Android: Difference between revisions

From charlesreid1
 
(31 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<!--
This page contains notes and information about rooting my Android phone, and using it as an internet proxy.
[[Rooting Android]]
-->


This page has got some info on how I use my Android phone.
=Rooting an Android Evo=


=Installing Android SDK=
Here is a really long but WORKING guide to [[Rooting Android Evo 4G]].


==Mac OS X==
Note that this was written in July 2015. That's at least 3 years after any other guide you'll find. So, if you need a MODERN guide to rooting the HTC Evo 4G, this is it. There's a LOT of crud laying around.


Download android-sdk_r10-mac_x86.zip from here: http://developer.android.com/sdk/index.html
=Don't Root Robots=


Extract to wherever you want, I put it with the rest of my 3rd-party packages in <code>~/pkg</code>.  It's a binary, so you can just extract the .zip file and put it anywhere.
Talk from 2011 going into greater detail about how various android exploits work:


You'll want to add the location of a couple of utilities to your <code>$PATH</code>, by adding this to your <code>.profile</code> or whichever dot file you put your <code>$PATH</code> stuff into (or just by running these from your command line, if this is a one-time thing for you):
https://jon.oberheide.org/files/bsides11-dontrootrobots.pdf


<source lang="bash">
=Meeting People=
export PATH="${HOME}/pkg/android-sdk-mac_x86/platform-tools:${PATH}"
export PATH="${HOME}/pkg/android-sdk-mac_x86/tools:${PATH}"
</source>


You can test it worked right by running:
Following Josh in General, let's meet some people.


<source>
==WARNING==
$ which adb
/path/to/android-sdk-mac_x86/platform-tools/adb


$ which android
WARNING: The following websites WILL package viruses with APKs, so DO NOT USE THEM.
/path/to/android-sdk-mac_x86/tools/android
</source>


This doesn't come with all the things you'll need, so before doing anything else, run the "android" program, which will run the Android SDK Manager.
<s>http://apps.evozi.com/apk-downloader/</s>


[[Image:MacDroid1.png|350px|caption=The Android SDK Manager GUI on Mac OS X.]]
<s>http://www.apkpure.com</s>


[[Image:MacDroid2.png|350px|caption=Packages I have installed.]]
<s>http://apk-dl.com/</s>


I recommend installing the following:
==Android Apps==


* SDK Platform Android (whatever the latest API is)
In order to meet people over wifi, we'll need to install some Android apps to passively listen to everything going on around.
* Android SDK Platform-tools
* Android SDK Tools


Pick "Available packages" from the side bar and then collapse the various lists there.  You'll find the above packages in the list. 
[[Android/Sniff]]


If you try and collapse the list and you see a "Failed to fetch URL (blah blah blah)", then pick "Settings" from the side bar and check "Force https://... sources to be fetched using http://...".
=Old Notes=


[[Image:MacDroid3.png|350px]]
See [[Android/Old Notes]]


==Windows==


1. Extract the HTC_Droid_Incredible_Root.zip file to a folder with the same name
http://haxf4rall.com/2014/10/21/how-to-hack-an-android-phone/


2. Open the folder and launch HTCSync2.0.25.exe and complete the installation
=Flags=


[[Image:Droidroot1.png|350px]]
[[Category:Android]]
 
[[Image:Droidroot2.png|350px]]
 
3. Copy the <code>sdk</code> directory into the root of the C drive, in <code>C:\sdk</code>
 
4. Open <code>C:\sdk</code> and run <code>SDK Setup.exe</code>
 
[[Image:Droidroot3.png|350px]]
 
a) you may get an error about https, if you do then close the window with the error message and click "Settings" on the left-hand side, then check the box that says <code>Force https:// sources to be fetched using http://</code>)
 
b) you may also need to update the version of the Tools.  Click on "Available Packages" on the left-hand side of the "Android SDK and AVD Manager" window, and then check the "Android SDK Tools" box, and then click "Install Selected".
 
[[Image:Droidroot4.png|350px]]
 
5. Go back to the unzipped HTC Droid Incredible Root folder and open <code>command.txt</code>
 
6. Open a Windows command prompt (Start > Run > "cmd")
 
7. Change directory to <code>C:\sdk\tools</code> by running
 
<pre>
> cd\
> cd sdk
> cd tools
</pre>
 
[[Image:Droidroot5.png|350px]]
 
=Internet Tethering=
 
You can get internet tethering for free using a program called Proxoid (http://code.google.com/p/proxoid).  It creates a proxy service, so that all internet requests from the computer are forwarded (via USB) to the phone, and the phone then forwards the request to The Interwebs.
 
This literally took me 30 seconds to set up.  It's very, very simple if you've got the right tools.
 
1. First, you'll want the Android SDK kit, because you'll use it to send instructions to the phone.  See [[#Installing Android SDK]] above.
 
2. Enable USB debugging on your phone: Settings > Application > Development > Enable USB Debugging
 
3. Open the Proxoid application on your phone.  I'll assume you're using port 8080, but change it to any port you want.
 
4. Run this command to tell your phone to handle tcp traffic from your local computer to the Android phone:
 
<source lang="bash">
$ adb forward tcp:8080 tcp:8080
</source>
 
Now, when your computer sends requests via port 8080, your phone knows how to handle it correctly.
 
'''You will need to run this command every time you want to use Proxoid!'''
 
5. Set proxy settings on your local machine so that IT knows to send requests via port 8080.  See next section.
 
==Setting Proxy Settings==
 
You can do this a couple of different ways:
 
===Proxy Option 1: Browser Only===
 
Most modern browsers allow you to set proxy settings that are specific to the browser.  I use (and recommend) Firefox, but other browsers will work too.  First, pick Firefox > Settings > Advanced, and pick the "Network" tab:
 
[[Image:FirefoxSettings.png|350px]]
 
Click "Settings", and Firefox will allow you to configure proxy settings.  You want to configure the proxy to be localhost and the port to be 8080:
 
[[Image:FirefoxSettingsProxy.png|350px]]
 
In normal-people speak, this tells your computer to route all internet requests through port 8080 of the local machine.  Then, any requests to port 8080 are handled by the phone (well, by Proxoid) becuase of the "adb forward tcp:8080 tcp:8080" command you ran above.
 
===Proxy Option 2: System-Wide===
 
Still working this one out.
 
===Proxy Option 3: SSH Tunnels===
 
You can use a utility called [[Corkscrew]] available here: http://www.agroman.net/corkscrew/
 
Alternatively, you can use the ProxyTunnel utility available here: http://proxytunnel.sourceforge.net/
 
You can combine this tool with [[SSH#SSH_Tunnels|SSH tunnels]] to redirect traffic from any port through an SSH tunnel.
 
Following the Proxoid Linux users guide (http://code.google.com/p/proxoid/wiki/installationLinux), you can point SSH to the Corkscrew command by adding the following to <code>~/.ssh/config</code>:
 
<pre>
ProxyCommand /usr/local/bin/corkscrew localhost 8080 %h %p
ServerAliveInterval 10
</pre>
 
Note that this will work even when SSHing to non-standard ports.  If you run "ssh -p 12345 user@host", then it will pass "host" to "%h", and "12345" to "%p".
 
The <code>ServerAliveInterval</code> is required, because otherwise SSH connections will be closed after around 30 seconds.  This sends a "keepalive" packet to the server every 10 seconds.
 
<!--
 
==Related Pages==
 
* [[Android Interfacing]]
 
-->
 
=Rooting=
 
I picked up an Android HTC Evo 4G for about $15, couldn't pass that up, so I wanted to figure out how to root it.
 
The summary of steps is as follows:
* Unlock bootloader on phone
* Download script to root phone
 
Yup, so here's the breakdown of those steps:
 
==Unlock Bootloader==
 
You can start by getting an account and instructions at http://www.htcdev.com/bootloader/unlock-instructions. They'll provide some binaries that you'll need too.
 
===Step 1: Turn off Fast Rebooting===
 
Step 1 is to turn off fast rebooting. This was in Settings > Applications > Fast Rebooting (uncheck it).
 
===Step 2: Download Fastboot Binary===
 
Step 2 is to download the fastboot binary. See the HTC developers website for the binary - they provide it.
 
===Step 3: Run Fastboot===
 
Step 3 is to run fastboot on your Mac. You'll tell it to listen for a device and get an identification token, basically a fingerprint for your device:
 
<pre>
./fastboot-mac oem get_identifier_token
</pre>
 
This will sit and wait for a device until it finds one, then it'll print the ID token to the screen.
 
===Step 4: Reboot into Boot Loader===
 
Step 4 is to reboot into the boot loader menu by turning off the phone, and then turning it on while holding down the "Volume Down" button.
 
Sequence: (Turn off phone.) (Hold down the Volume Down button.) (Power on the phone.)
 
You should now see a white android boot loader screen:
 
[[Image:AndroidRoot1.png|500px]]
 
If you use the power button to select "Fastboot USB", you should see a dump of information on the screen where you ran the fastboot command.
 
<pre>
<<<< Identifier Token Start >>>>
ED5D284CF59A7747615E7487CA511419
FDBAE245F8910567A34142D436E00153
ED5D284CF59A7747615E7487CA511419
FDBAE245F8910567A34142D436E00153
ED5D284CF59A7747615E7487CA511419
FDBAE245F8910567A34142D436E00153
ED5D284CF59A7747615E7487CA511419
FDBAE245F8910567A34142D436E00153
ED5D284CF59A7747615E7487CA511419
FDBAE245F8910567A34142D436E00153
<<<<< Identifier Token End >>>>>
</pre>
 
you'll copy and paste that whole block into the HTC developers website, and they'll email you a key that you use to unlock the phone and put firmware onto it.
 
===Step 5: Using the Emailed Key===
 
When I checked my email after submitting my device token, I found a .bin file attached to the email. Download it. Now run the following to get an unlock token using this key:
 
<pre>
fastboot flash unlocktoken Unlock_code.bin
</pre>
 
You'll see a screen like this, confirming you want to unlock the bootloader and void your warranty:
 
[[Image:AndroidRoot3.png|500px]]
 
Use the Volume Up to pick yes, and Power to select it. The Android phone will restart, and go through a new account setup. This is a brand-new install, everything is wiped clean.
 
Oh yeah, did I mention you should back up your stuff?
 
==Ready to Root==
 
Once you do all this, you'll finally be done... and ready to actually root the phone.
 
==Rooting It==
 
Following [http://htcevohacks.com/htc-evo-4g-lte-root/how-to-root-htc-evo-4g-lte-unlock-bootloadertwrp-recovery/ the instructions here]
 
In case the link to their zip file dies, here is [http://charlesreid1.com/Evo4GLTERoot2.zip a mirror]
 
===Step 1: Settings===
 
Since unlocking the bootloader reset the system, we lost all our settings. Sooo.....
 
First, disable fast boot again. Settings > Applications > Fast boot (uncheck it).
 
Second, enable USB debugging again. Settings > Applications > Development > USB debugging (check it).
 
Now we can restart into the boot loader menu again.
 
===Step 2: Restart into Boot Loader===
 
Power down, then power on while holding the volume down button.
 
Use volume down to pick bootloader and the power button to pick it.
 
Get the phone to be in fastboot mode, and waiting for the computer to do something.
 
===Step 3: Flash the Phone===
 
Now you'll use the fastboot binary and the image provided [http://onexroot.com/one-x-root/how-to-root-one-x/ here] to flash the phone, with this command:
 
<pre>
./fastboot-mac flash recovery ./openrecovery-twrp-2.1.8-jewel.img
</pre>
 
The img file comes from the link above.
 
===Intermission: Let the Battery Charge===
 
Make sure and do this process with a full battery, because the battery does not charge while the phone is plugged in. I started the whole process with 10% battery and had to end up stopping here to recharge the battery for a bit.
 
Still working off of [http://onexroot.com/one-x-root/how-to-root-one-x/ this guide].
 
===Restart Into Fastboot===
 
Now you'll do the usual, reboot into the bootloader menu by holding down volume when you power the Android on.  enable fastboot mode by picking it with the volume up/down keys and pressing the power button. It will then wait for the computer to do something.
 
A note on listing the devices available:
 
You can list devices from both adb (android debugger) and fastboot. But depending on the mode that that phone is in, the phone will only show up to one or the other program.
If you have booted the phone into the bootloader menu and selected fastboot mode, the device will show up to fastboot:
 
<pre>
$ ./adb-mac devices
List of devices attached
 
$ ./fastboot-mac devices
HT17JHL04387 fastboot
</pre>
 
whereas if we had rebooted the phone normally, we would see this:
 
<pre>
$ ./adb-mac devices
List of devices attached
HT17JHL04387 device
 
$ ./fastboot-mac devices
</pre>
 
===Use Fastboot to Flash===
 
This is where I'm getting stuck. The next step is to flash with the recovery image:
 
<pre>
fastboot flash recovery recovery-clockwork-touch-5.8.2.7-endeavoru.img
</pre>
 
But I keep seeing an error:
 
<pre>
$ ./fastboot-mac flash recovery openrecovery-twrp-2.1.8-jewel.img
sending 'recovery' (7220 KB)... OKAY
writing 'recovery'... FAILED (remote: image update error)
</pre>
 
using the stock image provided failed as well:
 
<pre>
$ ./fastboot-mac flash recovery stock_EVO4GLTE_recovery.img
sending 'recovery' (16383 KB)... OKAY
writing 'recovery'... FAILED (remote: image error! (BootMagic check fail))
</pre>
 
<pre>
$ ./fastboot-mac flash boot stock_EVO4GLTE_recovery.img
sending 'boot' (16383 KB)... OKAY
writing 'boot'... FAILED (remote: image error! (BootMagic check fail))
</pre>
 
Then I tried the Clockwork Mod ROM from Cyanogen: http://clockworkmod.com/rommanager
 
This worked:
 
<pre>
$ ./fastboot-mac flash recovery recovery-clockwork-5.0.2.2-supersonic.img
sending 'recovery' (3120 KB)... OKAY
writing 'recovery'... OKAY
</pre>
 
You've successfully flashed the image.
 
===Put Zip File Onto Phone===
 
Now we want to get our zip file with the rootkit in it onto the phone, by mounting the phone SD card as an external device and put it on there with the computer. But I'm not sure how to mount the phone SD card to put a zip file on it.
 
[http://theunlockr.com/2012/10/13/how-to-root-the-htc-evo-4g/ This guide] claims there is a menu item in the bootloader menu, but I don't see one.
 
How to mount the phone as a USB device to put the zip file onto the SD card?
 
I tried using adb push, like this:
 
<pre>
$ ./adb-mac push CWM-SuperSU-v0.87.zip /sdcard/.
failed to copy 'CWM-SuperSU-v0.87.zip' to '/sdcard/.': Permission denied
</pre>
 
But that gives me permission denied errors. What the hell is the deal? Is no single person capable of both (a) rooting a phone and (b) providing clear instructions? (Maybe having a two-year-old phone doesn't help, but still, it isn't THAT old.)
 
===Rebooting into Cyanogen Mod Menu===
 
Now you can go back to the Bootloader option by pushing the Power button, and use the Volume Up/Down keys to navigate to the Recovery option. If you pick this option, it will boot from the recovery image you've provided, which boots into the Cyanogen Clockwork Mod menu.
 
[[Image:CyanogenMenu.png|500px]]
 
==References==
 
Bunch of junk:
* http://onexroot.com/one-x-root/how-to-root-one-x/
* http://onexroot.com/one-x-root-guide/
* http://htcevohacks.com/htc-evo-4g-lte-root/how-to-root-htc-evo-4g-lte-unlock-bootloadertwrp-recovery/
* http://onexroot.com/one-x-root/root-any-htc-one-x-windowsmaclinuxattinternationalone-click-method/
* http://www.htcdev.com/bootloader/unlock-instructions/page-4/
* http://downloadandroidrom.com/file/HTCEvo4GLTE/rooting/Evo4GLTERoot2.zip
* http://stockroms.net/file/HTCEvo4GLTE/Evo4GLTERoot.zip
 
This is the most ridiculous bunch of horse shit I've ever shoveled.
* bullshit guide http://onexroot.com/one-x-root/how-to-root-one-x/
* yet another bullshit guide http://htcevohacks.com/htc-evo-4g-lte-root/how-to-root-htc-evo-4g-lte/
* even more bullshit http://htcevohacks.com/htc-evo-4g-lte-root/how-to-root-htc-evo-4g-lte-unlock-bootloadertwrp-recovery/
* idiot proof guide, meaning the person writing it is not supposed to be an idiot, but they are http://gizmodo.com/5574353/idiot-proof-guide-to-rooting-the-evo
* stupid http://forum.xda-developers.com/showthread.php?t=614850
* also stupid http://forum.xda-developers.com/showthread.php?t=841360
* more stupid http://forum.xda-developers.com/showthread.php?t=865204
* obviously hacker trojans http://revolutionary.io/
* Cyanogen http://wiki.cyanogenmod.org/w/Doc:_fastboot_intro
* android developer tools http://developer.android.com/sdk/installing/index.html?pkg=studio
* recovery images http://wiki.cyanogenmod.org/w/All_About_Recovery_Images
 
This image actually works.
* Clockwork mod ROM images http://clockworkmod.com/rommanager
* sort of following this guide http://theunlockr.com/2012/10/13/how-to-root-the-htc-evo-4g/

Latest revision as of 11:41, 15 January 2018

This page contains notes and information about rooting my Android phone, and using it as an internet proxy.

Rooting an Android Evo

Here is a really long but WORKING guide to Rooting Android Evo 4G.

Note that this was written in July 2015. That's at least 3 years after any other guide you'll find. So, if you need a MODERN guide to rooting the HTC Evo 4G, this is it. There's a LOT of crud laying around.

Don't Root Robots

Talk from 2011 going into greater detail about how various android exploits work:

https://jon.oberheide.org/files/bsides11-dontrootrobots.pdf

Meeting People

Following Josh in General, let's meet some people.

WARNING

WARNING: The following websites WILL package viruses with APKs, so DO NOT USE THEM.

http://apps.evozi.com/apk-downloader/

http://www.apkpure.com

http://apk-dl.com/

Android Apps

In order to meet people over wifi, we'll need to install some Android apps to passively listen to everything going on around.

Android/Sniff

Old Notes

See Android/Old Notes


http://haxf4rall.com/2014/10/21/how-to-hack-an-android-phone/

Flags

Retrieved from "https://charlesreid1.com/w/index.php?title=Android&oldid=23213"