Related
I'm very new to android development and java. Being a C/C++ programmer for 20 years, I was glad to see that JNI can be used to do the heavy lifting and I've done a few apps this way with good success.
Now I have a task that requires elevated privilege. I am able to do this within my JNI code by calling system() like so:
Code:
system("su -c 'mypath/myexe'");
Where "myexe" is a native executable (ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), stripped) compiled with the ndk tools supplied with the repo distribution for eclair.
This is the only way I've found to run a process at elevated privilege that manages to call the SuperUser app prompting the user for permission (which is what I want to ensure a properly rooted device).
The problem is that I cannot get my helper app into the distribution. I can manually push it to the device and my app functions perfectly, but how do I add it to the apk so that it is deposited in the appropriate directory (I would guess something like /data/data/com.[mybase].[myapp]/[bin or lib])?
Or, is there a better way to execute an elevated operation (using the Superuser app)?
I discovered a way to do what I want by adding the helper binary as a "raw" resource, then using getResources().openRawResource() to copy it to the file I want on the filesystem.
I still think there's got to be a better way.
A bit surprised that I haven't seen this mentioned on XDA yet...
Stephen (Stericson,) Adam Shanks (ChainsDD) and I have been working on this new library for a few days.
You can find more about it here: http://code.google.com/p/roottools/
Several other people have already enrolled as committers so I expect to see even more activity shortly.
In a nutshell, this library currently:
checks whether you have root access
checks whether BusyBox is installed
Helps you install BusyBox if necessary
Runs series of arbitrary shell commands as root
Checks partition space
Mount/unmount partitions
Installs binaries created from C/C++ for you
Anyone who wishes to pitch in is welcome!
very cool, thanks
Very interesting, i will keep an eye on that
Interesting. Seen a couple things I could have done better in my own attempts. So for me it seems like a good reference for future projects.
One question though: in the installBinary() function you are creating a bogus file in order to get the /files directory created. may I ask if there's a particular reason why you're not just doing a mkdir?
Creation of files/ is delegated to the Android SDK itself; this way, we avoid as much as possible assuming the location of that directory.
I know we do not avoid it completely (when we need to invoke the newly created binary, for instance) but I have hope that in the future we can figure that one out as well.
Just Uploaded version 1.4
http://code.google.com/p/roottools/...ols-1.4-sdk3-generic.jar&can=2&q=#makechanges
Although the library has grown a lot since this post was made and now can handle a lot more for the developer.
Please compile the latest version 4.4.
I am new to programming Java. Can anyone help me with source code for a simple android app that copies one file from sdcard to any directory in Phone. I have eclipse and emulator setup for testing.
cheers
Im not into java... but you could write a small bash script!
Bashs can be run from a terminal (connectbot, irrsi, ssh-server)
Or you simply use the app (GScript), where you can add your own scripts and run them just with 1 click!
Code:
#!/system/bin/sh
file=/sdcard/FOLDER_OF_FILE/FILES_I_WANT_TO_COPY
target=/TARGET_FOR_FILE
cp -frv $file $target
Hope I could help you...
I would try searching stackoverflow.com ....
.... be prepared though, file operations in Android are not a quick 2 lines of code.
sebsch1991 said:
Im not into java... but you could write a small bash script!
Bashs can be run from a terminal (connectbot, irrsi, ssh-server)
Or you simply use the app (GScript), where you can add your own scripts and run them just with 1 click!
Code:
#!/system/bin/sh
file=/sdcard/FOLDER_OF_FILE/FILES_I_WANT_TO_COPY
target=/TARGET_FOR_FILE
cp -frv $file $target
Hope I could help you...
Click to expand...
Click to collapse
Thanks for reply. But i am looking for a pure android app and not script or adb commands via terminal !
@eatmold
eatmold said:
I would try searching stackoverflow.com ....
.... be prepared though, file operations in Android are not a quick 2 lines of code.
Click to expand...
Click to collapse
Thanks a lot man, i look forward to see some code soon .....
user_000 said:
I am new to programming Java. Can anyone help me with source code for a simple android app that copies one file from sdcard to any directory in Phone. I have eclipse and emulator setup for testing.
cheers
Click to expand...
Click to collapse
First of all, you can't copy a file to any directory on the phone. The app can only write to directories to which it has permission to write. Second, some parts of the phone can't be written to at all because the filesystem is read-only. Third, file I/O is non-trivial in the dalvik VM. It would take a substantial amount of code to do what you want.
Do you have some goal in mind for this starter project? There is the "Hello World" project at http://developer.android.com if you just want some example code.
Gene Poole said:
First of all, you can't copy a file to any directory on the phone. The app can only write to directories to which it has permission to write. Second, some parts of the phone can't be written to at all because the filesystem is read-only. Third, file I/O is non-trivial in the dalvik VM. It would take a substantial amount of code to do what you want.
Do you have some goal in mind for this starter project? There is the "Hello World" project at http://developer.android.com if you just want some example code.
Click to expand...
Click to collapse
Well the aim is to get an idea of how a very simple app can work on phone. So it can even be copying a file from one directory of SDcard to another directory on SDcard on Phone. And also lets assume that we have the permission to write to any directory on phone (i.e superuser or its writable etc).
Yea 'hello world' is a nice example and on the same lines a simple non-gui app to copy file is what i am looking for. It will give a good overview of how to do some basic I/O operation on phone via android app.
cheers
If you want to do this as a Java learning experience, then you'll probably want to handle the file I/O using strictly Java which can be a real pain. Nonetheless, all you need is here:
http://developer.android.com/reference/java/io/package-summary.html
although, typically things like file I/O are best left to the operating system which is usually more optimized for that sort of thing--especially when the OS is *nix. To leverage the OS to do your dirty work natively, you can use the Runtime class:
http://developer.android.com/reference/java/lang/Runtime.html
Thanks for the references. But interest is to see a working code on an Android device and not Java as a whole. So a simple app source code can be a really good starting point. Hello World is good first example but does not include I/O, so someone with experience can lead the newbies in a good way by showing a simple example.
Come on guys share some experience !
[UPDATE]
BusyBox 1.19.2
Bash 4.2
Midnight Commander 4.8
TMUX 1.5 - That's right, full terminal multiplexer..
Vim 7.3
Terminal IDE ASCII Soft keyboard first round bug fixes complete.
It's the addition of TMUX and MC that really excites..
--------------------------
Well,
As the only people I know who might even be interested in this, I would like to announce the release of Terminal IDE v1.0.
A complete Java / Android Development Environment that runs on the device itself, with a nice telnetd / sshd feature.
For Android. Of course... Eat this you IPhone Hounds..
Woo HOO!!
The application is available on Android Market.
https://market.android.com/details?id=com.spartacusrex.spartacuside
As what I can only describe as 'dark days' finally draw to an end, I am very pleased with this first draft.
PLEASE give it a go, log in over telnet for a smoother ride, and let me know how it goes..
DO THE TUTORIAL! Does it work ?!
I have released the whole project GPLv2! Yeah, Who Knew!?
http://code.google.com/p/terminal-ide/
BOOOOOM!
Spartacus
a link to the app in the market would be usefull.
Interesting. Was just wondering about coding on my tablet.
Pretty freakin sweet
Thanks for putting this out!
Awesome
The full keyboard alone makes it worth downloading, but the IDE as well - wow!
this is best bro.
I randomly found this last night while looking for a decent mobile IDE for my tablet. I was looking for a simple text editor with syntax highlighting and you've taken that extra step to include other tools for ssh, telnet and compilers. Much appreciated.
One question, how do you start the ssh server? sshd doesn't seem to do it. I would like to scp files to my device from my desktop in order to work on my commute.
Thanks
The sshd app is actually called Dropbear.
You also have Dropbearkey.
You use Dropbearkey to generate the sshd certificates you need.
I really need to add a tutorial on setting the sshd keys up
For now Google has a couple of articles on it.
For file transfers you also have busybox FTP but I admit not terribley secure..
Allthough SSH is provided, and I wonder whether an SSH pipe can be created..?
And lastly you can just copy the files over to your sdcard via USB..
Will look into it & add tutorials asap.
Ok. So I now have SSHD working..
But there is a slight issue.. basically when you log in you have to start bash manually.. unless you have the file /etc/shell with the correct shell to use.. Which requires a rooted phone.
Since Terminal IDE is for non-ROOT users, I will have to recompile the code to allow a shell to be specified on the command line.. Soon..
FOR NOW - This is how to connect to the phone via SSH (There are other ways using public keys but this is one way)
So - Once in Terminal IDE
2) You need to create a couple of server ssh keys
Start in $HOME
Code:
cd ~
Create folder
Code:
mkdir .ssh
Give it some secure permissions
Code:
chmod 700 .ssh
Get in there
Code:
cd .ssh
Now create the keys
Code:
dropbearkey -t dss -f dropbear_dss_host_key
dropbearkey -t rsa -f dropbear_rsa_host_key
ok - That's almost it. Just need to start dropbear with the correct parameters now. [Probably want to keep this in a script]
Back HOME
Code:
cd ~
You need to know the UID of your app, which is different per phone - use 'id'
Code:
id
That will tell you your user ID / Group ID. Let's say its 10058.
Now to start DropBear
Code:
dropbear -A -N username -U 10058 -G 10058 -C password -d ~/.ssh/dropbear_dss_host_key -r ~/.ssh/dropbear_rsa_host_key -F -E -p 8090 -P PidFile
This will start it running in the foreground with password set to 'password' on port 8090.
Then you can connect, like telnet, and simply use 'password' for the password.
Now for the issue. It will start a simple shell session in / with no ENVIRONMENT variables or anything..
I'll fix it permanently in a future release, but for now it can be fixed with these 2 commands.
cd into your home dir - Check this is correct on your device
Code:
cd /data/data/com.spartacusrex.spartacuside/files
And start bash with an init file Terminal IDE auto-magically creates..
Code:
./system/bin/bash --init-file ./.init
Everything should now be setup as usual.
Good luck..
Very awesome and thank you sir. Works like a charm.
One thing to clarify for those "braving" this (not that it's all that insane to try)... the '-N' is setting the username (in the case of the example, setting it to 'username').
Also, it gives a permission denied for scp, I'm assuming since it doesn't init/run the shell. Should be fine since FTP is included. Haven't tried this option yet. Not too worried about security at the moment, since I'll only run it on a private network.
May I make a (maybe) small feature request? Is it possible to include a "keep screen awake" option in the options menu? I have my Xoom config'd to turn off the wifi when the screen is off for power saving (can go ~4 days on 1 charge), so it will kill my connections if I let this happen. I know not everyone has this config set, but it'd be a nice option.
NOW, if I wasn't lazy, I could probably add this myself and build since I've dl'd the source. But, lazy and working on a few projects already.
Again, much thanks.
And as if by magic..
Funnily enough I was having the exact same issue last night while using wget to transfer a big file to my device..
NEW VERSION UPLOADED v1.13
Now has 3 non-exclusive lock types available in the options :
- CPU Lock
- SCREEN Lock
- WIFI Lock
Set them as you wish...
Saw that this morning when I was on the bus (Thursday morning here in Hong Kong). Very awesome and much appreciated.
As well, thanks for open-sourcing it. +1 for you sir!
Very cool stuff
Thanks for creating this.
Great app! However I can't compile .java files. I always get an error that it can't unzip a file in /android.policy.jar. Any idea?
Sent from my GT-I9100 using XDA App
Do you think its possible to also support compiling C sources directly in your phone
I've been searching for this ever since I got an android.
THANK YOU.
Says that it's incompatible with my OG Droid. Any idea why?
shpen said:
Says that it's incompatible with my OG Droid. Any idea why?
Click to expand...
Click to collapse
Most likely seems to be due to the ROM you are using and/or the market version
can u post the build.prop here?
/system/build.prop
also, try going back to market 2.x, 3.x market(s) do loads of checks
Does anybody know why I can't compile java files? I always get the following error:
Error reading /system/framework/android_policy.jar cannot read zip file.
Any ideas? Could anyone upload there android_policy.jar because that might cause the error.
Sent from my GT-I9100 using XDA App
Hi Schindler33.
Can I ask, have you followed the tutorials, say the first helloworld example TO THE LETTER?
Does the helloworld example work?
The parameters have to be correct, and as always exact, and the BOOTCLASSPATH variable must be set.
If so, is it a custom ROM?
Does that policy jar file exist and is it readable by non root users?
As much info as possible good..
In various thread scattered around the Fire and Kindle forums here on XDA, I talked about the possibility of decompiling an Amazon system APK, modifying the contents such as settings for the framework or changing permissions in an attempt to escalate privileges to some degree, maybe even root. I ran into several issues when attempting such a thing:
1) Using a PC, I found it almost impossible to successfully recompile a modified APK. Many of the tools like APKtool are just too complicated and missing even the slightest step will cause it to fail.
2) Surprisingly, I've had the opposite outcome using two apps. Using APK Export, I was able to export an APK from the system and use APK Editor Pro to modify permissions. I have been able to, on a consistent basis, use APK Editor Pro to decompile the Android Live Wallpaper system APKs to add or remove any permission from the APKs manifest. Installing the APKs did not result in getting them into /system/priv-app on my HD 8, but all modifications held over and over. But every time the signature is ruined, and installing as a system app fails again.
Janus can help escalating permissions even further when using the above method and maybe others, to modify system APKs. The question is: Can we use Janus to modify an APK in some form, to install an update to an Amazon system app, which would on install, execute code that would install SU binaries? What about any other known exploit patched or not? Could we fake the system into thinking a one-click-root app is a system app and install it? Link to XDA article.
Janus takes advantage of the fact that extra bytes go unnoticed in APK files and DEX files. The GuardSquare report explains that an APK file is a ZIP archive which can contain arbitrary bytes at the start, before and between its ZIP entries. The JAR signature scheme only takes into account the ZIP entries, ignoring any extra bytes when computing or verifying the application’s signature.
It goes on to explain that a DEX file, on the other hand, can contain arbitrary bytes at the end – after the regular sections of strings, classes, method definitions, etc. Therefore, a file can be a valid APK file and a valid DEX file at the same time.
GuardSquare also mentions that a key element of the vulnerability is a “harmless” feature of the Dalvik/ART virtual machine. The report states that in theory, the Android runtime loads the APK file, extracts its DEX file and then runs its code. However, in practice, the virtual machine (VM) can load and execute both APK files and DEX files. The issue is that when the VM gets an APK file, it still looks at the magic bytes in the header to decide which type of file it is: DEX or APK. On finding a DEX header, it loads the file as a DEX file. If it doesn’t find a header, it loads the file as an APK file containing a zip entry with a DEX file. Thus, it can misinterpret dual DEX/APK files.
GuardSquare says that an attacker can leverage this duality feature of the VM to add a malicious DEX file to a normal APK file without affecting its signature. The Android runtime will accept the APK file as a valid update to a legitimate earlier app version, but the Dalvik VM will load the code from the DEX file, which has been injected with malicious code.
Click to expand...
Click to collapse
This is a good point. I brought up something similar a few months ago in another thread.
With all the exploits discovered this year where's someone trying these exploits on this hw sw combo we have with FireOS.
Where's the fuzzer for all the system calls while trying the known exploits?
Where is the systematic approach to testing these from the pedants on the forum?
Sure you can reply with the usual comebacks, but try a different approach instead of more of the same.
With
Sent from my iPhone using Tapatalk
Robius said:
Where is the systematic approach to testing these from the pedants on the forum?
Click to expand...
Click to collapse
Totally agree! Those selfish tech elitists who put real life above the desires of strangers. They should dedicate themselves (without compensation) and their community resources to methodically crack this very important nut. Ya know, because exploiting a $50 entertainment gizmo should rise to the top of THEIR priority list. Sorry sweetie, daddy won't becoming to any of your soccer games this year; he has important work to do.
My point exactly.
You spent enough energy to respond to this in a sarcastic manner. Thank you
Sent from my iPhone using Tapatalk
Robius said:
My point exactly.
You spent enough energy to respond to this in a sarcastic manner. Thank you
Click to expand...
Click to collapse
Time well spent; appreciate the opportunity to respond in kind.
I have seen a bunch of hashes running through the terminal last time. Amazon may compare the hashes of the apks against a whitelist.
All right, I am ready to take this exploit on my 5th Gen. What I have to do??
Adyatan said:
All right, I am ready to take this exploit on my 5th Gen. What I have to do??
Click to expand...
Click to collapse
I haven't sat down and looked into this too much so I'm not sure how to execute the exploit yet.
The idea I had been working on months ago was to somehow insert SU binaries into an Amazon system APK, and get it to install the modified APK as an update to an existing system app. The issue back then was the signature getting destroyed. If we can modify an Amazon system APK to contain a script to execute installation of SU binaries, the exploit might allow the APK to install as an update to an existing Amazon app and in theory install the SU binaries. Based on what little I've read, we would have to either 1) modify the existing DEX file of an Amazon system APK to contain code/script to install SU binaries or 2) create a new DEX file with the code and replace it with the original. My opinion is a better chance at the first method.
Now how to do all that using the Janus exploit? I do not yet know.
"An attacker exploiting the flaw could replace a trusted application that already has high privileges, such as a system app, with one of their updates to abuse the permissions that have already been granted. This could enable the attack to access sensitive information stored in the devices or enable the attacker to seize control over the device completely."
https://www.scmagazine.com/janus-vu...-android-50-devices-and-newer/article/713449/
So how would one go about updating a DEX file to contain 1) SU binaries that install upon 'updating' the app on installation? Or 2) clone a system app and edit or change the DEX file? 3) add an exploit script to a DEX file that would gain root (then you would install SU binaries and app)?
It seems the editing of the DEX file itself doesn't damage the signature and that's the nature of the exploit?
Hey is it possible to modify the permissions ota updater and remove the internet permissions so it can't update
I just found this https://github.com/odensc/janus don't have a computer anymore or would try it
Asadullah said:
Hey is it possible to modify the permissions ota updater and remove the internet permissions so it can't update
Click to expand...
Click to collapse
I cannot recall if I've ever tried with that APK. I have tried with others, unsuccessfully. Either the APK will fail to recompile into a proper installation file, or it would 'install', but with none of the modifications holding.
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
While installing an Android app or its update, your device checks APK header information to determine if the archive contains code in the compressed DEX files. If header says APK archive contains DEX files, the process virtual machine decompiles the code accordingly and executes it; otherwise, it runs the code as a regular APK file.
It turns out that an APK archive can contain DEX files as well as regular application code simultaneously, without affecting its validity and signatures.
Researchers find that this ability to add extra bytes of code due to lack of file integrity checking could allow attackers to prepend malicious code compiled in DEX format into an APK archive containing legitimate code with valid signatures, eventually tricking app installation process to execute both code on the targeted device without being detected.
In other words, the hack doesn't require attackers to modify the code of legitimate applications (that makes signatures invalid)—instead, the vulnerability allows malware authors to merely add some extra malicious lines of code to the original app.
Click to expand...
Click to collapse
So we would need to write a script or other code that would be placed into a Amazon System APK. Now would we be able to add SU binaries to an APK? What about a root script like DirtyCow. Although DC is patched, would that be different if the exploit was installed into the /system-priv-app and then executed? I really don't want to sound dumb here so please help me pout guys. Any feedback, negative or not is appreciated.
Maybe this tool can help https://forum.xda-developers.com/android/software/tool-dex-manager-v1-0-designed-to-play-t2988532
Robius said:
Maybe this tool can help https://forum.xda-developers.com/android/software/tool-dex-manager-v1-0-designed-to-play-t2988532
Click to expand...
Click to collapse
I can't find a working download link. Apparently it has been discontinued and i was directed to this: Uret Android Reverser Toolkit v1.6. I downloaded it.
I did find the other one but it says it's for a Galaxy Note. Not sure if that's really the case though.
DragonFire1024 said:
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures
So we would need to write a script or other code that would be placed into a Amazon System APK. Now would we be able to add SU binaries to an APK? What about a root script like DirtyCow. Although DC is patched, would that be different if the exploit was installed into the /system-priv-app and then executed? I really don't want to sound dumb here so please help me pout guys. Any feedback, negative or not is appreciated.
Click to expand...
Click to collapse
It's beyond my knowledge but if you were to maybe add a script to the dex giving it the permisions I gotta look more into this
---------- Post added at 04:13 PM ---------- Previous post was at 03:54 PM ----------
DragonFire1024 said:
I can't find a working download link.
Click to expand...
Click to collapse
here's smali baksmali for editing dex files https://github.com/JesusFreke/smali I havent used it in a while but used to work good
Asadullah said:
It's beyond my knowledge but if you were to maybe add a script to the dex giving it the permisions I gotta look more into this
---------- Post added at 04:13 PM ---------- Previous post was at 03:54 PM ----------
here's smali baksmali for editing dex files https://github.com/JesusFreke/smali I havent used it in a while but used to work good
Click to expand...
Click to collapse
Editing DEX is pretty much out of my league too. I wouldn't know where to start. I don't even know how to install or use the tool you posted.
DragonFire1024 said:
Editing DEX is pretty much out of my league too. I wouldn't know where to start. I don't even know how to install or use the tool you posted.
Click to expand...
Click to collapse
https://github.com/JesusFreke/smali/wiki/DeodexInstructions
It's really pretty simple used to use it take out the ads from angry birds and what not when it first came out. But it's easier said than done. If you do try first thing I would suggest is that you decompile then recompile to see if it works right the dependencies sometimes will get you or we can try and beg another developer to make us a modified apk..... Please pretty please with sugar on topwe'll like all your posts???
Check this thread for root possibility:
https://forum.xda-developers.com/hd8-hd10/general/complete-guide-root-hd7-8-106th-gen-t3545411
Robius said:
Check this thread for root possibility:
https://forum.xda-developers.com/hd8-hd10/general/complete-guide-root-hd7-8-106th-gen-t3545411
Click to expand...
Click to collapse
FYI - nothing new in that thread. Same familiar tools/techniques targeting a different gen/suite of Amazon devices. Similar outcomes too. Vulnerability patched in FireOS 5.3.2.x as so far proven impenetrable by generic rooting tools of common origin (KingRoot, KingORoot, etc).
Davey126 said:
FYI - nothing new in that thread. Same familiar tools/techniques targeting a different gen/suite of Amazon devices. Similar outcomes too. Vulnerability patched in FireOS 5.3.2.x as so far proven impenetrable by generic rooting tools of common origin (KingRoot, KingORoot, etc).
Click to expand...
Click to collapse
Not sure if the following report is true: (HD10 7th Gen on 5.6.0.0)
https://forum.xda-developers.com/hd8-hd10/general/rooted-fire-hd-10-7th-generation-t3718629