Related
Hello folks
I need a OpenVPN connection to my Server and as like (nearly) evertime nobody has a solution or the same problems.
Or I get answers like "It works for me" or "I don't know" or other less helpful hints.
So I want discribe you how I solved this Problem
I use the [BUILD][21.08.2010][Xcelsior's Android FroYo V1.00a][Kernel: htc-msm-2.6.32 #82] ROM with the [Kernel][Latest GIT][Overclocking][Undervolting][Extbatts] [email protected] #56 (r6) Kernel.
1. Copy your OpenVPN config (incl. certificates) to a folder called "openvpn" into the root of your SD Card.
- Please change the extension of your config file to "conf"
2. Make a link from "/bin" to "/system/xbin/bb"
- With adb:
Code:
adb shell ln -s /bin /system/xbin/bb
- Or from Terminal:
Code:
ln -s /bin /system/xbin/bb
3. Install "OpenVPN Installer" from market.
- Run it
- OpenVPN directory "/system/bin"
- ifconfig/route directory "/system/xbin/bb"
4. Install "OpenVPN Settings" from market.
5. Open OpenVPN Settings:
- Then you should see your config.
- Tap and hold your config and then select "Preferences"
- Check "Use VPN DNS Server" (optional)
- Enter a VPN DNS Server (optional)
- "Script Security Level" -> "Build-in + scripts"
- Go back to the main OpenVPN Settings screen
6. Open the menu (press the windows button on your phone)
- Select "Advanced"
- Check "Load tun kernel module"
- Tap on "TUN module settings"
- "Load module using" -> insmod
- "Path to tun module" -> /system/lib/modules/tun.ko
- leave the rest as default
- If you can't see your config, change the "Path to configurations" to /mnt/sdcard/openvpn
7. Open "OpenVPN Settings" and enable OpenVPN (if it is not yet enabled) and then tap on your config (sometimes twice )
8. Enjoy
My Configs:
Server Config (Windows, bridged):
Code:
dev tap
dev-node Chris
proto tcp-server
port 443
server-bridge 192.168.1.1 255.255.255.0 192.168.1.3 192.168.1.99
tls-server
dh dh384.pem
ca ca.crt
cert server.crt
key server.key
status Chris.log
ping 15
ping-restart 60
push "ping 15"
push "ping-restart 60"
push "redirect-gateway def1"
push "dhcp-option DNS 192.168.1.1"
comp-lzo
verb 3
script-security 2
Client Config (Android 2.2):
Code:
remote little.britain.usa 443 #address changed :D
client
proto tcp
tls-client
ca ca.crt
cert Chris.crt
key Chris.key
http-proxy star.trek.ds9 80 #address changed :D
http-proxy-retry
http-proxy-option AGENT HTC_Touch_HD_T8282 Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)
dev tap
dev-node /dev/tun
resolv-retry infinite
persist-key
persist-tun
script-security 2
verb 3
log status.log
comp-lzo
The http-proxy* commands only for those who have to tunnel through a proxy.
And now... Try it and let me know if it works for you, too
I've noticed, that OpenVPN needs a lot of energy.
Maybe the ecryption is the reason. No... That was not the reason...
Hello, thnx for the useful information.
I'm trying this on SE X10 with Donut, apparently it doesn't have /system/xbin/bb
How do I proceed then?
Where shall I set the link to?
aldoyh said:
Hello, thnx for the useful information.
I'm trying this on SE X10 with Donut, apparently it doesn't have /system/xbin/bb
How do I proceed then?
Where shall I set the link to?
Click to expand...
Click to collapse
The folder "/system/xbin/bb" does not exist. Only "/system/xbin".
I you run the command "ln -s /bin /system/xbin/bb" it will be created.
Like a shortcut to a folder in windows
Hi
I have recently bought a VPN service to change my IP to USA.
I connect to it using openvpn-2.1.3 client in my laptop (windows 7).
But I don't know how to connect my htc desire using openvpn!
They only provide me an application which downloads the settings and starts the openvpn itself. I know nothing about its configuration. I only provide a user-name and password and Vola!
here is the link to that application:
www(dot)speedex(dot)info(dot)tm/SPEEDEXVPN.exe
I would appreciate it if you can help me making the config file for desire.
and here is the config in openvpn client in my laptop:
Code:
client
dev tun
proto udp
remote-random
remote 216.155.148.9 1194
remote 216.155.148.9 5000
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
auth-user-pass
verb 3
I'm looking forward to hear from you guys
and I'm currently using modaco custom ROMs r9 with openvpn option
Hi
Did you try to follow my tutorial?
Your config seems to be ok...
maybe you can add "script-security 2" to your config... It is necessary in the new openvpn versions
But don't forget to copy the certificates to the openvpn folder on your SD card, too
the reason that I want to use openvpn is to access Android market and facebook in my phone. So, I couldn't install "OpenVPN Installer" (but I think modaco r9 already has it and it says "includes the OpenVPN binary, settings application and tunnel module.") and I can't tap and hold my config in openvpn setting program.
And one more thing, I don't know if there is any certificate?! I couldn't find any certificate in here:
C:\Program Files\OpenVPN
and I don't know how this speedex program configures my openvpn!
AND, I don't know where I should provide the user-name and password?
I couldn't use the market without OpenVPN, too.
But I connect via WLAN to download the necessary applications and then all works fine
The certificates are in "config" in the OpenVPN Folder and there should be your config file, too.
I tried the "ln -s /bin /system/xbin/bb" command using Terminal directly on my Froyo Galaxy S i9000 and got an error: Link failed, permission denied...
What can I do to make it work?
Hi,
Maybe you should type "su" (for admin rights) before starting to link the "bin" folder.
I'll hope this will solve your problem.
Crusoe86 said:
Hi,
Maybe you should type "su" (for admin rights) before starting to link the "bin" folder.
I'll hope this will solve your problem.
Click to expand...
Click to collapse
I just noticed there is no root on my phone... I will try to figure out how to do that soon as I just bought it 2 days ago in HK but already had JP2 firmware on it.
Thanks for your fast reply!
What does any of this have to do with android development. And how is your phone not rooted?
Sent from my HTC HD2 using XDA App
chrisgto4 said:
What does any of this have to do with android development.
Click to expand...
Click to collapse
Do you mean my tutorial?
chrisgto4 said:
And how is your phone not rooted?
Sent from my HTC HD2 using XDA App
Click to expand...
Click to collapse
Maybe he means, that he/she has no su access
I rooted my phone after installing JPA and got the tun.ko from http://forum.xda-developers.com/showthread.php?t=793712&highlight=tun.ko but now I get following error:
Linux ifconfig failed: could not excecute external program
I have not found a solution to it yet... anyone?
stassano said:
I rooted my phone after installing JPA and got the tun.ko from http://forum.xda-developers.com/showthread.php?t=793712&highlight=tun.ko but now I get following error:
Linux ifconfig failed: could not excecute external program
I have not found a solution to it yet... anyone?
Click to expand...
Click to collapse
First you should install only the right modules for your Kernel.
Mostly you can download the modules together with the kernel.
Your error message could be a sign of missing busybox.
Hello Guys,
I tried to start the conf with su but at Get Config -> I become an Error Message
FATAL: Cannot allocate TUN/TAP dev dynamically
Anyone knows this Error?
greetz
Crusoe86 said:
First you should install only the right modules for your Kernel.
Mostly you can download the modules together with the kernel.
Your error message could be a sign of missing busybox.
Click to expand...
Click to collapse
busybox is installed properly, I checked it through titanium backup: root access => OK (BusyBox 1.17.1 from system)
so it should be the wrong modules I downloaded... just for my info... what modules do I need exactly? is tun.ko enough or should I add more?
stassano said:
busybox is installed properly, I checked it through titanium backup: root access => OK (BusyBox 1.17.1 from system)
so it should be the wrong modules I downloaded... just for my info... what modules do I need exactly? is tun.ko enough or should I add more?
Click to expand...
Click to collapse
Yeah tun.ko should be eaugh...
But you should install "OpenVPN Installer" from market and set the right directory to Busybox. you can set a shortcut from your busybox installation (in my case "/bin") to /system/xbin/bb (that should be available in the "OpenVPN Installer" Setup process).
You should also check if you have already a folder "bb" in "xbin" and delete it if it contains a file called "placeholder". Then all should be fine if your config is correct
mschoenknecht said:
Hello Guys,
I tried to start the conf with su but at Get Config -> I become an Error Message
FATAL: Cannot allocate TUN/TAP dev dynamically
Anyone knows this Error?
greetz
Click to expand...
Click to collapse
Check you busybox installation
Take a look in my last post
Which one is the right install dir of busybox? i can choose /bin/ and /system/xbin/
My phone is rooted BusyBox v. 1.17.1 but my VPN could not execute external program!
mschoenknecht said:
Which one is the right install dir of busybox? i can choose /bin/ and /system/xbin/
My phone is rooted BusyBox v. 1.17.1 but my VPN could not execute external program!
Click to expand...
Click to collapse
It's working...
What I've done: ?!
1. Copy my Config and Certifikates on my SDCARD
2. ln -s /bin/route /system/xbin/route
3. ln -s /bin/ifconfig /system/xbin/ifconfig
4. OpenVPN Installer -> /system/xbin
5. OpenVPN Settings -> insmod -> /system/lib/modules/tun.ko
6. The Connection is successfully establish but there is still an error when i type route (Terminal) the route which normally its pushed isn't there!
any idea??? thx a lot for ur help
Tue Oct 26 18:24:58 2010 us=37445 PUSH: Received control message: 'PUSH_REPLY,route 192.168.12.0 255.255.255.0 vpn_gateway,route 192.168.18.0 255.255.255.0 vpn_gateway,route 10.40.7.1,ping 10,ping-restart 120,ifconfig 10.40.7.6 10.40.7.5'
Tue Oct 26 18:24:58 2010 us=37811 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: route (2.1.1)
Tue Oct 26 18:24:58 2010 us=38146 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:2: route (2.1.1)
Tue Oct 26 18:24:58 2010 us=38391 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:3: route (2.1.1)
Tue Oct 26 18:24:58 2010 us=38726 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: ifconfig (2.1.1)
Tue Oct 26 18:24:58 2010 us=38940 OPTIONS IMPORT: timers and/or timeouts modified
Tue Oct 26 18:24:58 2010 us=50292 TUN/TAP device tun1 opened
Tue Oct 26 18:24:58 2010 us=50628 TUN/TAP TX queue length set to 100
Tue Oct 26 18:24:58 2010 us=51147 Initialization Sequence Completed
greez
I'm trying to mount my Xoom (MZ605 ICS Team EOS IML74K Nightly 41) in Ubuntu (11.10) , the device is founded and Installed, but I can't open the internal storage (MTP), I can't see or to transfer any file. What can I do?
I searched for some driver, but I didn't founded. Do I need of a specific software for MTP Storage?
Thanks!
Sent from my MZ601 using xda premium
I use Linux Mint and had the same issue. You need Samba to access the files. Here are the instructions I used (for Debian but will work on Ubuntu as well, I'm sure):
To get started install samba and nautilus-share through Synaptic. You will need to edit /etc/samba/smb.conf as Superuser (su).
1
In the global section of /etc/samba/smb.conf add the line
usershare allow guests = Yes
Find the line ; security = user and add this line directly after
map to guest = bad user
2
As su run these two commands from a term
chgrp sambashare /var/lib/samba/usershares
chmod 1770 /var/lib/samba/usershares
Ensure the group sambashare is added to your user profile - Just go into "Users and Groups" and check, add if necessary. Look in Manage Groups, scroll down to sambashare and select properties and select you user name to be a group member. It is not enough that your login name is in the list, it must also be selected.
3
Restart and you should be able to right click on a folder and select "sharing options" just like in Ubuntu, and others on your network (including media players) should be able to see and browse the shared folders.
The share definitions are stored in /var/lib/samba/usershares automatically by nautilus-share. The share definitions are NOT stored in smb.conf
Source: http://forums.debian.net/viewtopic.php?f=16&t=60620
Guide to decompile android application
REQUIREMENT
Apktool [click here to download][Thanks to brut.all for this apktool]
Java JDK/JRE 32 bit [please google it guy's]
Little knowledge on cmd
_________________________________________________________________________________________________________________________
Preparation before WORKING
Process :-
1)now install the java in your pc/lappy
then copy the apktool.zip & goto directory C:/
make a folder name apktool (u can name it by watever u like)
now goto that folder & paste the zip
extract that zip there...
2) now copy the .apk or jar file which u wnt to decompile
& paste it on apktool folder.....
also copy the framework-res.apk of that rom &
paste it on that folder..
Decompiling application
3) now open cmd
Your cmd will probly look like this..
C:\users\yourname>
so type in
cd.. (yes include the '..' and press enter after you type each command)
this will get you to back directory so now you will see
C:\users>
so type again
cd..
you should now see this:
C:\>
now type
cd apktool (and you are in the apktool directory)
4)Installing Framework
Now that you are in directory we need to install the device's framework to your system for it to compile correctly so type this:
apktool if framework-res.apk
this will install the devices framework to your system (need to do this)
5)now to decompile the apk you want to edit.. type this:
apktool d music.apk mod
music.apk is the apk your decompiling
mod is the folder you're creating for the decompiled apk
do whatever you want to do with your apk...
NOW RECOMPILING
6)now to recompile your new apk type this:
apktool b mod music-new.apk
mod is the folder with your edited files
music-new.apk is your new apk file
Now we are NOT done... we cannot use the new apk's...
now make two separate folder a & b
copy-paste the original music.apk in 'a'
& music-new.apk in 'b'
use something like 7zip, take the 'resources.arcs' file and any other xml files you edited out of the "new-edited" apk and copy them into Original apk
now add to archive ...the origanl apk in zip format
& at the end of the file name .apk ( i mean give the file format name as .apk insted of .zip)
Now you are almost done.....:thumbup:
IF it is a system app then don't sign it....otherwise u have to sign that app....
[=>Guide On How To Sign The Moded App<=]
NOTE:- If you are getting this error =>" java is not a recognized internal or external command "
[=>Then Follow this Guide<=][Thanks to KartzXDA]:good:
That's all
don't forget to hit thanks or comment....:good:
All Mod-Rom by Abhijit Guha(mee)
1} X-zooM[V2] (Netlock free : Transparent Rom):good:
2}Tutorial On Decompiling Android Apps
3.Guide To Make Transparent Power Widget.
4.Guide To Change Statusbar Clock & Notification colour.
5.Guide On How To Sign The Moded App.
6.Guide On How To SetUp Environmental Variables
cool.........
thank for nice guide
sent from my ass ®
Insted of so much to cd folder just right click the folder while holding shift button and you will see adbance options... now open command prompt.. It will save time and is very easy ....
Sent from my GT-S7500 using xda premium
lokeshsaini94 said:
Insted of so much to cd folder just right click the folder while holding shift button and you will see adbance options... now open command prompt.. It will save time and is very easy ....
Sent from my GT-S7500 using xda premium
Click to expand...
Click to collapse
I think you haven't followed something...... this guide is for begginers...so it should be simple one.... not eeky
This is simple method to cd a folder in cmd without all that long commands.... I always use it... Try it once and you will know what i am trying to say....
Sent from my GT-S7500 using xda premium
Thank s for this awesome guide
Sent from my Galaxy Nexus using Tapatalk 2
Awesome guide, very simple to decompile and recompile with it.
Cool guide! I will use it to do some tests with my apks
solved problem lol ... good tutorial ...
xda facebook page should share more tutorials like this!!
Yeah mine says java is not a recognized internal or external command, operable program or batch file. I probably have to add the environment variable, but im not sure how to.
EDIT: got it.
AlwaysDroid said:
Yeah mine says java is not a recognized internal or external command, operable program or batch file. I probably have to add the environment variable, but im not sure how to.
EDIT: got it.
Click to expand...
Click to collapse
You getting this error coz you giving those command in some other directory.........
Note:- First u have to go th that directory or folder where ur apktool files are kept...... then u will not get such error......
Follow that guide from begging then u will get wat I wanna say. best of luck :good:
aguha1044 said:
You getting this error coz you giving those command in some other directory.........
Note:- First u have to go th that directory or folder where ur apktool files are kept...... then u will not get such error......
Follow that guide from begging then u will get wat I wanna say. best of luck :good:
Click to expand...
Click to collapse
No, I just forgot to add the java bin to PATH variable. All good
Sent from my GT-I9000 using xda premium
For the OP. Some ROMs like miui ROM use two frameworks ( framework-res.apk and framework-miui-res.apk) so you need to specify that on the guide. I am just trying to help
tapatalked² cowsquadGnex®
AlwaysDroid said:
No, I just forgot to add the java bin to PATH variable. All good
Sent from my GT-I9000 using xda premium
Click to expand...
Click to collapse
can you tell how to add JAVA bin? I am getting the same error on cmd. thank you
How to setup the environment variable
zain0300 said:
can you tell how to add JAVA bin? I am getting the same error on cmd. thank you
Click to expand...
Click to collapse
TECHNICAL INFORMATION
The PATH is the system variable that your operating system uses to locate needed executables from the command line or Terminal window.
The PATH system variable can be set using System Utility in control panel on Windows, or in your shell's startup file on Linux and Solaris.
SOLUTION
Here PATH represents the bin path of installed version of Java that contains classes. (e.g. C:/jdk1.6.0/bin)
Setting Path on Windows
Windows 7
1. Select Computer from the Start menu
2. Choose System Properties from the context menu
3. Click Advanced system settings > Advanced tab
4. Click on Environment Variables, under System Variables, find PATH, and click on it.
5. In the Edit windows, modify PATH by adding the location of the class to the value for PATH. If you do not have the item PATH,
you may select to add a new variable and add PATH as the name and the location of the class as the value.
6. Reopen Command prompt window, and run your java code.
Windows XP
1. Start -> Control Panel -> System -> Advanced
2. Click on Environment Variables, under System Variables, find PATH, and click on it.
3. In the Edit windows, modify PATH by adding the location of the class to the value for PATH. If you do not have the item PATH,
you may select to add a new variable and add PATH as the name and the location of the class as the value.
4. Close the window.
5. Reopen Command prompt window, and run your java code.
Windows Vista
1. Right click My Computer icon
2. Choose Properties from the context menu
3. Click Advanced tab (Advanced system settings link in Vista)
4. In the Edit windows, modify PATH by adding the location of the class to the value for PATH. If you do not have the item PATH, you may
select to add a new variable and add PATH as the name and the location of the class as the value.
5. Reopen Command prompt window, and run your java code.
Setting Path on Solaris and Linux
To find out if the java executable is in your PATH, execute:
% java -version
This will print the version of the java executable, if it can find it. If you get error java: Command not found. Then path is not properly set.
To find out which java executable the first one found in your PATH, execute:
% which java
Below are the steps to set the PATH permanently,
Giving instructions for two most popular Shells on Linux and Solaris.
For bash Shell:
Edit the startup file (~/ .bashrc)
Modify PATH variable:
PATH="$PATH":/usr/local/jdk1.6.0/bin
export PATH
Save and close the file
Open new Terminal window
Verify the PATH is set properly
% java -version
For C Shell (csh):
Edit startup file (~/ .cshrc)
Set Path
set path="$PATH":/usr/local/jdk1.6.0/bin
Save and Close the file
Open new Terminal window
Verify the PATH is set properly
% java -version
Hit "Thanks" if anyone helped you. :good:
Xperia Arc LT15i
Rooted/Bootloader Unlocked
JellyBean - FXP137/CM10
KartzXDA said:
TECHNICAL INFORMATION
The PATH is the system variable that your operating system uses to locate needed executables from the command line or Terminal window.
The PATH system variable can be set using System Utility in control panel on Windows, or in your shell's startup file on Linux and Solaris.
SOLUTION
Here PATH represents the bin path of installed version of Java that contains classes. (e.g. C:/jdk1.6.0/bin)
Setting Path on Windows
Windows 7
1. Select Computer from the Start menu
2. Choose System Properties from the context menu
3. Click Advanced system settings > Advanced tab
4. Click on Environment Variables, under System Variables, find PATH, and click on it.
5. In the Edit windows, modify PATH by adding the location of the class to the value for PATH. If you do not have the item PATH,
you may select to add a new variable and add PATH as the name and the location of the class as the value.
6. Reopen Command prompt window, and run your java code.
Windows XP
1. Start -> Control Panel -> System -> Advanced
2. Click on Environment Variables, under System Variables, find PATH, and click on it.
3. In the Edit windows, modify PATH by adding the location of the class to the value for PATH. If you do not have the item PATH,
you may select to add a new variable and add PATH as the name and the location of the class as the value.
4. Close the window.
5. Reopen Command prompt window, and run your java code.
Windows Vista
1. Right click My Computer icon
2. Choose Properties from the context menu
3. Click Advanced tab (Advanced system settings link in Vista)
4. In the Edit windows, modify PATH by adding the location of the class to the value for PATH. If you do not have the item PATH, you may
select to add a new variable and add PATH as the name and the location of the class as the value.
5. Reopen Command prompt window, and run your java code.
Setting Path on Solaris and Linux
To find out if the java executable is in your PATH, execute:
% java -version
This will print the version of the java executable, if it can find it. If you get error java: Command not found. Then path is not properly set.
To find out which java executable the first one found in your PATH, execute:
% which java
Below are the steps to set the PATH permanently,
Giving instructions for two most popular Shells on Linux and Solaris.
For bash Shell:
Edit the startup file (~/ .bashrc)
Modify PATH variable:
PATH="$PATH":/usr/local/jdk1.6.0/bin
export PATH
Save and close the file
Open new Terminal window
Verify the PATH is set properly
% java -version
For C Shell (csh):
Edit startup file (~/ .cshrc)
Set Path
set path="$PATH":/usr/local/jdk1.6.0/bin
Save and Close the file
Open new Terminal window
Verify the PATH is set properly
% java -version
Hit "Thanks" if anyone helped you. :good:
Xperia Arc LT15i
Rooted/Bootloader Unlocked
JellyBean - FXP137/CM10
Click to expand...
Click to collapse
i read all this but still could not figured it out since there were few options i did not find on my windows 7 laptop.
Edit: Ok i found all the options now but what does this mean "modify PATH by adding the location of the class to the value for PATH"?
zain0300 said:
i read all this but still could not figured it out since there were few options i did not find on my windows 7 laptop.
Edit: Ok i found all the options now but what does this mean "modify PATH by adding the location of the class to the value for PATH"?
Click to expand...
Click to collapse
Under system variables, find for the variable Path. Click on Edit. Then one window will come up with two text boxes. One is variable name and another one is variable value. Edit the variable value of text box. Add the the path of bin ( e.g., ; C:\jdk\bin [Don't forget to add semicolon before the path]) to the text box.
Please have a look at the attachments.
Hit "Thanks" if anyone helped you.
Xperia Arc LT15i
Rooted/Bootloader Unlocked
JellyBean - FXP137/CM10
KartzXDA said:
Under system variables, find for the variable Path. Click on Edit. Then one window will come up with two text boxes. One is variable name and another one is variable value. Edit the variable value of text box. Add the the path of bin ( e.g., ; C:\jdk\bin [Don't forget to add semicolon before the path]) to the text box.
Please have a look at the attachments.
Hit "Thanks" if anyone helped you.
Xperia Arc LT15i
Rooted/Bootloader Unlocked
JellyBean - FXP137/CM10
Click to expand...
Click to collapse
thankx for your replies. I mistakenly deleted all the other paths that were already there, can I bring them back?
thanks button pushed.
zain0300 said:
thankx for your replies. I mistakenly deleted all the other paths that were already there, can I bring them back?
thanks button pushed.
Click to expand...
Click to collapse
copy this in the path variable value after that add ;C:\jdk....\bin
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShel l\v1.0\
Hit "Thanks" if anyone helped you. :good:
Xperia Arc LT15i
Rooted/Bootloader Unlocked
JellyBean - FXP137/CM10
Here's a quick/simplified guide to bring Debian Linux (you can choose another distro if you will) to Nook HD+.
It's for those that don't want to get their hands dirty with shell commands to set the thing up.
You have to run CM11 (the later the version the better), you also have to give root permissions wherever asked:
1) Download and Install Meefik's Busybox
a) Install the app
b) Open it
c) Tap install -> OK in the lower right corner2) Update ENV settings on LinuxDeploy:
a) Install LinuxDeploy
b) Open it
c) Go to settings (three-dot icon -> Settings)
d) Tap Update ENV3) Download and place config files
a) Download the Config Files
b) Extract and place the files to your Download folder in your tablet (/sdcard/Download).4) Install LinuxCanvas companion up (it's an app I made to solve some bugs of LinuxDeploy)
a) Download it
b) Install the apk (tap it)
c) Open it and give it root permissions5) Install a Linux image:
a) Open LinuxDeploy
b) Go to properties (icon showing an "arrow down")
c) Use the follow settings (everything else you leave it as is):
To Distribution Suite: Wheezy
To Installation Path: change the "/storage/emulated" part to "/data/media" (everything else stays as is)
To Select Components: Tick X server and untick VNC Server
To Graphics subsystem: choose Framebufer
To GUI Settings: On Freeze Android UI, choose Pause
To Custom Mounts: Tick it
To Mount Points: Delete the extant mount points and add ("plus" sign) the following:
/data/media/0
/mnt/media_rw/sdcard1
d) Tap install on properties' main menu and wait (quite) a bit (until it reads "<<< install")
With the installation finished do as follows to run the thing:
1) Turn Bluetooth on
2) Pair bluetooth devices to Android, so that to control Linux later (typically keyboard and mouse, you only need to do that once)
3) Go to LinuxCanvas and press "Volume up"
4) Voila!
The only way to get back to Android is to reboot. To do that double click the reboot.sh file and press "Execute" (you can find it to /mnt/0/Download, copy it to desktop for easier access).
I'll try to find a better solution, I'm open to suggestions.
Pro Tip: If the elements are too small for you change the DPI from LinuxDeploy -> Properties -> GUI Settings
If you tried the above guide please post feedback (i.e. "where the guide can become better/easier?" and/or "how did Linux work for you?").
Note: The guide is checked to work with CyanogenMod-11 February 2016's nightlies running internally and LinuxDeploy v1.5.6 . Any other versions of either may not work as intended.
Also you need at least 4GB of Internal storage to make it work (of course you can choose a different image size from LinuxDeploy's Properties or opt to use the whole of your external SDcard/partition).
thank you for this post it works great
Part 1 (thanks to a new character limit...)
By now many of you know that the small file on the NST/G which contains web certificates (/system/etc/security/cacerts.bks) is slowly becoming out-of-date. The first important certificate to expire was for Amazon and that crippled the Kindle app until member @tshoulihane worked out a way to update the expired certificate. In 2020, one of the certificates needed to negotiate syncing of books with FBReader expired and I finally took the plunge and figured out how to update the certificate for that. Although @tshoulihane had provided directions in the original post, I was too dense to follow them correctly. Now, as promised, I am providing what I hope is an overly-explicit set of instructions (my specialty) so that anyone can do this, even when I am dead (!).
This guide is for Windows (10, in my case). If you're not using Windows you may be much happier but you'll have to figure this out for yourself. If you are using Windows, you know that we will have to wait for some of that happiness in the next life ;-)
Assembling the tools
jdk-6u45 (download-32 bit, download-64 bit). Oracle now requires a sign-up, etc., to get at these old files, so I have archived them.
bcprov-jdk15on-146.jar (download). This old file is required to make all the magic happen.
Setting up the tools
Install jdk-6u45, using defaults--unless you have some specific reason for changing things. Don't worry if you have other JDK versions installed. They can coexist. Once the JDK is installed, use Windows File Explorer to locate the installation, something like Program Files/Java/jdk1.6.0_45 (that could be Program Files (x86) if you installed the 32-bit version). Find the sub-folder "lib". If there isn't one, create it. Inside that folder create another folder, "ext" (if it doesn't already exist). Place in that folder the jar file you downloaded. So, just to be clear, you should end up with:
(64-bit) Program Files/Java/jdk1.6.0_45/lib/ext/bcprov-jdk15on-146.jar
(32-bit) Program Files (x86)/Java/jdk1.6.0_45/lib/ext/bcprov-jdk15on-146.jar
Looking at cacerts.bks (optional)
If you want to see what the "innards" of your cacerts.bks file looks like copy out /system/etc/security/cacerts.bks from your device to your PC (use some readily accessible directory like "Documents" or "Downloads"--someplace you have rights).
Open a Windows command prompt window. Execute the following:
Code:
cd C:\Program Files\Java\jdk1.6.0_45\bin
[for 32-bit: cd C:\Program Files (x86)\Java\jdk1.6.0_45\bin]
Windows 10 allows you to paste text into the command prompt window. I suggest you copy the following command to a text editor, adjust it to your situation, and paste into the command prompt window. Then hit Enter. The text is perilous to type and you can get very frustrated by small errors.
Code:
keytool.exe -keystore C:\Users\nmyshkin\Documents\cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "C:\Program Files\Java\jdk1.6.0_45\lib\ext\bcprov-jdk15on-146.jar" -storepass changeit -v -list > C:\Users\nmyshkin\Documents\calist.txt
Note that a path which contains spaces requires the use of quotation marks or you will get an error. You would need to replace "nmyshkin\Documents" with whatever path is correct for you.
The resulting text file (calist.txt) contains a list of all of the certificates and information about them, including their expiration dates.
Housekeeping
Some time ago I came across a Honeycomb ROM (last stop before ICS and cacerts which update on the fly) and extracted its cacerts.bks file, reasoning that it would be more up-to-date than our version. This proved to be true (the Amazon certificate, for example, has not yet expired), and there were also many more certificates--not a bad thing. There were also a lot of dead certificates. So for a sort of baseline, I have attached a zipped copy of that file with all the dead stuff removed. It also has a functioning Amazon certificate and the update for FBReader book sync. You're welcome.
The good stuff follows in the next post...
Part 2
How do you remove dead certificates?
Note: ALWAYS keep a backup copy of your cacerts.bks file. If you mess up, you need to be able to go back. Also, before returning an updated cacerts.bks file to your device, you should have made a complete device backup. A faulty cacerts.bks file will cause a bootloop. The only recovery is a forced shutdown (not easy in itself) and a restoration of the nandroid backup with NookManager or similar.
Let's pretend that you have a dead certificate and a check of the calist.txt file created as described above reveals that its "alias" is 27. Certificates sometimes have ridiculously complicated names so in the cacerts.bks file they are often given numerical aliases. Here's how to get rid of one (presumably before you replace it):
Open a command prompt window and execute the following:
Code:
cd C:\Program Files\Java\jdk1.6.0_45\bin
[for 32-bit: cd C:\Program Files (x86)\Java\jdk1.6.0_45\bin]
Copy the text below and adjust the paths for your situation, then copy and paste the result into the command prompt window. Press Enter.
Code:
keytool.exe -keystore C:\Users\nmyshkin\Documents\cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "C:\Program Files\Java\jdk1.6.0_45\lib\ext\bcprov-jdk15on-146.jar" -storepass changeit -v -delete -alias 27
You would need to replace "nmyshkin\Documents", the alias number, and potentially "Program Files" (if you are using 32 bit) to customize the command.
Importing/updating a certificate
Well, this is the "real deal". Someday that Amazon certificate is going to expire again and render the Kindle app useless (assuming Amazon doesn't abandon it first). Or something else may crop up that you'd like to fix (like the FBReader issue I mentioned earlier). To some extent, this may also address website access issues, but most--if not all--of those are more broadly SSL related and that is another kettle of fish altogether.
Importing a certificate is no more difficult than any of the other operations already described (once you have the command written out!). The difficulty is in obtaining the certificate to import! Here is where these instructions get a little squishy because they are initially based on information obtained from your PC's browser (and even its version). I happen to use an up-to-date version of Firefox so that's how I am approaching this. If you use a different browser, you will have to figure out this part on your own, but Googling will doubtless help.
Let's say the Amazon certificate has expired (again...). My first best guess is that the same certificate(s) used on Amazon.com are used for the Kindle app. So I head on over to Amazon.com with Firefox. When I arrive I note that there is a little "lock" symbol just before the "https:...." in the url line. Mousing over this symbol I see "Verfied by: DigiCert Inc." So it's some kind of DigiCert certificate. Clicking on the lock symbol I see site information for Amazon including "Connection Secure" which can be expanded to show "Verified by DigiCert Inc." and at the bottom of that little window is "More information". Clicking there gives me a lot more stuff, but what I want is just the "Security" tab where I can see "View Certificate". Aha! Clicking on that reveals that there are at least two certificates, DigiCert Global CA G2 and DigiCert Global Root G2. I may need only one, but it's safer to have both. Still, I need actual copies of the certificates. In an older version of Firefox you could click on the lock and get to a place where you could export copies of the certificates. No more. That was too easy. Now it's like this:
1. Navigate to the site (Amazon.com) and discover which certificates are used, as described above
2. Open the browser menu to access "Options"
3. Click on "Privacy and Security" in the left-hand menu
4. Scroll down to "Certificates"
5. This takes you to a window in which you want the last option, "Authorities"
5. Scroll to find the certificate(s) discovered by the steps described above.
6. Click on the certificate and then on "Export". Accept the default file type (X.509 Certificate (PEM) (*.crt;*.pem)) and the ".crt" extension. Save.
7. Change the file extension on the saved certificate to ".cer".
OK! Do this for whatever certificate(s) you need. Now it's time to get them into the cacerts.bks file. Make sure the saved certificates are in some directory on your PC for which you have rights (like "Documents" or "Downloads").
Open a command prompt window and execute the following:
Code:
cd C:\Program Files\Java\jdk1.6.0_45\bin
[for 32-bit: cd C:\Program Files (x86)\Java\jdk1.6.0_45\bin]
Copy the text below and adjust the paths for your situation, then copy and paste the result into the command prompt window. Press Enter.
Code:
keytool.exe -storetype BKS -keystore "C:\Users\nmyshkin\Documents\cacerts.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "C:\Program Files\Java\jdk1.6.0_45\lib\ext\bcprov-jdk15on-146.jar" -storepass changeit -importcert -alias Amazon -file "C:\Users\nmyshkin\Documents\DigiCertGlobalRootG2.cer"
You would need to replace "nmyshkin\Documents", potentially "Program Files", the alias string or number as well as the certificate file name to customize. The "alias" is a number in our cacerts.bks file, but you can use a string instead. Otherwise, you need to choose a number that is not already used or use the same number(s) for the expired certificate(s) that you previously removed.
You will see a series of things scroll through the window, stopping at a confirmation dialog. You need to enter "yes" to accept the certificate.
Repeat if there are additional certificates to import/update.
The Proof in the Pudding
IF you have done these steps correctly, you should be good to go. You need to move the revised cacerts.bks file back to your NST/G (/system/etc/security/cacerts.bks). Be sure the file permissions are set to rw-r--r--, then reboot. If you get stuck in a bootloop you goofed. Try to interrupt the boot sequence with the power button. Eventually you will succeed and can restore a backup using something like NookManager. Try again
Hi, thank you for all your help as always nmyshkin, my how do i connect it to the nook?
I do all the steps, but I am lost on how to replace the system directory in the nook with the cacert.bks file so that the kindle app could log-in throught the NTGS.
vicus21 said:
Hi, thank you for all your help as always nmyshkin, my how do i connect it to the nook?
I do all the steps, but I am lost on how to replace the system directory in the nook with the cacert.bks file so that the kindle app could log-in throught the NTGS.
Click to expand...
Click to collapse
If you rooted with the updated NookManager, the cacerts.bks file is already updated. No need to do anything else.
As for the Kindle app, there are a few things you should know. When you try to log in you will get an error message. But if you check your email you will see that Amazon has sent you a one-time-password (OTP). Try that.
Here's where it gets a little complicated. If you have two-factor-verification turned on at Amazon, the OTP may fail. At least one XDA member has reported that if he added the OTP to his regular password, he was able to log in.
My most recent experience went something like this:
1. Try to log in. Get OTP via email.
2. Try OTP. It fails.
3. Check Amazon account...hmm..I don't have two-factor-verification (TFV) turned on. What gives?
4. Turn on TFV.
5. Turn off TFV.
6. Try to log in. Get OTP via email.
7. Try OTP. It works!
I don't have TFV turned on (I don't own a smart phone). But Amazon didn't seem to recognize that until I turned it on and then turned if off.
It would be nice if the other member is correct and you just append the OTP to your regular password to log in. Let us know!