Hello,
I want to install DNScrypt proxy 1.4 on my android phone. You can get it here : download.dnscrypt.org/dnscrypt-proxy/
Could someone please make a tutorial an tell me how to install this? I want it to work with following DNS server: https://dnscrypt.eu/
It is a great enhancement in security and I would be glad if someone can get it to work and tell us.
Regards
Is nobody interested in this? [emoji20]
Can't believe there is no response. Is no one of the XDA members who looked at this able to install DNScrypt on there phone?
Do you prefer flappy bird clones over such a security enhancement?
Bump again then.
Bump
Another bump for all secureless xda members
XDA members are not able to install a tar.gz package on their android phone? Aww, really guys?!
B u m p
Seriously, no one...?
How to install dnscrypt on android
Requirements:
rooted phone
installed busybox
some handy tools like terminal emulator or ssh daemon for testing purpose, file explorer with acces to system partition
dnscrypt: https://copy.com/M6r38z6g3iyj (thanks to GitHub esp. @daddybr, KionLi...) - files for arm7
About:
We need to run dnscrypt every time phone is booted - for this purpose is necessary to add script "dnscrypt" into "init.d" directory In this script-file you can also change parameters like used resolver/provider etc.
dnscrypt-proxy is main binary file which will provide dnscrypt service for us. There is also script to start/stop dnscrypt-proxy service anytime we need and made some other usefull things for us...
How to:
check if directory "init.d" in /system/etc/ exist - if there is not such directory use program "Universal Init.d" and create it - otherwise follow bellow
extract downloaded files and put it into same directories they are, just to system partition (u can use any file browser with access to system partition, eg. Solid Explorer)
check if there is file "resolv.conf in /system/etc/ directory
- if there is not such file create it and put this into it "nameserver 127.0.0.1"
- if there is such file check if "nameserver 127.0.0.1"and delete else
all files putted in directory /system/xbin/ should have right permission to work correctly
Checking functionality:
Easiest way is to visit "www.opendns.com/welcome"
If it is working you will get something like "Your Internet is safer, faster, and smarter..."
If it is not working you will get something like "OOPS..."
Other way is to run nslookup in terminal emulator and check if you get 127.0.0.1 and name, eg "nslookup 8.8.8.8"
The hardest way is to use wireshark or tcpdump and analyze traffic while browsing on the phone..., eg. http://askubuntu.com/questions/105366/how-to-check-if-dns-is-encrypted
Also you can check if dnscrypt-proxy is running in terminal , eg. "ps w |grep dnscrypt"
DNS setting
Did anyone got this one to work? I did all the steps mentioned but it seems that the resolv.conf is not being checked. I even try with apps to change dns settings (dnset, dnschanger..) it just seems that the dynamic dns assigment takes precedence, it keeps going to the dynamically assigned DNS server when on wifi and LTE. Aside from that I did not have any issues, dnscrypt runs fine with all arguments. I'm trying this on a Verizon Galaxy S5.
<dexter> said:
Did anyone got this one to work? I did all the steps mentioned but it seems that the resolv.conf is not being checked. I even try with apps to change dns settings (dnset, dnschanger..) it just seems that the dynamic dns assigment takes precedence, it keeps going to the dynamically assigned DNS server when on wifi and LTE. Aside from that I did not have any issues, dnscrypt runs fine with all arguments. I'm trying this on a Verizon Galaxy S5.
Click to expand...
Click to collapse
Yes, working here.
Had trouble with afwall though, but this post http://forum.xda-developers.com/showpost.php?p=54263022&postcount=8 helped me.
Script i've used:
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -A "afwall" --destination "208.67.220.220" -j RETURN
You can restrict the last line to only UDP 443 if you want.
Confirmed packets with tcpdump, blocked UDP 53 at my router.
piscoo said:
Yes, working here.
Had trouble with afwall though, but this post http://forum.xda-developers.com/showpost.php?p=54263022&postcount=8 helped me.
Script i've used:
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -A "afwall" --destination "208.67.220.220" -j RETURN
You can restrict the last line to only UDP 443 if you want.
Confirmed packets with tcpdump, blocked UDP 53 at my router.
Click to expand...
Click to collapse
Could you please write a small, complete guide for the installation of DNScrypt? I still can't get it to work.
Draygon said:
Could you please write a small, complete guide for the installation of DNScrypt? I still can't get it to work.
Click to expand...
Click to collapse
Flash this zip from recovery. It works
Do you have any source for this?
How can I enter the IP address of the service I want to use?
Draygon said:
How can I enter the IP address of the service I want to use?
Click to expand...
Click to collapse
Edit /etc/init.d/dnscrypt and see here
So you compiled DNScrypt for Android from this source at github?
Draygon said:
So you compiled DNScrypt for Android from this source at github?
Click to expand...
Click to collapse
No. I just flashed zip file and investigated on it
Anyone flash this zip besides the guy who posted it? Can't find much reference to this file name anywhere dnscrypt-5-armv7-opendns.zip
lamero1 said:
No. I just flashed zip file and investigated on it
Click to expand...
Click to collapse
How do you set your phones global DNS setting for any dynamic IPs on any network? I cannot figure out how to point my phone to 127.0.0.1
Draygon said:
So you compiled DNScrypt for Android from this source at github?
Click to expand...
Click to collapse
Assuming you have the Android NDK installed (no idea how to do it under Windows; Cygwin has never been my forte... Under Arch all you need to do is install the packages from the AUR), it's insanely easy to do yourself, thanks to the build scripts in the libsodium and dnscrypt packages.
Code:
export ANDROID_NDK_HOME=${ANDROID_NDK} # Or wherever your NDK dump happens to be residing
mkdir ~/dnsc && pushd ~/dnsc
This part deals with signature verification, used to determine we have not received a tampered-with copy of DNSCrypt. This page is being delivered over unsecured HTTP, so don't necessarily trust what's being written here.
Again: REMEMBER THAT THIS PAGE IS UNSECURE (granted, I imagine a person intending to cause malice would remove these warnings but, hey, it's not like I have alternatives). I'm also not a security expert in the slightest, so it wouldn't be surprising if it transpired I was giving bad advice.
Read http://doc.libsodium.org/installation/README.html for instructions on how to get libsodium's SHA256 hashsum (which you can verify against the file you've got downloaded by running sha256sum) and for the public key used to sign the downloaded files. It can be imported by copying it, pasting it into a Notepad etc. instance, saving it and running gpg --import <whatever.gpg>.
Use your own judgement, other keyservers and Google to determine whether you have jedisct1's real key.
Download dnscrypt's dependency, libsodium:
Code:
curl -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz.sig
Verify the file's signature:
Code:
gpg --verify libsodium-1.0.2.tar.gz.sig libsodium-1.0.2.tar.gz
I get the following (the warning can be ignored -- unless you've managed to verify the key with jedisct1 in person):
Code:
gpg: Signature made Tue 10 Feb 2015 10:59:17 AM GMT using RSA key ID 2B6F76DA
gpg: Good signature from "Frank Denis (Jedi/Sector One) <redacted>" [unknown]
gpg: aka "Frank Denis (Jedi/Sector One) <redacted>" [unknown]
gpg: aka "Frank Denis <redacted>" [unknown]
gpg: aka "Frank Denis <redacted>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 54A2 B889 2CC3 D6A5 97B9 2B6C 2106 27AA BA70 9FE1
Subkey fingerprint: 0C79 83A8 FD9A 104C 6231 72CB 62F2 5B59 2B6F 76DA
If everything looks OK, then continue. Conversely, if anything is out of place, then abort. Seriously.
Untar and go to the directory with the libsodium code:
Code:
tar xf libsodium-1.0.2.tar.gz && pushd libsodium-1.0.2
It's not in the tarball yet, so download this into the dist-build folder and chmod 0755 it.
If running into problems, edit aandroid-armv7-a.sh and do the following:
change TARGET_ARCH to arm
set the march value to armv7-a
Start building libsodium:
Code:
./dist-build/android-armv7-a.sh
I get the following dumped:
Code:
[email protected] ~/dnsc/libsodium-1.0.0 % ./dist-build/android-arm.sh
<configure output removed>
libsodium has been installed into /home/faheem/dnsc/libsodium-1.0.0/libsodium-android-arm
./dist-build/android-arm.sh 21.97s user 2.72s system 165% cpu 14.927 total
Note the line saying where libsodium has been installed. Let its value be stored in the environment:
Code:
export SODIUM_ANDROID_PREFIX=<folder where libsodium has been installed, as reported by android-arm.sh>
Consider removing debugging symbols to reduce the size of the file:
Code:
./android-toolchain-arm/arm-linux-androideabi/bin/strip $SODIUM_ANDROID_PREFIX/lib/libsodium.so
I won't repeat what's on the main dnscrypt.org site or, really, what I've already written.
popd back to the ~/dnsc folder and download the latest version of dnscrypt and its signature. Follow the instructions on the website to verify the tarball's SHA256SUM and run gpg like above to verify the tarball against the signature. If everything is OK, untar dnscrypt like we did libsodium.
Run to build:
Code:
./dist-build/android-armv7.sh
If running on Lollipop, make the changes below, as per alihassani:
add -fPIE to the end of the CFLAGS
place export LDFLAGS="-fPIE -pie" under the CFLAGS line
If running into problems running android-armv7.sh, make the applicable changes above again.
After it's been built, you'll get this:
Code:
[email protected] ~/dnsc/dnscrypt-proxy-1.4.1 % SODIUM_ANDROID_PREFIX="$HOME/dnsc/libsodium-1.0.0/libsodium-android-arm/" dist-build/android-armv7.sh
<configure output snipped>
dnscrypt-proxy has been installed into /home/faheem/dnsc/dnscrypt-proxy-1.4.1/dnscrypt-proxy-android-armv7
Again, consider stripping the resulting binary. Transfer, fix permissions etc.
Some notes:
The binary is dynamically linked to libsodium. If installing, you'll need to copy libsodium.so to /system/lib. If you're just testing you can put libsodium.so in the same folder as the dnscrypt-proxy binary and invoke dnscrypt-proxy as such: LD_LIBRARY_PATH=<path to current folder> ./dnscrypt-proxy
The prefix is weirdly set by the android-build script. You'll need to point dnscrypt to the resolver list manually (I recommend putting it somewhere on the system partition as a file on the [internal] SD card is too easy to change): https://github.com/jedisct1/dnscrypt-proxy/issues/123
Related
Hey there.
Has anyone got the MobileAP.apk deoxed? and the jar?
I tried using a few deoxers + few java decompilers with no luck.
I think it would be a good addition.
This has been done by Jr33 Find it @ http://forum.xda-developers.com/showthread.php?t=756804
have you tried smali/baksmali?
jroid said:
have you tried smali/baksmali?
Click to expand...
Click to collapse
Yea, I tried baksmali in VM. and JD-GUI.
Here are the files.
If anyone has success.
Do you know what deodexing is? Because that file you attached is already deodexed
JesusFreke said:
Do you know what deodexing is? Because that file you attached is already deodexed
Click to expand...
Click to collapse
O please just one JF build please
Sent using xda app...
Of course i do. And i know its deoxed.
Im trying to see why it wont run. Looking for a hand. I want infastructure mode
Sent from my SGH-T959 using XDA App
rhcp0112345 said:
Of course i do. And i know its deoxed.
Im trying to see why it wont run. Looking for a hand. I want infastructure mode
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
It wont run without all the libraries and binaries installed.
I'm trying to get it running, but its complaining about missing a shared lib that isnt in the source or on the phone (mobileap).
Still looking though...
JesusFreke said:
Do you know what deodexing is? Because that file you attached is already deodexed
Click to expand...
Click to collapse
are you serious.. definitely wasn't expecting to see JF in a vibrant forum
blackeyedbrian said:
It wont run without all the libraries and binaries installed.
I'm trying to get it running, but its complaining about missing a shared lib that isnt in the source or on the phone (mobileap).
Still looking though...
Click to expand...
Click to collapse
Which one are you seeing?
I have access to most of the firmwares and such. and i can deox the files and such.
Let me know. maybe you found somethng.
rhcp0112345 said:
Which one are you seeing?
I have access to most of the firmwares and such. and i can deox the files and such.
Let me know. maybe you found somethng.
Click to expand...
Click to collapse
I think I got past that point.
Here's what im doing :
All these files are from the i9000 dump
Code:
push these libraries to /system/lib (from /system/lib)
libwlp2p.so
libwlp2pclient.so
libwlp2penablejni.so
libwlp2pjni.so
libwlp2pservice.so
libwlwpscli.so
libwldhcp.so
push the service binary wlp2pservice to /system/bin/ (from /system/bin)
push initialize_nat.sh to /system/etc/ (from /system/etc)
The current problem is running
Code:
service mobileAP /system/bin/wlp2pservice
If i just run that binary, it gives me this
Code:
# wlp2pservice
wlp2pservice
WLP2PService::instantiate
WLP2PService created
WLP2PService destroyed
*****************
Previous dns 1 and 2
*****************
iptables: No chain/target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
================= Shutting down p2papp ================
ideas?
blackeyedbrian said:
I think I got past that point.
Here's what im doing :
All these files are from the i9000 dump
Code:
push these libraries to /system/lib (from /system/lib)
libwlp2p.so
libwlp2pclient.so
libwlp2penablejni.so
libwlp2pjni.so
libwlp2pservice.so
libwlwpscli.so
libwldhcp.so
push the service binary wlp2pservice to /system/bin/ (from /system/bin)
push initialize_nat.sh to /system/etc/ (from /system/etc)
The current problem is running
Code:
service mobileAP /system/bin/wlp2pservice
If i just run that binary, it gives me this
Code:
# wlp2pservice
wlp2pservice
WLP2PService::instantiate
WLP2PService created
WLP2PService destroyed
*****************
Previous dns 1 and 2
*****************
iptables: No chain/target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
================= Shutting down p2papp ================
ideas?
Click to expand...
Click to collapse
Wow damn dude. I think you are close++++++++++++++++
UMMM!!!!
Can you post a zip of all those files? also that binary from one of the dumps? or if you dont have.
Ill search. I think you may have it!
rhcp0112345 said:
Wow damn dude. I think you are close++++++++++++++++
UMMM!!!!
Can you post a zip of all those files? also that binary from one of the dumps? or if you dont have.
Ill search. I think you may have it!
Click to expand...
Click to collapse
http://www.megaupload.com/?d=L8STY6UW
There's on more lib file to push, libwlw.so
If you do all this, and then try to install the apk with adb, it will error out with INSTALL_FAILED_MISSING_SHARED_LIBRARY , so there's still quite a few pieces missing.
blackeyedbrian said:
http://www.megaupload.com/?d=L8STY6UW
There's on more lib file to push, libwlw.so
If you do all this, and then try to install the apk with adb, it will error out with INSTALL_FAILED_MISSING_SHARED_LIBRARY , so there's still quite a few pieces missing.
Click to expand...
Click to collapse
Very nice.
If you logcat during the install process? any errors?
I will try this soon. Works fine on the vibrant though? no brick? etc? Im asking since you tested it seems
rhcp0112345 said:
Very nice.
If you logcat during the install process? any errors?
I will try this soon. Works fine on the vibrant though? no brick? etc? Im asking since you tested it seems
Click to expand...
Click to collapse
No brick yet =)
logcat will only show anything when trying to install the apk, the other stuff is at a lower level.
Code:
08-10 16:27:48.492: ERROR/PackageManager(2305): Package com.sec.android.app.mobileap requires unavailable shared library mobileap; failing!
if there's another lib file for mobileap i dont see it.
blackeyedbrian said:
No brick yet =)
logcat will only show anything when trying to install the apk, the other stuff is at a lower level.
Code:
08-10 16:27:48.492: ERROR/PackageManager(2305): Package com.sec.android.app.mobileap requires unavailable shared library mobileap; failing!
if there's another lib file for mobileap i dont see it.
Click to expand...
Click to collapse
nice. I will be trying this soon. Lets see there must be something missing.
Ill have to compare the ones you pulled VS i9000.
rhcp0112345 said:
nice. I will be trying this soon. Lets see there must be something missing.
Ill have to compare the ones you pulled VS i9000.
Click to expand...
Click to collapse
What dump are you using? I only have the i9000 /system dump so i dont have /lib/modules etc
blackeyedbrian said:
I think I got past that point.
Here's what im doing :
All these files are from the i9000 dump
Code:
push these libraries to /system/lib (from /system/lib)
libwlp2p.so
libwlp2pclient.so
libwlp2penablejni.so
libwlp2pjni.so
libwlp2pservice.so
libwlwpscli.so
libwldhcp.so
push the service binary wlp2pservice to /system/bin/ (from /system/bin)
push initialize_nat.sh to /system/etc/ (from /system/etc)
The current problem is running
Code:
service mobileAP /system/bin/wlp2pservice
If i just run that binary, it gives me this
Code:
# wlp2pservice
wlp2pservice
WLP2PService::instantiate
WLP2PService created
WLP2PService destroyed
*****************
Previous dns 1 and 2
*****************
iptables: No chain/target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:372
iptables: No chain/target/match by that name
================= Shutting down p2papp ================
ideas?
Click to expand...
Click to collapse
The issue here. Is. There is a iptable rule that is supposed to exist which doesnt.
You know anyone with a i9000 euro? who could do a iptables? and show a list?
we may be missing a script to make these. Ill look around the i9000 files.
Yea,
# Delete Previous MobileAP NAT Setting
# Step 1 : Masquerading
iptables -t nat -D POSTROUTING -o pdp0 -j MASQUERADE
iptables -t nat -D POSTROUTING -j ACCEPT
# DNS Setting
iptables -t nat -D PREROUTING -i wl0.1 -p tcp --dport 53 -j DNAT --to $bakdns1:53
iptables -t nat -D PREROUTING -i wl0.1 -p udp --dport 53 -j DNAT --to $bakdns1:53
iptables -t nat -D PREROUTING -i wl0.1 -p tcp --dport 53 -j DNAT --to $bakdns2:53
iptables -t nat -D PREROUTING -i wl0.1 -p udp --dport 53 -j DNAT --to $bakdns2:53
Did you try making those two?
using iptables?
iptables -N POSTROUTING
iptables -N PREROUTING
Then run it again?
rhcp0112345 said:
The issue here. Is. There is a iptable rule that is supposed to exist which doesnt.
You know anyone with a i9000 euro? who could do a iptables? and show a list?
we may be missing a script to make these. Ill look around the i9000 files.
Yea,
# Delete Previous MobileAP NAT Setting
# Step 1 : Masquerading
iptables -t nat -D POSTROUTING -o pdp0 -j MASQUERADE
iptables -t nat -D POSTROUTING -j ACCEPT
# DNS Setting
iptables -t nat -D PREROUTING -i wl0.1 -p tcp --dport 53 -j DNAT --to $bakdns1:53
iptables -t nat -D PREROUTING -i wl0.1 -p udp --dport 53 -j DNAT --to $bakdns1:53
iptables -t nat -D PREROUTING -i wl0.1 -p tcp --dport 53 -j DNAT --to $bakdns2:53
iptables -t nat -D PREROUTING -i wl0.1 -p udp --dport 53 -j DNAT --to $bakdns2:53
Did you try making those two?
using iptables?
iptables -N POSTROUTING
iptables -N PREROUTING
Then run it again?
Click to expand...
Click to collapse
That doesnt change anything, but there is another file: /system/etc/enable_pdp.sh . When I ran that, the output of wlp2pservice changed to show the previous dns1 and dns2. but the other errors are the same.
That file is here http://www.megaupload.com/?d=3O60KNPB
blackeyedbrian said:
That doesnt change anything, but there is another file: /system/etc/enable_pdp.sh . When I ran that, the output of wlp2pservice changed to show the previous dns1 and dns2. but the other errors are the same.
That file is here http://www.megaupload.com/?d=3O60KNPB
Click to expand...
Click to collapse
Try running those two commands i told you for iptables.
then running this sh file.
it should kill errors.
Because that SH. Just deletes the data in the chains then repopulates.
Thats the script i was looking for
It should return with no errors.
after you make those two chains -> run this script.
then run the other .sh.
No, no change
Problem:
Tethering problem with my RAZR XT910,PSHAsiaRetail.en
Findings:
Not NAT rule enabled in netfilter.
Solution: This is my simple solution.
0)
Code:
adb shell
1) Get root access.
Code:
$ su
2) Enable NAT in netfilter using iptables, by inserting the rule.
Code:
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE
3) Check with # iptables -t nat -nvL
Example
Code:
# iptables -t nat -nvL
0 0 MASQUERADE all -- * qmi0 0.0.0.0/0 0.0.0.0/0
Conclusion:
Very bad/immature tethering implementation by Motorola.
Updates: 2012--07-13
For ICS 4.0.4 Motorola had changed the FORWAD chain to DROP, and we need change it back to ACCPET to make successful tethering.
Code:
adb shell 'su -c "iptables -F; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE"'
Update 2 2012-07-13
Finally ... the CORRECT way to set up tethering... goto post #21
http://forum.xda-developers.com/showpost.php?p=28698646&postcount=21
Thank you.
Thanks for this! Works well.
Hello to both of you,
this tip is very interesting!
Is there a way to make the same thing under Windows?
Thanks for your help!
Windows? You even can run the commands without connecting to PC/Laptop.
If you want to use Windows, get adb and related driver for windows.
1) Connect your RAZR and let windows 'see' and install driver
2) Start-> Run -> cmd
3) cd \to\path\where\you\put\the\adb.exe
4) adb.exe shell
Now you should get command prompt $ and ready to run commands.
5) $ su
The prompt will change to #, which mean you are going to run commands using 'root' or supervisor power/authority.
6) Type or copy the commands in my previous post.
You also can use Andriod terminal emulator, such as Connectbot in local mode, and continue from step 5)
Good luck.
Thank you.
Hello Bahathir,
I didn't remember the very useful android terminal emulator!
Your tip worked great! Thanks a lot man!
I wonder how Motorola can forget something like that...
Sent from my XT910 using XDA Premium App
the problem turns back by restarting
Hi,
Thanks for your tip, it works very well but after I restart the phone same problem and I need to reenter the codes!
any comments?
Cheers,
Ardal
Yes, I forgot to mention that, this method is temporary. You need to run the commands after reboot. But, it's still better than nothing.
Sent from my XT910 using XDA App
unbelievable bug it this motorola (( hey, I have an idea but dont know how to make it (working on it):
to put these two line commands somewhere like autoexec.bat (I don't know what is equivalent in android)
So you guys know better than me about android, what do you think?
Cheers,
Ardal
Yes ,and it's called init.d or rc.d.
Sent from my XT910 using XDA App
Already done, by help of script manager. Set your commands as a script in etc/init.d/ with SU permission, boot.
I have also sent an email to Motorola Australia and asked them to release an update to solve this problem.
Thank you for the follow up with Motorola. Please update and share us their responses.
Actually, the commands should be invoke when we start tethering ,and should be removed when we stop tethering for enhanced security.
Sent from my XT910 using XDA App
Hi fellow!
Thanks for the tip! It really helped!
I don't know if Motorola "forgot" it, I think it was a way to block Tethering...
Anyway, I managed to permanently apply these modifications without need permanent root. BUT I'M NOT RESPONSIBLE FOR ANY DAMAGE YOUR DEVICE SHOULD HAVE! YOU MUST HAVE A MINIMUM LINUX KNOWLEDGE TO SAFELY EXECUTE THESE STEPS!
1) You will need adb working and the zip file with the scripts necessary to root Droid Razr on Linux / MAC (you can easily find it...)
2) From that zip, take zergRush and extract to a folder.
3) Plug the phone with USB debugging enable and execute:
adb shell 'cd /data/local/tmp/; rm *'
adb push zergRush /data/local/tmp/
adb shell './data/local/tmp/zergRush'
At this point, zergRush will try to obtain root.
After the execution, enter in shell (adb shell), you will see that you will be logged as root! The good point is that it is temporary, if you reboot your device and delete everything on /data/local/tmp/ your device will be exactly the same as it was before root.
4) So, with root access, get rc.local:
adb pull /etc/rc.local
REMEMBER TO BACKUP THIS FILE!
5) Be careful now: edit rc.local and add the following lines:
# Enable Tethering
# http://forum.xda-developers.com/showthread.php?t=1435619
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o qmi0 -j MASQUERADE
at the end of file, just before:
exit 0
OBS.: look that I have modified the original rule and added '-s 192.168.42.0/24'. Here, all devices connected to my RAZR in tethering mode has an ip from LAN 192.168.42.0/24. So, the masquerading will only work when package is coming from this LAN. I think it should increase security and avoid some problems. But remember, if you set up wifi router to assign an IP from another LAN you will have to add another rule!
6) Save and push it back:
adb push rc.local /etc/
7) Enter in shell and gives rc.local permission to be executed:
adb shell
cd /etc
chmod 755 rc.local
exit
8) After it, reboot and the change should be persistent.
I have tested it and, even after a factory reset, the changes are persistent!
Now I can successfully use Wifi and USB tethering.
Thanks one more time for these great information!
Also, I want to thanks tophyr from freenode #android-dev, myn from EFnet #android, and rob0 from freenode #Netfilter.
Ronan
Hi fellows,
EDITED: the problem was gone after I repositioned my router
I'm having a big trouble.
When I enable this, my Wifi connection becomes very unstable. It keeps disconnecting if I heavily use it. Any ideas?
Ronis_BR said:
Hi fellows,
EDITED: the problem was gone after I repositioned my router
I'm having a big trouble.
When I enable this, my Wifi connection becomes very unstable. It keeps disconnecting if I heavily use it. Any ideas?
Click to expand...
Click to collapse
Android Wifi Tether 3.1-beta11, now available for download... http://android-wifi-tether.googlecode.com
Requires root, though... Don't you need root to run iptables anyway? Definitely needed to edit the rc file.
tekahuna said:
Android Wifi Tether 3.1-beta11, now available for download... http://android-wifi-tether.googlecode.com
Requires root, though... Don't you need root to run iptables anyway? Definitely needed to edit the rc file.
Click to expand...
Click to collapse
Yes, you need root to edit rc.local, but, after pushing it back, you don't need it anymore.
Ronis_BR said:
Hi fellow!
Thanks for the tip! It really helped!
I don't know if Motorola "forgot" it, I think it was a way to block Tethering...
Click to expand...
Click to collapse
FYI, my RAZR XT910 is contract free and not from VZW. It also has Hotspot and tethering features. That why I said, the it is the bad implementation at the first place.
# Enable Tethering
# http://forum.xda-developers.com/showthread.php?t=1435619
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o qmi0 -j MASQUERADE
Click to expand...
Click to collapse
Yes, but, to be sure the FORWARDING is enabled, add this line
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enable IP Forwarding in kernel
The ip_forward is 1, when you enabled the Hotspot/tethering, but just in case, if Motorola also disable the IP Forwarding in kernel. Yes, the netfilter's rules NEEDs the ip_froward value to be 1, to make the NATting to works.
BTW, I did not add the '-s 192.168.2.0/24' because, the NATting will not work if user change the hotspot default IP to other than 192.168.2.xxx.
Thank you and great job. I think this is not only for RAZR, but also for most Android smartphones which has 'iptables' command.
Good luck.
Great
bahathir said:
Problem:
Tethering problem with my RAZR XT910,PSHAsiaRetail.en
Findings:
Not NAT rule enabled in netfilter.
Solution: This is my simple solution.
1) Get root access.
2) Enable NAT in netfilter using iptables, by inserting the rule.
Code:
# iptables -t nat -F
# iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE
3) Check with # iptables -t nat -nvL
Example
Code:
# iptables -t nat -nvL
0 0 MASQUERADE all -- * qmi0 0.0.0.0/0 0.0.0.0/0
Conclusion:
Very bad/immature tethering implementation by Motorola.
Thank you.
Click to expand...
Click to collapse
Working great on 2.3.6 Stock, thank you!!!!!
ichi go said:
Hello Bahathir,
I didn't remember the very useful android terminal emulator!
Your tip worked great! Thanks a lot man!
I wonder how Motorola can forget something like that...
Sent from my XT910 using XDA Premium App
Click to expand...
Click to collapse
you can save to a shell script, let say mytether and execute ./mytether.sh later on...
but the init file is much convenient.
Any idea why doesn't work on Asia.03 ICS was what fixed issue in Asia.03 GB.
Sent from my XT910 using xda premium
Yes.
It is because Motorla had changed the default FORWARD chain policy to DROP, and all packets which going out from other IPs going through it will be dropped and ignored. So no connections for client's.
Here is the default rules.
Code:
$ adb shell 'su -c "iptables -nvL"'
Chain INPUT (policy ACCEPT 460 packets, 282K bytes)
pkts bytes target prot opt in out source destination
0 0 all -- !lo+ * 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
145 8251 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
343 270K all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 325 packets, 34323 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- * !lo+ 0.0.0.0/0 0.0.0.0/0 ! quota globalAlert: 2097152 bytes
145 8251 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
319 34011 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain costly_shared (0 references)
pkts bytes target prot opt in out source destination
0 0 penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain penalty_box (1 references)
pkts bytes target prot opt in out source destination
Look at the FORWARD chain and other bizarre rules. We can change it to a more cleaner rules.
Code:
adb shell 'su -c "iptables -F; iptables -P FORWARD ACCEPT; iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE"'
1) iptables -F : Flush/remove all rules
2) iptables -P FORWARD ACCEPT : Change the default FORWARD chain policy to ACCEPT, which allow all traffic goes through
3) iptables -t nat -A POSTROUTING -o qmi0 -j MASQUERADE : Enable the NAT rule.
Enjoy the tethering and good luck.
Thank you.
My only machine at present is a netbook (Acer Aspire) which is running Fedora 17 (I normally use and recommend Debian).
Building CM7.2 presented quite a few challenges; having finally succeeded, I want to publish some notes to help others with similar constraints. There are doubtless better ways of doing some things set out here (comments welcome), but these worked.
First, Android can only successfully be built and then actually work if built with fairly aged software. Any recent distribution is likely to be troublesome, and FC17 is right out. The best solution appears to be to build in a VM. I built with Debian Wheezy (currently testing) because I had it lying around, but Debian Squeeze is probably the safest bet. One can do a very minimal install, no need for a gui or anything, just the usual tools and libraries.
I first started with VirtualBox on Fedora, using their "Shared Folders". I already had the repo checked out, and wanted to be able to keep the source outside of the VM instead of trapped inside it. VBox in Oracle's infinite wisdom decided not to support symlinks with "Shared Folders", making them useless. This problem appeared only at the end of the build, wasting lots of time.
At this point, I copied the source over to Windows and tried building it with VirtualBox there, which didn't work, so I decided to try Xen on Fedora.
Xen worked, but not very well. There were some crashes and hangs, and the machine could not be suspended.
Worst of all, memory used for guest VMs is permanently subtracted from the host VM, so one has to reboot after one or
two launches of a VM. One plus (on Fedora 17) is that firewall rules are automagically created to allow vibr0, the bridging
network between guest and host, to work so the guest can reach net. I Still needed to
manually add an iptables rule so the guest could access the host, and thus the nfs-exported source code.
Code:
iptables -A INPUT -i vibr0 -j ACCEPT
I probably could have gotten the build to work with Xen at this point, but decided that since I had nfs figured out and
VirtualBox (unfortunately) worked for me a lot better than Xen, I would give VBox another try, using nfs instead of "Shared Folders".
With VirtualBox, the default NAT network makes the host unreachable, so one needs to use two adapters
on the guest, one "Host-Only Adapter" to access NFS on host, one NAT adapter to be
able to reach the net (not strictly needed). I then needed to do a manual dhclient on NAT adapter to get the NAT access working:
Code:
dhclient eth1
On the host ,I needed to adjust iptables to open the firewall for the vbox NAT adapter
(192.168.56.0/24 at present) and enable masquerading. Note that no thought is given to security:
Code:
iptables -A INPUT -i vboxnet0 -j ACCEPT
-A FORWARD -i vboxnet0 -j ACCEPT
-A FORWARD -o vboxnet0 -j ACCEPT
-A POSTROUTING -s 192.168.56.0/24 ! -d 192.168.56.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.56.0/24 ! -d 192.168.56.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.56.0/24 ! -d 192.168.56.0/24 -j MASQUERADE
On the Debian guest, other than doing
Code:
dhclient eth[01] (whichever one is the NAT interface, see output of
inconfig -a)
nothing special was required beyond typical nfs mount.
On Fedora, nfs doesn't seem to start by itself; I had to do:
Code:
service rpcbind start
and then
Code:
service nfs start
to get it going.
Netbooks are not made to build software. Letting a build run without taking some measures eventually results in overheating and crashing.
I did all of the below manually, but using tools such as cpupower in package kernel-tools in Fedora 17 (used to be pacakge [
cpufrequtils is easier. There doesn't seem to be a command or sysctl setting to set ignore_nice_load.
Setting ignore_nice_load for the ondemand cpufreq governer should have done the job, but for some reason didn't work, even with both the build and the whole VM process niced:
Code:
[[email protected] ondemand]# pwd
/sys/devices/system/cpu/cpufreq/ondemand
[[email protected] ondemand]#
[[email protected] ondemand]# echo 1 >ignore_nice_load
I had to change the governor from ondemand to powersave, and had to do it for both cores. The easy way (with Fedora 17) is
Code:
cpupower frequency-set -g powersave
The manual way, in case the above is not available, is:
Code:
[[email protected] cpufreq]# pwd
/sys/devices/system/cpu/cpu0/cpufreq
cat scaling_available_governors
conservative userspace powersave ondemand performance
[[email protected] cpufreq]#
echo powersave >scaling_governor
[email protected] cpufreq]# pwd
/sys/devices/system/cpu/cpu1/cpufreq
and so forth.
This locked both cores at 800000 instead of 1000000 (those are the two speeds in the AMD C60). I also have the netbook elevated so heat can't collect underneath it. Having taken these measures, it can build CM (overnight or longer) without problems.
I hope these notes are useful to someone.
I learned about this here... http://fieldeffect.info/w/NativeCompileSDK
You can install an i386/x86_64 chroot within your existing Debian chroot using qemu-user-static to run the Android SDK on your Android phone/tablet/phablet.
1.
Get yourself a debian chroot, I recommend at least 2gb. I use DebianKit from market.
2.
You will need a X11 desktop environment and a VNC client on your device. I use androidVNC from market.
Here is my working example...
Start your Debian chroot/environment and do...
apt-get install openbox openbox-themes obmenu obconf menu menu-xdg xdg-utils xfonts-base xfonts-terminus* nautilus terminator lxappearance gmrun leafpad man-db hicolor-icon-theme tightvncserver tint2
That gives you a window manager, fonts, filebrowser, terminal emulator, text editor, theme manager, taskbar, and a VNC server.
Now lets get some GTK engines and libraries....
apt-get install gtk2-engines-auroa gtk2-engines-murrine gtk2-engines-oxygen gtk2-engines-pixbuf libgtk2.0-bin gtk3-engines-oxygen gtk3-engines-unico libgtk-3-bin
Now 7zip to handle zips and archives comfortably(put non-free in your apt sources.list)...
apt-get install p7zip p7zip-full p7zip-rar zip unzip
##The Android SDK manager, qemu, and multistrap##
apt-get install ant file openjdk-6-jre openjdk-6-jdk qemu-user-static libswt-gtk-3-java libswt-cairo-gtk-3-jni
3.
Now we can build a small x86_64 rootfs using multistrap
multistrap can use a config, have mine...
http://db.tt/hS5j3wg
Copy multistrap.conf straight into your working(pwd) directory....
cp /sdcard/Download/multistrap.conf .
Do this to avoid multistrap complaining later...
cat multistrap.conf >mstrap
mkdir /data/mnt
Determine size of rootfs for loop image..
du -hs /data/mnt/
Now make an image for x86_64 chroot
dd if=/dev/zero of=/sdcard/64bit.img bs=$(( 0x100000 )) count=YOUR IMAGE SIZE
That byte size makes your image slightly larger than the count value in Mb, for example count=78 will write 82Mb image.
mkfs.ext2 /sdcard/64bit.img
tune2fs -c0 /sdcard/64bit.img
mkdir /data/tmp
busybox mount -o loop /sdcard/64bit.img /data/tmp/
cp -r /data/mnt/* /data/tmp/
umount /data/tmp
rm -r /data/tmp/
rm -r /data/mnt/
mkdir /data/mnt
busybox mount -o loop /sdcard/64bit.img /data/mnt/
5.
Now the environment is set up and mounted, at this point install the SDK
Aim your browser to http://developer.android.com/sdk/index.html
Select "Linux" from "SDK Tools Only", thats the last thing at the bottom of the list.
cp /sdcard/Download/android-sdk_r21.0.1-linux.tgz .
7z x android-sdk_r21.0.1-linux.tgz russosv
7z x android-sdk_r21.0.1-linux.tar
Now we need a couple goodies from http://fieldeffect.info/w/NativeCompileAPK ##--Thanks to russosv from FeildEffect
These are edited from original....
#!/bin/bash
QEMU=/usr/bin/qemu-x86_64-static
64CHROOT=/data/mnt/
case "$1" in
mklinks)
if [ ! -e "./64BIT" ]; then
mkdir ./64BIT
fi
for i in $(file ./* | grep "ELF 32" | awk '{print $1}' | sed s/://g | sed s/[./]//g); do
echo "Moving $i..."
mv $i ./64BIT
ln -s ~/bin/run-64-link $i
done-
;;
*)
$QEMU $64CHROOT/lib64/ld-linux-x86_64.so.2 --library-path $64CHROOT/lib:$64CHROOT/usr/lib:$64CHROOT/usr/share/perl/5.12.4/unicore/lib:$64CHROOT/var/lib:$64CHROOT/lib/x86_64-linux-gnu:$64CHROOT/usr/lib/x86_64-linux-gnu [email protected]
;;
esac
Copy that to run-64, then...
chmod 755 run64
cp run-64 /usr/bin/
One more...
echo $(dirname $0)/64BIT/$(basename $0) [email protected]
/usr/bin/run-i386 $(dirname $0)/64BIT/$(basename $0) [email protected]
Make that run-64-link
chmod 755 run-64-link
cp run-64-link /usr/bin/
5b.
Now launch VNC server
tightvncpasswd
tightvncserver
killall Xtightvnc
cat >.vnc/xstartup<<EOF
tint2 &
terminator &
openbox-session
EOF
tightvncserver
export DISPLAY=:1
6.
Now launch the VNC client I mentioned earlier, should connect with 127.0.0.1:5901 and your password you set.
Go back to terminal or use the one launched on X11 to do...
sh android-sdk-linux/tools/android
Install at least one api.
If all went well you can now go around "debugging" yours and your friends Android devices over wifi now.
For an example, and to see it work do....
svc wifi disable(or enable) ##this turns off/on wifi
setprop service.adb.tcp.port 5555(or -1) ##this turns on/off adb over network
stop adbd
start adbd
adb connect 127.0.0.1(yours) or any other adbd addy listening on your network,
Have fun
Never did a "how to" before, go easy and I'll make corrections and answer things. Thanks for reading. Leave feedback.
Potential necro post but I believe the information is still currently valid and not readily available on searches. I've looked variations of this up for years with no luck until I hit the right search terms.
bump, and thanks.
can't believe there's no comments.
I know it's a slower than real-64-bit-pc method but not all of us have access to new hardware... or pc's. Maybe a novelty, still cool and useful if you've got the time to let the slower hardware compile.
you have preserved the scripts, original link is dead.
here is the Internet Wayback Machine cache of the original circa 2012 for reference.
http://web.archive.org/web/20120502044700/http://fieldeffect.info/w/NativeCompileAPK
appreciate you sharing.
How can I add u2nl to init.d? I have an HTC Evo 4g LTE and need to make android 4.3 Viper4g Rom run my script on boot. I've tried to use Root Explorer and Root Browser apps to manually add them to the init.d folder, set permissions and changed owner and group to root. But my phone won't boot after I've added my script. The name of my script file is autostart.sh and this is what it contains.
#!/system/bin/sh
export PATH="$PATH:/system/bin"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A OUTPUT -o rmnet0 -p 6 ! -d 10.132.25.254 -j REDIRECT --to-port 1025
u2nl 10.132.25.254 8080 127.0.0.1 1025 >/dev/null 2>&1 &
sh -c "sleep 5;kill `ps|grep nk.bla.android.autostart|grep -v grep|awk '{print $2}'`" &
exit 0
I know someone here has the knowledge to make this happen. Please advise and assist. Thanks. P.S. I have tried to rename the script to 99data and placed it init.d directory so it would run last but phone won't boot.?
solcam said:
How can I add u2nl to init.d? I have an HTC Evo 4g LTE and need to make android 4.3 Viper4g Rom run my script on boot. I've tried to use Root Explorer and Root Browser apps to manually add them to the init.d folder, set permissions and changed owner and group to root. But my phone won't boot after I've added my script. The name of my script file is autostart.sh and this is what it contains.
#!/system/bin/sh
export PATH="$PATH:/system/bin"
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -A OUTPUT -o rmnet0 -p 6 ! -d 10.132.25.254 -j REDIRECT --to-port 1025
u2nl 10.132.25.254 8080 127.0.0.1 1025 >/dev/null 2>&1 &
sh -c "sleep 5;kill `ps|grep nk.bla.android.autostart|grep -v grep|awk '{print $2}'`" &
exit 0
I know someone here has the knowledge to make this happen. Please advise and assist. Thanks. P.S. I have tried to rename the script to 99data and placed it init.d directory so it would run last but phone won't boot.?
Click to expand...
Click to collapse
have you tried a dummy test script that just echos a number to the sdcard file?
Thanks for replying. The script term-init.sh that I found elsewhere on XDA, had a test and set perms output file that can be found in /data/Test.log. I have solved the problem on my Evo 4g LTE but, not on my Sprint Galaxy S3. Turns out that I couldn't use Root Explorer to manually add the file! I had to REALLY MANUALLY add the file using the terminal emulator. That worked on the Evo but not the S3. I had placed the scripts in one postboot.rc files on S3 and it worked fine but, my battery seemed to be draining a lot faster, which was not acceptable. So I guess my problem is half solved. So, do you know how to make it work on the S3? Thanks in advance to anyone that can help me.