Hello,
i just updated my sony s with condi's instructions and his AIO tool to ICS 4.0.3.
I followed all the steps in his video. I created the custom-rom and flashed it... everything went fine. ICS is running smoothly but the only downside is, that my tablet seems to NOT be rootet!
I don't have a Superuser app and ad free and titanium backup are telling me that i'm not rootet...
how is that possible? is there anyway to flash my "pre-rootet" rom again?
Im affraid, that you just made your tab unrootable, i dunno if you kernel is changed now maby the AiO tool made some changes, if so, just try to root your tab with the tool,
But if you have a blocked kernel, then its not possible.
check AiO thread, FAQ section, point no.5.
It might help you.
br
condi
thx for the hint condi but since i used AIO 2.9 the path check should be included... the strange thing is i don't have /system/bin/tempsu binary.
i don't know why.. but it seems my tablet is not rooted.. hm, so basically i ended the same as those people who updated OTA???
My kernel build is 2.6.39.4 [email protected] #1...
is wiping my device helping? or should i try to flash the custom rom again? is that even possible now?
lulash said:
thx for the hint condi but since i used AIO 2.9 the path check should be included... the strange thing is i don't have /system/bin/tempsu binary.
i don't know why.. but it seems my tablet is not rooted.. hm, so basically i ended the same as those people who updated OTA???
My kernel build is 2.6.39.4 [email protected] #1...
is wiping my device helping? or should i try to flash the custom rom again? is that even possible now?
Click to expand...
Click to collapse
First just try wipe. If it will still gonna be without root,
then run adb shell and type:
Code:
getprop | grep incremental
getprop | grep sku
and post here your values, gonna give you proper fw for downgrade,
then you could reflash prerooted ICS
br
condi
condi said:
First just try wipe. If it will still gonna be without root,
then run adb shell and type:
Code:
getprop | grep incremental
getprop | grep sku
and post here your values, gonna give you proper fw for downgrade,
then you could reflash prerooted ICS
br
condi
Click to expand...
Click to collapse
Hi Condi, I am in the same situation, I want to try to downgrade, to get preroot and try again with ICS.
I did what you said in ADB shell, but I am getting this: (please help)
[*]*************[*]
[*] ADB Shell [*]
[*]*************[*]
Type EXIT to get out of shell
[email protected]:/ $ getprop | grep incremental
getprop | grep incremental
/system/bin/sh: grep: not found
127|[email protected]:/ $ getprop | grep sku
getprop | grep sku
/system/bin/sh: grep: not found
127|[email protected]:/ $
rfreeman said:
Hi Condi, I am in the same situation, I want to try to downgrade, to get preroot and try again with ICS.
I did what you said in ADB shell, but I am getting this: (please help)
[*]*************[*]
[*] ADB Shell [*]
[*]*************[*]
Type EXIT to get out of shell
[email protected]:/ $ getprop | grep incremental
getprop | grep incremental
/system/bin/sh: grep: not found
127|[email protected]:/ $ getprop | grep sku
getprop | grep sku
/system/bin/sh: grep: not found
127|[email protected]:/ $
Click to expand...
Click to collapse
i get the same results!
@rfreeman: did u install the update OTA or did u create a pre-rootet rom using the AIO tool?
i believe that somehow ( i don't know how because every step had the same results as in the video) the us firmware didn't get rootet during the process... i've got all the files: decrypted_update, custom_update_signed... but i like i said... maybe all we did is decrypt, do nothing and then sign it again... the question remains! why!!! .
is it still usefull to try and see if wyping helps?
lulash said:
i get the same results!
@rfreeman: did u install the update OTA or did u create a pre-rootet rom using the AIO tool?
i believe that somehow ( i don't know how because every step had the same results as in the video) the us firmware didn't get rootet during the process... i've got all the files: decrypted_update, custom_update_signed... but i like i said... maybe all we did is decrypt, do nothing and then sign it again... the question remains! why!!! .
is it still usefull to try and see if wyping helps?
Click to expand...
Click to collapse
I all ready wipe, without success...
thx for letting me know! saves me the trouble ... but i guess i have to do it anyway because ics runs really buggy...
u didn't tell us, if u used a pre-rooted rom or ota update?
lulash said:
thx for letting me know! saves me the trouble ... but i guess i have to do it anyway because ics runs really buggy...
u didn't tell us, if u used a pre-rooted rom or ota update?
Click to expand...
Click to collapse
I followed the procedure, using AIO tool, I decryted, root, sign and flash. It goes well but without root.
Hm... so u did exactly the same as I did.... condi, maybe something involuntarily changed while u updated to 2.9? Anyway... anyone a solution... maybe we can still flash? Thx in advance.
rfreeman said:
Hi Condi, I am in the same situation, I want to try to downgrade, to get preroot and try again with ICS.
I did what you said in ADB shell, but I am getting this: (please help)
[*]*************[*]
[*] ADB Shell [*]
[*]*************[*]
Type EXIT to get out of shell
[email protected]:/ $ getprop | grep incremental
getprop | grep incremental
/system/bin/sh: grep: not found
127|[email protected]:/ $ getprop | grep sku
getprop | grep sku
/system/bin/sh: grep: not found
127|[email protected]:/ $
Click to expand...
Click to collapse
Ok. As adb shell did not work for you. Grab the "sku" and "incremental" values from /system/build.prop. Use program such as root explorer (still works without root)
Hopefully the backdoor was still applied (decreasing the incremental)
Post results here so Condi can find correct 3.2.1 to flash so then you can ICS again.
thx for the tip!
incremental= 120410002
there is no sku value ... i guess that's bad news?
lulash said:
thx for the tip!
incremental= 120410002
there is no sku value ... i guess that's bad news?
Click to expand...
Click to collapse
Ro.sony.sku.base=nbx03- etc etc
Judging by the incremental it looks like you won't be able to, but wait for confirmation. Sorry if it is bad news..... my tab is currently unrootable with 3.2.1 build 10.... so same boat lol
stifilz said:
Ro.sony.sku.base=nbx03- etc etc
Click to expand...
Click to collapse
nope. Not there...
Well, so I might not be able to root, but the question remains. Why? How did that happen?
Has anyone else have the same problem besides rfreeman and me? If so, this might be a general problem.
If we could find an answer, maybe others won't end up the same!
Exactly the same problem, after upgrade from a rooted tabletS. The binary comparision showes the system.img before and after the pre-root patch were identical. I won't flash it if I had checked.
Sent from my R800i using Tapatalk 2
Hopefully Condi will read this and implement some kind of check to see if the created custom-rom is different from the original rom... this could be a way to prevent this "bug".
lulash said:
Hopefully Condi will read this and implement some kind of check to see if the created custom-rom is different from the original rom... this could be a way to prevent this "bug".
Click to expand...
Click to collapse
added some checks in v3.0.
i've flashed my tab several times, dont know how it could give untouched system.img..
but now it checks filesize
tell me whats the state of your device?
type:
Code:
adb shell "getprop" > props.txt
and attach file here
br
condi
Many thanks Condi! Please help to check if my tablet can still be reverted to rootable FW version with below "getprop" output:
Code:
getprop
[dalvik.vm.dexopt-flags]: [m=y]
[dalvik.vm.heapgrowthlimit]: [48m]
[dalvik.vm.heapsize]: [256m]
[dalvik.vm.heapstartsize]: [5m]
[dalvik.vm.stack-trace-file]: [/data/anr/traces.txt]
[dev.bootcomplete]: [1]
[dhcp.wlan0.dns1]: [192.168.1.2]
[dhcp.wlan0.dns2]: []
[dhcp.wlan0.dns3]: []
[dhcp.wlan0.dns4]: []
[dhcp.wlan0.gateway]: [192.168.1.2]
[dhcp.wlan0.ipaddress]: [192.168.1.110]
[dhcp.wlan0.leasetime]: [86400]
[dhcp.wlan0.mask]: [255.255.255.0]
[dhcp.wlan0.pid]: [539]
[dhcp.wlan0.reason]: [BOUND]
[dhcp.wlan0.result]: [ok]
[dhcp.wlan0.server]: [192.168.1.2]
[drm.service.enabled]: [true]
[gsm.current.phone-type]: [1]
[gsm.operator.alpha]: []
[gsm.operator.iso-country]: []
[gsm.operator.isroaming]: [false]
[gsm.operator.numeric]: []
[gsm.sim.operator.alpha]: []
[gsm.sim.operator.iso-country]: []
[gsm.sim.operator.numeric]: []
[gsm.sim.state]: [UNKNOWN]
[init.svc.abtfilt]: [stopped]
[init.svc.adbd]: [running]
[init.svc.bluetoothd]: [running]
[init.svc.bootanim]: [stopped]
[init.svc.dbus]: [running]
[init.svc.debuggerd]: [running]
[init.svc.dhcpcd_wlan0]: [running]
[init.svc.drm]: [running]
[init.svc.hci_event]: [running]
[init.svc.hciattach]: [running]
[init.svc.installd]: [running]
[init.svc.keystore]: [running]
[init.svc.media]: [running]
[init.svc.netd]: [running]
[init.svc.nfx_log_service]: [running]
[init.svc.ril-daemon]: [running]
[init.svc.servicemanager]: [running]
[init.svc.surfaceflinger]: [running]
[init.svc.svold]: [running]
[init.svc.vold]: [running]
[init.svc.wifi_init]: [stopped]
[init.svc.wpa_supplicant]: [running]
[init.svc.zygote]: [running]
[media.tegra.max.out.channels]: [2]
[media.tegra.out.channel.map]: []
[net.bt.name]: [Android]
[net.change]: [net.dnschange]
[net.dns1]: [192.168.1.2]
[net.dnschange]: [1]
[net.hostname]: [android-fd0a7f6d23f19e80]
[net.qtaguid_enabled]: [1]
[net.tcp.buffersize.default]: [4096,87380,110208,4096,16384,110208]
[net.tcp.buffersize.edge]: [4093,26280,35040,4096,16384,35040]
[net.tcp.buffersize.gprs]: [4092,8760,11680,4096,8760,11680]
[net.tcp.buffersize.hsdpa]: [4094,87380,1048576,4096,16384,110208]
[net.tcp.buffersize.hspa]: [4094,87380,1048576,4096,16384,262144]
[net.tcp.buffersize.lte]: [524288,1048576,2097152,262144,524288,1048576]
[net.tcp.buffersize.umts]: [4094,87380,196608,4096,16384,110208]
[net.tcp.buffersize.wifi]: [524288,1048576,2097152,262144,524288,1048576]
[net.wlan0.dns1]: [49.0.0.0]
[net.wlan0.dns2]: []
[persist.service.adb.enable]: []
[persist.sys.NV_STEREOCTRL]: [0]
[persist.sys.country]: [CN]
[persist.sys.language]: [zh]
[persist.sys.localevar]: []
[persist.sys.profiler_ms]: [0]
[persist.sys.timezone]: [Asia/Shanghai]
[persist.sys.usb.config]: [mtp,adb]
[rild.libargs]: [-d /dev/ttyACM1 -i rmnet0]
[ro.allow.mock.location]: [0]
[ro.baseband]: [unknown]
[ro.board.platform]: [tegra]
[ro.bootloader]: [0x00000008]
[ro.bootmode]: [unknown]
[ro.build.characteristics]: [tablet]
[ro.build.date.utc]: [1333987721]
[ro.build.date]: [Tue Apr 10 01:08:41 JST 2012]
[ro.build.description]: [SYS_001-user 4.0.3 TISU0077 120410002 release-keys]
[ro.build.display.id]: [TISU0077]
[ro.build.fingerprint]: [Sony/SYS_001/nbx03:4.0.3/TISU0077/120410002:user/relea
e-keys]
[ro.build.host]: [build9]
[ro.build.id]: [TISU0077]
[ro.build.product]: [nbx03]
[ro.build.tags]: [release-keys]
[ro.build.type]: [user]
[ro.build.user]: [integ-build]
[ro.build.version.codename]: [REL]
[ro.build.version.incremental]: [120410002]
[ro.build.version.release]: [4.0.3]
[ro.build.version.sdk]: [15]
[ro.camera.sound.forced]: [0]
[ro.carrier]: [unknown]
[ro.com.google.clientidbase]: [android-sony]
[ro.com.google.gmsversion]: [4.0.3_r0]
[ro.config.alarm_alert]: [Alarm_Classic.ogg]
[ro.config.notification_sound]: [OnTheHunt.ogg]
[ro.crypto.fs_flags]: [0x00000406]
[ro.crypto.fs_mnt_point]: [/data]
[ro.crypto.fs_real_blkdev]: [/dev/block/mmcblk0p10]
[ro.crypto.fs_type]: [ext4]
[ro.crypto.state]: [unsupported]
[ro.crypto.tmpfs_options]: [size=128m,mode=0771,uid=1000,gid=1000]
[ro.debuggable]: [0]
[ro.device.bluetooth.bdaddr]: [F0BF97D3B57E]
[ro.device.sensor.accel.offset.x]: [0]
[ro.device.sensor.accel.offset.y]: [0]
[ro.device.sensor.accel.offset.z]: [0]
[ro.device.sensor.gyro.offset.x]: [0]
[ro.device.sensor.gyro.offset.y]: [0]
[ro.device.sensor.gyro.offset.z]: [0]
[ro.device.sensor.mag.b0.x]: [306]
[ro.device.sensor.mag.b0.y]: [195]
[ro.device.sensor.mag.b0.z]: [-919]
[ro.device.sensor.mag.calib.x]: [1.0]
[ro.device.sensor.mag.calib.y]: [1.0]
[ro.device.sensor.mag.calib.z]: [1.0]
[ro.device.sensor.mag.offset.x]: [287]
[ro.device.sensor.mag.offset.y]: [288]
[ro.device.sensor.mag.offset.z]: [310]
[ro.ethernet.autoEnable]: [yes]
[ro.ethernet.interface]: [eth0]
[ro.factorytest]: [0]
[ro.hardware]: [nbx03]
[ro.opengles.version]: [131072]
[ro.product.board]: [nbx03]
[ro.product.brand]: [Sony]
[ro.product.cpu.abi2]: [armeabi]
[ro.product.cpu.abi]: [armeabi-v7a]
[ro.product.device]: [nbx03]
[ro.product.locale.language]: [en]
[ro.product.locale.region]: [US]
[ro.product.manufacturer]: [Sony]
[ro.product.model]: [Sony Tablet S]
[ro.product.name]: [SYS_001]
[ro.pss.gamepad.buttonmeaning]: [cross-enter]
[ro.revision]: [0]
[ro.runtime.firstboot]: [1337613865480]
[ro.secure]: [1]
[ro.serialno]: [275501730009232]
[ro.setupwizard.mode]: [DISABLED]
[ro.sony.build.id]: [TISU0017700]
[ro.sony.build.incremental]: [111104048]
[ro.sony.dlna.dtcp_pext]: [0]
[ro.sony.network.wwan]: [0]
[ro.sony.serialno]: [27550173 0009232]
[ro.sony.sku.base]: [nbx03_001]
[ro.sony.sku.country]: [US]
[ro.sony.sku.detailed]: [27550100]
[ro.sony.sku.version]: [27550100_18]
[ro.sony.sound.enabled]: [true]
[ro.sony.update.category_id]: [ST002]
[ro.sony.update.server]: [info.update.sony.net]
[ro.sony.update.service_id]: [nbx03_001]
[ro.sony.volume_limit]: [0]
[ro.sony.wan.ipv6.enable]: [false]
[ro.sony.wifisleep]: [0]
[ro.sony.wm.atrac]: [0]
[ro.sony.wm.clearphase_path]: [SGPT1_001.LPS]
[ro.sony.wm.xloud_path]: [SGPT1_001.XLD]
[ro.tether.denied]: [true]
[ro.wifi.channels]: []
[sys.boot_completed]: [1]
[sys.sony.compat]: [true]
[sys.usb.config]: [mtp,adb]
[sys.usb.state]: [mtp,adb]
[system_init.startsurfaceflinger]: [0]
[vold.post_fs_data_done]: [1]
[wifi.interface]: [wlan0]
[windowsmgr.max_events_per_sec]: [120]
[wlan.driver.status]: [ok]
[email protected]:/ $
condi said:
tell me whats the state of your device?
type:
Code:
adb shell "getprop" > props.txt
and attach file here
br
condi
Click to expand...
Click to collapse
The important values like incremental (120410002) and sku_base (nbx03_001) are the same as jgzhang's... i've got some additional entries though... the one that sounds most interesting is:
Code:
[ro.com.google.mcc_fallback]: [262]
I also have different [ro.sony.sku.detailed] & [ro.sony.sku.version] values...
thx for your effort everyone!
I have nexus4 and nexus7 (both are 4.3), I noticed all apps resolve dns connection as root (uid 0).
I want to know/ask, why on android, all apps resolve dns connection as root?
I block dns connection as root, then all apps can not resolve dns.
(iptables -I OUTPUT -p udp --dport 53 -m owner --uid-owner 0 -j DROP)
I also noticed, my nexus7 will resolve dns as root, if the connection blocked, then the apps will not resolve dns.
but my nexus4 will resolve dns as root first, if it blocked, then apps will resolve dns as apps-id.
why will that?
anyone have this problem?
both n4/n7 is running stock andorid 4.3 (donwload from google)
thanks.
I can confirm that something very strange is going on in Android 4.3, I'm runing the Slimrom mod and the same thing is true for me, all dns request are done as root. But to make things even stranger the dns props are set but not used, it seems like something is really broken within bioinc that makes it impossible to change dns servers on the fly.
Mine is running android stock rom for both, downloaded from google.
I still not understand, why will that.
Thanks.
Sent from my Nexus 4 using xda app-developers app
Browsing through the AOSP sources, I noticed that Android 4.3 incorporated a somewhat confusing series of commits under the heading of "dns cache per interface," which effectively causes all Bionic DNS requests to be proxied through netd. This commit is the most important element.
Here is the old implementation from Android 4.2.2:
Code:
static struct hostent *
gethostbyname_internal(const char *name, int af, res_state res)
{
const char *cp;
char *bp, *ep;
int size;
struct hostent *hp;
struct resolv_cache* cache;
[b]res_static rs = __res_get_static();[/b]
static const ns_dtab dtab[] = {
NS_FILES_CB(_gethtbyname, NULL)
{ NSSRC_DNS, _dns_gethtbyname, NULL }, /* force -DHESIOD */
{ 0, 0, 0 }
};
assert(name != NULL);
switch (af) {
case AF_INET:
size = INADDRSZ;
break;
case AF_INET6:
size = IN6ADDRSZ;
break;
default:
h_errno = NETDB_INTERNAL;
errno = EAFNOSUPPORT;
return NULL;
}
rs->host.h_addrtype = af;
rs->host.h_length = size;
[...]
h_errno = NETDB_INTERNAL;
if (nsdispatch(&hp, dtab, NSDB_HOSTS, "gethostbyname",
default_dns_files, name, strlen(name), af) != NS_SUCCESS) {
return NULL;
}
h_errno = NETDB_SUCCESS;
return hp;
Note the use of the libc resolver. The library is issuing the DNS requests directly.
By contrast, here is the new Android 4.3 implementation:
Code:
// very similar in proxy-ness to android_getaddrinfo_proxy
static struct hostent *
gethostbyname_internal(const char *name, int af, res_state res, const char *iface)
{
[b]const char *cache_mode = getenv("ANDROID_DNS_MODE");[/b]
FILE* proxy = NULL;
struct hostent *result = NULL;
[b]if (cache_mode != NULL && strcmp(cache_mode, "local") == 0) {[/b]
res_setiface(res, iface);
return gethostbyname_internal_real(name, af, res);
}
proxy = android_open_proxy();
if (proxy == NULL) goto exit;
/* This is writing to system/netd/DnsProxyListener.cpp and changes
* here need to be matched there */
if (fprintf(proxy, "gethostbyname %s %s %d",
iface == NULL ? "^" : iface,
name == NULL ? "^" : name,
af) < 0) {
goto exit;
}
if (fputc(0, proxy) == EOF || fflush(proxy) != 0) {
goto exit;
}
result = android_read_hostent(proxy);
So by default, Android 4.3 will proxy the requests through netd (owned by UID 0). This can be verified by setting DBG to 1 in system/netd/DnsProxyListener.cpp, then watching logcat:
Code:
D/DnsProxyListener( 146): argv[0]=getaddrinfo
D/DnsProxyListener( 146): argv[1]=omg.yahoo.com
D/DnsProxyListener( 146): argv[2]=^
D/DnsProxyListener( 146): argv[3]=1024
D/DnsProxyListener( 146): argv[4]=0
D/DnsProxyListener( 146): argv[5]=1
D/DnsProxyListener( 146): argv[6]=0
D/DnsProxyListener( 146): argv[7]=^
D/DnsProxyListener( 146): GetAddrInfoHandler for omg.yahoo.com / [nullservice] / [nulliface] / 1489
D/DnsProxyListener( 146): GetAddrInfoHandler, now for omg.yahoo.com / (null) / (null)
D/DnsProxyListener( 146): argv[0]=getaddrinfo
D/DnsProxyListener( 146): argv[1]=l1.yimg.com
D/DnsProxyListener( 146): argv[2]=^
D/DnsProxyListener( 146): argv[3]=1024
D/DnsProxyListener( 146): argv[4]=0
D/DnsProxyListener( 146): argv[5]=1
D/DnsProxyListener( 146): argv[6]=0
D/DnsProxyListener( 146): argv[7]=^
D/DnsProxyListener( 146): GetAddrInfoHandler for l1.yimg.com / [nullservice] / [nulliface] / 1489
D/DnsProxyListener( 146): GetAddrInfoHandler, now for l1.yimg.com / (null) / (null)
As seen in the Android 4.3 code snippet, it is possible to temporarily revert to the old behavior by setting ANDROID_DNS_MODE to "local", causing Bionic to send the request through gethostbyname_internal_real(), the old implementation. On this system, the shell user is blocked from sending network traffic via netfilter, but the root user (which owns netd) has full network access:
Code:
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $ ANDROID_DNS_MODE= telnet google.com 80
telnet: can't connect to remote host (74.125.227.135): Connection refused
1|[email protected]:/ $ ANDROID_DNS_MODE=local telnet google.com 80
telnet: bad address 'google.com'
1|[email protected]:/ $
In the former case (proxied request), the application was able to look up the hostname via netd, but could not send data traffic. In the latter case (direct request), the application was not able to look up the hostname at all.
It is possible to change the systemwide default by making a tweak to system/core/rootdir/init.rc and rebuilding your kernel image:
Code:
diff --git a/rootdir/init.rc b/rootdir/init.rc
index b6d7335..d0efc46 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -47,6 +47,7 @@ loglevel 3
export ANDROID_ASSETS /system/app
export ANDROID_DATA /data
export ANDROID_STORAGE /storage
+ export ANDROID_DNS_MODE local
export ASEC_MOUNTPOINT /mnt/asec
export LOOP_MOUNTPOINT /mnt/obb
export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/mms-common.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar
Maybe there is a better way to patch existing ROMs in place.
So, any easyway to deny some apps, to resolve dns?
How apps connect to netd to resolve dns? Unix socket? Or inet socket?
Ok, what I want to do is, some apps connect through tor network and prevent dns leaks.
Thanks.
Sent from my Nexus 4 using xda app-developers app
Ok, I found it in android_open_proxy().
It look like use unix socket "/dev/socket/dnsproxyd".
So I can not use iptables to deny some apps connect to dnsproxy? right?
Any idea to prevent some apps/uid (but not all), connect to dnsproxy?
Thank you.
Sent from my Nexus 4 using xda app-developers app
I tried export ANDROID_DNS_MODE=local
but it make no different on my nexus 4
(my nexus 4 use android stock room 4.3, download from google)
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $ telnet google.com
telnet: bad address 'google.com'
1|[email protected]:/ $ set |grep -i dns
1|[email protected]:/ $ export ANDROID_DNS_MODE=local
[email protected]:/ $ set |grep -i dns
ANDROID_DNS_MODE=local
_='ANDROID_DNS_MODE=local'
[email protected]:/ $ telnet google.com
telnet: bad address 'google.com'
any idea why will that?
thank you.
johnw.xda said:
I tried export ANDROID_DNS_MODE=local
but it make no different on my nexus 4
(my nexus 4 use android stock room 4.3, download from google)
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $ telnet google.com
telnet: bad address 'google.com'
1|[email protected]:/ $ set |grep -i dns
1|[email protected]:/ $ export ANDROID_DNS_MODE=local
[email protected]:/ $ set |grep -i dns
ANDROID_DNS_MODE=local
_='ANDROID_DNS_MODE=local'
[email protected]:/ $ telnet google.com
telnet: bad address 'google.com'
any idea why will that?
thank you.
Click to expand...
Click to collapse
Hmm, it looks like this change removed the logic that populates the nameserver list from the system properties. So with ANDROID_DNS_MODE=local, libc will search /system/etc/hosts but it won't actually be able to contact any nameservers:
Code:
[email protected] / $ ANDROID_DNS_MODE=local RES_OPTIONS=debug ping -c1 localhost
;; res_setoptions("debug", "env")..
;; debug
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=1.85 ms
--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.852/1.852/1.852/0.000 ms
[email protected] / $ ANDROID_DNS_MODE=local RES_OPTIONS=debug ping -c1 google.com;; res_setoptions("debug", "env")..
;; debug
;; res_nquerydomain(google.com, <Nil>, 1, 1)
;; res_query(google.com, 1, 1)
;; res_nmkquery(QUERY, google.com, IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28372
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; google.com, type = A, class = IN
;; res_query: send error
;; res_nquerydomain(google.com, , 1, 1)
;; res_query(google.com., 1, 1)
;; res_nmkquery(QUERY, google.com., IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41613
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; google.com, type = A, class = IN
;; res_query: send error
ping: unknown host google.com
[email protected] / $
There's some code in _resolv_set_nameservers_for_iface() that might help, but I don't think this gets run from ordinary command-line utilities.
Any idea to prevent some apps/uid (but not all), connect to dnsproxy?
Click to expand...
Click to collapse
You could try applying filesystem ACLs or SELinux rules to /dev/socket/dnsproxyd
Compiling setfacl with Bionic is a hassle, but you could boot e.g. a Debian ARM image in QEMU and build a binary that is statically linked with glibc. You might also need to build a kernel with CONFIG_TMPFS_POSIX_ACL=y; this setting is currently disabled on the CM10.2 grouper builds.
Other possibilities include:
Modify Bionic to reinstate the old nameserver list behavior, and modify /init.rc as above
Modify netd; you could try calling setresuid() to send out each request under the UID of the client instead of UID 0
Write a daemon that intercepts DNS requests intended for netd; this could use a modified version of the netd DnsProxy logic or it could pass the request through to the real netd
Sorry, I forgot to mention before, maybe the reason is, my busybox/telnet is compiled on debian use glibc with -static flags, so telnet/busybox does not use android's libc, and does not use dnsproxy too.
Anyway, is it possible to compile owner libc for android? Where can download android 4.3 libc source code? Do I need to setup ndk to compile it? or can I use gcc to compile it.
Did you do that before?
Thank you again.
Sent from my Nexus 4 using xda app-developers app
I'm using pppwidget to access the network and I think that is affected by this DNS issues. As specific way to get network, is not aware of all this new stuff and thus unable to resolv dns queries.
johnw.xda said:
Sorry, I forgot to mention before, maybe the reason is, my busybox/telnet is compiled on debian use glibc with -static flags, so telnet/busybox does not use android's libc, and does not use dnsproxy too.
Anyway, is it possible to compile owner libc for android? Where can download android 4.3 libc source code? Do I need to setup ndk to compile it? or can I use gcc to compile it.
Did you do that before?
Thank you again.
Sent from my Nexus 4 using xda app-developers app
Click to expand...
Click to collapse
johnw.xda said:
Anyway, is it possible to compile owner libc for android? Where can download android 4.3 libc source code? Do I need to setup ndk to compile it? or can I use gcc to compile it.
Did you do that before?
Click to expand...
Click to collapse
I've been building my Android 4.3 ROMs from the CM10.2 sources.
You can try building from AOSP directly (instructions here). CM builds aren't difficult, but they did require a few extra steps.
I'm not aware of a way to build Bionic standalone. Trying the obvious stuff like running "ndk-build" in that directory, or using crosstool-ng, didn't work for me. Others can jump in if they know...
cernekee said:
Hmm, it looks like this change removed the logic that populates the nameserver list from the system properties. So with ANDROID_DNS_MODE=local, libc will search /system/etc/hosts but it won't actually be able to contact any nameservers:
Code:
[email protected] / $ ANDROID_DNS_MODE=local RES_OPTIONS=debug ping -c1 localhost
;; res_setoptions("debug", "env")..
;; debug
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=1.85 ms
--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.852/1.852/1.852/0.000 ms
[email protected] / $ ANDROID_DNS_MODE=local RES_OPTIONS=debug ping -c1 google.com;; res_setoptions("debug", "env")..
;; debug
;; res_nquerydomain(google.com, <Nil>, 1, 1)
;; res_query(google.com, 1, 1)
;; res_nmkquery(QUERY, google.com, IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28372
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; google.com, type = A, class = IN
;; res_query: send error
;; res_nquerydomain(google.com, , 1, 1)
;; res_query(google.com., 1, 1)
;; res_nmkquery(QUERY, google.com., IN, A)
;; res_send()
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41613
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; google.com, type = A, class = IN
;; res_query: send error
ping: unknown host google.com
[email protected] / $
There's some code in _resolv_set_nameservers_for_iface() that might help, but I don't think this gets run from ordinary command-line utilities.
You could try applying filesystem ACLs or SELinux rules to /dev/socket/dnsproxyd
Compiling setfacl with Bionic is a hassle, but you could boot e.g. a Debian ARM image in QEMU and build a binary that is statically linked with glibc. You might also need to build a kernel with CONFIG_TMPFS_POSIX_ACL=y; this setting is currently disabled on the CM10.2 grouper builds.
Other possibilities include:
Modify Bionic to reinstate the old nameserver list behavior, and modify /init.rc as above
Modify netd; you could try calling setresuid() to send out each request under the UID of the client instead of UID 0
Write a daemon that intercepts DNS requests intended for netd; this could use a modified version of the netd DnsProxy logic or it could pass the request through to the real netd
Click to expand...
Click to collapse
Hi,
Thanks for this analysis.
It certainly does look like 4.3 is ignoring net.dns1 value as the nameserver.
I'm running my custom dns server inside Android and now I suddenly find that it's not being queried.
I may have a small step towards solving this problem.
iptables -t nat -I OUTPUT -p udp -d 192.168.1.1 --dport 53 -j DNAT --to-destination 192.168.1.5:53
iptables -t nat -I OUTPUT -p tcp -d 192.168.1.1 --dport 53 -j DNAT --to-destination 192.168.1.5:53
This works by intercepting the DNS requests meant for the remote nameserver and redirecting it to the local DNS server.
Hope this helps someone figure it out.
There may be a way to programmatically change the active interface DNS server?
Or a way to perhaps disable the DNS proxy completely (ANDROID_DNS_MODE=local doesn't work any more as mentioned)?
cernekee said:
Write a daemon that intercepts DNS requests intended for netd; this could use a modified version of the netd DnsProxy logic or it could pass the request through to the real netd
Click to expand...
Click to collapse
This is what I wound up doing: I copied the DnsProxyListener and Bionic resolver code into an experimental new program called "dnsproxy2", and then tweaked the logic a little bit. Sources are posted here and I'm attaching binaries to this message.
Currently it allows you to pass in a single DNS server address which will unconditionally override the OS-provided DNS servers, and when it proxies requests on behalf of an application it will change the thread's UID (Linux fsuid) to match the caller so that the traditional netfilter app/UID restrictions will be honored.
To see it in action, just do:
Code:
adb push libs/armeabi-v7a/dnsproxy2 /data/local/tmp
adb shell "su -c '/data/local/tmp/dnsproxy2 -v 8.8.8.8'"
The "-v" flag will show the DNS requests on the console.
This was tested with CM10.2. Note that Firefox appears to bypass the DNS proxy.
If this proves useful it may be worth writing a GUI installer/settings app. Another possible improvement would be to allow selectively overriding the DNS server based on the active connection.
cernekee said:
This is what I wound up doing: I copied the DnsProxyListener and Bionic resolver code into an experimental new program called "dnsproxy2", and then tweaked the logic a little bit. Sources are posted here and I'm attaching binaries to this message.
Currently it allows you to pass in a single DNS server address which will unconditionally override the OS-provided DNS servers, and when it proxies requests on behalf of an application it will change the thread's UID (Linux fsuid) to match the caller so that the traditional netfilter app/UID restrictions will be honored.
To see it in action, just do:
Code:
adb push libs/armeabi-v7a/dnsproxy2 /data/local/tmp
adb shell "su -c '/data/local/tmp/dnsproxy2 -v 8.8.8.8'"
The "-v" flag will show the DNS requests on the console.
This was tested with CM10.2. Note that Firefox appears to bypass the DNS proxy.
If this proves useful it may be worth writing a GUI installer/settings app. Another possible improvement would be to allow selectively overriding the DNS server based on the active connection.
Click to expand...
Click to collapse
Is this method still going strong? At this moment there is no app on the market that can change DNS (mobile data access).
hardKNOXbz said:
Is this method still going strong? At this moment there is no app on the market that can change DNS (mobile data access).
Click to expand...
Click to collapse
I'd suggest reading the last few pages of the CrossBreeder thread. I don't think dnsproxy2 is in the official release yet but a number of people have been experimenting with it and posting their results.
cernekee said:
I'd suggest reading the last few pages of the CrossBreeder thread. I don't think dnsproxy2 is in the official release yet but a number of people have been experimenting with it and posting their results.
Click to expand...
Click to collapse
Thank you, I'll do that.
I have created a bug for AOSP regarding broken ANDROID_DNS_MODE=local behavior:
https://code.google.com/p/android/issues/detail?id=75232
Plz try this to connect throo vpn.
This is not my work i just take it from cm11 and put it to stock rom and it work.
sshtunnel_support.zip
https://docs.google.com/file/d/0BzL6ekv_OuX2cE9uY3pfYzNmdWs/edit?usp=docslist_api