Related
I was wondering whether there is such software for the android that can capture http posts before sending. i.e. like the firefox addons you can get and apps like http analyzer?
This would be really useful for testing purposes.
Cheers.
Gazos
You can try some general traffic capture tools (Like tcpdump or airodump-ng). If You have rooted phone, check out Shark for Root (tcpdump on phone).
Thanks for the update but I guess what I want is real time captures (and manipulation) like its possible in Firefox using only the phone.
I currently use tcpdump to capture data but want to edit the data before its sent out.
You can try to find/write small proxy server application and run it on phone, so you will be in control.
ex87 said:
You can try to find/write small proxy server application and run it on phone, so you will be in control.
Click to expand...
Click to collapse
Or you could run paros (http://sourceforge.net/projects/paros/files/) on a machine on your network and get the android browser to use it as the proxy (which looks like a bit of a task in it's self.)
The only viable way I can think of to do this (given Android's insane lack of proxy support) is to hack a custom firmware for a Linksys WRT54g so it basically routes everything to a transparent proxy (Fiddler2, Webscarab, Paros, Burp, etc) running on a PC. Something like this:
Android =[wi-fi]=> WRT54g -[ethernet]-> PC with proxy -> internet router
It might even be possible to achieve this without hacking the WRT54g.
The only problem you might still have (not sure) is Android's handling of invalid SSL certs since the proxy would basically be doing a man in the middle attack, and the app running on the Android phone would see an invalid SSL cert.
Be warned that trying this with a Windows host PC is almost guaranteed to fail unless it's Pro/Ultimate, and in any case this is going to involve some seriously hardcore manual routing config that goes beyond anything Windows' config screens were really intended to set up.
You can try to find/write small proxy server application and run it on phone, so you will be in control.
Click to expand...
Click to collapse
I'm pretty sure I saw this discussed on the android.security list, and the consensus was that the current API doesn't give any way to do this transparently, and it's questionable whether you could even implement something like WebScarab natively on Android using the NDK. I believe the general consensus was that if you want to host something like WebScarab on Android, it's going to take a custom kernel to pull it off, and some solution that lets you offload the actual proxying to a regular PC would be infinitely easier to pull off, and less cumbersome to use for actual security testing (it's enough of a pain trying to use Fiddler2 or Webscarab with a 1280x1024 display, let alone 854x480... not to mention trying to cut and paste examples into Word Documents for vulnerability assessment reports (shudder)).
^^^ OMG. I just installed AOSP ("Buufed") for the CDMA Hero, and it actually HAS the ability to set proxy for WiFi. I haven't tried it yet, and I'm not sure whether it's purely an "AOSP" feature or something I've just overlooked up to now that was in DamageControl, but it looks like at least *some* Android builds DO have it now
I tried most of the CM9 ROMs on this forum and none of them would get apps like UPnPlay or BubbleUPnP to work.
Basically those apps should wirelessly connect to UPnP music servers.
It works fine on the CM7 ROMs that I've tried though.
This is likely to be an issue with WiFi driver not properly supporting UPD Multicast.
vampyrex13 also faces this issue.
Just wanted to check if devs are aware of the problem.
Thanks.
Hmm I dont like either because they just suck and over complicated.
For playing/controlling music via the device, I HIGHLY Recommend 2Player Network Music Player. Its by far the best DLNA/UPnP frontend App.
Now as far as letting your device become a server, controlleble by others. I use Twonky Mobile. If Im not mistaken, it works fine on Ice Cream Sandwitch now. Program a lil crappy but its free and does what I need.
YaKillaCJ said:
Hmm I dont like either because they just suck and over complicated.
Click to expand...
Click to collapse
re-read the post. this is about UDP multicast, which is required for all upnp/dlna. 2player is affected by this issue as well.
i wanted to mention this in the main ICS dev thread a while back, but thought I didn't have enough posts. so I PMed Jackpot about it.
this was a couple of weeks ago:
bubbleguuum said:
Is it possible that in this alpha, UDP multicast does not work with the WiFi chipset ? This is required for discovery. If you get other UPnP apps to discover stuff, then UDP multicast is definitely supported and the proble is elsewhere. You may also want to try again after rebooting your WiFi router and your phone. You can also send me a log file if you wish.
Click to expand...
Click to collapse
i tried testing udp multicast between my phone and my kf using iperf and it was successful. however, i can't be sure if it was actually testing multicast, or just udp, as it did have me specify an IP address. if i was truly testing multicast, i shouldn't need an IP, right?
I had sent a BubbleUPnP logfile to bubbleguuum two days ago and that's how I ended up posting here.
theTwiz said:
i wanted to mention this in the main ICS dev thread a while back, but thought I didn't have enough posts
Click to expand...
Click to collapse
My case exactly...
theTwiz said:
if i was truly testing multicast, i shouldn't need an IP, right?
Click to expand...
Click to collapse
Sorry I'm not that knowledgeable.
What should be the next steps then?
Oh yea, now I remember. I did have issues under ICS. My only issue was when I tried turning my KF into a UPnP server (via Twonky). Everything on my network acted real stupid and I had to reboot my NAS.
When I wanted to just play music on my KF (via 2Player), it worked just fine.
My setup is a DNS-320 with nas-tweaks to run Twonky Server 6.
Is 2Player the only app you tried?
I fired up the log and a wireshark machine and checked what's going on.
I have the what, but not the why...
It looks like the tablet sends and received multicast data just fine, but once it joins a multicast group, it loses the ability to receive unicast packets.
I see the twonky server on the tablet sending out messages about its existence. I see it receive other twonky devices existence data. Then the tablet appears to try to query directly from the devices to get capabilities. These timeout and it removes the other device from its list.
Meanwhile, on wireshark, the kindle is sending out arp requests like crazy, for these fellow twonky machines, for its default gateway, for everything. The responses are coming back, but the kindle never seems to see them.
So, either it loses the ability to receive unicast packets or it loses the ability to process arp responses. Either seems to be pretty deadly to IP. Had to shut off wireless and turn it back on before normal network behavior restored.
I'm looking at it more, but thought observations might be useful to anyone else jumping in.
jd
Edit:
Found these two lines in the log. Not _sure_ they're the cause, but looks promising. Unfortunately, they don't appear to come from the wpa_supplicant source no matter what it says, so maybe the kernel driver?
E/wpa_supplicant(21290): ERROR - wpa_driver_tista_private_send - error sending Wext private IOCTL to STA driver (ioctl_cmd = 8000305, res = -1, errno = 95)
E/wpa_supplicant(21290): ERROR - Failed to handle rx data filter command!
jdommer said:
Meanwhile, on wireshark, the kindle is sending out arp requests like crazy, for these fellow twonky machines, for its default gateway, for everything. The responses are coming back, but the kindle never seems to see them.
So, either it loses the ability to receive unicast packets or it loses the ability to process arp responses. Either seems to be pretty deadly to IP. Had to shut off wireless and turn it back on before normal network behavior restored.
Click to expand...
Click to collapse
i experience this exact issue when trying to run any upnp app on my kf. in the main ICS thread, the bug tracker currently lists wifi as 'spotty'. some people have to turn wifi off then on again to restore connection, some have an infinite connect-attempt loop, etc. im curious if this might be related. i'll see if i can get anyone experiencing spotty wifi to post wireshark logs, and i'll do the same when i can.
and yes, the ability to process arp responses is absolutely critical to IP. the loss of arp could result in any of the wifi issues i've seen people post about thus far.
jdommer said:
I fired up the log and a wireshark machine and checked what's going on.
I have the what, but not the why...
It looks like the tablet sends and received multicast data just fine, but once it joins a multicast group, it loses the ability to receive unicast packets.
I see the twonky server on the tablet sending out messages about its existence. I see it receive other twonky devices existence data. Then the tablet appears to try to query directly from the devices to get capabilities. These timeout and it removes the other device from its list.
Meanwhile, on wireshark, the kindle is sending out arp requests like crazy, for these fellow twonky machines, for its default gateway, for everything. The responses are coming back, but the kindle never seems to see them.
So, either it loses the ability to receive unicast packets or it loses the ability to process arp responses. Either seems to be pretty deadly to IP. Had to shut off wireless and turn it back on before normal network behavior restored.
I'm looking at it more, but thought observations might be useful to anyone else jumping in.
jd
Edit:
Found these two lines in the log. Not _sure_ they're the cause, but looks promising. Unfortunately, they don't appear to come from the wpa_supplicant source no matter what it says, so maybe the kernel driver?
E/wpa_supplicant(21290): ERROR - wpa_driver_tista_private_send - error sending Wext private IOCTL to STA driver (ioctl_cmd = 8000305, res = -1, errno = 95)
E/wpa_supplicant(21290): ERROR - Failed to handle rx data filter command!
Click to expand...
Click to collapse
I can confirm your findings.
SSD discovery of the UPnP server seems work fine as I see it replying to the multicast group with its uid and service notifications.
However the KF keeps on sending search request as if it couldn't process the replies.
Rouquemoute said:
I can confirm your findings.
SSD discovery of the UPnP server seems work fine as I see it replying to the multicast group with its uid and service notifications.
However the KF keeps on sending search request as if it couldn't process the replies.
Click to expand...
Click to collapse
The wpa_supplicant error messages are a constant in the log when things quit working, but I cannot find the code that is calling it. I've searched all the files in the wpa_supplicant tree source and cannot find the text of those messages at all.
Probably going to require someone cooler than me to troubleshoot, but I'll keep looking in my "spare time".
jd
jdommer said:
The wpa_supplicant error messages are a constant in the log when things quit working, but I cannot find the code that is calling it. I've searched all the files in the wpa_supplicant tree source and cannot find the text of those messages at all.
Probably going to require someone cooler than me to troubleshoot, but I'll keep looking in my "spare time".
jd
Click to expand...
Click to collapse
That is inside the wifi driver source (and there in wpa_supplicant_lib), part of it is also fixed for the linux wifi sources: http://www.spinics.net/lists/linux-wireless/msg84045.html
The android source is different, but i didn't look at the exact differences between them yet. Are you sure that problem really cause those error message?
Does UPnP work on stock/CM7 ?
nind said:
Are you sure that problem really cause those error message?
Click to expand...
Click to collapse
Nope, all I am sure of is that the message occurs in proximity to when the wifi quits working.
Considering what we see is that the kindle seems to quit receiving certain packets, it seems likely that a problem with something that is supposed to apply a filter to received packets could be the cause. But I'll follow the links you gave and see if I can see anything or figure out how to insert more debugging info.
But, if anyone knows of anyplace(s) uPnP is definitely working, it would be useful for comparison.
jd
nind said:
Does UPnP work on stock/CM7 ?
Click to expand...
Click to collapse
stock: i don't know (see below)
CM7: yes
jdommer said:
But, if anyone knows of anyplace(s) uPnP is definitely working, it would be useful for comparison.
Click to expand...
Click to collapse
do you mean any roms? for kf, only the cm7 i can say for sure. ill test on my gf's kindle (running pure stock) in a bit and let you know.
EDIT: upnp works on pure stock kf (6.2.2)
if you mean ics on any hardware, then i can say it works on my g2, currently running andromadus v12, but it also ran on virtuous quattro rc3 as well.
I can confirm it works on CM7.
theTwiz said:
do you mean any roms? for kf, only the cm7 i can say for sure. ill test on my gf's kindle (running pure stock) in a bit and let you know.
Click to expand...
Click to collapse
Specifically, I meant kernels or roms. Anyone using miui Cm9 that can say if UPnP is working? Or anyone tried with intersectRavens kernel? I'd try myself but I'm leaving on a business trip today and don't want to mess with my beautiful kindle until I return.
The more known good versus known bad will make it easier to zero in on the culprit.
jd
jdommer said:
Specifically, I meant kernels or roms. Anyone using miui Cm9 that can say if UPnP is working?
Click to expand...
Click to collapse
i'll start downloading various roms/kernals and give it a go when i get home today. so far i've tried the main cm9 (every update since early January), hashcode's cm9 and zone's cm9, but those last two are both based on the main cm9. I do know the main dev build changed kernals a while back, but I don't think they've ever used intersectraven's kernal.
I run bubbleupnp on stock. Works great. Just to confirm it does work on the fire
Sent from my SGH-I897 using xda premium
jdommer said:
Or anyone tried with intersectRavens kernel?
Click to expand...
Click to collapse
I just tried the ROM from this thread: http://forum.xda-developers.com/showthread.php?t=1528024
It's said to be based on intersectRaven's latest CM9 kernel.
It doesn't work either...
Rouquemoute said:
I just tried the ROM from this thread: http://forum.xda-developers.com/showthread.php?t=1528024
It's said to be based on intersectRaven's latest CM9 kernel.
It doesn't work either...
Click to expand...
Click to collapse
yep, not working on intersectraven's kernal here either.
miui (4.0.3) is a no-go as well. this seems to be an all-encompassing ics issue unless anyone has any other combinations they can think of?
also, there's no way this is related to hardware acceleration, right?
theTwiz said:
also, there's no way this is related to hardware acceleration, right?
Click to expand...
Click to collapse
No, but we may switch to a new wifi driver and wpa_supplicant v0.8 with a 3.0 kernel, so the problem may not occur there.
Heya guys;
Alpha Terminal script attached (randomizes mac) Reboot after you run it as root
I've been working on changing the mac address for a bit, and as of 30 minutes ago, I seemed to have successfully accomplished it.
Survives reboot
Accepts any OUI
Completes 4-way WPA handshake
However, while I have been successful on my phone, I don't have another device to confirm repeatability.
For the brave souls who wish to try, please note that this is a -permanent- change. Your original MAC is not copied somewhere automatically, so don't blame me for not remembering your original MAC, or if you get eaten by the dragons that may lie ahead.
For this test, I'm going to start with the basics of what I did. As I get feedback, I'll respond with questions and hopefully narrow down potential system variability. I was running these commands as root, though.
Open your terminal emulator of choice and follow along (replace the ×''s with the mac of your choosing
Code:
netcfg wlan0 hwaddr ××:××:××:××:××:××
Enjoy your new permanent mac. (Could it be this simple?)
confirm the change
Code:
ip link show wlan0
Make the change permanent
Code:
echo "××:××:××:××:××:××" > /efs/wifi/.mac.info
Reboot, then check to see if the MAC took
Code:
ip link show wlan0
Try connecting to an AP with WPA on, and report back.
Very interesting, could you put this all into an app? So perhaps Mac addresses could be spoofed? A GUI would make things a lot easier. I'll try this out later on my oneplus one. [emoji3]
-Sent from my BR0K3N ON3.
[DEV][WIP]Permanently change wireless MAC address (WORKS!)
evilpotatoman said:
Heya guys;
Alpha Terminal script attached (randomizes mac) Reboot after you run it as root
<< snip >>
Try connecting to an AP with WPA on, and report back.
Click to expand...
Click to collapse
Works on Samsung Centura SCH-S738C running Ice Cream Sandwich ( 4.0.4 ), and rooted with stock
ROM. Verified after reboot! The phone reconnected immediately to wifi network.
Also works on Samsung Tab 3 SM-T217S running KitKat ( 4.4.2 ), and rooted with stock ROM. Verified after reboot! The phone reconnected immediately to wifi network.
I skipped the commands, and simply edited both the ' .mac.info ' and ' .mac.cob ' (backup?) files (after backing up both!).
So simple. Works where MacChanger failed. May I tell you that I love you?
forid200 said:
Very interesting, could you put this all into an app? So perhaps Mac addresses could be spoofed? A GUI would make things a lot easier. I'll try this out later on my oneplus one. [emoji3]
-Sent from my BR0K3N ON3.
Click to expand...
Click to collapse
Yepper, spoofing works, but since that may an indication of nefariousness , the script doesn't spoof the oui, just mods the last 3 octets. Interested modders may mod my script as they see fit
evilpotatoman said:
Yepper, spoofing works, but since that may an indication of nefariousness , the script doesn't spoof the oui, just mods the last 3 octets. Interested modders may mod my script as they see fit
Click to expand...
Click to collapse
Privacy is hardly nefarious.
"This Android app turns off Wi-Fi tracking without turning off Wi-Fi"
"'Retailers, crooks, the government, and others shady individuals are tracking your movements. Even when your Wi-Fi is turned off, your phone may be broadcasting information to whomever is in range which can be used both to track repeated visits to as well as your exact movements in an area under surveillance,' Chainfire wrote on Google+."
100% agree with CFs implementation, which is why my script (rudely) emulates it. The nefarious acts I hinted at consist of things like manually setting your MAC to aide in the hacking of APs with MAC authentication. I'm sure you can agree with that being an invasion of privacy.
evilpotatoman said:
100% agree with CFs implementation, which is why my script (rudely) emulates it. The nefarious acts I hinted at consist of things like manually setting your MAC to aide in the hacking of APs with MAC authentication. I'm sure you can agree with that being an invasion of privacy.
Click to expand...
Click to collapse
Agreed. Though, I believe the good of personal privacy outweighs the potential evils.
evilpotatoman said:
Yepper, spoofing works, but since that may an indication of nefariousness , the script doesn't spoof the oui, just mods the last 3 octets. Interested modders may mod my script as they see fit
Click to expand...
Click to collapse
It's handy in a lot of cases, but the tools to do something shouldn't be restricted in my opinion. About the spoofing a particular MAC, there's many legitimate reasons why you may wanna do this too. So flagging it off as just for malicious usage is sort of invalid. For example, if you go to a mall, and they have free Wi-Fi, however they require you to create an account and login, via this they will log your usage and collect data. For privacy reasons, you may wanna spoof MACs. Or if you go to a hotel and want to setup your chromecast but it has a login landing page, you're stuck. Unless you can spoof the MAC with your phone.
-Sent from my BR0K3N ON3.
HoytK said:
I skipped the commands, and simply edited both the ' .mac.info ' and ' .mac.cob ' (backup?) files (after backing up both!).
Click to expand...
Click to collapse
It may be that the time stamp on the '.mac.info' file must be earlier than the time stamp on the '.mac.cob' file. Can anyone confirm this?
Can anyone make a script to reverse what Pry-Fi did to my device, so that it stops rebooting randomly.
I will happily pay for your time. I just cannot believe this and Pry-Fi are there only viable options? Surely someone can build a script to run via terminal to fix issues?
Let me know if you are action donations?
I would be forever in your debt!
I just got a Shield TV, and I love it. I'm probably going to root it tonight to tinker further.
One issue I have with it is how annoying it is to configure, side-load apps, upload files to, etc. I'd love to have a web console for it, and I'm willing to do most/all of the heavy lifting for the front-end and server-side web development perspective. I'm going to need help on other fronts, however.
I'm a full-stack web developer. Most of what I've done professionally is PHP, but I'm not married to that. I'm also pretty good at configuring apache/nginx/ha-proxy/etc. Though once upon a time, I wrote front-end applications in Java and C++, that's ancient history, and I don't really have time to re-learn those skills and the Android SDK. Also, I'm not much of a designer, so unless I'm just using a pretty stock framework like Bootstrap, I'll need someone else to provide the art.
What I'm envisioning is an app that we can have in the play store that has a very simple UI to:
- install an SSH server
- install bash
- install web server/app server
- install DDNS client
- launch server on boot
- check server for new versions of the software it installed
Stuff I want the web interface to do:
- install/uninstall apps (file submission, URLs, etc.)
- 1-click installs of common things people want (Kodi, Amazon Prime Video, etc.)
- start/stop sshd
- manage mounting/unmounting NFS/AFS/CIFS/etc. shares (is this even possible on Android?)
- restart the device
- configure most settings on the device, including some hidden stuff
- file management
So, what I can do:
- script the download/install/upgrade of stuff on already rooted box in bash
- write back-end web code in PHP, Python, or Go
- write HTML/CSS/JS for front-end
What I need help with:
- writing the Android TV app to trigger the install script
- some help understanding/bootstrapping the process (what's installed by default on Android? What's the minimum we can get away with? Do we need Python?)
- someone to design the app (honestly, this can wait until we've got a baseline functionality if we like)
Anyone interested in joining me?
I'm leaning towards Go for the web app, because the binary can (in theory) be deployed standalone, and can be its own web server, obviating the need for apache or nginx or whatever. Also, performance and memory utilization -- PHP and Python are fairly expensive to run, and this is a really minor background thing.
This would be open source on Github.
While I unfortunately don't have a machine to helpwith code, nor the time for the code, I thought I'd give you a dev/modders look on the possibility/dificulty of things. Please don't think that I am discredditing this idea, in fact, I like it. Just want to passibly help you consider dev order and dificulty oy each item as listed, and hopefully add my own as others may have interest.
- install/uninstall apps (file submission, URLs, etc.) <-- Would be pretty easy. Users should provide apks, or you'll need a site that stores a lot of them.
- 1-click installs of common things people want (Kodi, Amazon Prime Video, etc.) <-- Similar to last point. You'll have to have a mirror of updated apks, weather you or another host provides it. You'll probably need a web scraper if going to an external host.
- start/stop sshd <-- I suggest dropbear, even if it's not my cup of tea. It can be easily found in other apps and should find code in open source ones to get you started.
- manage mounting/unmounting NFS/AFS/CIFS/etc. shares (is this even possible on Android?) <-- can be done. Check Kodi or other open source apps for code, though there are usually caviats to each approach. Luckly Android has fuse in most kernels these days.
- restart the device <-- Very easy
- configure most settings on the device, including some hidden stuff <-- Gonna be a long process, but you can probably reverse engeneer the apks and parse the XML files for a shortcut.
- file management <-- Super easy. Use the ssh server, or adb connection.
Over all, I think a lot of this is possible. Luckly these machines have the beef for a web server, and several are ported last I checked, though they may be out of date. Even still, check their codebase for a massive head start as they are mostly required to keep open source by licence (Apache excluded, though some still are). I would also suggest these features as they would be somewhat easy to imprement once the base file management is started, and would broaden the scope to bring in more users, support and interest, and hopefully devs.
-Rom Manager for emulators.
Mass File Renamer based on Filebot (Both are java, so should not be TOO hard to port) as many buy this box for Kodi.
I'll think of more.
I'm not an app dev, though I do rom modding and sometimes porting, and I can offer insite to things, so if you have questions on specifics, please pm me. If I get some free time, and a dev machine, I'll let you know antd get things going in the right direction. May also want to, once this idea is flushed out, post something in a more general android TV/ App Development thread for cleanness and to get devs on board (don't post in dev till there is code to show on github though please.
Something like remix os would be nice, this x1 has a lots of power
Sent from my trltetmo using Tapatalk
This is a great idea. This device is in serious need of developer attention. Im not a dev at all but Ive gotten pretty familiar with this device and Android OS in general, especially after spending so much time digging around trying to make android things happen that apparently were not indended for Android TV. I will be more than happy to be a tester and keep up so as to offer any ideas and some of the ways Ive found to do stuff.
@kdb424 - Thanks for the info. I'm working on a prototype right now. First build is going to list a bunch of stuff from the setting status, and allow you to reboot the device. I'll post the Github repo when I have that.
Great ideas!
There is a tool sorta in development already that does a lot of this (I've mentioned it on the Shield Zone a couple of times)
https://sites.google.com/site/nvidiashieldtvutilityapp/home/
My main needs (personally) is a means to move files to and from and my current solution is a free FTP server that works even when the Shield TV is sleeping.
https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
... works very well despite having to side load, has a terrible interface, etc. Set and forget. What's great is, I can use my file-manager-on-steroids Directory Opus to manage files since it is a standard FTP connection.
@darkuni - Yeah, I saw that, but I've got no Windows PC's in the house -- 2 Macs, a Chromebook, a Linux server, phones and tablets. I'm an old-school UNIX guy, and Windows doesn't strike my fancy. Plus, it seems like the sort of thing a web app is best for. No need for a fat client.
darkuni said:
Great ideas!
My main needs (personally) is a means to move files to and from and my current solution is a free FTP server that works even when the Shield TV is sleeping.
https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
... works very well despite having to side load, has a terrible interface, etc. Set and forget. What's great is, I can use my file-manager-on-steroids Directory Opus to manage files since it is a standard FTP connection.
Click to expand...
Click to collapse
Thanks for that I'll give it a go. I use ES file manager currently but it closes the server when you exit the app. Will also try this on a couple of FireTV Sticks I have dotted around the house as Kodi boxes :good:
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
No one?
Beefheart said:
I have a Shield TV arriving later today. On my previous Android box I setup a VPN with a kill switch via AFWall+. This involved the installation of the OpenVPN connect application with my VPN provider details, then I used AFWall+ to prevent any data that didn't originate via a VPN connection, effectively making this a kill switch. This involved allowing both the OpenVPN application and Android's VPN api full access. It's the latter I'm enquiring about, does this api exist on the Shield TV? I've heard that native VPN isn't possible as the normal VPN settings aren't present. But does that include the vpn service api itself?
Click to expand...
Click to collapse
i have the exact same setup on all my devices, including shield tv, although ive only had to allow the openvpn app, wifi/data/vpn access for things to work, ive never had to allow androids vpn ........is their a specific reason you grant android vpn access?does it not work otherwise?
I use the other openvpn app, by the way
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Beefheart said:
I originally set it up on the tutorial in the link below, which mentions that the VPN Networking service needs to have full access. Is that service present on the Shield?
https://www.privateinternetaccess.c...otection-on-android-with-afwall-requires-root
Click to expand...
Click to collapse
I just checked for you, and yes, its there, mind you, im using zulu's full rom, not sure about stock rom but as with all my devices, i havent needed to allow this for vpn to work.
Unless theres a specific reason to do so, try without on your current devices, i suspect, vpn networking may only apply if you use androids inbuilt vpn found in settings
Edit
By the way, i dont know how far you wanna take it, but afwall has tasker plugin support, which i use to apply an afwall profile, i named "secure", that denies everything when screen turns off......aswell as other things in the same vain
Edit
I do it a little differently then what youre link suggests, i only allow the bare minimum of apps, those that i actually need internet for.......if an app has internet capability, but i have no need for that side of it, its denied, i dont whitelist ALL apps for vpn as your link suggests
I also suspect that guide was written for privateinternets method of using vpn on android, so maybe vpn networking applies if using private internet, but as for my openvpn app, its not needed.......neither is "GPS"
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Beefheart said:
Cheers. Everything set up and working perfectly in stock, no DNS leaks. A combination of AFWall+, VPN and Xprivacy has the device locked down pretty well.
And what a device, the speed is in another league compared to other similar boxes and worth the extra money. I'm glad I returned my newly purchased Minix Neo U1, this thing is so much faster and not as restricted as I was lead to believe. With a bit of work the Shield TV, even on stock, can do as much as any other Android based TV box, even one based on vanilla.
Click to expand...
Click to collapse
Yep, ive said it before and ill say it again, the shields an impressive piece of kit for sure
Xprivacy.........snap
We seem to have a very similar setup........believe me, if you wanna take it further at some point in the future.......tasker.........although, fair warning, theres a learning curve
Just some of the more basic things i automate with tasker with plugins like afwalls
When screen goes off, tasker......
Turns off wifi/3g
Turns of bluetooth
Afwall secure profile
Greenify all preselected apps
turn off "unknown sources" for extra measure, as tasker turns this off after it detects an apk install anyway
Turn of "debugging", incase i turn it on one day out of need and forget to turn off
Media volume set to 4 edit:this ones a bit out of place
Aplly afwall profiles depending on what app you happen to be using
Many possibilities with tasker, VERY usefull for many things
Non security related....kinda......... could potentially be used for such if modified
I have a small bluetooth media remote which has the numbers 1 to ten, with tasker and xposed additions module, i fooled around with it, pressing 1 connects the shields bluetooth to the bedroom speakers, long pressing 1 connects to the living room speakers..........i can imagine my self doing some neat stuff with these combination of apps and future accesories
Also, i use it to turn the shields light led to dim to let me now at a glance if the shields on or asleep, without having to change the channel
food for thought for those with similar setups
Edit
By the way, you mention dns leak, i assume you used a test site to check for the leak, any chance of a link? Incase its something very new
This ones the one i use,
https://ipleak.net/
Detects webrtc leaks on the specific browser you happen to be using at the time
Edit
For those interested
More on webrtc here
https://www.privateinternetaccess.c...ome-and-mozilla-firefox-while-using-private-i
If you use firefox or chrome, you can disable manually following this guide
https://www.purevpn.com/blog/disable-webrtc-in-chrome-and-firefox-to-protect-anonymity/
I think there are addons aswell
Edit
"and not as restricted as I was lead to believe"
Yep, i had the same thoughts, just my own assumption really, that android tv was completely different, internally, to "standard" android , pleasantly surprised, no incompatibilities so far............................good to know that stock is like that too :good:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Beefheart said:
Cheers, I'll read into all that.
One issue I'm finding at the moment is that, on a reboot, AFWall+ doesn't apply as default on the Shield and has to be done manually. This doesn't happen on my Note 3 running Lollipop. I'm sure there is a simple explanation, I'll look into it a bit more.
That website is the one I user to check leaks but there are numerous others too.
Click to expand...
Click to collapse
Im not sure i understand fully, afwall is not enabled? Or, afwall IS enabled, but your prefered profile is not "applied"?
On full android at least, afwall is enabled upon reboot i havent had any issues in that regard, (saw your other post) i dont need init.d script (usefull to have though, if/when possible)
Have you tried reverting all afwalls settings to default, to rule out that likely suspect
Another likely suspect, xprivacy, but that depends if you restrict everything like i do, including system apps , if so, have you checked xprivacies usage data for afwall and global apps?
Another suspect, could be stock firmware, but i have my doubts about that one
Assuming im understanding the issue correctly
Edit
I dont have "fix startup data leak" checked(as we dont have init.d), nor ipv6 support checked as your link described