RC9 version, but i also really would like to get this running to not have to use wifi tethering anymore...
thanks in advance
Click to expand...
Click to collapse
Sorry, but it looks like part of 1.5 was changing to use libbluedroid.so. So it is not going to start automatically for you. You should be able to get some debugging info from logcat. While you are trying to connect you may also want to try iptables, ifconfig and ps.
iptables -L should show
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- 192.168.5.0/24 anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ifconfig bnep0 should show
bnep0: ip 192.168.5.254 mask 255.255.255.0 flags [up broadcast running multicast]
ps should have two pand and a dnsmasq
logcat should output
I/pand.start( 341): pand[348]: New connection from 00:22:69:C7:71:A2 at bnep0
I/pan ( 354): Starting BT pand for bnep0 192.168.5.0/24

After just installing JF1.51 EU, i replaced xbin.cramfs and copied init.rc to /system and the lib to /system/lib and everything is working great. My speed is actually a hint better than with wifi tether (0.36M vs 0.39M on a 3G 384kBit line).
Great thing there...

I would really appreciate it If someone could post how to connect to the phone on linux using console. Thanks.
PS: I am using JF1.5_ADP build. If I change libbluedroid.so and run the pand service (pand.start), should it be enough for it to work? Am I missing something?

Dimath said:
I would really appreciate it If someone could post how to connect to the phone on linux using console. Thanks.
PS: I am using JF1.5_ADP build. If I change libbluedroid.so and run the pand service (pand.start), should it be enough for it to work? Am I missing something?
Click to expand...
Click to collapse
I believe nobody cares, so I answer to myself
The problem was pretty much a firewall which blocks pings. So stupid. Anyway.
So, the way to do it without flashing, start from JF 1.5. ADB shell commands. Copy the libbluedriod.so into /system/lib/ (not sure if even need). Copy pand_up.sh and pand_down.sh to some G1 directory "your_dir". To start pand, run in terminal:
pand -n --listen --role NAP --devup "your_dir"/pand_up.sh --devdown "your_dir"/pand_down.sh
On linux pc (tried on Mandriva linux) find the G1 device id:
Code:
hcitool scan
(also can be found somewhere in the phone settings)
Connect to the device by
Code:
pand -c "device_id"
Start interface:
Code:
ifconfig bnep0 up
Get ip, gate etc (using dhcp):
Code:
dhclient bnep0
It works.

armooo:
You should really promote this more and have the rom cookers include it in their creations. In fact, the #1 reason for not switching my current rom (jf1.51) to any rogers, ion etc is because i use it really often and it works just flawlessly...

I am using this with Ubuntu 9.04 (with Blueman), and for some reason it disconnects from the PAN service on the phone after a couple uses. Once this happens, I have to reboot the phone and it works again. Any ideas as to what's happening? I have tried cycling the Bluetooth service on the handset, and rebooting the laptop, but neither of those make a difference. When this occurs, I can stay connected for 15 seconds up to about 4 minutes before it dies, and the syslog in Ubuntu reads bnep0 disconnected.

[App-Mod/Source] WifiTether for JB TouchWiz Roms

Before we start I have to throw out props to Eschelon, NxtGenCowboy, Virus, Ziggy471 and of course to the wifi-tether guys as well as cyanogen for the needed source/binaries (pre-11/18 versions) which allowed me to find the right path to get this 100% working. Also had awesome testers proxhack / jlmr731 and especially joshbeach. They all were essential to getting this all working. I still don't have a GS3 so poor Eschelon/NxtGenCowboy probably wiped/installed about 100 builds before this worked (and after when I lost source... grumble). Thanks to everyone that helped.
Legal/GPL Stuff
Carriers hate tethering, you all know that. Use at your own risk/with common sense & dont blame me for anything that goes wrong
WifiTether is under the GPLv3 license, so below is the source for the mods
Code:
Original Source - https://code.google.com/p/android-wifi-tether/
Modded Source - http://svn.ziggy471.com/treve-tether
Configuration:
*Latest Build recommended, these are just a few devices I have tested on*
Setup-Method:: (auto should have right defaults, might need to force)
Galaxy S3 - Netd-ndc with driver reload 2
Evo 3d SoftAP with driver reload 2
Sensation SoftAP with no driver reloads
Evo 4g SoftAP with no driver reloads
Click to expand...
Click to collapse
Other Settings
-Device-Profile: Leave this on auto (default)
-Netdndc Max Client Cmd: Required for GS3ish devices. If not enabled you will likely get an AP but cannot connect.
-MSS clamping: on (default)
-Routing fix: on (default)
Click to expand...
Click to collapse
Heres some geek details on basic binaries how the backend of wifi-tether works. The main modes I played with and required files are as detailed below:
Code:
[B]Netd-ndc mode[/B] (Wifi Tether JB Default)
-/system/bin/ndc (wrapper for netd)
-/system/bin/netd (actual netd service)
--Commands Executed
/system/bin/ndc softap stopap
/system/bin/ndc softap stop wlan0
/system/bin/ndc softap fwreload wlan0 AP
/system/bin/ndc softap start wlan0
/system/bin/ndc softap set wlan0 wlan0 SSID encryption key channel (maxclients) 0 8
/system/bin/ndc softap startap
/system/bin/ndc interface setcfg wlan0 192.168.2.254 255.255.255.0 up
[B]Netd mode[/B]
-/system/bin/netd (netd service)
--Commands are basically the same as above, but direct to netd service
[B]HostAP mode[/B] (used by stock tether app/fallback mode)
-/system/bin/hostap (hostap service, init.qcom.rc looks for config /data/hostapd/hostapd.conf)
New Options
Framework Tether(Fallback)
Use this if you have issues with wifitether mode. It forces on a wifihotspot using just framework. This has been reported to not throw up the paywall nag screen on some devices/carriers but YMMV. It may be able to be used nonroot as well if you ignore the initial warning.
Send NetdNDC Max Client CMD
This modifies the standard ndc command string to add in the Max Client parameter. More details are in post here
Wifi-Driver reload
This is the standard driver reload for wifi tether. It runs inside one script "./tether start|stop".
Wifi-Driver reload 2
This is a modified command that reloads firmware in a separate su request before the tether-edify code is run. May require SuperSU.apk
Use Cyanogen Hostapd Binary
This is the old method and is totally removed stating with the 11/20 update
The hostapd binary contained in atleast touchwiz JB contains extra fields explained above. If the extra commands are not working on X device you can try to fall back to this binary. This uses a dirty hack which installs hostapd and symlinks between versions for native or WifiTether mode. As long as you start and stop wifitether things should always line up. If you get into an issue where you crash things might get out of sync but should fix themselves next toggle of wifi tether. I have also added in menu items for the gs3 to manually swap binaries around.
*You must have a proper setup busybox for the GS3 code to work right. It moves system files around - you might win a reflash if things really go bad*
*Cyanogen Hostapd Symlink option only*- Make a system backup, it modifies sys files so theres a chance it will break something
Bugs
You might have to toggle stuff on and off once first if you run into errors. I think there's an error on first creation of config
If you switch modes between native wifitether and fallback mode (or stock tethering), your phone may spontaneously combust(wifi crashes) after the routing mess that ensues. Just reboot and you'll be all set again.
Seems to work better on SuperSU - Probably due to the per-app permissions vs per command.
Download:
**EVERY BUILD YOU MUST UNINSTALL OLD VERSIONS FIRST OR ATLEAST CLEAR APP DATA, IT DOES NOT UPGRADE NICELY**
-If you have problems, scroll down and read FAQ in post2 before posting
WifiTether-TrevE_Mod_04-17-2013.apk - Link Soon
Older Versions:
WifiTether_TrevE_Mod_11_22_2012 (defaults to Wifi Driver Reload 1) - http://www.androidfilehost.com/?fid=9390195663897100312
WifiTether-TrevE_Mod_11_22_2012_driverReload2 (defaults to Wifi Driver Reload 2) - http://www.androidfilehost.com/?fid=9390208427046731813
Try to merge together what worked for everyone across different devices. There are 2 options in settings with mild enhancements
-Wifi-Driver Reload - Driver reload inside of tether script. Similar to 11/20 version
-Wifi-Driver Reload 2 - Driver reload outside of tether script. Similar to 11/18 version
Please report in with Carrier/Device and what option works best for you. Valid combinations are no reloads checked or one of the reload methods. Do not check both (theres no code to stop you from doing it now)
There is no code differences between the two apk versions, I just recently added in reload method 2 so rom devs can cook in whatever apk just works without changing settings.
Click to expand...
Click to collapse
Apparently I botched code along the line somewhere between 18-20. Please let me know which one of these versions you are on and what works.
WifiTether_TrevE_Mod_11_20_2012_insmodv3.apk - If v2 doesnt work this should - http://www.androidfilehost.com/?fid=9390169635556426691
If insmod v2 doesnt work, insmod v3 switches to insmod on load, rrmod to unload, then reloads the driver when finished with with mfgloader -u / mfgloader -l
WifiTether_TrevE_Mod_11_20_2012_insmodv2.apk - Hopefully working- http://www.androidfilehost.com/?fid=9390169635556426686
Driver Reload did not like loading with mfgloader in original build. This switches to insmod on load, mfgloader/rrmod to unload, then reloads the driver when finished with mfgloader -u / mfgloader -l
WifiTether_TrevE_Mod_11_20_2012.apk - Broken - Thanks halmo20 for catching that
GS3/E3D driver load/unload methods cleaned up, wifi driver reload checkbox should now be used, it was forced previously in code.
NetDndc Max client mode ported down to netd as well. Setting enables/disables with netd
all superuser code removed outside of tether binary, should have less popups for non-supersu users
Framework tether mode moved to setup
Fixed settings being applied reverting user settings at first start
All Cyanogen hostapd binary leftovers removed
Busybox check removed
WifiTether_TrevE_Mod_11_18_2012.apk - http://www.androidfilehost.com/?fid=9390190389996027907
Bam - Symlinks gone by default thanks joshbeach for all testing
New option Netdndc Max mode, this should be devices default setting.
Encryption works starting this build with netdndc max mode
WifiTether-TrevE_Mod_11-17-2012.apk - http://www.androidfilehost.com/?fid=9390188424645836869
cut down symlinks to only move hostapd around.
Made a checkbox that controls symlink code. Trying to axe it all. Moved this and fallback to settings screen. now save/load
define wifi.interface where it is undefined like on t0ltespr (hack to wire it to ndc settngs)
try to work with t0ltespr's /lib/ directory
cut down root code significantly (hopefully spam/timing issues resolved)
WifiTether_TrevE_Mod_11_15_12.apk -
Code cleanup
e3d code driver reload mess moved
samsung symlink mess in separate class, hoping to ditch this all soon
fallback mode in separate class, wired up to wifitether settings (encryption should work)
WifiTether_TrevE_Mod_11_12_12.apk - http://www.androidfilehost.com/?fid=9390169635556426338
Click to expand...
Click to collapse
***This app is signed with my certificate, you will need to uninstall old versions of wifitether first to use this***

FAQ
AP Starts but unable to connect - Make sure Send Netd max client mode option is on if your on JellyBean. read p1 for required settings
Tether does not start / Adapter does not work after tether- Try to turn off Wifi-Driver Reload #1 and turn on Wifi-Driver Reload #2
Tether cuts off on on charger connect/disconnect- Try to turn off connection optimizer. More here from eyecon82 http://forum.xda-developers.com/showpost.php?p=34467459&postcount=148
mystery_tx_man suggests removing connection manager apk - http://forum.xda-developers.com/showpost.php?p=34838831&postcount=218
Phone takes back control of wifi- Youll notice a "What the hell" toast message. Somehow the phone moved wifi state, either you toggled an app that turns on wifi or some system process was thinking for you. Disable whatever is doing it.
cyrnel suggests disabling wireless network location services - http://forum.xda-developers.com/showpost.php?p=34721619&postcount=200
If you get it on screen shut off try changing "Wifi During Sleep" - on htc its menu -> settings - wifi -> menu -> Advanced -> Keep Wifi on during sleep -> Always
You get a Tmobile Hotspot page-
Changing APNs is reported to work by Gandoff without changing useragent- http://forum.xda-developers.com/showpost.php?p=34629321&postcount=191
Changing user agents works as described by mad_unix http://forum.xda-developers.com/showthread.php?p=34388089#post34388089 and free_man http://forum.xda-developers.com/showthread.php?p=34500399#post34500399
open1your1eyes0 has some vpn setup links which should also work - http://forum.xda-developers.com/showpost.php?p=34798223&postcount=211
XXXX still doesnt work - First try SuperSU. This will avoid a lot of headaches. Then make sure you are on latest version and that you have uninstalled/cleared app data when you went to a newer version. Read over the last few pages of thread at least too to make sure its not a known issue then go for it and post away. Make sure you include Carrier / Device / Rom / SU application.
Debugging Issues
For those people having issues on other gs3 like devices / roms / whatever I do not even have a gs3 so this is all blind. To try to help debugging I created a script to hopefully grab information needed. This should help from both working/nonworking devices to help eliminate the stupid symlink code and fix up other devices.
The scripts point is to try to get a working AP. If you can post how you did it and we can get source changed. By default it does no driver reloads and starts an Open AP with SSID TrevScript.
First grab the latest script from svn (ill update it with more info after I get some logs so make sure you have latest)
http://svn.ziggy471.com/treve-tether/ grab tetherdebug.sh
Code:
adb push tetherdebug.sh /system/xbin/
adb shell chmod 755 /system/xbin/tetherdebug.sh
adb shell busybox dos2unix /system/xbin/tetherdebug.sh
Make sure wifi is on but do not start witfitethering. All you want to do is run "Set Binaries to WifiTether" option in the menu of app then follow below code
Code:
adb shell su -c tetherdebug.sh
adb pull /data/local/tmp/tether.log
rename the file to tether_wifibinaries.log. Check to see if any AP is available.
now run "Set Binaries to Native" option in app and reboot device
adb reboot
When the device comes back up, rerun the script.
Code:
adb shell su -c tetherdebug.sh
adb pull /data/local/tmp/tether.log
rename the file to tether_nativebinaries.log. Check to see if any AP is available.
reboot after you get the file.
adb reboot
ADVANCED
If you know what you are doing you can try to find a working combo. I added in the following command line args
ARG1 = ENCRYPTION. NONE/WPA2
ARG2 = DRIVERRELOAD. NONE/insmod/mfgloader
ARG3 = DRIVERTOLOAD. /system/lib/modules/dhd.ko (or whatever module is, required if ARG2 is set)
Examples:
Make sure wifi is on but do not start witfitethering. All you want to do is run "Set Binaries to WifiTether" option in the menu of app to start with a known working base then follow below code
try no encryption with insmod where your wifi module is /system/lib/modules/dhd.ko
Code:
adb shell su -c tetherdebug.sh NONE insmod /system/lib/modules/dhd.ko
try no encryption with mfgloader where your wifi module is /system/lib/modules/dhd.ko
Code:
adb shell su -c tetherdebug.sh NONE mfgloader /system/lib/modules/dhd.ko
try wpa2 (password is Trev) with insmod where your wifi module is /system/lib/modules/dhd.ko
Code:
adb shell su -c tetherdebug.sh WPA2 insmod /system/lib/modules/dhd.ko
There shouldn't be personal information in the debug logs, the most I can think of that would be displayed is if you have an encryption passphrase set in wifitether. Sending the 2 files named with what mode you were in will help get it going elsewhere and hopefully kill the symlink code

mineeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee

askldfjalskdnflkasf

Worked great right out the box on Synergy Rev 111. Great job Trev. :good:

worked like a charm
Thanks guys

downloading now. Thank you very much... great work...
And working great....

BAM!
Sent from the 3rd Galaxy

Confirmed working on Beans build2, you totally rock.
+1 encryption breaks, unsecure works great.
Sent from my SCH-I535 using xda premium

cannot connect with wifi encryption
other than that working
big thanks

Works great without enabling the WiFi-Encryption, but when I do, it doesn't work...btw I'm on Synergy R111.

Confirmed working on CleanROM 4.5!! (unsecured)
+1 setting encryption breaks it. (setting it back to open fixes it)
progress!
Thank you so much!!

Thank you very much for this. Been wanting to punch myself in the nuts every time I have to use the hotspot app because of the constant data drops.
Sent from my SCH-I535 using Tapatalk 2

VRBLJ1 stock. Not working no matter what settings I use. Not the one from the play store, neither this one. :/
Can't get it to show up in the Wifi list of connections on my laptop under any condition.
Ended up using this: https://play.google.com/store/apps/details?id=kr.core.technology.wifi.hotspot&hl=en
Bypasses the stock security check perfectly and uses native tethering.

How can I make this work on sprint gs3 tw jb leak
Sent from my SPH-L710 using xda app-developers app

open1your1eyes0 said:
VRBLJ1 stock. Not working no matter what settings I use. Not the one from the play store, neither this one. :/
Can't get it to show up in the Wifi list of connections on my laptop under any condition.
Ended up using this: https://play.google.com/store/apps/details?id=kr.core.technology.wifi.hotspot&hl=en
Bypasses the stock security check perfectly and uses native tethering.
Click to expand...
Click to collapse
^^^This! Thank you this worked after trying the moded wifi tether with no success.
Sent from my GT-N8013 using Tapatalk 2

Working on Jelly "Beans" build 2
Awesome! Works great! I was about to switch back to ICS because of not being able to tether and I am glad I waited! Thank you so much for this!

Works for me on stock SPRINT JBTW gs3. Amazing!

Not working for me on stock Sprint JB LJ7.

Few things I've seen
-Encryption doesnt work.
Ill look into it, but I know its a longrunning bug for some devices. Use access control for now. I dont actually have a GS3 so its kinda a wonder this works at all
-Tether doesnt work
Please give some more details- what mode are you in regular or fallback?
does tethering turn on and show statistics at bottom of screen? if not what does the log show inside of wifitether? if so does windows see the accesspoint?
As far as Sprint LJ7 ill download the rom and check it but answers to above will help. a logcat of it turning on and off would be most helpful I threw a bunch of debugging lines in

phh's SuperUser/ OpenSource SELinux-capable SuperUser

Hi,
IT MIGHT BRICK YOUR DEVICE.
Always ensure you have a way back.
Here is a thread about my fork of Koush's Superuser, to handle SELinux: https://github.com/seSuperuser/Superuser
So I would like your help to make this SuperUser a proud opensource SU app!
If you have an application that requires root, and which needs specific SELinux configuration please ask!
Build bot: https://superuser.phh.me/
Currently, four flavors of su are available on the build-bot:
- "eng" which puts "su" in permissive mode. This is the most compatible mode, but you should trust the apps you give root to. This does NOT put SELinux in permissive mode.
- "noverity" is eng and dm-verity disabled
- "nocrypt" is eng, dm-verity and dm-crypt disabled
- "user" is meant to give a safe su. su-apps won't be able to access to your Android Pay (for instance) informations, or keep persistent su access without your consent
Please note that user is in heavy development and isn't up to its promises at the moment.
I setup a build bot, which generates boot.img based on my solution, and pushes them to https://superuser.phh.me/
I did this build bot in a way so it is easy to add new ROMs, so don't hesitate asking for new ROM/devices support.
Supporting new devices might mean some additional work on http://github.com/seSuperuser/super-bootimg/ if they are using non-standard boot.img format, but the aim is to support as many devices as possible.
You need to install the APK from PlayStore afterwards: https://play.google.com/store/apps/details?id=me.phh.superuser
Bot-supported devices
Here are some devices, but there are many more !
- A *lot* of Archos devices
- All Nexus-es, including Pixel C (if some Nexus is missing, just ask!)
- nVidia Shield TV
- nVidia Shield Tablet
- Fairphone 2
update.zip format
The zip is available at https://superuser.phh.me/superuser.zip
It should be able to root any device supported by super-bootimg from TWRP (and possibly other custom recoverys)
You still need to install the APK afterwards. https://play.google.com/store/apps/details?id=me.phh.superuser https://f-droid.org/repository/brow...lob/master/known-imgs/nexus/hammerhead/MRA58N describes a firmware, nothing device-specific). This only requires to do some PRs to add a device, or on updated firmwares
- Testers
- UI designer: The current UI dates back from 4.1...? It is really ugly and not really usable.
- Testers
- Root-related devs: SELinux policies are still being written
- Testers
- Security reviewers
- Testers
Bug report
If some app doesn't work, please ask me, not the dev.
I consider I have to fix support for other apps, not the other way around.
ChangeLog
2016-01-31 r170: superuser.zip can be included in other update.zip
2016-01-27 r166: Add support for Viper4Android
2016-01-15 r162: Add su --bind and su --init commands
2016-01-10 r154: Files are no longer copied multiple times. Fixes MultiROM, and multiple install for update.
2016-01-06 r152: Fix support for ChromeOS-like format (Pixel C)
2016-01-01 r144: Detect chromeos-style signature, and don't try to resign it in that case
2015-12-30 r143: Improved compatibility with apps.
2015-12-28 r142: Changed naming convention to include device name and release
2015-12-28: Added "nocrypt" target
2015-12-13: Added "noverity" target to buildbot
2015-12-13: Add options for noencrypt, noverity
2015-12-03: Fix TitaniumBackup
2015-11-24: mount --bind to /system/xbin/su if it exists to override ROM's su
2015-11-23: Fix CF.Lumen
2015-11-14: Add super-bootimg's version in boot.img, several network/firewall-related permissions
2015-11-11: Access to Android's services
2015-11-10: Recursive su access
2015-11-09: Fix pm disable command

Do you mean that latest galaxy s5 neo sm-g903f might be rooted soon ?
(Exynos5 & Mali T-720)

It seems like many people still haven't understood the purpose of apps like SuperSu and Superuser. They are no exploits and don't gain your root access. What they do is they manage the root access and enable you to select which apps to grant root access, otherwise every single application on your device would have it. They are root managers. So this project won't help you in getting root for your device as long as there's no method (exploit) to gain it.

Not much activity here, but a lot on my side.
Android 6.0 is now out, with its new SELinux policy, which makes it impossible to update the policy after the boot, and dm-verity becomes mandatory (so no /system change without boot.img)
I'm thus totally retargetting my work:
- I've created https://github.com/phhusson/super-bootimg which will edit boot.img (the complicated part, because it needs A LOT of testing across many devices)
- change sepolicy
- Add su in /sbin/su
- Enable su daemon
With various options to disable dm-verity, encryption, etc. (please note that this is NOT required, since only boot.img is changed)

dude - you should kickstarter this. SuperSu is pretty much a mandatory install for every rooted device. this is big for the XDA community and we would love to support you.

Cannot express enough how much i want this project to succeed
And, at least for myself
"I also wonder about displaying an user-understandable SELinux policy, so that root applications can be "more secure
Would anyone be interested in such a feature?"
......Hell yeah, that most certainly does interest me.........controllable levels of su right?
Obviously, if its possible to do........even if android denies this possibility, an open source su is most assuredly welcome from this neck of the woods
I wish this project major luck
Edit
"(I'm thinking that I'm trying to be even more secure than "standard" non-rooted ROMs, that's perhaps a bit optimistic.)"
I love that mentality, and im enjoying immensley your discussions on github with lbdroid........i love that your taking security more seriously then most...love where your coming from on this.....major props

To better test on shell of recovery without making an update.zip , I modified the sepolicy-inject.c so that the usage() no longer blocks the "booting.sh"
on sepolicy-inject.c:377, insert a line "if ( NULL == optarg ) break;", as in my shell there will be a parameter value with null on last entry of "char** arguv", which will trigger the default switching case and exit the sepolicy-inject unexpectedly.
......
while ((ch = getopt_long(argc, argv, "a:f:g:s:t:c:Z:z:n", long_options, NULL)) != -1) {
if ( NULL == optarg ) break;
switch (ch) {
......

kennylam said:
To better test on shell of recovery without making an update.zip , I modified the sepolicy-inject.c so that the usage() no longer blocks the "booting.sh"
on sepolicy-inject.c:377, insert a line "if ( NULL == optarg ) break;", as in my shell there will be a parameter value with null on last entry of "char** arguv", which will trigger the default switching case and exit the sepolicy-inject unexpectedly.
......
while ((ch = getopt_long(argc, argv, "a:f:g:s:t:c:Z:z:n", long_options, NULL)) != -1) {
if ( NULL == optarg ) break;
switch (ch) {
......
Click to expand...
Click to collapse
I'm not sure I understand...
When calling what command do you need this?

phhusson said:
Hi,
IT MIGHT BRICK YOUR DEVICE.
Always ensure you have a way back.
I'm the author of a fork of Koush's Superuser, to handle SELinux: https://github.com/phhusson/Superuser
It is in early-stage, but thanks to recent events related to SuperSU, it got some spotlight.
So I would like your help to make this SuperUser a proud opensource SU app!
I have mostly two sides of things left to do:
- Device compatiblity/update.zip
- Application compatbility
I've tested my Superuser on Qualcomm/CAF 5.1 devices, on MTK 5.1 devices, on CAF 6.0, on Nexus 5/9 6.0, and I believe it should work on most devices which are close enough to AOSP.
I have missing steps to be compatible with SuperSU (see https://github.com/phhusson/Superuser#todo-list ).
I'd like to have feedback from app developers about which features they need the most.
If you have an application that requires root, and which needs specific SELinux configuration please ask!
There are main two types of builds, and some sub-types in it:
- @doitright did an integration in an AOSP tree, to make it suitable for ROM integration, https://github.com/lbdroid/AOSP-SU-PATCH/
- I did http://github.com/phhusson/super-bootimg/ which integrates su in a binary boot.img, and outputs a root-ed boot.img
@doitright's source solution currently has one SELinux policy, which is fully enforcing, and currently works in most cases.
My solution currently has two different policies, one which has su permissive, meaning it can do anything, which is not as safe as source-based s solution, and one which is WIP (basically unusable, because almost nothing is allowed to root).
I setup a build bot, which generates boot.img based on my solution, and pushes them to https://superuser.phh.me/
I did this build bot in a way so it is easy to add new ROMs, so don't hesitate asking for new ROM/devices support.
Supporting new devices might mean some additional work on http://github.com/phhusson/super-bootimg/ if they are using non-standard boot.img format, but the aim is to support as many devices as possible.
The plan is to have a third method for rooting:
super-bootimg will work from a recovery, so that you can root any ROM from recovery.
Thanks !
Click to expand...
Click to collapse
my question is how to change a file label to u: object_r:system_file:s0
i modify system.img to add some additional apps into /system/app/ directory i did modification then build a new system.img after flashing phone with new system.img the app was appear in menu but once i am trying to open it gives me error (com.xxxxxx.andriod) stopped working then i execute ls -Z command in /system/app/ directory to see the different and i realize that the new app i copied in system/app/ directory it has a different label than others
so i tried to change .apk file label to (u: object_r:system_file:s0) using chcon command but failed
chcon: Could not label u: object_r:system_file:s0
can you please guide me how to do it ?

zameer_yus said:
my question is how to change a file label to u: object_r:system_file:s0
i modify system.img to add some additional apps into /system/app/ directory i did modification then build a new system.img after flashing phone with new system.img the app was appear in menu but once i am trying to open it gives me error (com.xxxxxx.andriod) stopped working then i execute ls -Z command in /system/app/ directory to see the different and i realize that the new app i copied in system/app/ directory it has a different label than others
so i tried to change .apk file label to (u: object_r:system_file:s0) using chcon command but failed
chcon: Could not label u: object_r:system_file:s0
can you please guide me how to do it ?
Click to expand...
Click to collapse
Can you check in audit log?
How did you put the file?
Don't you have any other message?

Maybe in your intro you can eloborate on the naming convention of your bot built .img’s?
one which has su permissive (power?), meaning it can do anything, which is not as safe as source-based s solution (user?), and one which is WIP (eng?)
Your HTTPS link to superuser.phh.me is refusing connections?:
This webpage is not available
ERR_CONNECTION_REFUSED
ReloadHide details
Google Chrome's connection attempt to superuser.phh.me was rejected. The website may be down, or your network may not be properly configured.
Check your Internet connection
Check any cables and reboot any routers, modems, or other network devices you may be using.
Allow Chrome to access the network in your firewall or antivirus settings.
If it is already listed as a program allowed to access the network, try removing it from the list and adding it again.
If you use a proxy server...
Check your proxy settings or contact your network administrator to make sure the proxy server is working.
If I do a flash-all.sh of mra58r, reboot to bootloader, fastboot flash boot your-boot.img, would you expect this to boot fine?
Can you detail which phones can take a custom keystore?

For https, I know it is a must, but i'm waiting for let's encrypt.
For naming convention, I have to rethink those, and i'll update first post.
Anyway it's user < power < eng.
User has only safe permissions, power has all known permissions, eng is permissive. There is nothing source based.
For custom keystore, at the moment I have only seen CAF 5.1/6.0 bootloader with verity enabled to work, and it doesn't display key ID, so it is useless everywhere.
I should get a hand on a Nexus 5X soon, to test properly and get screenshots if it works as advertised.
For your last question, yes. I always work with factory image's partitions, and only change boot.img
I welcome any suggestion about naming convention.

Some times I dont know where to post, here or the Nexus 6 doitright thread. Anyway, I found this interesting.
http://events.linuxfoundation.org/sites/events/files/slides/ABS Lollipop MR1 Verified Boot.pdf
"• We relax some security policies in eng/userdebug loaders to make life less annoying for development • Persistent Data Block ignored, device always unlockable"
If this is true of the boot.img's you build, the only one we could trust is user or are they talking bootloader? Maybe the factory bootloader (user) that google is distributing does not have the verification functionality? Is the bootloader AOSP? If so, what would prevent someone from creating a bootloader, boot.img and /system that circumvents all the verification?

I used your bot built mra58r.
Unfortunately, if forced encryption is on, local.prop does not get parsed and I dont get my custom LCD. This means unless you offer variants of the auto built boot.img with forced encryption off or the ability to pass a noencrypt parameter to the update.zip or build.sh for modifying fstab, I will be forced to modify source and build myself. As for mount -o bind /data/local/tmp/hosts /system/etc, as long as the custom hosts has chcon ubject_r:system_file:s0, things work great.
I still like idea of having the ability to establish a trust between boot.img and a config file in /data/ that do things like custom hosts file, lcd density, iptables (one of my favorites: iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 8.8.8.8:53; iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 8.8.8.8:53)

havealoha said:
Some times I dont know where to post, here or the Nexus 6 doitright thread. Anyway, I found this interesting.
http://events.linuxfoundation.org/sites/events/files/slides/ABS Lollipop MR1 Verified Boot.pdf
"• We relax some security policies in eng/userdebug loaders to make life less annoying for development • Persistent Data Block ignored, device always unlockable"
If this is true of the boot.img's you build, the only one we could trust is user or are they talking bootloader? Maybe the factory bootloader (user) that google is distributing does not have the verification functionality? Is the bootloader AOSP? If so, what would prevent someone from creating a bootloader, boot.img and /system that circumvents all the verification?
Click to expand...
Click to collapse
They are talking about the bootloader, but as it is built in the Android build system, they are using Android build system flags.
I know the Nexus 6/9 doesn't have this functionnality. I'm waiting to get a Nexus 5X in my hands to say for 5X/6P.
Either way, we can't circumvent the verification, all we can do is have a YELLOW state instead of ORANGE, which displays the fingerprint of the keystore.
I forgot this presentation from Intel, so I thought I'd give it a try on Nexus Player. Intel has a proper implementation of the bootloader of Google's recommendation, it sounds logical the Nexus Player would implement it.
Oh wait. Google's logic striked again. No they didn't implement it on Nexus Player.
There is no AOSP bootloader... Or there are three (there are two LK and one u-boot), but neither of them are supported, and neither of them support the different verified boot states.
CAF bootloader handles the four states, but doesn't display them. Thanks to you I checked Intel reference bootloader, and it DOES implement the full spec \o/. Though I have no device to test. But basically, there is no opensource arm bootloader implementing it, and that makes me rant a lot against Google.
havealoha said:
I used your bot built mra58r.
Unfortunately, if forced encryption is on, local.prop does not get parsed and I dont get my custom LCD. This means unless you offer variants of the auto built boot.img with forced encryption off or the ability to pass a noencrypt parameter to the update.zip or build.sh for modifying fstab, I will be forced to modify source and build myself. As for mount -o bind /data/local/tmp/hosts /system/etc, as long as the custom hosts has chcon ubject_r:system_file:s0, things work great.
Click to expand...
Click to collapse
Two sides:
1. For LCD density, have you tried just doing adb shell wm density? Possibly it doesn't even break SafeNet
2. My plan on the matter is to keep my current builds as is, but add a configuration file, and when I'll make an update.zip, the user will be able to change the config file directly in the update.zip
I still like idea of having the ability to establish a trust between boot.img and a config file in /data/ that do things like custom hosts file, lcd density, iptables (one of my favorites: iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 8.8.8.8:53; iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 8.8.8.8:53)
Click to expand...
Click to collapse
Well for iptables, I put it in standard su permission. Well ATM because of some bugs it's only in "power", but I expect it to get into "user" when a bug concerning pts is fixed.

phhusson said:
Two sides:
1. For LCD density, have you tried just doing adb shell wm density? Possibly it doesn't even break SafeNet
Click to expand...
Click to collapse
Yay! As su in Terminal Emulator, wm density 360 worked. The launcher didn't work until #am start -c android.intent.category.HOME -a android.intent.action.MAIN and other apps also needed to be killed before they would display at the new density like lock screen and existing notifications. There are a few issues with the status bar and nav buttons depending on what app you try to run. I assume that if you set this early enough with a hook from init.rc, (nudge nudge) say a trusted file from /data/ that there would be no problem.
LCD density set from setprop, local.prop and wm density all break SafeNet. Even worse, SafeNet now checks /sbin/ for su, requiring a mount bind to a copy of sbin without su. Next thing you know, it will check for bind mounts!
How about a build of SuperSU, su in a random directory with random names? I know, name it the hash of boot.img or the public key from the user generated keystore.
Dont read on, I fixed it , the /data/setlcd.sh 560 needed quotes around it.
I created a Terminal Emulator widget in an attempt to make it easy to switch between resolutions. Interestingly, when set with #wm density 360 and then #am restart, the density sticks across reboots, I was not expecting that!
Ive tried the widget with different combinations of explicit paths for su with options like --context and -c with wm density and am restart and even with a /data/setlcd.sh that is chmod 750 and chcon ubject_r:system_file:s0. Any tricks to accomplish this? I would expect the widget to prompt for root permission and then run my setlcd.sh taking the DPI as argument $1 I am envisioning one main .sh that has a function for each of my customizations, wm density, hosts, iptables and mount bind to a /sbin that has no su. I dont want to keep building boot.img's with special init.rc's.
The closest I have gotten is a widget with command /sbin/su with the arguments -c /data/setlcd.sh 560
This results in a terminal launching that asks for su permission and then:
$"/sbin/su" -c /data/setlcd.sh 560
sh: /data/setlcd.sh: can't execute: Permission denied
nothing in dmesg
Click to expand...
Click to collapse

So I made a test of verified boot feature here: http://forum.xda-developers.com/and...rified-boot-disk-encryption-testings-t3248161
The tl;dr is that verified boot is IMO a great feature of 5X/6P, and we have to find a way to have su enabled with this feature.
But this requires to have working OTA.

I have finally gotten the functionality I need with the exception of iptables which I understand you are working on adding. I am testing with shamu mra58r and the boot-su-power.img.
Here is my setup that features:
custom hosts file for browsing without advertisements
set the LCD density to tablet mode
quickly disable su and revert density when I want to use Android Pay
As root, I created a script in /data/android.sh and set the context to system via chcon ubject_r:system_file:s0 and chmod 700 here are its contents:
Code:
#!/system/bin/sh
#bind mounts transcend am restarts
#wm density transcends reboots
function lcd
{
/system/bin/wm density $density
/system/bin/sleep 3
/system/bin/am restart
}
function hosts
{
mount -o bind /data/hosts /system/etc/hosts
}
function nosu
{
/system/bin/wm density 560
cp /sbin /data/sbin -r
rm -f /data/sbin/su
mount -o bind /data/sbin /sbin
/system/bin/am restart
}
function dns
{
#not working yet in phh
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to 8.8.8.8:53
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 8.8.8.8:53
}
density=$2
case "$1" in
lcd) lcd ;;
hosts) hosts ;;
nosu) nosu ;;
dns) dns ;;
esac
The hosts file was copied from http://winhelp2002.mvps.org/hosts.txt and placed in /data, its context was also set chcon ubject_r:system_file:s0 and chmod 644. The local host entries were modified to match those found in /system/etc/hosts. It was important that the contents of this file were terminated on each line and with a blank line at the end.
The tricky part was creating launchers on a home screen using the Terminal Emulator Widget. It seemed that you could not just type in /sbin/su, instead you had to browse to it. Screenshot of widget config attached.
I learned a few interesting things during testing.
Using a /data/local.prop with an encrypted disk resulted in the local.prop not being read during init.
Once wm density is set, it is persistent.
Using mount -o bind gives persistent mounts if you reboot using am restart from the terminal
SafetyNet now checks for su in /sbin
SafetyNet for AndroidPay checks for LCD density regardless of setting it via local.prop (if unencrypted), setprop or wm density
This will be easy for me to reproduce across all my devices without granting persistent root to any app and without adding any app but superuser and terminal emulator.

Thanks for your test! It's really interesting.
You must be the first user of something other than eng
iptables does work for me (in adb shell). Looking back, it should have been fixed by https://github.com/phhusson/super-bootimg/commit/31d3a635eea4fe66071346e05913acfb00d60144
That made me realize that if I don't do releases, I still need to know what users are using, so I added /super-bootimg which contains the git version of super-bootimg repo
For local.prop I'm happy to see you don't need it. I really feel like user shouldn't be allowed to change it (but I'm thinking only about some properties which are in /default.prop so it can't be overriden. perhaps local.prop is safe enough)
am restart is not a reboot, so it's normal mount bind stays
I think you could just mount bind an empty folder to /sbin. The only risks are if adbd/ueventd/watchdogd/healthd restarts, but they shouldn't

Any idea why busybox nslookup is not working?
[email protected]:/data # ls -Z nslookup busybox-android.bin
lrwxrwxrwx root root ubject_r:system_data_file:s0 nslookup -> busybox-android.bin
-rwxr-xr-x root shell ubject_r:system_file:s0 busybox-android.bin
[email protected]:/data # ./nslookup superuser.phh.me 8.8.8.8
Server: 8.8.8.8
Address 1: 8.8.8.8
nslookup: can't resolve 'superuser.phh.me'
1|[email protected]:/data # dmesg
[39764.686702] healthd: battery l=91 v=4144 t=28.1 h=2 st=3 c=-439 chg=
[email protected]:/data #

How to change wifi mac address?

Hi guys,
I'd like to be able to change the mac address of my device to be able to use airport Wifi while on transit.
Here is what I do using tasker
1) Turn off wifi
2) Launch the shell script below
Code:
array=( 1 2 3 4 5 6 7 8 9 0 A B C D E F )
newmac=${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}
chattr -i /persist/wlan_mac.bin
sed -i "1 s/=.*/=64A2F9$newmac/" /persist/wlan_mac.bin
chattr +i /persist/wlan_mac.bin
3) Turn on wifi
But it doesn't work
/persist/wlan_mac.bin is successfully modified by the script but real mac address isn't.
Need your help!

chattr binary is not present on Oxygen Os...
So file gets overwritten while setting airplane mode on and off

It works!
Installed busybox magisk module (which includes chattr binary) and replaced chattr by busybox chattr!
Also modified script by adding command line toggle for airplane mode.
Code:
#!/system/bin/sh
array=( 1 2 3 4 5 6 7 8 9 0 A B C D E F )
newmac=${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}${array[$RANDOM%16]}
busybox chattr -i /persist/wlan_mac.bin
sed -i "1 s/=.*/=64A2F9$newmac/" /persist/wlan_mac.bin
busybox chattr +i /persist/wlan_mac.bin
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false

i can't thank you enough! i was looking for a way to hard change my mac and none of the rooted apps were working for me. just stumbled upon this thread and it's working good.

Can you guys guide me on How to run That script .. I've already installed BusyBox ..
Thank you so much

Dimitrimem said:
Can you guys guide me on How to run That script .. I've already installed BusyBox ..
Thank you so much
Click to expand...
Click to collapse
Save this into text file, upload to internal memory, name and extension is relevant (mac.sh for example, load to internal memory.
In terminal emulator:
Open directory with file:
cd /sdcard
Add rights to execute:
chmod +x mac.sh
Run:
su sh mac.sh
OnePlus 6 @ Tapatalk

I have BusyBox installed .. how do I replace chattr with the BusyBox one or that's done by default .. I
I managed to save the script and run it from terminal emulator .. however the Mac Address don't changes

Hey there,
Looks like this method doesn't work anymore with pie.
Modifying /persist/wlan_mac.bin has no effect but managed to change mac temporarily (until next reboot) by using the commands below:
Code:
svc wifi disable
ip link set wlan0 addr 01:02:03:04:05:06
svc wifi enable
Modifying hostname method has also changed. It doesn't survive reboot either
Before PIE:
Code:
resetprop -v ro.product.name "newHostname"
#Toggle airplane mode
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
After PIE: net.hostname gets its value from system settings after toggling airplane mode on/off
Code:
settings put system oem_oneplus_devicename newHostname
#Toggle airplane mode
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
[/CODE]
Have you guys succeeded in modifying these permanently?

Karboush the first code actaully worked for me so thnak you .. i wish there was a script for this that actually can randomly change the macaddress .. would be great
thank you <3
Karboush said:
Hey there,
Looks like this method doesn't work anymore with pie.
Modifying /persist/wlan_mac.bin has no effect but managed to change mac temporarily (until next reboot) by using the commands below:
Code:
svc wifi disable
ip link set wlan0 addr 01:02:03:04:05:06
svc wifi enable
Modifying hostname method has also changed. It doesn't survive reboot either
Before PIE:
Code:
resetprop -v ro.product.name "newHostname"
#Toggle airplane mode
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
After PIE: net.hostname gets its value from system settings after toggling airplane mode on/off
Code:
settings put system oem_oneplus_devicename newHostname
#Toggle airplane mode
settings put global airplane_mode_on 1; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state true
settings put global airplane_mode_on 0; am broadcast -a android.intent.action.AIRPLANE_MODE --ez state false
[/CODE]
Have you guys succeeded in modifying these permanently?
Click to expand...
Click to collapse

Time to revive a dead thread. The new method using
Code:
svc wifi disable
ip link set wlan0 addr 01:02:03:04:05:06
svc wifi disable
Doesn't seem to work anymore. After I set the new Mac address I get an error saying
"RTNETLINK answers: Device or resources busy"
Does anyone know a fix for this or if I'm doing anything wrong? Thanks.

From what I understand, Pie uses a random mac address for each specific wifi connection and no longer reveals your true id.

Android Pie by default doesn't change your Mac address when connecting to wifis. The option can only be turned on by editing the system config.xml file, which idk how to do. h ttps://source.android.com/devices/tech/connect/wifi-mac-randomization
Anyone know how to edit it and turn on the option?

Well, after a bit of experimenting I found out a solution to this, bit some issues.
When you want to change your mac address put the phone into airplane mode. The. Put the code
Code:
ip link set wlan0 addr XX:XX:XX:XX:XX:XX
There are some specifications though. Any letters put into it, hexidecimal or not, will make it invalid. And any zeros at the beginning of a pair will also make it invalid, so 01:02:03:04:05:06 would be invalid but 10:20:30:40:50:60 would be valid. The parsing must have changed. Anyone got any solutions to get letters in?

I'm using macchanger and my phone is rooted with magisk .. that easy .. all I had to do is change from iproute to airroute for the " method" works like a charm ?

Dimitrimem said:
I'm using macchanger and my phone is rooted with magisk .. that easy .. all I had to do is change from iproute to airroute for the " method" works like a charm ?
Click to expand...
Click to collapse
Did you have to do anything in particular to make this work? I am on 9.0.4 rooted with Magisk, using this app with mode set to airtable and it does not seem to work. The app is confirmed granted root access per Magisk.

The only thing I'm doing is set airplane mode and wifi enabled .. when I run the app the phone comes out of airplane mode .. not sure I see the "airtable" feature on this app ... Anyways wish you luck

Dimitrimem said:
The only thing I'm doing is set airplane mode and wifi enabled .. when I run the app the phone comes out of airplane mode .. not sure I see the "airtable" feature on this app ... Anyways wish you luck
Click to expand...
Click to collapse
I am using the latest BETA if that makes a difference

after updating to pie I can't change my Mac address anymore. tried it a few ways via terminal and tried at least 3 different apps.
it seems that as soon as I do ifconfig wlan up, or disable airplane mode, it gets reverted back.
if I do ifconfig wlan0 he ether 00:11:22:33:44:55 while the interface is up, it fails to authenticate me to the network
I may have to revert to Oreo
EDIT:
so after reverting to oreo, i still was unable to change the mac using the app that worked before. I found the values for the mac adderss in the file in /persist/wlan_mac.bin.
now, i tried changing these values but they kept getting re-written when i flipped Airplane mode off. so added the immutable flag to it after editing it. now the change is persistent accross boot
so after editing the file, do
chattr +i /persist/wlan_mac.bin
Click to expand...
Click to collapse
and whatever values you have for the interfaces should stick after you boot
i wonder if this would've worked if i tried it in android 9.... too lazy to factory reset again to try it out
keep in mind i was working with a oneplus 3t.

GUIDE: How to avoid the Captive Portal Checkin to Google

Dear XDA community,
this my first own thread and guide so please be forbear with me
And i hope i choose the right section
As the topic in the thread says it handles about the Captive Portal Checkin done by Android.
So first some general info about this.
1. What is the Captive Portal Checkin?
Every time your android phone connects to the internet via mobile connection or wlan it sends a request to the following url:
http://connectivitycheck.gstatic.com (Google URL).
After that your gets device gets http 204 answer from the mentioned url and at that point the x-symbol at your network icon in the status bar disappears.
The reason for that behavior is that Android wants to be sure that your connection has internet access.
If you block that request via AfWall for example the dns fails in some cases and you can't go into the Internet.
Silly.
2. Why is this problematic?
That's a good question because this answer from Google doesn't much hold data. But every time when this connection is done Google get the following information:
- IP-adress
- Time of the internet access
- the Browser which you use
In my case i use custom roms and no Gapps to avoid Google as much as i can. So i don't want that "ping" to Google.
That's the reason why i searched for possibilitys to get rid of this ping. And thanks to a german security and privacy specalist i found a possibilty to avoid the ping to Google and have working Internet, too.
3. What did that guy do?
Very simple. He just started his own Captive Portal Checkin Service. So no need for Google anymore
WHAT YOU NEED:
- Computer with installed ADB
- Active USB Debugging at your phone
- At least Android 7
TESTED ON:
I tested his instructions on my old Xperia Z3 phone (CarbonROM 7.0 based on Android 9, Custom Rom).
IMPORTANT:
You need to execute the commands with a booted system (valid for both posts where i write the instructions). It DOESN'T work in the terminal of recoveries (e.g. twrp).
Thanks @jaysir for the information.
INSTRUCTIONS:
Android 7:
1. Connect the phone with your computer
2. Activate ADB and test the connection with the "adb devices" command. If your phone shows up go to step 3.
3. Execute these commands in your terminal:
=> adb shell 'settings put global captive_portal_http_url "http://captiveportal.kuketz.de" '
=> adb shell 'settings put global captive_portal_https_url "https://captiveportal.kuketz.de" '
Android 8 and 9:
1. Connect the phone with your computer
2. Activate ADB and test the connection with the "adb devices" command. If your phone shows up go to step 3.
3. Execute these commands in your terminal:
=> adb shell 'settings put global captive_portal_http_url "http://captiveportal.kuketz.de" '
=> adb shell 'settings put global captive_portal_https_url "https://captiveportal.kuketz.de" '
=> adb shell 'settings put global captive_portal_fallback_url "http://captiveportal.kuketz.de" '
=> adb shell 'settings put global captive_portal_other_fallback_urls "http://captiveportal.kuketz.de" '
Well that's it. When you want to revert back just execute the commands again with this url:
http command: http://connectivitycheck.gstatic.com/generate_204
https command:
https://connectivitycheck.gstatic.com/generate_204
Link to the source:
https://www.kuketz-blog.de/android-...204-http-antwort-von-captiveportal-kuketz-de/
If i make any typos tell me

Thanks again to the german security researcher and his community there is a way to deactivate the captive portal checkin completly.
It works on Android 7 and Android 8.1/9. But in comparision to the method in my first post this needs root access on your phone.
For all new users:
I recommend Magisk to gain root.
So now the instructions:
For Android 8/9:
1. Open a terminal on your phone (via terminal apps).
2. Type the following command:
- su
- su
- pm disable com.android.captiveportallogin
- settings put global captive_portal_detection_enabled 0
- settings put global captive_portal_server localhost
- settings put global captive_portal_mode 0
3. Then reboot your phone (via hardware buttons, system or terminal app).
For Android 7:
1. Open a terminal on your phone (via terminal apps).
2. Type the following commands:
- su
- settings put global captive_portal_detection_enabled 0
- settings put global captive_portal_server localhost
- settings put global captive_portal_mode 0
3. Then reboot your phone (via hardware buttons, system or terminal app).
Link to Source
https://www.kuketz-blog.de/empfehlungsecke/#captive-portal

Very nice and very important tutorial!
Just for completeness; and I don't claim and definitely don't have a copyright. I reported these procedures already here end of April in the thread "Enhanced Privacy, Security and Battery Duration! My Measures...". I mentioned it also once here in the AFWall+ thread.
I'm very glad that these procedures get repeated and repeated again. From my personal point of view it's so important to develop the stance to not allow Google to collect our data. I've subscribed to Mike Kuketz and am very grateful for his job and dedication.

Oswald Boelcke said:
Very nice and very important tutorial!
Just for completeness; and I don't claim and definitely don't have a copyright. I reported these procedures already here end of April in the thread "Enhanced Privacy, Security and Battery Duration! My Measures...". I mentioned it also once here in the AFWall+ thread.
I'm very glad that these procedures get repeated and repeated again. From my personal point of view it's so important to develop the stance to not allow Google to collect our data. I've subscribed to Mike Kuketz and am very grateful for his job and dedication.
Click to expand...
Click to collapse
I agree to you. It's a pity that so much people don't care about it.
I must admit i forgot to search in forum whether the instructions was already posted but as you said every mention helps.

Thanks, however, not working on pixel experience rom.
Update：
Seems no settings command under ADB shell, worked when turning on Usb debugging.

jaysir said:
Thanks, however, not working on pixel experience rom.
seems no settings command under ADB shell
Click to expand...
Click to collapse
Thx for your info. And i will try it on my old z3 with the custom rom which you mentioned.
I know there is a Android 9 based Pixel Experience for the z3.
Will report then.

dhacke said:
Thx for your info. And i will try it on my old z3 with the custom rom which you mentioned.
I know there is a Android 9 based Pixel Experience for the z3.
Will report then.
Click to expand...
Click to collapse
Sorry, I did not make myself clear.
It just not working under recovery mode.
After booting to the system and opening the USB debugging, it is working.

jaysir said:
Sorry, I did not make myself clear.
It just not working under recovery mode.
After booting to the system and opening the USB debugging, it is working.
Click to expand...
Click to collapse
Good to know (and i'm happy that now everything works)
I will edit the guide and add your information to it.
Thanks.

Thanks dhacke for all this information.
I got here from a link on an XDA forum for the Huawei Watch 2 LTE smartwatch. Do you know if this can be done to the watch as well?

ajlajluk said:
Thanks dhacke for all this information.
I got here from a link on an XDA forum for the Huawei Watch 2 LTE smartwatch. Do you know if this can be done to the watch as well?
Click to expand...
Click to collapse
As far as i see it the adb method (post 1) could working because according to the Internet the device runs Wear OS which is basically a android version for smartwatches.
So in theory you can activate USB debugging and redirect the captive portal to mike kuketz service as long as the commands are accepted.
Regarding method 2 i can't say anything because i don't own a smartwatch and have zero knowledge whether root is possible/how it is done on those smartwatches (which is needed for that method).

dhacke said:
As far as i see it the adb method (post 1) could working because according to the Internet the device runs Wear OS which is basically a android version for smartwatches.
So in theory you can activate USB debugging and redirect the captive portal to mike kuketz service as long as the commands are accepted.
Regarding method 2 i can't say anything because i don't own a smartwatch and have zero knowledge whether root is possible/how it is done on those smartwatches (which is needed for that method).
Click to expand...
Click to collapse
Just as you said, I enabled adb debugging, opened a terminal session from my mac to the watch and sent the commands from version 1 and they were both accepted. I should be able to check if it has worked tomorrow so will keep everyone updated when I've tested it.

OK. My watch appeared to connect to wifi but then said "No Internet".
I've now done the same mod to my phone, deleted the supermarket wifi I'm trying to connect my watch to from both the watch and the phone and will try again. I'm also wondering whether haveing BT on at the same time is causing a problem so I'll try with it on and then off and see if it makes any difference.
Thanks again for giving me hope I'll be able to connect WearOS 2 to a captive portal wifi network.

Further to above, unfortunately still no joy. Watch says "Connected" for the briefest moment then "No Internet" and won't go any further.
Never mind.
Thanks again for your work for the Android community.

Is it safe?
We are sending data to completely unknown server, that's why asking.

Datta258 said:
Is it safe?
We are sending data to completely unknown server, that's why asking.
Click to expand...
Click to collapse
In my opinion yes. The mentioned security expert has a good reputation afaik and he didn't make any things in the past which give me a reason to distrust him.
And in the near future he will work for german commissioner for data protection and freedom of Informationen. So i think he is a trustworthy person.
In the privacy policy on his site for the captive portal check service he writes that no information at all will be logged.
Of course you can ask him directly via e-mail if my words don't soothe you; i can only share my opinion about that guy

Thanks.

dhacke said:
For Android 8/9:
1. Open a terminal on your phone (via terminal apps).
2. Type the following command:
- su
- su
- pm disable com.android.captiveportallogin
- settings put global captive_portal_detection_enabled 0
- settings put global captive_portal_server localhost
- settings put global_portal_mode 0
3. Then reboot your phone (via hardware buttons, system or terminal app).
Click to expand...
Click to collapse
Does this still work on Pie?
On my rooted Galaxy Note 10 (Pie, 1st Sept. Patch) it does not.
Btw. there is a typo, should it be "settings put global captive_portal_mode 0"? This is what I tried. If I then check the values by "settings get..." I get
1: 0
2: localhost
3: 0
So the values were taken, but it still tries to connect to captiveportal.kuketz.de or google (whatever I have set). If I block it, I will get the exclamation next to the wifi symbol.

ZXR said:
Does this still work on Pie?
On my rooted Galaxy Note 10 (Pie, 1st Sept. Patch) it does not.
Btw. there is a typo, should it be "settings put global captive_portal_mode 0"? This is what I tried. If I then check the values by "settings get..." I get
1: 0
2: localhost
3: 0
So the values were taken, but it still tries to connect to captiveportal.kuketz.de or google (whatever I have set). If I block it, I will get the exclamation next to the wifi symbol.
Click to expand...
Click to collapse
Oh yes you are right. There was a typo. It must be 'settings put global captive_portal_mode 0'.
Now it's corrected. Thanks.
Did you make a reboot after execute the commands?
On my side it works on Pie too. I have a z3 with Lineage 16 and my device doesn't make the check.
When it' still not work after the reboot and the commands are typed in right (=> no issue notification in the terminal comes up) the Samsung stock rom could be the problem.
In that case i would recommend to use kuketz server.

dhacke said:
Did you make a reboot after execute the commands?
Click to expand...
Click to collapse
Yes and even after several reboots I get:
adb shell settings get global captive_portal_detection_enabled
0
adb shell settings get global captive_portal_server
localhost
adb shell settings get global captive_portal_mode
0
But, if not opened via script, I can see 185.163.119.132 (kuketz) being blocked by AFWall and the exclamation mark. So I open it with
$IPTABLES -A "afwall" -d 185.163.119.132 -m owner --uid-owner 1000 -p tcp -j ACCEPT
This works but I would prefer no C-P check.
One off-topic question:
Do you have an idea how to open the IP 0.1.0.1:0 in AFWall? It is used for VoLTE, but even I use th script line above (with 0.1.0.1) it still gets blocked. I have to open UID 1000 completely...

ZXR said:
Yes and even after several reboots I get:
adb shell settings get global captive_portal_detection_enabled
0
adb shell settings get global captive_portal_server
localhost
adb shell settings get global captive_portal_mode
0
But, if not opened via script, I can see 185.163.119.132 (kuketz) being blocked by AFWall and the exclamation mark. So I open it with
$IPTABLES -A "afwall" -d 185.163.119.132 -m owner --uid-owner 1000 -p tcp -j ACCEPT
This works but I would prefer no C-P check.
Click to expand...
Click to collapse
You wrote 'adb'. Does it mean that you tried the commands in the adb shell from your Computer with connected phone?
That could explain why it isn't working. The commands must be typed in directly on the phone for deactivation.
I use the App 'Terminal Emulator' from F-Droid for this.
Link: https://f-droid.org/app/jackpal.androidterm
You could try it with that app once more. Apart from that i'm running out of ideas atm.
ZXR said:
One off-topic question:
Do you have an idea how to open the IP 0.1.0.1:0 in AFWall? It is used for VoLTE, but even I use th script line above (with 0.1.0.1) it still gets blocked. I have to open UID 1000 completely...
Click to expand...
Click to collapse
Sorry, but no. I don't use VoLTE or Scripts in AfWall+.