Custom android ROM, delete iptables binary - Android Q&A, Help & Troubleshooting

Hi
I have installed CM 13.0 custom rom on my galaxy j5 j500h, and I am trying to do some modifications. I do not want any application or even the system to use 'iptables' to setup firewall rules , so I just removed the 'iptables' binary from /system/bin , thinking that this will end in network access without any restrictions, but after restarting the phone I have no network access, the phone can get IP from dhcp but no access to any network resources, pinging any host gives 'network not accessible' error, I suspected that the system uses 'iptables' at startup to setup something, unfortunately I can not find anything in all init*.rc files nor in init.d scripts.
Does anyone have any idea?
Thank you

Related

[Q] Need help with IPTABLES, INIT.D and CM

I put the following script in my /system/etc/init.d/ folder
Code:
#!/system/bin/sh
iptables -P OUTPUT DROP
On my Samsung GalaxyS - CM10 - Semaphore Kernel, it is applied at boot time as it should.
On my Galaxy Tab 2 7 CM9 (CM Kernel) on the other hand, it is not getting applied.
WHY ?
I've already checked: The scripts in the init.d-folder indeed do get executed.
And there wasn't also anything useful in the logcat either (nor did I find evidence that something flushed/overwrote iptables).
My next guess would be that the netfilter/iptables isn't loaded yet while init.d is still being processed.
Is there a way to load iptables manually upfront?
Thanks for your thoughts.
init.d iptables drop
The same problem. Sony Xperia stock, rooted.
I've made "iptables drop" script for init.d to prevent data leak BEFORE firewall loads.
It works. But sometimes script doesn't affect iptables, or something overwrites it.
Don't know what to do :/
Hi
I would like to reopen the topic.
I have written an init service which is executed by the init.rc script. This service set a new iptables configuration. I have checked all the outputs and it seems to work, but a later service overwrites my settings.
Does anyone know which service this and if it also has been executed by the init.rc script or later?
Otherwise I have to write a wrapper over iptables which only accepts my commands.
Regards,
cloooned
It seems like lucky random.
Your init script can be executed before or after tool-that-overwrites. The only way is to make delays and re-execute.
Anyway, phone wont be protected for some small period during boot.
Hello. I have a question about rules in afwall. I want to lock qq and wechat. It works very well. However, I used this app on mobile phones of a company. I need to uninstall afwall again. Is it possible to copy the created rules into init.d in order to keep them running without the app? Where can I find the file with the rules?
thanks...
micky1067 said:
Hello. I have a question about rules in afwall. I want to lock qq and wechat. It works very well. However, I used this app on mobile phones of a company. I need to uninstall afwall again. Is it possible to copy the created rules into init.d in order to keep them running without the app? Where can I find the file with the rules?
thanks...
Click to expand...
Click to collapse
This should be in the AFWALL+ thread however it can export the rules and with that you can turn it into a script and load it at boot. To lock qq and webchat you need to know the GUID and block that but be warned that turning on or off network interfaces deletes IPTables

[Q] iptables issue in android 4.4.2

Samsung Galaxy Tab Pro 12.2 (SM-T900), android 4.4.2 stock, rooted.
No any app can open a port (even higher 1024) . I'm getting errors like 'iptables: permission denied'. Root Check says device is rooted (and I can edit system files in Root Explorer). I tried 3 smb servers and 2 ssh servers. Everytime server starting it shows 'root permissions granted', but nothing.
Additionally I tried to add static route in terminal. It's appears in route table but not working.
To check is it realy iptables issue I need to (temporary) let non preveleged users edit iptables rules, but don't know how to do it. Can anybody help me?

Android Root Password

Noob question.
What is the actual password to su on various smartphone models, say Galaxy S5 or LG L3?
Is it a fixed character string or a formula based upon some hw specific like MAC ID?
Why don't vendors and network providers verify certain apps for su and give those sw vendors their devices' root password, or is it done that way now?
OK found the following on the web.
root in Linux (or any Unix-like system) is just the user with User ID 0. The su program (which actually stands for "Switch User", not "Super User") is just a program to start another program with a different user ID than the starting program (by default to uid 0, which is to user root). Android does not use the traditional /etc/passwd, however it still uses Linux User ID and Group ID for managing permissions.
If you want to intercept su requests so you can ask for password or enforce other rules, you will need to replace /sbin/su with your own version of su. Alternative approach is the one described here:
http://www.koushikdutta.com/2008/11/fixing-su-security-hole-on-modified.html
though that will require applications to cooperate by firing an Intent when they want to switch user.
Android security framework is more or less like this: each installed application runs on its own User ID (selected at installation time), and application permissions is implemented as user groups.
Can i change the root password after rooting my android device by simply typing "passwd"?
Android does not use /etc/passwd so it also does not have*passwd*program.
how is the rooting process working ? i mean what is the "one click root" apps doing to my phone?
I'm not quire sure with the exact process myself, you probably want to ask to rooting developers. However, my guess is it just reverts the security check that originally prevent developer from setuid 0.
End of paste.
So the above is saying there are no passwords in Android. To give an app or file root privilege you must change the app's user id that runs it or users id of the user who created the file to 0 (zero).
Therefore giving root privilege to an app on Android is a su app that changes the user id to 0 of the app you want to give root privilege to.
So why don't hw vendors and network providers who provide the Android ROM include a special su app that checks (look up in a file) whether app is OK for root and then grants it ?

rooted phone user changes & dir permissions

Is there a way, once rooting is done, and i have customized my phone a bit (a change in one of the config files of linux), to change the user accounts and permissions? To create a new user account and change the user that is used by the phone to be a non-root, non-sudo, standard user. And all apps to use this or another standard user account.
And my app (that i installed after rooting) use another account. Only this account will have permission to read and write my app's directory.
Finally change the root user password, so that others cannot get into it unless they have that password.
So in effect protect my apps directory and allow the phone to work with a non sudo user from then on?
Next time phone re boots it uses another user say A (non sudo); without access to my apps directory. And when my app runs it uses user B (also non sudo) which has access to its dir. Others cannot read or list files in it or change permissions. So in effect my apps directory cannot be read by the user of the phone, in this new set up. I understand there will be ways around this.
But is this possible and how?
Rooted using https://forum.xda-developers.com/android/general/root-samsung-galaxy-on5-t3435457 but i can do systemless root if that is the way.
Phone model : Samsung On 5 Pro SM-G5550FY. Thank you much.

[9.0] Different passwords for encryption and lockscreen

Hi all,
I have a question about encryption on Android 9. I recently fixed up my old Nexus 5 to use as a test device and set it up with the newest Unlegacy Android (Pie) ROM (OpenGAPPS Mini, Magisk 17.1) and enabled encryption on it. So far so good and everything works perfectly without any Problem.
As I was always curious about changing the encryption password on my current daily driver (Nexus 6) because I use a fairly short passcode to not make it annoying to get into the phone, I searched a little and came across the App SnooperStopper, which would do everything I wanted: Make it able to use different passwords for encryption and the lock screen, but also secure the lock screen in a way that after some failed unlock attempts the phone would reboot, requiring the full encryption password again.
After testing on my Nexus 5 I found out that the way the app changes the password does not work on the newer Android OSes anymore. (I also tested the method mentioned on this XDA Blog post without success)
So my question is if there is an updated way to change encryption password or if there is any other way to achieve my goal of having different passwords for encryption and lock screen as well as making the phone reboot on too many retries.
Thanks a bunch!
~Joe
Maybe a bit late, but it might help someone else, as I was looking for a way in Oreo or later the last 2 days too.
bastei said:
As a workaround on Android Pie, you can do the following (on your own risk):
set the desired password for the screen lock
backup lockscreen files:
all files under /data/system_de/0/spblob/
files containing "_synthetic_password_" in /data/misc/keystore/user_0/
/data/system/locksettings.db
set the desired password for the device encryption
restore / replace all lockscreen files
If something went wrong, sqlite into /data/system/locksettings.db and set the values of sp-handle and lockscreen.password_type to 0 to reset the screen lock.
Click to expand...
Click to collapse
For me this did not work and just made the phone hang for a while and then reboot after entering the encryption password.
An alternative way I found was to set a password normally (the one you want for the disk encryption) and then just delete all these files and restart the process of setting a new lockscreen password while denying to turn on the boot protection. This might work on some devices, but according to the following link, this doesn't work for example on LineageOS 16.
Also it seems like LineageOS 17 and possibly other Roms reenabled the old way of changing the password in the Terminal. See: https://github.com/nelenkov/cryptfs-password-manager/issues/25
I wished I could do it without installing any apps, but I am not knowledgeable enough to proceed further. For me the only solution was this modified version of the cryptfs App. The normal install process is explained there as well: https://github.com/thedroidgeek/cryptfs-password-manager/releases
Here is how I installed it:
1) Install the App
2) Get the 'App Systemizer' module through the Magisk Manager (https://forum.xda-developers.com/apps/magisk/module-terminal-app-systemizer-ui-t3585851)
3) Install Cryptfs App normally
4) Run 'systemize' as root in a Terminal app (I got a busybox error and ignored it)
5) Choose 'Systemize Installed Apps (Listed)' and find 'Cryptfs Password'
6) install into '/system/priv-app'
7) For me it errored out saying that the app already exists, ignore it.
8) reboot
9) Start Cryptfs App. If the process of making it a system app failed, then the app shuts down with an error message about needing to be systemized.
10) set your encryption password in the app.
11) Reboot, check if it works
12) Disable cryptfs App and the App systemizer module, no need to keep them running until next use.
The difference to snooper Stopper is that you can't set any actions to take if the password is entered incorrectly a few times. However if that functionality is needed, you can install snooper Stopper afterwards and just ignore the password change options and just set the behaviors.

Categories

Resources