What is everyone here doing for a firewall? - Nook Touch General

Am a little bit surprised (to say the least) that a device for ebook reading with a shop based function, has no working firewall!
Especially as the kernel is based on Linux!
What are people here doing for a firewall?
Has anyone manged to get ipchains etc back onto the Nook?
Freya

FreyaBlack said:
Am a little bit surprised (to say the least) that a device for ebook reading with a shop based function, has no working firewall!
Especially as the kernel is based on Linux!
What are people here doing for a firewall?
Has anyone manged to get ipchains etc back onto the Nook?
Freya
Click to expand...
Click to collapse
I doubt that an unrooted NST has any listening ports, so no need for a firewall. Credit Card details aren't stored on the NST itself, so an attacker would need to sniff the (SSL-encrypted+signed?) network traffic and use that to log into the account, if that's even possible. I suspect that all an attacker could do would be to buy books for the registered user without their permission.

cowbutt said:
I doubt that an unrooted NST has any listening ports, so no need for a firewall. Credit Card details aren't stored on the NST itself, so an attacker would need to sniff the (SSL-encrypted+signed?) network traffic and use that to log into the account, if that's even possible. I suspect that all an attacker could do would be to buy books for the registered user without their permission.
Click to expand...
Click to collapse
We know that at least port 80 exists because of the built in web browser and the nook must be receiving data somehow for the books etc.
You are right that the credit card details are almost certainly stored remotely but once a hacker is inside they can log the data from the keyboard so that when you update your credit card details you are passing on the details to who knows who.
Freya

FreyaBlack said:
We know that at least port 80 exists because of the built in web browser and the nook must be receiving data somehow for the books etc.
You are right that the credit card details are almost certainly stored remotely but once a hacker is inside they can log the data from the keyboard so that when you update your credit card details you are passing on the details to who knows who.
Freya
Click to expand...
Click to collapse
No, that's not how TCP works.
The NST will make a connection from an ephemeral source port in the range 1024-65535 to the destination port of 80 (http) or 443 (https) on the server. Connections cannot be established to the ephemeral port on the NST without MITMing the connection. If you're worried about that, you should also worry about lots of other attacks (e.g. transparent malicious proxies) that an IP firewall also won't protect against. And don't connect your WiFi devices to untrusted networks (which is good advice anyway).
TL;DR: the lack of an IP firewall on an unrooted NST is the least of your worries.

cowbutt said:
No, that's not how TCP works.
The NST will make a connection from an ephemeral source port in the range 1024-65535 to the destination port of 80 (http) or 443 (https) on the server. Connections cannot be established to the ephemeral port on the NST without MITMing the connection. If you're worried about that, you should also worry about lots of other attacks (e.g. transparent malicious proxies) that an IP firewall also won't protect against. And don't connect your WiFi devices to untrusted networks (which is good advice anyway).
TL;DR: the lack of an IP firewall on an unrooted NST is the least of your worries.
Click to expand...
Click to collapse
Well I would worry about malicious proxies but I'm not sure I can do anything about them really.
So what you appear to be saying is that the whole firewall thing is very overrated and isn't really all that necessary.
I assume it was just one of those things that was trendy for a short while some time ago but has now gone out of fashion.
I know a lot of people turn off their firewalls to play networked computer games because the firewall tends to get in the way, so maybe they are a lot less important than I assumed.
You are right that I probably worry too much about these things.
The thing you say that makes me pause for thought tho, is about connecting to untrusted networks.
Isn't the internet itself an untrusted network? Or am I being over the top again because I'm basically protected by my ISP?
Freya

FreyaBlack said:
Well I would worry about malicious proxies but I'm not sure I can do anything about them really.
So what you appear to be saying is that the whole firewall thing is very overrated and isn't really all that necessary.
Click to expand...
Click to collapse
It depends.
IP firewalls are still quite useful to protect networks where people may connect hosts running network services that don't comply with the organisation's security policy. And host firewalls are sometimes useful if there are listening network services that cannot easily be disabled, or if there are outbound connections that one wishes to block. More intelligent firewalls that perform some deep packet inspection can also be useful these days (mostly because so many so-called "firewall friendly" network protocols just run over HTTP(S)).
The thing you say that makes me pause for thought tho, is about connecting to untrusted networks.
Isn't the internet itself an untrusted network? Or am I being over the top again because I'm basically protected by my ISP?
Click to expand...
Click to collapse
That depends how competent and/or malicious your ISP is, and how co-operative they are with the local government!
Freya
Click to expand...
Click to collapse

Related

Hacking the G1 through wifi?

I know this is a little overboard. But i got to thinking last night that...
1. Our phones run a linux OS
2. Have exploited a super user root account which should be usable at any point while on the phone
3. Has wifi capabilities built in to connect and obtain a routable internal ip address
What is to prevent someone that knows what their doing from accessing the phone and messing up through the internal network.... or pretty much a basic hack. The phone runs nothing different (well a little different) linux distro with all commands still available. The root account doesnt even have a password to protect it and im scared to set one for fear of messing something up (supposed to have no password). I dont know if i needed root access for it to automatically know what the password is as most apps are made to probably not need a password. So whats to stop someone from hacking into the G1 and pretty much screwing everything up
The fact that there is no SSH/Telnet server running by default, so you can not make a remote connection to your phone without explicitly starting said server on the phone first.
daveid said:
The fact that there is no SSH/Telnet server running by default, so you can not make a remote connection to your phone without explicitly starting said server on the phone first.
Click to expand...
Click to collapse
good point but what about using exploits that could or have been found in the distro that this is based on or made from. When connected to any internal network you dont need a telnet or ssh tunnel to "remote" into the computer, just use commonly found exploits (if any?)
whats going to prevent this??
this bad boy right here:
http://forum.xda-developers.com/showthread.php?t=449536
well then andrew theres the answer to your question...
inpherno3 said:
good point but what about using exploits that could or have been found in the distro that this is based on or made from. When connected to any internal network you dont need a telnet or ssh tunnel to "remote" into the computer, just use commonly found exploits (if any?)
Click to expand...
Click to collapse
An "exploit" still requires some avenue of access. What you mean by an exploit is, for example; someone listening in as you log in as a regular user over telnet who then later logs in as the same user, but uses a KERNEL BUG to grab root access. This still requires a telnet server to be running. If your telnet server is NOT running, then they can't EXPLOIT the KERNEL BUG to steal root access. Another example is running unknown code on some remote web page, which then exploits a BROWSER BUG, for example; http://www.microsoft.com/technet/security/advisory/961051.mspx
You see, it doesn't matter if someone is connected to the same network, if there is no way into your computer, there is nothing they can do, even if you don't have a protected root account.
And if it makes you feel better, there's no reason you can't run iptables firewall on your phone. It is kernel supported and there are executables compiled for this device.

How will "they" know if I tether with a rooted Nexus One

Just read Tmobile is going to charge for tethering & wi-fi hot spot. How will they know? Isn't data, data? I don't want to be charged for something I might use 5 times a year.
Sent from my Nexus One CM6 using XDA App
I don't know if they can tell, I have used the hotspot feature with my Nexus quite often and AT&T has never tried to charge me.
They wont.
[email protected] said:
Just read Tmobile is going to charge for tethering & wi-fi hot spot. How will they know? Isn't data, data? I don't want to be charged for something I might use 5 times a year.
Sent from my Nexus One CM6 using XDA App
Click to expand...
Click to collapse
Where did you read this from? No source, it didnt happen.
Starts 11/3/2010
Zephyron said:
Where did you read this from? No source, it didnt happen.
Click to expand...
Click to collapse
http://www.boygeniusreport.com/2010/10/26/t-mobile-to-debut-tethering-plan-on-november-3rd-14-99/
the only way they could know if you are tethering is if you are using the carrier's native ROM, i don't think they would ever find out when running a custom rom.
If you don't bother searching - at least do read the same thread on the same 1st page of the forum, instead of opening another one.
Einstein was right about infinite things...
Packages being sent contain HTTP requests, which may contain info on the device that's being used, among other stuff I don't really know about.
If those packages contain specific info on the device, they probably can tell even if you're using a custom ROM, just by putting some effort into it.
Anyways, if by some mean they'd manage to analyze it in a way where they can tell whether you're tethering or not, we'll also find a way to trick them by parsing those packages on the fly.
So, ultimately, I don't know whether they can tell or not if you're tethering, but if they can don't worry, someone will take care of it.
St.Jimmy! said:
Packages being sent contain HTTP requests, which may contain info on the device that's being used, among other stuff I don't really know about.
If those packages contain specific info on the device, they probably can tell even if you're using a custom ROM, just by putting some effort into it.
Anyways, if by some mean they'd manage to analyze it in a way where they can tell whether you're tethering or not, we'll also find a way to trick them by parsing those packages on the fly.
So, ultimately, I don't know whether they can tell or not if you're tethering, but if they can don't worry, someone will take care of it.
Click to expand...
Click to collapse
Companies cannot legally spy into your network traffic in that manner here in the US.
JCopernicus said:
Companies cannot legally spy into your network traffic in that manner here in the US.
Click to expand...
Click to collapse
This is true, deep packet inspection is against the law as it infringes what little privacy we are still allowed thanks to homeland security
St.Jimmy! said:
Packages being sent contain HTTP requests, which may contain info on the device that's being used, among other stuff I don't really know about.
Click to expand...
Click to collapse
Not picking on you, but I'm sure you mean packets
Here in France, SFR set up atransparemt proxy that checks the user-agent sent by your browser.
You can trick it by setting a mobile user-agent on your PC.
Sent from my nexus desire
zEar said:
Here in France, SFR set up atransparemt proxy that checks the user-agent sent by your browser.
You can trick it by setting a mobile user-agent on your PC.
Sent from my nexus desire
Click to expand...
Click to collapse
That's screwed. You can set any UA when using a custom ROM, so you'd be charged for tethering when you set it to Desktop?
In that case, someone might have a good reason to sue them...
Thanks for the info.
Sent from my Nexus One CM6 using XDA App
Jack_R1 said:
That's screwed. You can set any UA when using a custom ROM, so you'd be charged for tethering when you set it to Desktop?
In that case, someone might have a good reason to sue them...
Click to expand...
Click to collapse
First, you're right. But I forgot to mention that they won't charge you, it simply doesn't work. So if you changed the UA the way you suggest, you would see a blank page and quickly fix that
Second, I noticed after answering that I didn't read the question well (sh*t happens ) and didn't get the point about root. So to be more clear about the original question :
- "They" shouldn't be able to know if you're rooted or not, but there may be ways for them to detect that you are tethering.
Tethering and T-mobile...
If you run speedtest.net on a computer that's tethered to the N1, it shows on speedtest.net's server that you are on T-mobile USA's IP. Somehow T-mobile would have to acquire when the tether option was turned on and off at the same time the 3g service is on. They would have to submit that into the header files that get sent to their services. That would be a stretch, but it would be doable in future software updates. Say Gingerbread....
Actually, yesterday I've found something interesting about one of our local carriers.
It has 2 APNs: one for "dumbphones" and one for smartphones.
The first one allows Nexus to use internet and market, but tethering doesn't work. The DNS requests are blocked - I still didn't figure out how they block them. DNS servers get the ping, but the requests aren't resolved. Yet it looks like they're resolved, if sent from the phone.
The second one allows full internet access for the phone - and tethering also works.
So they don't detect tethering (and don't charge for it), but looks like they can block it with some restrictions that still allow the phone browser to work, when using "dumbphone" APN.
Jack_R1 said:
Actually, yesterday I've found something interesting about one of our local carriers.
It has 2 APNs: one for "dumbphones" and one for smartphones.
The first one allows Nexus to use internet and market, but tethering doesn't work. The DNS requests are blocked - I still didn't figure out how they block them. DNS servers get the ping, but the requests aren't resolved. Yet it looks like they're resolved, if sent from the phone.
The second one allows full internet access for the phone - and tethering also works.
So they don't detect tethering (and don't charge for it), but looks like they can block it with some restrictions that still allow the phone browser to work, when using "dumbphone" APN.
Click to expand...
Click to collapse
so all the other data, non browser based - how do they decide if/when to block which data ? i'm assuming this will only work on a non-rooted phone, or they are breaking the law and doing deep inspection.
if they =are= doing deep packet inspection, they can and will be held liable for eavesdropping, child porn, online harrassement (if you ever harrass someone), and a whole host of other things.
the ISP (tmo) not knowing what you're doing is a benefit to them. ignorance is bliss, and knowledge means responsibility the way the gov't views it.
lol, that last statement, the gov't and responsibility could be a joke i guess.
I believe they just have all traffic going through proxy which allows only very few selected packet types through, and blocks the rest for "dumbphone" APN. They don't check/block anything beyond DNS requests, and if you want to connect to a site while tethering "dumbphone" connection by IP - I believe you'll get there (didn't have a chance to test, but pinging IPs works without problems).
And of course, my Nexus with Enomther's ROM was used for experiments and showed exactly the same behavior.
The thing is - if I understand it correctly, it's not a planned behavior. They wanted to shut off all the network but the sites they give access to from their own WAP portal (considered "internal" internet), but in fact for some reason Nexus isn't completely blocked by it. PC is, though, when connected through Nexus.
And again, they don't have something that detects tethering - once a smartphone APN is used, the traffic is the same for Nexus and for tethered devices.
Some technical info...
Hello!
There is a way to detect if You are using tethering. Basically - tethering is routing - adding one more point in communications. So - if You just use Your phone, packets are addressed from/to Your phone. But if You are tethering - packets are addressed to device behind phone (using phone as gateway, basically router with NAT).
So - they may check:
ARP tables
TTLs
OS specific packets/DNS requests/used IP's (Why would Your phone check for MS updates? )
other things...

bypass school router blocks

hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Do u mean that you are able to surf the internet but some website, like Facebook for example , are blocked?
yukinok25 said:
Do u mean that you are able to surf the internet but some website, like Facebook for example , are blocked?
Click to expand...
Click to collapse
yes exactly, often they have keywords that they block as well, (such as game, kill, black ops, etc). maybe a proxy would work? we used to have a couple good ones but they would eventually block it.
johnston9234 said:
yes exactly, often they have keywords that they block as well, (such as game, kill, black ops, etc). maybe a proxy would work? we used to have a couple good ones but they would eventually block it.
Click to expand...
Click to collapse
yes, a free proxy can be a solution in most cases, here try some in this list first:
http://www.publicproxyservers.com/proxy/list1.html
johnston9234 said:
hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Click to expand...
Click to collapse
To do this would require some form of exe to use a proxy via a specially setup browser, or admin rights to set the system proxy.
You will find that your IT admins will block the proxies you use (I have to block proxies at my work network when we detect them).
If implemented properly (any good professional IT admin should be able to do it right), you will struggle to tunnel out using most systems.
You can't ssh forward if they block non-standard ports, or filter protocols. You can't use SOCKS proxies if they do the same. You can't use web proxies if they use smart URL filtering.
You can try web proxies, but it's an uphill battle. If you find a proxy that works, don't tell your friends, as that usage across multiple accounts flags the URL in some security systems (my users alert me to the latest proxy sites unwittingly )
Finally, you do realise you are probably breaking the acceptable use agreement? Isn't it better to do facebook etc out of school hours? Or use your phone? If you get good at evading, it is easy to remove internet access altogether from an account in most systems. Good luck in tunnelling out when you have zero internet access as your account is null routed
Summary? Try proxies, don't hold your breath, and do you really need to use facebook etc in school? Oh, and for goodness sake, don't run exes on school PCs... If they've not set them up right, you could infect the machines. They prevent EXE execution on most machines for good reason...
pulser_g2 said:
To do this would require some form of exe to use a proxy via a specially setup browser, or admin rights to set the system proxy.
You will find that your IT admins will block the proxies you use (I have to block proxies at my work network when we detect them).
If implemented properly (any good professional IT admin should be able to do it right), you will struggle to tunnel out using most systems.
You can't ssh forward if they block non-standard ports, or filter protocols. You can't use SOCKS proxies if they do the same. You can't use web proxies if they use smart URL filtering.
You can try web proxies, but it's an uphill battle. If you find a proxy that works, don't tell your friends, as that usage across multiple accounts flags the URL in some security systems (my users alert me to the latest proxy sites unwittingly )
Finally, you do realise you are probably breaking the acceptable use agreement? Isn't it better to do facebook etc out of school hours? Or use your phone? If you get good at evading, it is easy to remove internet access altogether from an account in most systems. Good luck in tunnelling out when you have zero internet access as your account is null routed
Summary? Try proxies, don't hold your breath, and do you really need to use facebook etc in school? Oh, and for goodness sake, don't run exes on school PCs... If they've not set them up right, you could infect the machines. They prevent EXE execution on most machines for good reason...
Click to expand...
Click to collapse
This is a REALLY good explanation Pulser, I always liked the way you answer to the people on XDA! (specially on the Hero thread )
By the way, why an .exe file would infect a machine? Do you mean any kind of .exe? Even from a well known company, who create safe and populars software?
I used to run, without tell anyone, firefox portable in my office to bypass firewall restrictions, is that dangerous as well?
Considering you are at school, you will lack a lot of needed rights to edit certain things. I would know, I had to get around blocks on both Windows and Mac computers my freshman year.
I would advise you use the software, Your Freedom, it's free, but requires an account, you will also need to use a browser such as Firefox, and edit the settings to use the correct IP and Port as a proxy.
It also works on both Mac's and PC's. There is another software that I had used, strictly for windows PC's, but I can't recall the name of it.
Edit: I also ran the software from my flash drive..
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
johnston9234 said:
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
Click to expand...
Click to collapse
What I did was to download firefox portable, you can google it (and if you want you can copy it to an USB drive).
If you go to firefox networking setting, you can try to change the options in advanced with "no proxy" or as wisefire said just write an IP proxy address with the correct port, you should be able to visit any website.
At least this was working flawlessy for me..
yukinok25 said:
This is a REALLY good explanation Pulser, I always liked the way you answer to the people on XDA! (specially on the Hero thread )
By the way, why an .exe file would infect a machine? Do you mean any kind of .exe? Even from a well known company, who create safe and populars software?
I used to run, without tell anyone, firefox portable in my office to bypass firewall restrictions, is that dangerous as well?
Click to expand...
Click to collapse
Only a malicious exe would cause trouble...
But on a shared school network, who knows what the user before you used...
That's why I use disk freezing software on systems I run, and a forced reboot between logins, to give you a clean environment.
But while employees run portable firefox, what if they were to use it on another pc, and it had a virus, which infected the exe?
TBH, flash drives shouldn't be used in work environments, that were used outwith that environment... But that's not realistic in a school.
johnston9234 said:
i have special access to .exe and Command prompt just because of the position i am in as a student (several Technical courses). I can execute files on my computer and i have Chrome Installed. Does that help?
Click to expand...
Click to collapse
Come on... Surely you ain't gonna abuse that privilege? You got it because you were trusted, not to work round the restrictions that are in your acceptable use policy...
yukinok25 said:
What I did was to download firefox portable, you can google it (and if you want you can copy it to an USB drive).
If you go to firefox networking setting, you can try to change the options in advanced with "no proxy" or as wisefire said just write an IP proxy address with the correct port, you should be able to visit any website.
At least this was working flawlessy for me..
Click to expand...
Click to collapse
That would work unless they filter out proxy traffic (you can often detect SOCKS proxies and other ones that are working using this method, or even block common ports like 8080)
Back in high school we used Ultrasurf and GPass. I liked GPass because it was really easy to hide from the taskbar and notification area.
pulser_g2 said:
Only a malicious exe would cause trouble...
But on a shared school network, who knows what the user before you used...
That's why I use disk freezing software on systems I run, and a forced reboot between logins, to give you a clean environment.
But while employees run portable firefox, what if they were to use it on another pc, and it had a virus, which infected the exe?
TBH, flash drives shouldn't be used in work environments, that were used outwith that environment... But that's not realistic in a school.
Click to expand...
Click to collapse
haha, All of my schools have used disk freezing software. I thought about putting it on my parent's computer so I don't have to work on it anymore.
Eventhough I generally don't work on it anymore and just have them call someone to work on it for them. hahah.
buttes said:
Back in high school we used Ultrasurf and GPass. I liked GPass because it was really easy to hide from the taskbar and notification area.
Click to expand...
Click to collapse
Back in my days in high school we just got the many different IT and Librarian passwords/usernames and some teacher's passwords aswell. Then we'd log in to them and download Kazaa (yeah, it was that long ago lol), and downloaded like a gig or two of old NES, SNES, SEGA, Etc roms and started passing them around to everyone. haha.
It got so bad that the school threatened expulsion for everyone that had the games on their user accounts because it was overloading their network and storage space.
For a while they were just searching for the rom's extensions and you could just go and change them to a .txt and then change them back when you wanted to play them, but then they finally realized that the gig of space the roms took up were about 4 times the size of the data we were allowed to have and they could just sort the usernames by the usage of storage space.
The teacher's ones were fun to have though... it allowed you change some grades here and there...especially with my method of madness which I will not describe here. lol
pulser_g2 said:
That would work unless they filter out proxy traffic (you can often detect SOCKS proxies and other ones that are working using this method, or even block common ports like 8080)
Click to expand...
Click to collapse
So, I am really interested about this topic, is there anyway to bypass a restriction if they filter out the proxy traffic?
yukinok25 said:
So, I am really interested about this topic, is there anyway to bypass a restriction if they filter out the proxy traffic?
Click to expand...
Click to collapse
Hmmm... It's possible. If they use deep packet filtering it may be hard. But anything is possible...
I won't go into details, of getting round things, as it is my job to stop people getting round them, and I know a load of tricks, but look at the protocols in use in surfing - you need LDAP/AD to log into windows domain. Then you use DNS to resolve an IP (perhaps via a corporate web proxy). Then HTTP/HTTPS to access the page.
Now think what tools the domain admins might use to administer their network - RDP? SSH? Web services on high ports?
I think I've gone into enough detail for now... I can tunnel out almost any network these days, but I don't think it is sensible, wise, nor ethical to divulge this sort of thing.
pulser_g2 said:
Hmmm... It's possible. If they use deep packet filtering it may be hard. But anything is possible...
I won't go into details, of getting round things, as it is my job to stop people getting round them, and I know a load of tricks, but look at the protocols in use in surfing - you need LDAP/AD to log into windows domain. Then you use DNS to resolve an IP (perhaps via a corporate web proxy). Then HTTP/HTTPS to access the page.
Now think what tools the domain admins might use to administer their network - RDP? SSH? Web services on high ports?
I think I've gone into enough detail for now... I can tunnel out almost any network these days, but I don't think it is sensible, wise, nor ethical to divulge this sort of thing.
Click to expand...
Click to collapse
True I am agree with you Pulser, thus I am really into this sort of things recently.
I am eager to learn..
Could you please recommend me a book or something (not too advanced) that would help me to understand better LDAP/AD, DNS and everything about security and networking?
I obviously wanna learn just for myself and I definitely don't want to spread or divulge in anyway bad behaviors..
johnston9234 said:
hey, i used to have a way around the school router blocks but i cant seem to remember what it was for the life of me. What it consisted was of an .exe that installed some software that allowed me to browse freely. I vaguely remember that the software consisted of a icon on the taskbar that was kinda an earth with fire around it....maybe?
if you have any other good router/server bypasses then please let me know. .exe file executions are blocked everywhere except in the technology building at school. Preferably i would like to have something only requiring a flash drive or it can be done within IE or Chrome.
Click to expand...
Click to collapse
if not previously mentioned, you're looking for "Tor" which comes in both installable packages or portable exe files that can be run off flash drives and includes a custom made 'Mozilla Firefox' which comes preloaded with Tor and does not save any browsing information on your client machine, thus this program is completely anon when ran from a flash drive.
www.torproject.org and you're looking for the Stable Portable Browser Bundle
Please thanks me (click thanks) if this helped
really there is a simple way
use kon-boot and bypass admin password and change the settings
kylon said:
really there is a simple way
use kon-boot and bypass admin password and change the settings
Click to expand...
Click to collapse
not if he is on a school network, he would have to physically run kon-boot on the server itself which defeats the purpose because the server would already be logged in as an admin of some kind.
-correct me if I'm misunderstanding or have missed a key post somewhere-

[IDEA/POLL] Use C2DM app for remote phone access

These apps allow you to remotely access your phone from a web browser. However, they all run a web server on the phone, and I cannot connect to any of the over 3g (Verizon).
LazyDroid Web Desktop
Remote Desktop
Remote Web Desktop
I want to move the web server off phone, and (hopefully) onto private sites.google.com site. App Engine might be necessary, but I'm hoping this could be done solely in JS.
The hosting site would provide the UI, and interact with the phone using C2DM (the magic that powers Chrome2Phone, GMail, and installing apps from the web Market).
The UI is pretty obvious. It just needs a whiz to create HTML, Javascript, etc.
The C2DM backend is a still a bit mystifying to me... and searching for c2dm and javascript does not yield any obvious working implementations. But it seems plausible. Push a command to the phone, phone returns/uploads data to website, and UI updates.
Then there is the Android end. Well, there are the 3 projects above, Tasker for a quasi-hackish approach, and RPC (promising, but it seems like a WIP).
Thoughts? Volunteers? Geniuses?
Ooo... 2 birds with one stone!
This would also kill 2 birds with one stone.
No more typing in dynamic IP addresses! You get to use DNS to handle the connections. Bookmark your site in your desktop browser (it is always the same!). And set a preference in the Android app.
On lazydroid i've in planning some kind of trick that will let you connect behind firewall ... similar to a vpn...
CloudsITA said:
On lazydroid i've in planning some kind of trick that will let you connect behind firewall ... similar to a vpn...
Click to expand...
Click to collapse
I tried it again last week, and it is still unsuccessful. Webkey is currently the only application that I can successfully use to reach my phone.
Now, I could be wrong, but I believe all of these apps run a web server on the phone. I get a lovely, private 10.x.x.x IP address, which I can't reverse the route to. I have tried and failed to get DynDNS to work.
I have been looking into a solution since my original post. I have not had any time to do code squat, but I have loosely figured out all of the parts.
The big architectural difference I have been seeking is removing the server from the phone. I am not an Android expert, but I don't believe it even requires a running service. (Thank you, C2DM.)
With the app-webservice separation, you can work a "protocol" that reduces the overall bandwidth used... and thus improve battery life. Put all the "hard work" on a webserver, and (things get fuzzy here) possibly push it off onto the client browser (JS).
C2DM Browser Links
I could probably make something like WebKey but with C2DM and some more features. If you want you can give suggestions and I'll start making on saturday (after my exams). It would probably be possible in javascript for the actual sending from server and php just for logging in to your google account. The phone would just be registered on the server and no services (just as you wanted )
nebkat said:
I could probably make something like WebKey but with C2DM and some more features. If you want you can give suggestions and I'll start making on saturday (after my exams). It would probably be possible in javascript for the actual sending from server and php just for logging in to your google account. The phone would just be registered on the server and no services (just as you wanted )
Click to expand...
Click to collapse
I am not sure "more features" is necessarily the direction I'm headed. I am focused on making a "seamless" experience (i.e. less separation of phone and computer).
I was headed to App Engine (Python bias + easy Google integration). I have a project created. I haven't pulled together the various examples to make the core, but it seems <naive>simple</naive>. Stir in some templates, CSS, a sprinkling of JS, and voila!
The big "tricky" part that I can't convert from f***ing magic to a clear approach is the data link in the server. I want to avoid any storage to a Google disk, or otherwise, even temporarily. No stored data = easy privacy policy.
nebkat, if you're really chomping at the bit to code, here's my Android client concept.
- C2DM is a wake-up call. (cheat an borrow ChromeToPhone's ID to begin with)
- Connect to web server, send "I'm here," and wait for further instructions (Channels API/Comet/AJAX/.........)
- make the command set extensible
- each command is blockable in the client. (Permission control is set on the phone, not remotely.)
- After N minutes of no activity, send a "good bye," disconnect from the server, and fade into the background.
Don't worry, I'm very experienced with the server side stuff and I know exactly what you want. The only information stored on the sever side would be google account, the device c2dm registration id and some logging features just for statistics. A password could be set on the phone that would be sha512 hashed on the ajax request and would be sent to the phone. Even if a hacker found the hash, it would be useless without being logged in to the persons google account or knowing the server side auth token.
For now i'll just make the reciever, processor and command output and later on the extra security and ui stuff. It will work exactly the same way as Chrome2Phone except it will have server side php and the different commands. The connection from pc to phone will be something like this.
user command -> ajax request -> php c2dm request -> phone
phone -> php server http request -> controller page status
BTW I'm saving up for a Nexus S, how much would people pay for this type of app? There would definitely be a free version, but I just need to get the Nexus S because I have a Galaxy Spica now and it isn't the best for app development. I'm new to how stuff at xda works, would a donate version get me enoguh for the Nexus?
nebkat said:
Don't worry, ... <snip> ... auth token.
Click to expand...
Click to collapse
Alrighty then. I'm feeling like I can stop contemplating implementing this.
BTW I'm saving up for a Nexus S, how much would people pay for this type of app? There would definitely be a free version, but I just need to get the Nexus S because I have a Galaxy Spica now and it isn't the best for app development. I'm new to how stuff at xda works, would a donate version get me enoguh for the Nexus?
Click to expand...
Click to collapse
Since I was learning the ins and outs of App Engine, I read their quota rules and realized if this were popular it would require funding. I don't know where you are going to your web server, but I assume you'll have to pay someone to keep it running. But I had thought about $$$ already.
"Give away the razor, and sell them the blades."
Make the app free, no feature restrictions.
You get your money through various "membership" levels on the server. (See the account levels at fastmail.fm for an example.) So, you can use the app for free, but you only get, say, 2-3 MB of traffic per day, and only X sessions per day. Need more? See the pricing chart.
user command -> ajax request -> php c2dm request -> phone
phone -> php server http request -> controller page status
Click to expand...
Click to collapse
user command -> php server http request -> phone
phone -> php server http request -> controller page status
user command -> php server http request -> phone
lather, rinse, repeat.
C2DM is not deterministic, and acts up in low signal conditions. So, I made a decision to only use C2DM to initiate a session. Once both ends are connected to the server, everything goes over HTTP.
Oh.... and not that we need another Lookout/Phone Finder, but a shared-secret SMS code for the case where "they" have shut down the data connection.
I have my own server nebkat.com and there is nothing on it anyway.
The only other way to make "push" requests to the phone is with WebSockets. It would probably be better than c2dm because we have full control over what gets sent (google limits some requests). The advantage of WebSockets is that they send no header information which means that we could send our messages in 20 to 30 bytes.
I'll look into more detail on friday.
With web sockets won't you need to ensure the phone has a routable, external IP address? I know, for one, t-mobile does not expose an external IP address for their phones. Unless, of course, if the phone is connected over WiFi. C2DM works great for me (I have used a couple of apps with it and it is really useful).
MrGibbage said:
With web sockets won't you need to ensure the phone has a routable, external IP address? I know, for one, t-mobile does not expose an external IP address for their phones. Unless, of course, if the phone is connected over WiFi. C2DM works great for me (I have used a couple of apps with it and it is really useful).
Click to expand...
Click to collapse
No, WS is server initiated and the ip address' shouldn't make a difference.
MrGibbage said:
With web sockets won't you need to ensure the phone has a routable, external IP address? I know, for one, t-mobile does not expose an external IP address for their phones. Unless, of course, if the phone is connected over WiFi. C2DM works great for me (I have used a couple of apps with it and it is really useful).
Click to expand...
Click to collapse
You need an valid external IP address if you are attempting to initiate contact with your phone, which is why the 4-5 apps I've mentioned do not work on carriers like t-mo and verizon.
But the phone can establish a connection, and the carrier NATs (or whatever) will handle the routing for outgoing and incoming data.
I think the right questions are: Will Verizon/T-Mo allow the ports and protocol for WebSockets? Do Android and desktop browsers implement the draft API correctly and consistently?
I like C2DM. I works well when you have a good connection. But there are 3 issues with it.
1) The message size limit is 1024 bytes. Not ideal for file transfers.
2) In a poor signal areas, since the service retries sending messages, you will get delayed and/or duplicate messages. I work in a large "concrete" building, so I get this behavior often enough that I don't want to rely on it.
3) I believe there is a limit on the number of messages you can send. So, hunting around the filesystem could hit this limit (but unlikely in reality... I hope.)
It would be interesting to see exactly how those apps handle all of the data. Do they only use C2DM, or do they hand over to another protocol?
Ok my exams are over and I am starting with it. I'll give updates on this thread

[Q] Never use WiFi access point?

Is there any way to tell Android (or CM7, if there's a difference) to never use a particular access point? There are three APs at my office that look equivalent as far as the WiFi software can tell, but two are unusable for administrative reasons, and I'd like to tell my NC to just ignore them. Sometimes it latches onto one of the wrong ones and I have to connect to the right one manually.
Can't just forget them, because they come back next time it scans.
Thanks!
If they can't be accessed then why are they there at all? If they can be accessed by certain people then shouldn't they be password protected? Maybe I'm not understanding the question but In my home I have 2 one connect to everything on my internal network and that's password protected. The other is for guests which don't need a password.
Anyways I did find this app. I have never used it but from the looks of things it may help.
https://market.android.com/details?id=com.hogdex.WifiRuler&feature=search_result
IFLATLINEI said:
If they can't be accessed then why are they there at all? If they can be accessed by certain people then shouldn't they be password protected? Maybe I'm not understanding the question but In my home I have 2 one connect to everything on my internal network and that's password protected. The other is for guests which don't need a password.
Click to expand...
Click to collapse
The answer has more to do with the administratium density in the building than anything sensible. One is fully open, another is open at the 802.11 level and password protected, but you have to access an internal website to find today's password, and the third is is inside the firewall but 802.1x protected and they don't support Android for that.
Anyways I did find this app. I have never used it but from the looks of things it may help.
https://market.android.com/details?id=com.hogdex.WifiRuler&feature=search_result
Click to expand...
Click to collapse
Thanks for the pointer! I've installed it, and it helps quite a bit. I reliably get the new mail notification noise from my bag before I pass through security.

Categories

Resources