RfA - custom activation codes / browse does not work. - Android Q&A, Help & Troubleshooting

when i launch RfA and goto settings/monitor mode. i cant browse to the activation (start.sh) script. I get;
Error occurred
An error has occurred in sub:
java.lang.RuntimeException: Path "does not exist
Continue ?
If i manually enter the path
/data/data/com.bcmon.bcmon/start.sh
when i Start attack i get;
Stdout:
Std Err:
sh:./data/data.com.bcmon.bcmon/start.sh: No such file or directory
but it is there and contains;
#!/system/bin/sh (actually tried this and #!/bin/bash)
svc wifi disable
LD_LIBRARY_PATH=/data/data/com.bcmon.bcmon/files/libs
LD_PRELOAD=/data/data/com.bcmon.bcmon/files/libs/libfake_driver.so sh
cd /data/data/com.bcmon.bcmon/files/tools
./enable_bcmon
echo "rfasuccess"
exit
??? any ideas please ???

Related

Testsign tool !

Hi guys !
This my first little tool i'm build for resign zipfiles and apkfiles for linux users.
Unzip the testsign_tool.zip to your home directory,inside you will find a little howto.
Sorry for bad english.
Enjoy
1. you can use ~/ instead of /home/username/
2. you can use $USER instead of username
3. you left a hidden file .kopia in the scripts folder.
4. you assume that everybody has testsign.jar in his sdk folder, why not include it with this tool?
other than that, nice tool
Well this is my first script,must start somewhere
thank you .. good work ... it would have bin nice to include the jar file but hey thats what google is for right thanks thou
OK, I'm having a problem getting it to work. Here's what I did: I changed my sdk folder to androidsdk. I unzipped the testsign_tool to my androidsdk/tool folder. I edited the scripts to:
for zipfile script:
Code:
lear
echo
#
#set -x
#
file_date=$(date +%Y%m%d%H%M%S)
# Dir with signed file
working_dir="~/$USER/testsign_tool/update"
# directory that contains update.zip
zip_dir="../working"
jpath="~/$USER/androidsdk/tools/sign/testsign.jar"
cd $working_dir
java -classpath $jpath testsign $zip_dir/update.zip ${file_date}_file-signed.zip
if [ -f $working_dir/${file_date}_file-signed.zip ] ; then
echo "New file signed!"
sleep 2
exit 0
else
echo "Error, please check."
fi
and for apkfile script:
Code:
clear echo
#
#set -x
#
file_date=$(date +%Y%m%d%H%M%S)
# Dir with signed file
working_dir="~/$USER/testsign_tool/update"
# directory that contains update.apk
apk_dir="../working"
jpath="~/$USER/androidsdk/tools/sign/testsign.jar"
cd $working_dir
java -classpath $jpath testsign $apk_dir/update.apk ${file_date}_file-signed.apk
if [ -f $working_dir/${file_date}_file-signed.apk ] ; then
echo "New file signed!"
sleep 2
exit 0
else
echo "Error, please check."
fi
so that $USER will allow anyone to use without modifying the scripts with their own name. I renamed my Launcher.apk to update.apk.
I place the update.apk into the working folder from within the testsign_tool folder. I double click the menu.sh and select option 2 in order to resign/sign my new apk. After this I get a message in terminal saying:
Code:
scripts/do_apkfile: line 13: cd: ~/treken/testsign_tool/update: No such file or directory
Exception in thread "main" java.lang.NoClassDefFoundError: testsign
Caused by: java.lang.ClassNotFoundException: testsign
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
Could not find the main class: testsign. Program will exit.
Error, please check.
Press Enter to continue
any insight to my problem as to what I did wrong?
No version for windows? only for linux?

error script

i have an error in the script that i have created..
i launch android terminal emulator and when i type menu (the name of script) i see that
line 1426: Unexpected EOF while looking for matching `" '
but the line 1426 is that
read -p "Press any key to return to main menu.."
where's the problem?
The definition of EOF is missing the trailing "

[Q] My code doesn't run in init.rc

how can I solve that problem?
I write the code in init.rc:
Code:
mv /com.anddoes.launcher_preferences.xml /data/data/com.anddoes.launcher/shared_prefs/
it returns such error:
<3>[ 0.640121] init: /init.rc: 351: invalid command 'mv'​
I tried both to write a script and to move toolbox with mv to the system root, but it returns the same error.
All the necessary folders exist
MaxiManBW said:
how can I solve that problem?
I write the code in init.rc:
Code:
mv /com.anddoes.launcher_preferences.xml /data/data/com.anddoes.launcher/shared_prefs/
it returns such error:
<3>[ 0.640121] init: /init.rc: 351: invalid command 'mv'​
I tried both to write a script and to move toolbox with mv to the system root, but it returns the same error.
All the necessary folders exist
Click to expand...
Click to collapse
init.rc is not a shell script, but a command language for the init process. Use can use the "exec" command to execute the mv command, see the docs below. Remember to use full paths.
Code:
Android Init Language
---------------------
The Android Init Language consists of four broad classes of statements,
which are Actions, Commands, Services, and Options.
All of these are line-oriented, consisting of tokens separated by
whitespace. The c-style backslash escapes may be used to insert
whitespace into a token. Double quotes may also be used to prevent
whitespace from breaking text into multiple tokens. The backslash,
when it is the last character on a line, may be used for line-folding.
Lines which start with a # (leading whitespace allowed) are comments.
Actions and Services implicitly declare a new section. All commands
or options belong to the section most recently declared. Commands
or options before the first section are ignored.
Actions and Services have unique names. If a second Action or Service
is declared with the same name as an existing one, it is ignored as
an error. (??? should we override instead)
Actions
-------
Actions are named sequences of commands. Actions have a trigger which
is used to determine when the action should occur. When an event
occurs which matches an action's trigger, that action is added to
the tail of a to-be-executed queue (unless it is already on the
queue).
Each action in the queue is dequeued in sequence and each command in
that action is executed in sequence. Init handles other activities
(device creation/destruction, property setting, process restarting)
"between" the execution of the commands in activities.
Actions take the form of:
on <trigger>
<command>
<command>
<command>
Services
--------
Services are programs which init launches and (optionally) restarts
when they exit. Services take the form of:
service <name> <pathname> [ <argument> ]*
<option>
<option>
...
Options
-------
Options are modifiers to services. They affect how and when init
runs the service.
critical
This is a device-critical service. If it exits more than four times in
four minutes, the device will reboot into recovery mode.
disabled
This service will not automatically start with its class.
It must be explicitly started by name.
setenv <name> <value>
Set the environment variable <name> to <value> in the launched process.
socket <name> <type> <perm> [ <user> [ <group> ] ]
Create a unix domain socket named /dev/socket/<name> and pass
its fd to the launched process. <type> must be "dgram", "stream" or "seqpacket".
User and group default to 0.
user <username>
Change to username before exec'ing this service.
Currently defaults to root. (??? probably should default to nobody)
Currently, if your process requires linux capabilities then you cannot use
this command. You must instead request the capabilities in-process while
still root, and then drop to your desired uid.
group <groupname> [ <groupname> ]*
Change to groupname before exec'ing this service. Additional
groupnames beyond the (required) first one are used to set the
supplemental groups of the process (via setgroups()).
Currently defaults to root. (??? probably should default to nobody)
oneshot
Do not restart the service when it exits.
class <name>
Specify a class name for the service. All services in a
named class may be started or stopped together. A service
is in the class "default" if one is not specified via the
class option.
onrestart
Execute a Command (see below) when service restarts.
Triggers
--------
Triggers are strings which can be used to match certain kinds
of events and used to cause an action to occur.
boot
This is the first trigger that will occur when init starts
(after /init.conf is loaded)
<name>=<value>
Triggers of this form occur when the property <name> is set
to the specific value <value>.
device-added-<path>
device-removed-<path>
Triggers of these forms occur when a device node is added
or removed.
service-exited-<name>
Triggers of this form occur when the specified service exits.
Commands
--------
exec <path> [ <argument> ]*
Fork and execute a program (<path>). This will block until
the program completes execution. It is best to avoid exec
as unlike the builtin commands, it runs the risk of getting
init "stuck". (??? maybe there should be a timeout?)
export <name> <value>
Set the environment variable <name> equal to <value> in the
global environment (which will be inherited by all processes
started after this command is executed)
ifup <interface>
Bring the network interface <interface> online.
import <filename>
Parse an init config file, extending the current configuration.
hostname <name>
Set the host name.
chdir <directory>
Change working directory.
chmod <octal-mode> <path>
Change file access permissions.
chown <owner> <group> <path>
Change file owner and group.
chroot <directory>
Change process root directory.
class_start <serviceclass>
Start all services of the specified class if they are
not already running.
class_stop <serviceclass>
Stop all services of the specified class if they are
currently running.
domainname <name>
Set the domain name.
insmod <path>
Install the module at <path>
mkdir <path> [mode] [owner] [group]
Create a directory at <path>, optionally with the given mode, owner, and
group. If not provided, the directory is created with permissions 755 and
owned by the root user and root group.
mount <type> <device> <dir> [ <mountoption> ]*
Attempt to mount the named device at the directory <dir>
<device> may be of the form [email protected] to specify a mtd block
device by name.
<mountoption>s include "ro", "rw", "remount", "noatime", ...
setkey
TBD
setprop <name> <value>
Set system property <name> to <value>.
setrlimit <resource> <cur> <max>
Set the rlimit for a resource.
start <service>
Start a service running if it is not already running.
stop <service>
Stop a service from running if it is currently running.
symlink <target> <path>
Create a symbolic link at <path> with the value <target>
sysclktz <mins_west_of_gmt>
Set the system clock base (0 if system clock ticks in GMT)
trigger <event>
Trigger an event. Used to queue an action from another
action.
write <path> <string> [ <string> ]*
Open the file at <path> and write one or more strings
to it with write(2)
Properties
----------
Init updates some system properties to provide some insight into
what it's doing:
init.action
Equal to the name of the action currently being executed or "" if none
init.command
Equal to the command being executed or "" if none.
init.svc.<name>
State of a named service ("stopped", "running", "restarting")
Example init.conf
-----------------
# not complete -- just providing some examples of usage
#
on boot
export PATH /sbin:/system/sbin:/system/bin
export LD_LIBRARY_PATH /system/lib
mkdir /dev
mkdir /proc
mkdir /sys
mount tmpfs tmpfs /dev
mkdir /dev/pts
mkdir /dev/socket
mount devpts devpts /dev/pts
mount proc proc /proc
mount sysfs sysfs /sys
write /proc/cpu/alignment 4
ifup lo
hostname localhost
domainname localhost
mount yaffs2 [email protected] /system
mount yaffs2 [email protected] /data
import /system/etc/init.conf
class_start default
service adbd /sbin/adbd
user adb
group adb
service usbd /system/bin/usbd -r
user usbd
group usbd
socket usbd 666
service zygote /system/bin/app_process -Xzygote /system/bin --zygote
socket zygote 666
service runtime /system/bin/runtime
user system
group system
on device-added-/dev/compass
start akmd
on device-removed-/dev/compass
stop akmd
service akmd /sbin/akmd
disabled
user akmd
group akmd
Debugging notes
---------------
By default, programs executed by init will drop stdout and stderr into
/dev/null. To help with debugging, you can execute your program via the
Andoird program logwrapper. This will redirect stdout/stderr into the
Android logging system (accessed via logcat).
For example
service akmd /system/bin/logwrapper /sbin/akmd
kuisma said:
init.rc is not a shell script, but a command language for the init process. Use can use the "exec" command to execute the mv command, see the docs below. Remember to use full paths.
Code:
Android Init Language
---------------------
The Android Init Language consists of four broad classes of statements,
which are Actions, Commands, Services, and Options.
All of these are line-oriented, consisting of tokens separated by
whitespace. The c-style backslash escapes may be used to insert
...........................................
Click to expand...
Click to collapse
I created script and put it to /system folder
Then call it with:
Code:
service my_script /system/my_script.sh
class main
oneshot
and again received an error: <3>[ 61.921627] init: cannot find '/system/my_script.sh', disabling 'my_script'
MaxiManBW said:
I created script and put it to /system folder
Then call it with:
Code:
service my_script /system/my_script.sh
class main
oneshot
and again received an error: <3>[ 61.921627] init: cannot find '/system/my_script.sh', disabling 'my_script'
Click to expand...
Click to collapse
Is you script executable and begins with the line "#!/system/bin/sh"?
kuisma said:
Is you script executable and begins with the line "#!/system/bin/sh"?
Click to expand...
Click to collapse
Yes!
just in case, I used chmod 777 and first line begins with the line "#!/system/bin/sh".
Error no longer appears, but script doesn't work:
Code:
#!/system/bin/sh
if [-a /com.anddoes.launcher_preferences.xml]
cp /com.anddoes.launcher_preferences.xml /data/data/com.anddoes.launcher/shared_prefs/
rm /com.anddoes.launcher_preferences.xml
fi
I may be wrong calling service?
Code:
service my_script /system/my_script.sh
class main
oneshot
MaxiManBW said:
Yes!
just in case, I used chmod 777 and first line begins with the line "#!/system/bin/sh".
Error no longer appears, but script doesn't work:
Code:
#!/system/bin/sh
if [-a /com.anddoes.launcher_preferences.xml]
cp /com.anddoes.launcher_preferences.xml /data/data/com.anddoes.launcher/shared_prefs/
rm /com.anddoes.launcher_preferences.xml
fi
I may be wrong calling service?
Code:
service my_script /system/my_script.sh
class main
oneshot
Click to expand...
Click to collapse
I guess cp works, but not rm? Root is remounted read-only quite early in init.rc
Edit: Also, I've told you to use full paths. And that if-syntax...? It's sure not standard shell test syntax.
MaxiManBW said:
how can I solve that problem?
I write the code in init.rc:
Code:
mv /com.anddoes.launcher_preferences.xml /data/data/com.anddoes.launcher/shared_prefs/
it returns such error:
<3>[ 0.640121] init: /init.rc: 351: invalid command 'mv'​
I tried both to write a script and to move toolbox with mv to the system root, but it returns the same error.
All the necessary folders exist
Click to expand...
Click to collapse
Did it work?
I think init.rc only understands absolute paths... I mean, replacing mv with the below might work.
/system/bin/mv XXX YYY
-pradeep.
---------- Post added at 03:41 PM ---------- Previous post was at 03:16 PM ----------
kuisma said:
I guess cp works, but not rm? Root is remounted read-only quite early in init.rc
Edit: Also, I've told you to use full paths. And that if-syntax...? It's sure not standard shell test syntax.
Click to expand...
Click to collapse
I have a similar question regarding init.rc.
I am trying to run a native application (which downloads the wifi firmware to dongle). I need this to be done before the wifi driver module is insmod'ed. Accordingly, I have an entry in init.rc with 'exec' command to run it -- at the end of "on init" section.
exec /system/bin/downloader -n /system/etc/wifi/xyz.nvm /system/etc/wifi/fake.trx
This command doesn't seem to run although I don't see any errors in the boot log.
I also tried a combination of 'service' commands like:
service downloader /system/bin/downloader -n /system/etc/wifi/xyz.nvm /system/etc/wifi/fake.trx
disabled
oneshot
Same result: no error in the bootlog but firmware not downloaded.
Any idea what might be wrong with the commands here? I am on JB-MR1.
-pradeep.
Gurumath said:
Did it work?
I think init.rc only understands absolute paths... I mean, replacing mv with the below might work.
/system/bin/mv XXX YYY
-pradeep.
---------- Post added at 03:41 PM ---------- Previous post was at 03:16 PM ----------
I have a similar question regarding init.rc.
I am trying to run a native application (which downloads the wifi firmware to dongle). I need this to be done before the wifi driver module is insmod'ed. Accordingly, I have an entry in init.rc with 'exec' command to run it -- at the end of "on init" section.
exec /system/bin/downloader -n /system/etc/wifi/xyz.nvm /system/etc/wifi/fake.trx
This command doesn't seem to run although I don't see any errors in the boot log.
I also tried a combination of 'service' commands like:
service downloader /system/bin/downloader -n /system/etc/wifi/xyz.nvm /system/etc/wifi/fake.trx
disabled
oneshot
Same result: no error in the bootlog but firmware not downloaded.
Any idea what might be wrong with the commands here? I am on JB-MR1.
-pradeep.
Click to expand...
Click to collapse
So here is the thing I read somewhere that exec are just added for show and they don't actually work
I am not entirely sure of the above statement, but what I am sure of is that you can write a script and add it to the init.rc to get your work done
---------- Post added at 10:26 AM ---------- Previous post was at 10:16 AM ----------
kuisma said:
I guess cp works, but not rm? Root is remounted read-only quite early in init.rc
Edit: Also, I've told you to use full paths. And that if-syntax...? It's sure not standard shell test syntax.
Click to expand...
Click to collapse
It is not about the wrong service being called.
It is the fact that the service has been defined but you need to call the service at some instant by adding the command
'start yourServiceName'
That is if you want to start your service at boot time, you will need to add the following lines
on property:sys.boot_completed=1
start my_script
Here is a full version of a script that I wrote, this was to toggle wifi at regular interval of time
My Shell Script - init.custom.sh
#!/system/bin/sh
while true; do
svc wifi disable
sleep 10
svc wifi enable
sleep 60
done
My Code inside init.rc
service custom /system/bin/init.custom.sh
user root
oneshot
on property:sys.boot_completed=1
write /sys/block/mmcblk0/queue/scheduler cfq ## This was already present
start custom
I know this is a very late reply, but I started exploring these things recently.
Hope this helps someone.

Hacking android, got "system" user, but not root, how to escalate privilege?

Hacking android, got "system" user, but not root, how to escalate privilege?
Hello, i am new to XDA. I am trying to jail-break my android device:
Android 5.1.1, Linux 3.10.49
This device is a rare brand and have no any unlock & flash mechanism.
Currently i have successfully got "system" user (UID 1000) by using a preinstalled DEBUGGABLE system app.
This user can only change /data directory etc, it can not change any file owned by root.
So any help to escalate "system" user to root user will be very appreciate.
the result of command "id":
Code:
uid=1000(system)
gid=1000(system)
groups=1000(system)
1007(log)
1010(wifi)
1015(sdcard_rw)
1021(gps)
1023(media_rw)
1028(sdcard_r)
3001(net_bt_admin)
3002(net_bt)
3003(inet)
3004(net_raw)
3005(net_admin)
3006(net_bw_stats)
3009(qcom_diag)
9997(everybody)
41000(u0_a31000)
context=u:r:system_app:s0
This account can change /data/system/packages.xml etc, but can not change /system/*, nor chown/mount.....
It's CapBound is 0, too strict. And also can not disable SELinux.
Can anyone help me?
----------------------- PS: share how i get system user privilege, maybe helpful to others -----------------------
In a word, just use jdb to attache to the app then print new java.lang.Runtime().exec("sh /sdcard/my.sh").
First, i found a package appeared in Android Device Monitor's debuggable app list, e.x. com.example.app.
Then i use
Code:
pm dump com.example.app
got confirmed it use system UID, then
Code:
run-as com.example.app
but failed due to "Package not found", i don't know why.
Then i try to use JDWP way.
Get the debuggable process ID:
Code:
$ adb jdwp
9424
$ adb forward tcp:8600 jdwp:9424
$ jdb -attach localhost:8600
> threads
group system:
(java.lang.Thread)0x2a86 Signal Catcher ...
(java.lang.Thread)0x2a87 FinalizerWatchdogDaemon ...
...
group main:
(java.lang.Thread)0x2a8d main ...
(java.lang.Thread)0x2a8e Binder_1 ...
...
> thread 0x2a8d
main[1] stepi
>
stepi completed: "thread=main", android.os.MessageQueue.next()、row=145 bci=22
main[1] > print new java.lang.Runtime().exec("sh /sdcard/qj.sh")
There are some files need be upload(adb push .... ) before run the last command.
/sdcard/qj.sh:
Code:
date > /sdcard/log
cp -f /sdcard/busybox /data/ 2>> /sdcard/log || exit 1
chmod 4777 /data/busybox 2>> /sdcard/log || exit 1
(while true; do /data/busybox nc -l -p 7777 -e sh; done) >> /sdcard/log 2>&1 &
echo server OK >> /sdcard/log
/sdcard/busybox:
this file can be found at busybox.net/downloads/binaries/latest, choose ARM7v.
The above jdb command "print new java.lang.Runtime().exec("sh /sdcard/qj.sh")" will create a shell server listening at 7777 port, bridge input/output to sh.
So, to connect to the shell server,
Code:
adb forward tcp:7777 tcp:7777
nc localhost 7777
then in this connection, input shell command.
Sorry: i forgot a very important step: to run the "print new ...." statement, i have to turn on screen, even touch the app so can be trapped into jdb.
---------That's all------------

Running svc in ssh returns Aborted

I've rooted my phone using Magisk
I want to enable/disable Wifi using a shell script
Enabling or diabling works fine using command below
adb -s <serial> shell "svc wifi enable"
But when i start a SSH session svc throws an "Aborted" error
# svc wifi enable
Aborted
Info:
# adb -s <serial> shell "whoami"
shell
# adb -s <serial> shell "which svc"
/system/bin/svc
# adb -s <serial> shell "which sh"
/system/bin/sh
Also tried logging in SSH as user "shell"
Why is svc giving this error, is there a way to fix this ?
ReMiOS said:
I've rooted my phone using Magisk
I want to enable/disable Wifi using a shell script
Enabling or diabling works fine using command below
adb -s <serial> shell "svc wifi enable"
But when i start a SSH session svc throws an "Aborted" error
# svc wifi enable
Aborted
Info:
# adb -s <serial> shell "whoami"
shell
# adb -s <serial> shell "which svc"
/system/bin/svc
# adb -s <serial> shell "which sh"
/system/bin/sh
Also tried logging in SSH as user "shell"
Why is svc giving this error, is there a way to fix this ?
Click to expand...
Click to collapse
I'm facing the same issue here, did you mage to solve it?
estevaofv said:
I'm facing the same issue here, did you mage to solve it?
Click to expand...
Click to collapse
Unfortunately not ...
i have no clue
Hello friend, I just found the solution:
export ANDROID_DATA=/data
just run the above command, it was an environment variable related issue, I found the solution on the link below:
Can not run some CMDs over SSH · Issue #12 · Magisk-Modules-Repo/ssh
PixelExperience_caf_whyred-9.0 Magisk 19.2 Can not run some su CMDs over SSH shell, but over ADB everything is OK The error gives a sign of 'Aborted' Have been using SSH-Module for some time now, s...
github.com
estevaofv said:
Hello friend, I just found the solution:
export ANDROID_DATA=/data
just run the above command, it was an environment variable related issue, I found the solution on the link below:
Can not run some CMDs over SSH · Issue #12 · Magisk-Modules-Repo/ssh
PixelExperience_caf_whyred-9.0 Magisk 19.2 Can not run some su CMDs over SSH shell, but over ADB everything is OK The error gives a sign of 'Aborted' Have been using SSH-Module for some time now, s...
github.com
Click to expand...
Click to collapse
It works now
Great Solution ! Thanks !
I've put it in my ~/.profile to load it automatically at login (using SSH magisk module)
I've upgraded to Android 10 after this svc just gave an rc =1
# svc
1|
# echo $?
1
Fixed is by adding this to my ~/.profile
export PATH=$PATH:/sbin
export ANDROID_DATA=/data
export ANDROID_RUNTIME_ROOT=/apex/com.android.runtime
export ANDROID_TZDATA_ROOT=/apex/com.android.tzdata
# svc
Available commands:
help Show information about the subcommands
power Control the power manager
data Control mobile data connectivity
wifi Control the Wi-Fi manager
usb Control Usb state
nfc Control NFC functions
bluetooth Control Bluetooth service
system-server System server process related command

Categories

Resources