[Q] Application tracing to find network paths - Android Q&A, Help & Troubleshooting

Hi all, I usually dont post on here as I am usually able to figure most things out myself including rooting, harware replacements, app installs using apks and data, generally overall quite proficient but I find myself lost on this one. Thats where the wonderful brains of XDA come in. Basically I have an issue where a certain application uses a login at launch. The application actually redirects to a website to verify the username and password combo. During the first login attempt, it will produce a username and password error. If you close the application and attempt to log in again, same issue. The username/password error is produced in a pop up window with an ok option on it to acknowledge error. Heres where things get a little interesting. If you do not exit the application and hit ok on the error window, you then have the option to try to log in again without relaunching app. This will work every single time. So basically what I am trying to figure out is a way to trace the app on both instances to verify where the application may be failing along the network and using the second instance where it works to cross reference to see failure point. I have tried packet sniffer to no avail. Any other suggestions would be greatly appreciated!

Related

[Q] App for sysadmins?

Hello! Very recently one of my servers restarted unexpectedly, since one of my services does not start on boot that service was down all day until I got home.
Someone in my IRC-channel said to me that some kind of script would be good to check if a server was up, he said that the script would check if the server is up, if it is not up it would send me a text message. I took that script a bit further by making an app for it. So here I am today. Having multiple ideas of how I am going to continue development of this app, it has becomed more a IDS than a check-if-up-app.
Features that I am about to implement:
Checks response time
Checks if service is up (by checking if it can connect to specified port)..
It will be able to see how much processor and memory the server is using (through SSH)
Will be able to check for file changes in a directory (through SSH)
Will have similar features as fail2ban, notify if any bruteforce attempt is happening, notify if any unrecognized IP has logged in to the server (through SSH).
As you might see most of the features will use SSH, mostly because of not having to install software on the server.
How many out there do you think would be interested in this kind of app? Is it worth continue developing?

[Q] ROM developers: How to increase concurrent HTTP connections?

Hi Folks,
My company is importing some Android-based TV boxes from China, and we're experiencing a strange bug with some apps we are developing to run on them. I'm trying to find a specific solution that I can tell them to implement in a firmware upgrade, but I am not sure where to look, so I hope someone here can help!
Anyway here is the problem. In some apps (especially Adobe AIR-based ones), there seems to be a limit to concurrent HTTP requests to a web server. On an earlier ICS 4.0.4 firmware for these devices, this did not cause any problems. But they recently released a JB 4.1.1 firmware, and this problem occurs.
Let's say an app requests 20 items by HTTP from a web server (XML files, PNG or JPG images). What will happen is about 2/3 of these will be sent back, and the rest just remains blank, as if in a perpetual waiting status.
Looking at the web server's logs, there is no requests at all for these missing items.
And, it's totally random. If you re-launch the app, the missing items will be different ones.
So, I am guessing the app can only request so many things at the same time.
No, does anyone know of a system property that could be adjusted to solve this?
BTW I am unable to replicate this bug on any other device. The TV boxes in question are based on Rockchip 3066 SoC's
Using modern HTTP (i.e. HTTP/1.1), you should never open an excessive amount of sessions. Never more than four simultaneous. Using HTTP/1.1 keep-alive, all requests are sent using those four sessions interleaved. If opening one session per object, and doing this in parallel, you'd most certainly lose things due to resource starvation, e.g. the server gets out of worker forks.
That's the weird thing, on the web server, keepalive is on (I also tested with it off, it was worse)
So maybe it's the opposite, AIR or the firmware or something is trying to send more requests than it should, so some are blocked indefinitely?
eTiMaGo said:
That's the weird thing, on the web server, keepalive is on (I also tested with it off, it was worse)
So maybe it's the opposite, AIR or the firmware or something is trying to send more requests than it should, so some are blocked indefinitely?
Click to expand...
Click to collapse
Not blocked, but replied with a TCP reset. Run tcpdump to see what's going on.
Thanks for the tip, I managed to root the box and run tcpdump on it, but I'm a bit lost now... I tried to filter RST packets on port 80 but can't seem to find any.
Any hints on what I should look for/command syntax to use?
eTiMaGo said:
Thanks for the tip, I managed to root the box and run tcpdump on it, but I'm a bit lost now... I tried to filter RST packets on port 80 but can't seem to find any.
Any hints on what I should look for/command syntax to use?
Click to expand...
Click to collapse
Dump all packets between the hosts: tcpdump -i ethx -s1500 -w packets.pcap host host.nr.one and host host.nr.two
Run the app, then analyze the packets.pcap file for any anomalies (tcpdump -r packets.pcap).

[Q] Whisperpush by Cyanogenmod

The latest update to CM10.2 on Xperia U today, brought the whisperpush. I googled it. basically there is no clear instruction or no elaboration on how to set this feature up or what this feature actually does. Someone knows anything about it?
mukul1233 said:
The latest update to CM10.2 on Xperia U today, brought the whisperpush. I googled it. basically there is no clear instruction or no elaboration on how to set this feature up or what this feature actually does. Someone knows anything about it?
Click to expand...
Click to collapse
I got this from CM11 and Gapps are needed to get it work, so I didn't got it working.
Got this from the CM site, too clear for me.
In July, Koush announced that CyanogenMod would be seeing integrated, system-wide secure messaging integration with compatibility with TextSecure. For those unfamiliar, TextSecure is an open-source cross-platform (iOS and Android) client that encrypts your SMS messages both locally, and over the air when sending to other TextSecure users. The application is maintained by Open WhisperSystems, and lead engineer Moxie Marlinspike.
Click to expand...
Click to collapse
When I use a vanilla Android 4.3 together with Textsecure and send a text message to a registered Whisperpush system (Cgm Kitkat) with gapps. Nothing seems to happen. It should be compatible right?
Via Android & Tapatalk 2.
rigelq said:
When I use a vanilla Android 4.3 together with Textsecure and send a text message to a registered Whisperpush system (Cgm Kitkat) with gapps. Nothing seems to happen. It should be compatible right?
Via Android & Tapatalk 2.
Click to expand...
Click to collapse
Did you get it working? According to what I found in my searches it should be compatible. But up to now, all my tries sending encrypted messages between CM10.2 with Whisperpush and a non-rooted mobile with TextSecure fail. Any hints?
There doesn't appear to be any documentation other than the API description and one blog post about it. I had no luck making it work. The TextSecure app itself works fine for me - it works, as far as I can tell, by becoming the default SMS app and thus getting all incoming SMSes and sending all outgoing SMSes, so that it's able to negotiate keying with the partner.
The integration of WhisperPush in CM11 appears to be designed to make it so you don't need to use a specific SMS app, instead intercepting SMS messages at a lower layer and doing keying negotiation there, so that the user-facing app doesn't need to deal with the specifics. I also read somewhere that CM runs their own WhisperPush server distinct from the one used by the TextSecure app, but that the servers are federated so that clients of one should be able to interact with clients of the other.
However, when trying to exchange messages between a TextSecure phone and a CM11 phone, they clearly don't negotiate anything. When sending a message from the CM11 phone, the TextSecure phone receives the plaintext SMS message immediately; it never receives a negotiation message nor is there a way to ask the CM11 phone to initiate a secure session. In theory the middleware layer could discover that the destination phone number has registered itself with the server(s) and automatically try to initiate a secure session without being asked to, but it never did this while I was experimenting with it.
When sending a message from the TextSecure phone to the CM11 phone using the TextSecure app, there is a "Initiate" button by which you can explicitly ask it to initiate a secure session. When you do this, it sends a negotiation message to the CM11 phone in order to set up the session. However, on the CM11 phone, this message is received as a plain text SMS and just displayed - it isn't intercepted by the middleware and thus the session does not get set up and CM11 never adds the other contact's key to its contact key list.
So I'm guessing part of it just hasn't been written yet. I struck out completely on trying to even find a place to discuss or ask questions about this, so I'm posting it on this thread in the hopes someone will find it while searching for the same problem and have some ideas. I don't get the impression the authors, either on the CM or WhisperSystems sides, want to hear from end users who just can't figure out how to make it work. Unfortunately I have only a very rudimentary grasp of java and android app development, and quickly got lost trying to understand the source code, though I do think it's great that it's there.
I think it would be awesome if there were some software similar to this but that "just worked" to the extent that naive end users could be using it by default without having to do much of anything to get it working - maybe some day.
epv.
I made the same observation. I could not successfully establish an encrypted connection between a whisperpush-enabled CM-device and a non CM-device with text secure. Nor did I find any information on the web regarding this.
A shame, I think this would be a really interesting feature of CM. At least, I'm not the only one who doesn't get it working...
The worst part is apparently there is no way to unregister from cm's Whisperpush servers which entails that you cannot register onto textsecures whispersystem servers. Therefore if you are running cm and want the push services from the textsecure app well then you are **** ouf of luck apparently for the moment. The whole process is supposed to be seamlessly and transparent but it seems to be becoming more of a burden which is sad because i love the concept they are trying to pitch. I guess cm kinda ruined it when when their servers were distinct from and textsecures whispersystems and failed a devlivering a notifaction when you are actually in a encrypted enviremoent. All my searches for a solution to my dilemma led me here hence why i am posting my thoughts where i guess more willing users should be able to act upon this problem.
I used the last days TextSecure on top of CM, which worked for me via SMS. Before the latest update, I did not get any registration from TextSecure. My hope was now, that after the update it might work, but I did not yet have time to try. I'll test it this evening, but you're not putting my hopes high.
I am facing the same problem. Does anybody have a solution yet? :crying:
How to contact Cyanogenmod, so my number can be deleted?
kyuubie said:
The worst part is apparently there is no way to unregister from cm's Whisperpush servers which entails that you cannot register onto textsecures whispersystem servers. Therefore if you are running cm and want the push services from the textsecure app well then you are **** ouf of luck apparently for the moment. The whole process is supposed to be seamlessly and transparent but it seems to be becoming more of a burden which is sad because i love the concept they are trying to pitch. I guess cm kinda ruined it when when their servers were distinct from and textsecures whispersystems and failed a devlivering a notifaction when you are actually in a encrypted enviremoent. All my searches for a solution to my dilemma led me here hence why i am posting my thoughts where i guess more willing users should be able to act upon this problem.
Click to expand...
Click to collapse
Same problem here... any solutions now?
IceTi said:
Same problem here... any solutions now?
Click to expand...
Click to collapse
I haven't tried it yet but this workaround seems to be successful for a few users. http://forum.cyanogenmod.com/topic/87482-critical-flaw-in-whisperpush/ .This discussion seems to be relevant to a bug report that's been going on with cm and someone seems to have come up with a smal hack that requires adb and cURL.
"I just unregistered using adb. For completeness, this is the complete sequence of what I did:
Phone:
- Developer options
- Root access -> Apps and ADB
- ADB over network -> check
PC:
$./adb connect <device ip>
$./adb shell
Phone:
$ su
# cat /data/user/0/org.whispersystems.whisperpush/shared_prefs/org.whispersystems.whisperpush_preferences.xml
# exit
$ exit
At some point the phone will ask if you want to give permission. Remember to reset the Developer options settings when done.
The printed contents from fields "pref_registered_number" and "pref_push_password" must be copied in the curl line below:
PC:
$ ./adb disconnect
$ curl -v -k -X DELETE --basic --user $pref_registered_number:$pref_push_password https://whisperpush....1/accounts/gcm/
Relevant response from curl:
[...]
* Server auth using Basic with user '<phone number>'
> DELETE /v1/accounts/gcm/ HTTP/1.1
> Authorization: Basic <some key>
> User-Agent: curl/7.33.0
> Host: whisperpush.cyanogenmod.org
> Accept: */*
>
< HTTP/1.1 204 No Content
Now wait for, say, 30 minutes and try registering TextSecure. For me this worked." by storm49152
EDIT: I can confirm that this method worked for me, currently unregistered from cm's whisperpush systems and registered now with texsecure's Open whipser systems.
Confirmed working.
ADB isnt needed, only this file. Can be opened in Root Explorer too.
I had to use curl on my linux machine, as curl on Win 7 was not supporting https.
Yeah, worked for me too!
Just tried with cm's WhipserPush and non-cm TextSecure. I had to reregister on my cm device and now it works :laugh:
But I don't get delivery reports, I don't have group chat and picture was not received...
I'm still on CM10.2.1 Does anybody know if this is solved in CM11?
Now I also use TextSecur App, as I want to have group chat and possibility to send pictures. First had to disable privacy guard. It stopped TextSecure from catching the verification SMS. Deregistered like described above.
For those who need a fix for this and aren't on the phone they registered with, I've written a Ruby script to fake a registration and use that registration to unregister all devices associated with the number. You'll need to be able to receive a text message to the number you want to unregister, but for legitimate use that shouldn't be a problem.
https://github.com/daveio/whisperpush-unregister
Hello I own a Nexus 4 and I can't unregister from CyanogenMod Whisperpush. I tried everything : the Ruby script, the official way from Cyanogen's privacy settings, the adb way;I also tried to flash the last nightly but every time I try to register within the TextSecure app it shows the same error message. Can you please help me in this?
Thank you
Inviato dal mio Nexus 4 utilizzando Tapatalk

Torque Pro OBD app and data logging

So i got myself an OBD bluetooth scanner and the Torque app...bloody brilliant.
So much information!
anyway, i cant seem to get it to upload data logs to the web viewer?
i have my account created and setup correctly but nothing in the web viewer when i log in.
Does anyone use the app and have any ideas on how to get this to work?
Secondary i have e-mailed myself some data logs and cant get them to open properly?
I cant seem to get Track Recorder to work with Torque Sync software, it stucks at Searching for Torque
Valiceemo said:
So i got myself an OBD bluetooth scanner and the Torque app...bloody brilliant.
So much information!
anyway, i cant seem to get it to upload data logs to the web viewer?
i have my account created and setup correctly but nothing in the web viewer when i log in.
Does anyone use the app and have any ideas on how to get this to work?
Secondary i have e-mailed myself some data logs and cant get them to open properly?
Click to expand...
Click to collapse
I imagine the particular posters have found answers to their problems seeing as this thread
dates from 2014 but I thought it might be worthwhile answering all the same as I ran in to the same niggles when I began using this app so if anyone searching these issues subsequently may find some worth from my reply.
First of all as a far as experience and knowledge is concerned. Firstly with cars;fixing,modifying, engine management tuning, obd2, diagnostics. Basically my auto knowledge is extremely wide and extensive from approx 35 years of obsession and getting stuck in an the deep end whereas my knowledge and experience of computers and smart phone tech is on much, much shakier ground
In fact, for those of my vintage. i.e late 30s,early 40s remember when we were kids. and programmable VCRs were the height of cutting edga technology. Well I'm like the way our parents and grand parents were then. i.e pretty much baffled by it and even following the instructions it was hit and miss whether you actually managed to record that film rhat was on at 4am lol.
So for the second issue brought up by the OP it doesn't matter whether you email yourself the log file or not (I found the few times i tried it that the file wouldn't attach and when it did the problem was the same anyway) you need Microsoft Office or any other type of office suite to view the files. On the pc i have Microsoft office but had to download an app to my phone to view. csv files. Again an office suite that not only displays. csv files but puts them into a spreadsheet format is required.
As for the first issue it's preferable in every way to view the site. on a pc because on the phone display the actual box to sign into is off screen and takes a little bit of zooming out and seaching to find, the same goes after you have signed in when another box appears with a list of the logs files recorded and the tab to choose it. This is where my lack of fundamental computer/web knowledge comes in. I can't tell you why it doesn't sit nicely inti an easily accessible mobile format but it doesn't. Once you've found the first sign in box/pop up it becomes simple, annoying but simple.
As for there being nothing after signing into the webview site successfully all I can assume is either you've no log files to view which you should have if it's all been set up correctly, including choosing which PIDs to send to logfile or the pop up/window where you click on your logfiles is right off screen and has to be looked for. Of course you don't get that problem if accessed using your desktop.

[Q] App/Web Login Issue

Hi there, this is a fairly specific issue I'm running into. I've tried the official forums for the app in question (Hearthstone) as well as the associated subreddit. So far no luck with either of those. Being that this is a more technical forum I figured someone here might have an idea as to what could be causing my problem.
For anyone unfamiliar with Blizzard games, they have a separate app that generates random 8-digit numbers as a 2-step authentication. When logging into the app I can input e-mail/password, it then takes me to the page for the 8-digit number. However once I put the number in, it immediately sends me back to the e-mail/password page with no indication as to why. I tried purposefully entering an incorrect 8-digit number and it does generate an error message. I then tried to log in to Blizzards game service site (Battle.net) and ran into the exact same issue. Being that both places I have run into are the same company I am not sure if it is something on their end or something on my tablet that might be causing it.
Anyways any thoughts or suggestions would be greatly appreciated as I have yet to find anything that would give me a clue as to what is causing this.

Categories

Resources