Dropbear SSHD Ported! - G1 General

No need to use telnet anymore, I ported dropbear sshd over. (Mostly just mangled up the authentication.)
I provide the patch with basically no support, and reserve the right to ridicule you if you ask stupid questions. (If I described something incorrectly or you have actual questions, thats different. But if you aren't comfortable cross-compiling code - or compiling it at all - then this is not for you.)
It isn't plug and play, its a patch to the dropbear shipped with the Android platform code and you are on your own getting it to cross-compile. (I used the sourcery pack.) My build is MULTICALL=1 STATIC=1 and includes dbclient, dropbear, dropbearkey. You'll want to set the root password in debug.h and follow the instructions in the patch.
Latest patch here: http://link.sigkill.net/dropbear-v1.1.patch
# A couple of hints for this script.
# debug.h - you want to set a password at the bottom
# I prefer to build STATIC=1 MULTICALL=1 but you can do what you want.
#
# It still checks /etc/shells so unfortunately you have to create that file
# and put your shell in it. (by default I use /system/bin/rootsh. Which you
# will want to create.)
# If you want key-based authentication, there's some additional prep work:
# /data/dropbear needs to be root:root 744 and
# /data/dropbear/.ssh root:root 700
# options.h | 30 +++++++++++++++---------------
# svr-auth.c | 34 +++++++++++++++++++++++++++++++++-
# svr-chansession.c | 2 ++
# 3 files changed, 50 insertions(+), 16 deletions(-)
Changelog: v1.1 initial public release
Plans:
v1.2 remove /etc/shells check
v? add configurable password
v? auto-create directories

THANK YOU!!

Related

[DEV][TOOL]Splitting Signed Boot Images - Script

Quick and dirty modified split_bootimg.pl for splitting our signed boot images.
This will strip the first 256bytes (the signature) from the image.
Advice, this will ruin unsigned boot images, if you are not a competent developer leave th alone, if you are competent
make backups before using.
#!/usr/bin/perl
######################################################################
#
# File : split_bootimg.pl
# Author(s) : William Enck <[email protected]>
# Description : Split appart an Android boot image created
# with mkbootimg. The format can be found in
# android-src/system/core/mkbootimg/bootimg.h
#
# Thanks to alansj on xda-developers.com for
# identifying the format in bootimg.h and
# describing initial instructions for splitting
# the boot.img file.
#
# Last Modified : Tue Dec 2 23:36:25 EST 2008
# By : William Enck <[email protected]>
#
# Copyright (c) 2008 The Pennsylvania State University
# Systems and Internet Infrastructure Security Laboratory
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
######################################################################
#
# Modified for signed boot images, no longer compatible with
# unsigned images. ~jcase
#
# Modded by a friend of AndIRC
#
######################################################################
Nice Job thanks 4 this!
Sent from my ADR6400L using XDA Premium App
tanks d000d
Thank you jcase
Sent from my ADR6400L using XDA Premium App
sadly, this script can not work on galaxy note GT-N7000

[Q] Ad-hoc on ZTE Blade

Hi
I've got a question. How to connect blade (on 2.2 froyo) to ad-hoc wirless?
Probably must change a "wpa_supplicant" file (and probably other's simmilar), but i don't know how
This is my "wpa_supplicant" (viewed by normal notepad) :
Code:
# Note: All file paths in this configuration file should use full (absolute,
# not relative to working directory) path in order to allow working directory
# to be changed. This can happen if wpa_supplicant is run in the background.
# Whether to allow wpa_supplicant to update (overwrite) configuration
#
# This option can be used to allow wpa_supplicant to overwrite configuration
# file whenever configuration is changed (e.g., new network block is added with
# wpa_cli or wpa_gui, or a password is changed). This is required for
# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
# Please note that overwriting configuration file will remove the comments from
# it.
update_config=1
# global configuration (shared by all network blocks)
#
# Parameters for the control interface. If this is specified, wpa_supplicant
# will open a control interface that is available for external programs to
# manage wpa_supplicant. The meaning of this string depends on which control
# interface mechanism is used. For all cases, the existance of this parameter
# in configuration is used to determine whether the control interface is
# enabled.
#
# For UNIX domain sockets (default on Linux and BSD): This is a directory that
# will be created for UNIX domain sockets for listening to requests from
# external programs (CLI/GUI, etc.) for status information and configuration.
# The socket file will be named based on the interface name, so multiple
# wpa_supplicant processes can be run at the same time if more than one
# interface is used.
# /var/run/wpa_supplicant is the recommended directory for sockets and by
# default, wpa_cli will use it when trying to connect with wpa_supplicant.
#
# Access control for the control interface can be configured by setting the
# directory to allow only members of a group to use sockets. This way, it is
# possible to run wpa_supplicant as root (since it needs to change network
# configuration and open raw sockets) and still allow GUI/CLI components to be
# run as non-root users. However, since the control interface can be used to
# change the network configuration, this access needs to be protected in many
# cases. By default, wpa_supplicant is configured to use gid 0 (root). If you
# want to allow non-root users to use the control interface, add a new group
# and change this value to match with that group. Add users that should have
# control interface access to this group. If this variable is commented out or
# not included in the configuration file, group will not be changed from the
# value it got by default when the directory or socket was created.
#
# When configuring both the directory and group, use following format:
# DIR=/var/run/wpa_supplicant GROUP=wheel
# DIR=/var/run/wpa_supplicant GROUP=0
# (group can be either group name or gid)
#
ctrl_interface=DIR=/data/misc/wifi/wpa_supplicant GROUP=wifi
# IEEE 802.1X/EAPOL version
# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines
# EAPOL version 2. However, there are many APs that do not handle the new
# version number correctly (they seem to drop the frames completely). In order
# to make wpa_supplicant interoperate with these APs, the version number is set
# to 1 by default. This configuration value can be used to set it to the new
# version (2).
# eapol_version=1
# AP scanning/selection
# By default, wpa_supplicant requests driver to perform AP scanning and then
# uses the scan results to select a suitable AP. Another alternative is to
# allow the driver to take care of AP scanning and selection and use
# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
# information from the driver.
# 1: wpa_supplicant initiates scanning and AP selection
# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
# parameters (e.g., WPA IE generation); this mode can also be used with
# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
# APs (i.e., external program needs to control association). This mode must
# also be used when using wired Ethernet drivers.
# 2: like 0, but associate with APs using security policy and SSID (but not
# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
# enable operation with hidden SSIDs and optimized roaming; in this mode,
# the network blocks in the configuration file are tried one by one until
# the driver reports successful association; each network block should have
# explicit security policy (i.e., only one option in the lists) for
# key_mgmt, pairwise, group, proto variables
# ap_scan=1
# EAP fast re-authentication
# By default, fast re-authentication is enabled for all EAP methods that
# support it. This variable can be used to disable fast re-authentication.
# Normally, there is no need to disable this.
# fast_reauth=1
# Driver interface parameters
# This field can be used to configure arbitrary driver interace parameters. The
# format is specific to the selected driver interface. This field is not used
# in most cases.
#driver_param="field=value"
# Maximum lifetime for PMKSA in seconds; default 43200
#dot11RSNAConfigPMKLifetime=43200
# Threshold for reauthentication (percentage of PMK lifetime); default 70
#dot11RSNAConfigPMKReauthThreshold=70
# Timeout for security association negotiation in seconds; default 60
#dot11RSNAConfigSATimeout=60
Sorry for my bad english.
I very needed internet in ad-hoc mode. So, anybody help me ?
wifi ad hoc is not supported by zte blade official rom even by changing wpa_supplicant this will crash your wifi.............
maybe the modded supplicant is not compatible with stock rom..........
change your rom to any cm7 and than change its wpa_supplicant to /system/bin than only the wifi adhoc will work

official cm7.2 kernel source

Hello,
I need to recompile the kernel to get the serial port through the usb plug (google: android serialport api htc )
The kernel shipped with cm-7.2.0-click is 2.6.35.14 (-Arco-Kalim) and I can't find this version on git for this phone (that would take /proc/config.gz with no modification by using make menuconfig+save).
Anybody has some clue ?
Thanks
david
deyv said:
Hello,
I need to recompile the kernel to get the serial port through the usb plug (google: android serialport api htc )
The kernel shipped with cm-7.2.0-click is 2.6.35.14 (-Arco-Kalim) and I can't find this version on git for this phone (that would take /proc/config.gz with no modification by using make menuconfig+save).
Anybody has some clue ?
Thanks
david
Click to expand...
Click to collapse
If you need to make just minor tweaks, use dsxda's kitchen to extract the kernel, make changes and then repack it
Hi deyv,
kernel source for tattoo and wildfire are into arco git:
https://github.com/arco/htc-kernel-msm7225
and here's the gingerbread branch config file for tattoo:
https://github.com/arco/htc-kernel-msm7225/blob/gingerbread/arch/arm/configs/click_defconfig
bye
yen
Thanks a lot !
Thanks to both of you I managed to recompile a kernel, and repack it in the official cm7.2 using dsixda.
I have now the serial port /dev/ttyMSM2 that appeared (which I still have to test) and this is great
But I have now the touchscreen which is totally broken (touch is working but gives random places, never under the thumb). I compared the two rom-zip files, and there is absolutely no difference between them, except a new binary /system/bin/wmdsi, and of course the kernel (no difference in ramdisk.img).
Here is the .config diff.
Do you have any clue ?
edit: screen and touchpad X and Y axis are reversed, (in both landscape and portrait mode)
Code:
--- click_defconfig 2012-07-25 08:56:38.219763553 +0200
+++ click_defconfig-noheadset-serialport 2012-07-26 01:43:44.190274884 +0200
@@ -2,5 +2,5 @@
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.35.14
-# Wed Feb 1 07:32:28 2012
+# Thu Jul 26 01:43:22 2012
#
CONFIG_ARM=y
@@ -363,6 +363,5 @@
# CONFIG_MICROP_COMMON is not set
# CONFIG_HTC_HEADSET_MGR is not set
-CONFIG_HTC_HEADSET_V1=y
-CONFIG_HTC_AUDIOJACK_V1=y
+# CONFIG_HTC_HEADSET_V1 is not set
# CONFIG_HTC_ONMODE_CHARGING is not set
# CONFIG_BUILD_CIQ is not set
@@ -1192,5 +1191,7 @@
CONFIG_SERIAL_CORE=y
CONFIG_SERIAL_CORE_CONSOLE=y
-# CONFIG_SERIAL_MSM is not set
+CONFIG_SERIAL_MSM=y
+# CONFIG_SERIAL_MSM_CONSOLE is not set
+# CONFIG_SERIAL_MSM_CLOCK_CONTROL is not set
# CONFIG_SERIAL_MSM_HSL is not set
CONFIG_SERIAL_MSM_HS=y
Is not the L missing here?
Code:
# CONFIG_SERIAL_MSM_HSL is not set
CONFIG_SERIAL_MSM_HS=y
CONFIG_SERIAL_MSM_HS is flagged for 2.6.39 kernel onwards here http://cateee.net/lkddb/web-lkddb/SERIAL_MSM_HS.html
Other than this i suggest to extract kernel config from a working cm7 rom to check if it match that on github (just in case of)
To compile kernel do you have used toolchain shipped with cm?
bye
yen
The /proc/config.gz extracted from the original running cm7.2 matches the second link you wrote above.
and the two following lines are in it (you can check):
Code:
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.35.14
# Wed Feb 1 07:32:28 2012
[...]
# CONFIG_SERIAL_MSM_HSL is not set
CONFIG_SERIAL_MSM_HS=y
Yes, I have used the toolchain shipped with cm's git repository.
I'm using the remotes/origin/gingerbread branch of arco's kernel :
Code:
$ git branch -a
* (no branch)
ics
remotes/origin/HEAD -> origin/ics
remotes/origin/gingerbread
remotes/origin/ics
$ git diff -r remotes/origin/gingerbread
$
I had also compiled the entired android (not the kernel) with the same toolchain and it worked. I am now using the original CM distribution, not the one I compiled but with the new .config I described above.
Can it be a /proc/cmdline problem ? I can't see where it is stored, it's obviously not in the rom:
Code:
# bash
localhost / # cat /proc/cmdline
board_bahamas.disable_uart3=0 board_bahamas.usb_h2w_sw=0 board_bahamas.disable_sdcard=0 diag.enabled=0 board_bahamas.debug_uart=0 smisize=0 androidboot.baseband=3.35.07.20 androidboot.cid=ORANG202 androidboot.carrier=ORANGE-French androidboot.mid=CLIC10000 androidboot.keycaps=azerty androidboot.mode=normal androidboot.serialno=SH9BGLG00083 androidboot.bootloader=0.52.0001 no_console_suspend=1 console=null
localhost / #
Should I restart the process from scratch ?
So original kernel config & source and toolchain are all good, i got no (possibly) good idea at all.
Should I restart the process from scratch ?
Click to expand...
Click to collapse
last try should perhaps be to compile kernel inline with the rom (not tested if it's possible in cm7 too like for cm9)
bye
yen

Compiling dropbear 2015.67 for Zenfone 2 (x86-64)

Hi,
This is a guide on compiling the latest (as of 2015-06-24) dropbear SSH daemon (2015.67) for the Zenfone 2 but should also work for other x86-64 architecture Android devices. The guide is mainly based off the work from the blog http://blog.xulforum.org/index.php?post/2013/12/19/Compiling-Dropbear-for-a-Nexus-7-tablet which is an excellent guide to getting an older version of dropbear running on Android devices.
I've modified the patch made by the original author to work on the latest dropbear version. There are not much changes from ver 2013.58 to 2015.67. The main difference seems to be the support for Elliptical Curve encryption.
** START DISCLAIMER **
I did not write the original codes/patch myself and have not scrutinized it for any security issues. USE IT AT YOUR OWN RISK.
** END DISCLAIMER **
Here's the list of requirements :-
1) Dropbear 2015.67 source code - dropbear-2015.67.tar.bz2 (https://matt.ucc.asn.au/dropbear/releases/dropbear-2015.67.tar.bz2)
2) Patch to compile for Android - dropbear-v67-android-patch-20150629 (https://goo.gl/LBokgG)
3) A recent Linux distro (I use Ubuntu 14.04.2 LTS) running x86-64.
4) Development tools i.e. C compiler, linker, etc... all the necessary tools to run configure, make, etc..
Steps :-
(1) Extract the source code to a directory of its own :-
Code:
tar xjf dropbear-2015.67.tar.bz2
cd dropbear-2015.67
(2) Patch the source :-
Code:
patch -p1 < dropbear-v67-android-patch-20150629
(3) Run configure :-
Code:
./configure --disable-zlib --disable-largefile --disable-loginfunc \
--disable-shadow --disable-utmp --disable-utmpx --disable-wtmp \
--disable-wtmpx --disable-pututline --disable-pututxline --disable-lastlog
(4) Run make :-
Code:
STATIC=1 MULTI=1 SCPPROGRESS=0 PROGRAMS="dropbear dropbearkey scp dbclient" make strip
(5) You should end up with a single static binary "dropbearmulti" which you should link dropbear, dbclient/ssh, dropbearkey and scp to.
Code:
./dropbear -h
Dropbear server v2015.67 [URL]https://matt.ucc.asn.au/dropbear/dropbear.html[/URL]
Usage: ./dropbear [options]
-A Android Mode, specify a user explicitly
-N Android Mode, user name
-C Android Mode, password
-R Android Mode, public key file (authorized_keys)
-U Android Mode, UID
-G Android Mode, GID
-b bannerfile Display the contents of bannerfile before user login
(default: none)
-r keyfile Specify hostkeys (repeatable)
defaults:
dss /etc/dropbear/dropbear_dss_host_key
rsa /etc/dropbear/dropbear_rsa_host_key
ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-F Don't fork into background
-E Log to stderr rather than syslog
-m Don't display the motd on login
-w Disallow root logins
-s Disable password logins
-g Disable password logins for root
-B Allow blank password logins
-j Disable local port forwarding
-k Disable remote port forwarding
-a Allow connections to forwarded ports from any host
-p [address:]port
Listen on specified tcp port (and optionally address),
up to 10 can be specified
(default port is 22 if none specified)
-P PidFile Create pid file PidFile
(default /var/run/dropbear.pid)
-i Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive> (0 is never, default 0, in seconds)
-I <idle_timeout> (0 is never, default 0, in seconds)
-V Version
I will assume you know what to do with the binary file generated so will not elaborate on the process.
Hope it works for you guys. I'll be happy to help out anyone who needs more details.
Cheers.
UPDATE: 2015-06-29
- I've updated the patch to fix dbclient/ssh client using password authentication.
Hi all,
For those of you using the dropbear ssh client and encountering a seg fault when using password authentication, I've fixed the patch now and it should be working.
Cheers.
wolfdude said:
I will assume you know what to do with the binary file generated so will not elaborate on the process.
Hope it works for you guys. I'll be happy to help out anyone who needs more details.
Click to expand...
Click to collapse
Ehm...
Replacing the not working dropbear binaries of ARM-oriented SSHD servers with a link to this should solve the problem discussed here ...
is it right ?!
Thanks again
Val3r10 said:
Ehm...
Replacing the not working dropbear binaries of ARM-oriented SSHD servers with a link to this should solve the problem discussed here ...
is it right ?!
Thanks again
Click to expand...
Click to collapse
In a nutshell, you will need to copy dropbearmulti to /system/xbin, create some symbolic links to it (dropbear, dropbearkey, dbclient, scp), run dropbearkey to generate your host keys, copy your client pubkey to /data/dropbear/authorized_keys and then startup dropbear with parameters like :-
Code:
dropbear -A -N root -R /data/dropbear/authorized_keys
Hope this helps.
Cheers.
wolfdude said:
[...] and then startup dropbear with parameters like :-
Hope this helps.
Click to expand...
Click to collapse
Thanks. Got that.
Actually I mean I would replace - with the symlink - the x86 binary file inside one of the above mentionned packages, i.e. QuickSSHd or SSHDroid, to make them compatible with ZE55xML...
I'm trying and reporting here

[EXE] Static Linux binaries for ARM/Android (Cryptsetup, EncFS, F2FS-Tools, Testdisk, PhotoRec,..)

Native ARM/static Linux binaries
(for all ARMv7+ compatible platforms)
Open-source Linux binaries that are either not available on Android (e.g. in Termux)
or make sense to be statically compiled (e.g. to run in TWRP/recovery for data recovery).
These are root tools and might damage your device severely. Use at your own risk. I take no responsibility whatsoever. If in doubt don't use them.​
Minimum CPU: ARMv7/vfpv3-d16. Compiled against musl-libc/Android Kernel 3.4. Binaries are static, bionic/libc independent and should run on Android, TWRP, emulator or any other compatible ARM device. Musl is patched (info)(info2)(patch file: patch -p0 -u -b -i musl-android-smp.patch) to iterate CPU cores by /proc/stat instead of _SC_NPROCESSORS_CONF/sched_getaffinity to prevent false detection due to ARM cpu core powersaving (permanently turning cores on/off). This should report CPU cores more reliably to multithreading apps.
Example instructions how to build EncFS can be found here.
Some Cryptsetup compile recipes are here.
Changelog:
20190923 - f2fs-tools added
20190915 - dislocker, ntfs-3g, mount.exfat-fuse added
20190910 - VeraCrypt v1.24-b5 added
20191215 - musl smp patch added
20191224 - hstr v2.2.0 updated
20191225 - Testdisk, PhotoRec v7.2-wip-dec2019 updated
20200103 - tar v1.32 updated (with selinux, acl, xattr support)
20200513 - Cryptsetup v2.3.2 added
20200518 - fscrypt 0.2.7, strace56(aarch64) added
20200525 - p7zip v17.01 added
20200603 - parted v3.3 added
20200606 - fxz v1.1.0alpha added
20201212 - ddrescue v1.25 added
20201212 - Cryptsetup v2.3.4 updated
20210113 - f2fs-tools updated to v1.14.0
20210125 - Several tools compiled by @Borovets. See 'Misc' tools.
20210413 - Cryptsetup v2.3.5 updated
20210916 - Cryptsetup v2.4.1 updated. Thx to @misterhsp.
20211108 - rsync v3.2.3 updated
20211118 - Cryptsetup v2.4.2 updated. Thx to @misterhsp.
20220103 - mmc-utils added
20220106 - More tools from @Borovets. See spoiler.
Spoiler
bash-5.1.16-[1]-[2022.01.05].tar.gz
openssl3-3.0.1-[2021.12.14]-static.tar.gz
tree-2.0.0-[2021.12.23]-static.tar.gz
e2fsprogs-1.46.5-[2021.12.31]-static.tar.gz
openssl-1.1.1-m-[2021.12.15]-static.tar.gz
libsqlite-3.37.1-[2021.12.30]-static.tar.gz
ldns-host-1.7.1-[2021.12.30]-static.tar.gz
bootimg-info-2.0-[2021.12.18]-static.tar.gz
bc-5.2.1-[2021.12.29]-static.tar.gz
openssl3-tool-3.0.1-[2021.12.14]-static.tar.gz
openssl-tool-1.1.1-m-[2021.12.15]-static.tar.gz
sqlite-3.37.1-[2021.12.30]-static.tar.gz
stunnel-5.61-[2021.12.17]-static.tar.gz
toybox-0.8.6-borovets-295-applets-[2021.12.30]-static.tar.gz
unrar-6.10-beta-3-[2021.12.11]-static.tar.gz
zstd-1.5.1-[2021.12.22]-static.tar.gz
20220107 - parted v3.4 updated
20220113 - cryptsetup v2.4.3 updated. Thx to @misterhsp.
20220114 - gptfdisk v1.0.8 added
20220212 - tar v1.34 updated
20220622 - gptfdisk v1.0.9 (armv7) added
20220724 - dialog v1.3 added
20220728 - f2fs tools v1.15.0 updated
20220730 - cryptsetup v2.5.0 updated. Thx to @misterhsp.
20220806 - 7z-zstd v22.01 added. Thx to @xenosaur
20220910 - rsync v3.2.6 updated
20220913 - htop v3.2.1 added
20220913 - gocryptfs v2.3 updated. Thx to @misterhsp
20220922 - veracrypt v1.25.9 updated
20220924 - fdisk v2.38.1 and file v5.43 added
20221129 - cryptsetup v2.6.0 updated. Thx to @misterhsp
20221213 - f2fs tools v1.15.0 fixed (uuid.h missing)
20230215 - cryptsetup v2.6.1 updated. Thx to @misterhsp
20230307 - gocryptfs v2.3.1. Thx to @misterhsp
Data recovery tools:
- PhotoRec 7.2 - PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.
- Testdisk 7.2 - Recover lost partitions and partition tables. For external sdcards. Never use it on internal mmc unless you know what you're doing.
- ext4magic 0.3.2 (with supplementary gnu date binary that can handle relative time like 'date -d "-20minutes" +%s')
- fidentity - A little utility sharing PhotoRec signature database. It identifies the type of data contained in a file and reports the extension as seen by PhotoRec.
- debugfs - Might be helpful on ext2 systems or other stuff.
- strace 4.20 - For debugging. Mainly to catch syslog messages (as Android has no traditional /dev/log buffer).
- strace 5.6 - For aarch64.
- ddrescue v1.25 - Data recovery tool for block devices with errors.
Compression tools:
p7zip v17.01 (fork) - (Download) A new p7zip fork with additional codecs and improvements
pixz - Parallel, indexed xz compressor
xz - Multicore aware version of xz/lzma (use --thread=0)
tar v1.32 - Tar provides the ability to create tar archives, as well as various other kinds of manipulation. Download below. More builds from @mirfatif here.
fxz - (Download) FXZ Utils is a fork of XZ Utils. It adds a multi-threaded radix match finder and optimized encoder.
Misc:
- hexcurse v1.60.0 - Hexcurse is a curses-base hex editing utility that can open, edit, and save files, editing both the hexadecimal and decimal values. 'ncurses' ui layout depends on TERM env variable. Change temporary with eg. 'TERM=xterm-256color hexcurse <file>'. See /system/etc/terminfo for possible terminals (xterm-256color, linux..).
- nethogs v0.8.5 - ncurse/nettop-like per-app separated speedmeter and traffic counter supporting high refresh rate. Try 'nethogs -d0' (speedmeter) or 'nethogs -v1' (traffic counter).
- rsync v3.2.3 - rsync is an open source utility that provides fast incremental file transfer. (--with-rsyncd-conf=/data/etc/rsyncd.conf)
- smbnetfs v0.6.1 - SMBNetFS is a Linux/FreeBSD filesystem that allow you to use samba/microsoft network in the same manner as the network neighborhood in Microsoft Windows. More info see below.
- progress v0.14 - Linux tool to show progress for cp, mv, dd, ... (formerly known as cv). Download here.
- archivemount (20180801) - A fuse filesystem for mounting archives in formats supported by libarchive. Download here.
- squashfuse v0.1.103 - FUSE filesystem to mount squashfs archives Download here.
- FuseISO - FuseISO is a FUSE module to mount ISO filesystem images (.iso, .nrg, .bin, .mdf and .img files). It currently support plain ISO9660 Level 1 and 2, Rock Ridge, Joliet, and zisofs. Download here.
- HSTR v2.2.0 - HSTR (HiSToRy) is a command line utility that brings improved Bash/zsh command completion from the history. It aims to make completion easier and more efficient than Ctrl-r. (If history is empty try setting HISTFILE in /system/etc/bash/bashrc e.g. export HISTFILE=/data/.bash_history).
- GNU screen, tmux - Thanks to @mirfatif.
- dislocker, ntfs-3g, mount.exfat-fuse - Thanks to @mirfatif.
- f2fs-tools - Thanks to @mirfatif. Update: v1.14.0 here.
- parted v3.3 - GNU Parted (the name being the conjunction of the two words PARTition and EDitor) is a free partition editor, used for creating and deleting partitions. Note: It might be useful to partition external sdcards (e.g. to limit adoptable storage). I do not recommend to use it on internal memory. It might brick your phone.
- Several tools compiled by @Borovets
Spoiler: Borovets tools
Borovets tools 2021.01.25
arptables-0.0.5-[2021.01.17]-static.zip
autoflushtest-1.0-[2021.01.14]-static.zip
btrfs-compsize-1.3-[build-2]-[2020.12.27].zip
btyacc-3.0-[2021.01.18]-static.zip
c-blosc-1.21.1-development-[2020.12.22].zip
c-blosc2-2.0.0-beta-6-development-[2020.04.21].zip
cabextract-1.9.1-[2021.01.08]-static.zip
compsize-1.3-[2021.01.07]-static.zip
convert-color-space-0.1-[2021.01.18]-static.zip
cpustat-0.02.13-[2021.01.13]-static.zip
doxygen-1.9.2-[2021.01.17]-static.zip
ed-1.17-[2021.01.11]-static.zip
hello-2.10-[2021.01.08]-static.zip
htop-3.0.5-[2021.01.13]-static.zip
ipcalc-ng-1.0.0-[2020.12.28]-static.zip
iw-5.9-[2021.01.08]-static.zip
libsqlite-3.34.1-[2021.01.20].zip
libtar-1.2.20-[2021.01.16]-static.zip
m5-1.0-[2020.12.31]-static.zip
sqlite-3.34.1-[2021.01.20]-static.zip
Borovets tools 2021.01.27
lcab-1.0-beta-12-[2021.01.17].zip
memdump-1.01-[2021.01.25].zip
memdumper-0.4-[2021.01.25].zip
memtester-4.5.0-[2021.01.09].zip
tcpdump-4.99.0-[libcap-1.9.1]-[2021.01.05].zip
wget2-1.99.2-[2020.12.12].zip
wolfssl-4.5.0-[2020.12.12].zip
xfsprogs-5.10.0-[2021.01.01].zip
Crypttools:
(These crypttools are mostly frontend tools for the main backend that resides in the kernel. If your kernel hasn't been configured accordingly at compile time you might not be able to use all features.)
Cryptsetup v2.3.5 - (Download) Cryptsetup is an utility used to conveniently setup disk encryption based on DMCrypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.
eCryptfs-utils v111 - Frontend tools for the enterprise cryptographic filesystem for Linux. That's what Android/Google use for encryption. It's file-based (no container) and mounting can be automated by Termux widget. Needs shared libraries but is still portable. See notes below.
EncFS v1.9.5 - EncFS provides an encrypted filesystem in user-space. It runs in userspace, using the FUSE library for the filesystem interface.
gocryptfs - An encrypted overlay filesystem written in Go. Download here. Thanks to @mirfatif.
VeraCrypt - VeraCrypt is a free open source disk encryption software. Download here. Thanks to @mirfatif.
fscrypt 0.2.7 - (Download) fscrypt is a high-level tool for the management of Linux filesystem encryption. Needs at least kernel 4.1.
Crypttools info:
Cryptsetup:
General Notes:
- Features like TrueCrypt, VeraCrypt and LUKS2 need 'userspace crypto api' enabled in kernel. Most Android kernels are probably not configured for that and you have to recompile your kernel or contact your kernel maintainer. For kernel 3.4 you need this:
Code:
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_USER_API=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
- If 'cryptsetup benchmark' is incomplete and says 'userspace crypto api not available' you might be affected. You can still use LUKS1 though. A full benchmark looks like this:
Code:
# cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 249186 iterations per second for 256-bit key
PBKDF2-sha256 327680 iterations per second for 256-bit key
PBKDF2-sha512 58829 iterations per second for 256-bit key
PBKDF2-ripemd160 227555 iterations per second for 256-bit key
PBKDF2-whirlpool 33539 iterations per second for 256-bit key
argon2i 4 iterations, 208288 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id 4 iterations, 207817 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 77.8 MiB/s 88.4 MiB/s
serpent-cbc 128b N/A N/A
twofish-cbc 128b 58.5 MiB/s 61.9 MiB/s
aes-cbc 256b 61.5 MiB/s 68.4 MiB/s
serpent-cbc 256b N/A N/A
twofish-cbc 256b 58.5 MiB/s 61.8 MiB/s
aes-xts 256b 95.1 MiB/s 86.9 MiB/s
serpent-xts 256b N/A N/A
twofish-xts 256b 60.0 MiB/s 61.8 MiB/s
aes-xts 512b 74.1 MiB/s 67.2 MiB/s
serpent-xts 512b N/A N/A
twofish-xts 512b 60.3 MiB/s 62.0 MiB/s
LUKS:
Code:
** 10MB test image (luks.img) **
dd if=/dev/zero of=luks.img bs=1M count 10M
cryptsetup luksFormat luks.img
cryptsetup open luks.img myluks
mke2fs -t ext4 /dev/mapper/myluks
mkdir luks
mount /dev/mapper/myluks luks
** luks folder is ready here **
umount luks
cryptsetup close myluks
- If standard luksFormat cipher (aes-xts-plain64) doesn't work (not supported by your kernel) you can try one of the more compatible ciphers:
Code:
cryptsetup luksFormat -c cbc-essiv:sha256 luks.img myluks
cryptsetup luksFormat -c aes-plain luks.img myluks
- For LUKS2 (experimental) use:
Code:
cryptsetup luksFormat --type luks2 luks.img
- Use "cryptsetup -v --debug" for more verbose output (debugging). In case of errors.
Veracrypt:
Code:
cryptsetup open --type tcrypt --veracrypt veracrypt.tc myvera
cryptsetup status myvera
mkdir /data/myvera
mount /dev/mapper/myvera /data/myvera
umount /data/myvera
cryptsetup close myvera
- Use container from desktop system (created with real Veracrypt)
- "veracrypt.tc" is the veracrypt container name
- "myvera" is an arbitrary name (handle)
- Use "cryptsetup -v --debug" for more verbose output (debugging). In case of errors.
eCryptfs-utils:
General Notes:
These tools are not built statically as they explicitly rely on 'dlopen' (plugin system). Instead they are compiled with relative rpaths (./libs). That means dependencies (libraries in subfolders) must be present in the binaries folder and you have to be in the binaries folder itself (with 'cd') before invoking any binary. By this the binaries are still portable (system independent) as long as the subfolders are present. I've put the files into a tar.gz archive so permissions should be set +x already. Extract the archive into /data/local/bin for 'Example' below.
Code:
mkdir -p /data/local/bin
cd /data/local/bin
tar xf crypttools.armv7.20180204.tar.gz
cd ecryptfs
./ecryptfs-stat --help
More info: ArchLinux Wiki
Example:
Tested on /sdcard based on FUSE filesystem. sdcardfs untested. Might need selinux permissive.
We create a folder /sdcard/pics that can be enabled (files present) or disabled (no files present) by a click on a widget button (Termux script) and entering our password. The encryption is done on a per-file basis. The actual files are stored encrypted in /sdcard/efs/pics.
- You might need SuperSU or Magisk Superuser for 'su -mm'. That makes sure that all apps can see the mounted folder (mount namespace separation).
- Busybox needed
- Install Termux and Termux:Widget from F-Droid or Playstore
- Start it and enter:
Code:
pkg upgrade
pkg install tsu
exit
- Create script /data/data/com.termux/files/home/.shortcuts/efs-pics.sh and make sure permissions(700) and owner (take from parent folder) are correct.
Code:
#!/system/xbin/bash
su -mm -c "/system/xbin/bash -c /data/local/scripts/$(basename "$0")"
- Create script /data/local/scripts/efs-pics.sh (770/root):
Code:
#!/system/xbin/bash
set -e
PATH=$PATH:/data/data/com.termux/files/usr/bin
# Necessary because rpaths are relative
cd /data/local/bin/ecryptfs
# /data/myefskey contains the salted key.
# Don't forget to make a backup.
# Without it encrypted data is lost.
function enter_passphrase {
read -p "Enter passphrase: " passphrase
sig=$(printf "%s" "$passphrase" | ./ecryptfs-insert-wrapped-passphrase-into-keyring /data/myefskey -) || exit
sig=$(echo $sig | cut -d "[" -f2 | cut -d "]" -f1)
}
CPATH1="/data/media/0/efs/pics"
CPATH2="/data/media/0/pics"
if ! mountpoint -q ${CPATH2}; then
enter_passphrase
echo ""
mount -t ecryptfs -o ecryptfs_sig=$sig,ecryptfs_fnek_sig=$sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 ${CPATH1} ${CPATH2} || (echo "$(basename "$0") mount failed!"; exit)
./keyctl clear @u
echo "$(basename "$0") mount successful! :)"
else
umount ${CPATH2} || (echo "$(basename "$0") umount error $? :("; exit)
echo "$(basename "$0") umount successful :)"
fi
# uncomment to force-close Termux window
# killall com.termux
- If your rom uses encryption already (/data/data) beware the './keyctl clear @u' command. It might flush *all* keys in the kernel including the Android encryption one (i'm not sure). This might lead to unpredicted behavior. Either comment it out (then your once injected key remains in the kernel keystore and someone could simply remount your folder without passphrase) or make yourself familiar with the keyctl command and handle it yourself. My phone is not encrypted so i cannot help here.
- Create random keyfile (/data/myefskey) and wrap it with passphrase. This might need 1-2 minutes depending on your devices entropy pool (/dev/random). Backup this key (/data/myefskey). Without it your encrypted data is lost. And don't forget the trailing '-' (minus) at the end of the line, it's important.
Code:
cd /data/local/bin/ecryptfs
read -p "Enter passphrase: " passphrase; printf "%s\n%s" $(busybox od -x -N 100 --width=30 /dev/random | head -n 1 | busybox sed "s/^0000000//" | busybox sed "s/[[:space:]]*//g") "${passphrase}" | ./ecryptfs-wrap-passphrase /data/myefskey -
- Create folders:
Code:
mkdir -p /sdcard/efs/pics /sdcard/pics
- Create Widget (Termux) and select 'efs-pics.sh'.
- Start it and enter your passphrase (you used above). If everything goes well (it will tell you) you can place files into /sdcard/pics and scrambled files should come up in /sdcard/efs/pics. Never write into /sdcard/efs/pics directly.
- Activate widget again. /sdcard/pics should get emptied.
- Optional: You can set /data/media/0/efs/pics to 700/root so no one can access/see the encrypted data.
SMBNetFS info:
Note: The library paths are relative. You need to be in the folder (with 'cd') to spawn the executable (./smbnetfs). You can extract the archive wherever you want though as far as the file/folder structure remains intact.
Example:
Code:
mount -o remount,rw /
mkdir -p /data/local/bin /mnt/cifs
mount -o remount,ro /
tar xf smbnetfs.tar.gz -C /data/local/bin
cd /data/local/bin/smbnetfs
export HOME=/data/local/bin/smbnetfs/home
* enter your smb credentials into smbnetfs/home/.smb/smbnetfs.auth (eg. auth "192.168.1.2" "${user}" "${pass}")
./smbnetfs /mnt/cifs
cd /mnt/cifs/192.168.1.2/${share}
I think it usually should list the samba environment in /mnt/cifs but i'm not sure which prerequisites are necessary for that (edit: maybe it needs real workgroup/hostname instead of IPs). If nothing comes up this should work:
The folder 192.168.1.2/${share} is unreachable by Androids folder picker (unless you can enter the path manually). So either pre-create the folder structure beforehand (mkdir -p /mnt/cifs/192.168.1.2/${share}) and add/register the folder to your app by folder picker (eg. MXPlayer) and then overmount that with the actual ${share}. Or bindmount the folder:
Code:
mount --bind /mnt/cifs/192.168.1.2/${share} /mnt/cifs2
Edit: Another option is to let smbnetfs create a static link (actually a symbolic link) to the share in the mountpoint root (/mnt/cifs). Its not as robust as the bindmount though. MXPlayer doesn't find any files (even though the folder picker shows the folders properly).
Code:
echo "link myfiles 192.168.1.2/${share}" > /data/local/bin/smbnetfs/home/.smb/smbnetfs.host
chmod 700 /data/local/bin/smbnetfs/home/.smb/smbnetfs.host
I've noticed that MXPlayer shows the samba folders just for a glimpse of a second. But if you enter one of the local folders and then go back all samba folders are there. Not sure why this is happening or maybe its just my system.
Edit2: Not yet tested but.. check the permissions. Its possible that SMBNetFS mounts with 755 or something. That's inaccessible for Android apps. Try this:
Code:
./smbnetfs -o umask=000,noatime,noexec,nodev,nosuid /mnt/cifs
Samba 4.8.3 configuration:
Code:
_idmap_modules=idmap_rid,idmap_hash,idmap_tdb2
_pdb_modules=pdb_tdbsam,pdb_smbpasswd,pdb_wbc_sam,pdb_samba4
_auth_modules=auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4
waf configure --prefix=/tmp/myout \
-C \
--sysconfdir=./conf/etc/samba \
--with-configdir=./conf/etc/samba \
--localstatedir=./conf/var \
--libexecdir=./conf/usr/lib \
--enable-fhs \
--with-lockdir=./conf/var/cache/samba \
--with-piddir=./conf/run/samba \
--with-logfilebase=./conf/var/log/samba \
--without-pam \
--without-systemd \
--without-ads \
--with-shared-modules=$_idmap_modules,$_pdb_modules,$_auth_modules \
--disable-cups \
--without-gettext \
--bundled-libraries=NONE,com_err,ldb,uid_wrapper,resolv_wrapper,socket_wrapper,nss_wrapper,ntdb,roken,wind,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,kdc,cmocka,talloc,tdb,pytdb,ldb,pyldb,tevent,pytevent \
--disable-rpath-install \
--disable-python --without-ad-dc --without-acl-support --without-ldap \
--hostcc=/usr/bin/gcc \
--cross-compile --cross-execute='qemu-arm -L /media/devpart/qemu/root'
waf build -j4
waf install
Compression tools added.
Next are crypttools (ecryptfs-utils, cryptsetup).
DualJoe said:
Compression tools added.
Next are crypttools (ecryptfs-utils, cryptsetup).
Click to expand...
Click to collapse
Please add ecryptfs-simple
xyne.archlinux.ca/projects/ecryptfs-simple
Thanks.
Ecryptfs-simple is not POSIX compliant. It relies on an argv interface (to parse command-line parameters) that is a GNU extension that musl doesn't support.
The original eCryptFS is simple enough anyway (and its the upstream project). I will provide a quickstart example and a one button GUI controlled solution (Termux widget) to handle it.
Please to add gifsicle,
http://github.com/kohler/gifsicle
Thanks.
I only have gifsicle. The other ones are too complex for my setup atm.
DualJoe said:
I only have gifsicle. The other ones are too complex for my setup atm.
Click to expand...
Click to collapse
Thank you very much.
Please help me again to build giflossy (fork of gifsicle).
I really need it to compress (--lossy=N) the Gif file to be smaller.
https://github.com/kornelski/giflossy
Thanks.
Do you use them directly on your phone for web postings or something? What's your use case to not prefer a desktop system for this?
DualJoe said:
Do you use them directly on your phone for web postings or something? What's your use case to not prefer a desktop system for this?
Click to expand...
Click to collapse
I use it directly on the phone, for learning purposes.
Using it on the phone is so handy that it can be easily used anywhere.
Thanks.
Please help me again to build lbzip2
http://lbzip2.org/
Thanks.
Here it is.
DualJoe said:
Compression tools added.
Next are crypttools (ecryptfs-utils, cryptsetup).
Click to expand...
Click to collapse
When will Crypttools be released.
I've waited for the major update of cryptsetup. Its out now indeed. I should get it up this week.
Crypttools and quickstart tutorials added.
Mountpoint is not writable (eCryptfs)
DualJoe said:
Crypttools and quickstart tutorials added.
Click to expand...
Click to collapse
Can't write to mountpoint.
# touch /sdcard/pics/test
touch: /sdcard/pics/test: Permission denied
# cp file /sdcard/pics
cp: can't create '/sdcard/pics/file': Permission denied
buengeut said:
touch: /sdcard/pics/test: Permission denied
Click to expand...
Click to collapse
What are your permissions?
Code:
# stat /data/media/0/pics
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
# stat /data/media/0/efs
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
# stat /data/media/0/efs/pics
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
How does your mount look like?
Code:
# mount |grep pics
/data/media/0/efs/pics on /data/media/0/pics type ecryptfs (rw,relatime,ecryptfs_fnek_sig=56b1f3c519fb3412,ecryptfs_sig=56b1f3c519fb3412,ecryptfs_cipher=aes,ecryptfs_key_bytes=16)
Is /sdcard linked?
Code:
# ls -l /sdcard
lrwxrwxrwx 1 root root 21 May 10 1973 /sdcard -> /storage/self/primary
What Android version and kernel do you have?
DualJoe said:
What are your permissions?
Code:
# stat /data/media/0/pics
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
# stat /data/media/0/efs
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
# stat /data/media/0/efs/pics
Access: (775/drwxrwxr-x) Uid: (1023/media_rw) Gid: (1023/media_rw)
How does your mount look like?
Code:
# mount |grep pics
/data/media/0/efs/pics on /data/media/0/pics type ecryptfs (rw,relatime,ecryptfs_fnek_sig=56b1f3c519fb3412,ecryptfs_sig=56b1f3c519fb3412,ecryptfs_cipher=aes,ecryptfs_key_bytes=16)
Is /sdcard linked?
Code:
# ls -l /sdcard
lrwxrwxrwx 1 root root 21 May 10 1973 /sdcard -> /storage/self/primary
What Android version and kernel do you have?
Click to expand...
Click to collapse
Android 6.0 kernel 3.18.14
/sdcard is symlink to /mnt/sdcard, i changed /sdcard to /mnt/sdcard
Code:
# mount -t ecryptfs
/mnt/sdcard/efs/pics on /mnt/sdcard/pics type ecryptfs (rw,relatime,ecryptfs_fnek_sig=1b77138d91206e66,ecryptfs_sig=1b77138d91206e66,ecryptfs_cipher=aes,ecryptfs_key_bytes=16)
Code:
# stat /mnt/sdcard/pics
Access: (775/drwxrwxr-x) Uid: (1000/ system) Gid: (1015/sdcard_rw)
# stat /mnt/sdcard/efs
Access: (775/drwxrwxr-x) Uid: (1000/ system) Gid: (1015/sdcard_rw)
# stat /mnt/sdcard/efs/pics
Access: (775/drwxrwxr-x) Uid: (1000/ system) Gid: (1015/sdcard_rw)
Code:
# touch /mnt/sdcard/pics/test
touch: /mnt/sdcard/pics/test: Permission denied
What about the permissions of /data/media/0 folders? That's the most important part.
If your sdcard is not at /data/media/0 you probably don't have a multiuser environment (older phone?) and /mnt/sdcard is probably a real partition. This is early Kitkat partition layout (/sdcard and /data have separate partitions). On later systems both are on /data partition and /sdcard is abstracted by a FUSE file system that would automatically set the proper permissions whenever you write something to it (even as root).
In case you are on an old layout you would need to set proper permissions to /sdcard/pics and /sdcard/efs yourself. Just take a look at the other folders with 'ls -l /mnt/sdcard' and set accordingly. You would also need to change /data/media/0 to /mnt/sdcard in the script.
What do you get with this?
Code:
# mount |grep sdcard
# mount |grep storage
What phone is it? Kernel 3.18 doesn't sound all too old.
Edit: Another theory is your internal sdcard is scardfs or something. If so, it might break "stacking" folders (mount over). Try to use /data/pics and /data/efs/pics as a test.
It works in Permissive mode (setenforce 0)
I need Busybox with SELinux-enabled and use it to set it to Permissive mode
Code:
# busybox getenforce
Enforcing
# busybox setenforce 0
# busybox getenforce
Permissive
And then execute the efs-pics.sh and test it
Code:
# cp file /mnt/sdcard/pics ; echo $?
[b]0[/b]
# ls /mnt/sdcard/pics
[b]file[/b]
Horreee.... it Works.

Categories

Resources