Hello All,
I have been searching for a solution to the below mentioned issue all over the net since last one month and finally referred to this forum by my vpn service provider 'cyberghostvpn'.
I am enclosing my config file (test.ovpn.txt), log file(log.txt) & sample password file for 'auth-user-pass' (pass.txt).
Following are the highlighted points regarding this issue :
While the same config file is working fine on my linux machine on android the same is stopping at the prompt "Enter Auth Username :". After entering username the connection sequence continues but the prompt "Enter Auth Password :" never comes like linux.
Hence my analysis is that the openvpn binary is unable to pass my the username-passowrd combination to my vpn server in the console input mode and an auth-failure control message is received shortly later terminating the connection.
If I pass the username-passord combination through the password file as 'auth-user-pass pass.txt' then also the same thing happens (an auth-failure control message is received terminating the connection).
In linux both of these methods are working successfully in establishing the connection proving that there is nothing wrong with cyberghostvpn.
One important point is though on android the openvpn binary is unable to read the config from the .ovpn file, it runs when the options are given as command line arguments as shown below and the enclosed log file is generated in this method.
# openvpn --client --ca ca.crt --cert my_user_name.crt --key my_user_name.key --remote ch.openvpn.cyberghostvpn.com 9081 ..........--tun-mtu 1500 --fragment 1300 --mssfix > log.txt
Anyone who can either help me resolving this issue or refer it to some expert developer on openvpn will be very much appreciated.
Kind regards,
kingsukm
It seems that clockworkmod backup / restore provides an excellent way to create a master configuration (with many programs installed and a lot of detailed settings, but nothing special or protected) which can then be restored on many phones - EXCEPT for a few problems related to Android ID!!!
In more details - it seems that the Android ID and a few other settings derived from that are also cloned and (for the moment) there is no simple way to fix things - as far as I could find all seems (???) to be confined to a database file located in:
/data/data/com.android.providers.settings/databases/settings.db
where in the sqlite3 table called 'secure' there are 3 entries of interest:
_id 51 name android_id value XXXXxxxxxxxxxxxx
_id 57 name wifi_p2p_ssid value Android_XXXX
_id 200 name wifi_p2p_device_name value Android_XXXX
I did try to "adb pull" the file, edit it on PC with SQLite Expert Personal and then "adb push" the file back and then restart the phone but it seems something is not working as expected - the Wi-Fi Direct name does not always seem to change and even more strange I can see some very weird things taking place with other settings (for instance related to lock screen and other stuff) apparently changing "by themselves" when the phone goes to sleep :crying:
Any idea or suggestion on how that can be achieved?
Does the Android ID has any "internal CRC" in the 64-bit value encoded there?
For the moment my tests have been done using a CrisKelo ROM and siyah kernel but I don't think that is essential to the story.
Android's netd daemon, by default, enables something known as "IPv6 privacy extensions" (this means that the IPv6 address, instead of being generated from the device's MAC address, will be randomized — but this is irrelevant for my question).
In a nutshell, my problem is this: how can I hack, or communicate with, the netd daemon to force it to disable this feature?
(Android offers no configuration for this. I bug-reported the issue to Google ad android bug #31102 aka http : / / code.google.com/p/android/issues/detail?id=31102 (sorry I'm not allowed to post links) but they, of course, ignored it. Please note that there are lots of pages dealing with the question of how to enable IPv6 privacy extensions, because old versions of Android did not enable them: my question is how to disable them, permanently.)
What the netd daemon actually does is that when a network interface $IFACE is brought up, it opens the file /proc/sys/net/ipv6/conf/$IFACE/use_tempaddr and writes "2" there (this asks the Linux kernel to enable the feature). Up to Android 4.2, what I did was binary patch netd to replace the string "/proc/sys/net/ipv6/conf/%s/use_tempaddr" by "/dev/null\000" so the daemon would simply write that "2" to /dev/null and nothing would happen. But in Android 4.3 that part of the code has been slightly refactored, see InterfaceController.cpp from the netd source code, around line 134 (https : / / android.googlesource.com/platform/system/netd/+/android-4.3.1_r1/InterfaceController.cpp — again I'm not allowed to put links, what a pain), so a binary patch is not so trivial. (I could probably replace "use_tempaddr" by "hfr_grzcnqqe", but it would cause an error message in the logs and I'd like to avoid that.)
(Changing netd's source would be absolutely trivial. But I want to avoid recompiling it, because I'd probably spend many sleepless nights getting the correct native toolchain and convincing the Android makefiles to recompile just this bit: I don't have the resources to do a full Android build. Maybe I'm being pessimistic.)
In principle, it seems that netd reacts to commands that are sent to it (see https : / / android.googlesource.com/platform/system/netd/+/android-4.3.1_r1/CommandListener.cpp starting from around line 434). What I don't know is how to communicate with it to send it such commands, let alone do it precisely when a new interface is brought up. I know that at the other end of the line there is, for example, android.net.wifi.WifiStateMachine (see https : / / android.googlesource.com/platform/frameworks/base/+/android-4.3.1_r1/wifi/java/android/net/wifi/WifiStateMachine.java around line 2104). I'm a Linux dev, not so familiar with the Android IPC mechanisms or daemons, so I was hoping someone more knowledgeable could think of a way to pass a command at the right time.
PS: I'm aware that there's an app called to.doc.android.ipv6config which claims to solve the problem I'm talking about. But, looking at the code (https : / / gitorious.org/android-ipv6config/android-ipv6config/source/58e2060162485b54d4f8c147a558aeed708fa4b4:src/to/doc/android/ipv6config/LinuxIPCommandHelper.java around line 103), it's obvious that it does so in a completely wrong way, namely by talking to the kernel, bypassing netd's role as the network gatekeeper altogether.
PPS: I'm using CyanogenMod (currently 10.1.3, and this issue is preventing me from upgrading to 10.2), but I don't think this is relevant at all (I must admit I didn't check to see if CyanogenMod patched netd and/or android.net.wifi.WifiStateMachine in any way).
Meta-question: Is this the right place to ask? Apparently I have to ask 10 stupid questions before I'm allowed to post anywhere else.
Did you ever find a permanent solution? I've been tackling the issue on my new Galaxy S6 using the steps as outlined in this link:
https://www.reddit.com/r/Android/comments/2z1gyo/fix_lollipop_wifi_issues_and_coincidentally_the/
On the chance that someone has this issue and finds this thread ..
As far as I have seen (< 5.0), communication with the network daemon, netd, is done through unix-domain socket IPC on /dev/socket/netd. The commands are of the form:
Code:
interface setcfg [iface name] [options]
Where 'options' includes 'up' and 'down', among others. I have not verified this, but you may be able to do this from the console -- see 'netcfg'. As far as the specific command to do what you are requesting, I would either pull the netcfg executable into IDA or start by looking at the WifiStateMachine. The state machine set sets this option at line 2092 in the source:
Code:
mNwService.setInterfaceIpv6PrivacyExtensions(mInterfaceName, true);
Additionally, you could just pull in the apk for the WifiStateMachine and modify the smali to send false, rather than true, at the line above and you'll have your permanent disable. For this, see /system/framework/*.apk, or equivalent. The WSM implementation should be there somewhere.
-----------
From the source you posted, I found this too ..
Code:
"Usage: interface ipv6privacyextensions <interface> <enable|disable>"
I enjoy PA's decoupling of the encryption and lock screen passwords. Once encryption has been set up, the lock screen pin/password can be changed independently of the encryption password. I am requesting to augment this feature by allowing the user to change the encryption password as well, possibly via a new option in the Encryption section of Settings -> Security.
The current encryption password can be verified by running the following as root:
Code:
vdc cryptfs verifypw <password>
The encryption password can be changed by running the following as root:
Code:
vdc cryptfs changepw <new_password>
I have been meaning to add an option but haven't found the time
Sent from my Nexus 5 using Tapatalk
I chosen a project at security information to find a password from a phone with Android.
I found in password.key from data/system/ a crypto text with 97 characters ,how are generate that crypto text ? Which is the function ?
I need that function to do bruteforce on that password /pin with 4 digits.