SAR support on Android 10 #83
Comments
|
System-as-root by itself has nothing to do with root access (that is, a Hijacker will call this binary, you will be asked whether you approve of this by your system/Magisk/whatever-your-rooting-solution-is, and Hijacker will have a shell with root access to run the tools it needs. As long as nothing goes wrong in the above procedure, Hijacker should work. Now, a requirement for Hijacker to work is to have a custom firmware installed for your device's wireless adapter. I see from your logs that you tried to install it. The way Hijacker does that is simple (as it can be seen in the
That's probably where it all goes wrong in your case. I have no idea what has happened with SAR, but Hijacker might not be able to remount the system as read-write and write the new firmware to it. Or maybe the install directories are wrong, or the supplied firmware doesn't work on Android 10, or the specific command I used doesn't work for some reasom, or a thousand other things that can go wrong... So what I propose is that you try to install the firmware by yourself and then try again. |
|
Testing tools is like it was before. Everything has a check mark except Kali chroot which is good. That is what I should replace and try again? |
|
You should try to install the firmware manually. Find the firmware binary, find out where it is located in your device and replace it. Reboot the device and hopefully it will work. |
|
Alright here's what I did and I failed miserably just like when I was messing with LineageOS 14.1. I replaced fw_bcmdhd.bin in /system/vendor/firmware/ and rebooted. That is where Hijacker detected the firmware. Is that location correct? Because after reboot I bricked Wifi and the the toggle went back to Off every single time I turned it on. To fix I had to flash ROM in TWRP again and that fixed it but I am back to square one. I never had success with manual replacing only when Hijacker did it in the past. |
|
Make sure you are using the correct firmware file and that you replace the original file with the new without changing the filename. |
|
I took this: And renamed it to fw_bcmdhd.bin, is that the issue? Does it make a difference if I rename the file? |
|
You should rename it to fw_bcmdhd.bin and replace the original file with it. Also, place the nexutil binary in a PATH accessible directory. |
|
Yep. That's what I did with the firmware. Copy and replace it in /system/vendor/firmware/ or delete and paste in new file. That didn't work. |
|
Did you run the tools manually in a terminal? What happens then? |
|
I tried to run nexutil from /data/data/com.hijacker/files and I got this: |
|
nexutil must be in a PATH accessible directory and you can run it from anywhere you want. Run the test commands supplied by Hijacker. |
|
Put nexutil in /system/bin and I get this now: |
|
You need to |
|
chmod: nexutil: No such file or directory |
|
Alright. I chmod 755 in TWRP and now I can run nexutil --help |
|
TWRP has nothing to do with this. I say again: Run the test commands supplied by Hijacker. |
|
Oh I thought you asked me to put nexutil in /system/bin and chmod it and run it from there. Now you are asking me to run stuff that in the Hijacker gives me a check mark already? Ok. I did that. I copied the first test command. su then typed /data/user/0/com.hijacker/files/bin/aircrack-ng /storage/emulated/0/Hijacker/capture_files/wpa.cap-01.cap It clearly run but and told me that there's no such file or directory, and no networks found, exiting and, Quitting aircrack-ng... I get what you mean. These do work. I am having issue with the the firmware. I can repeat myself again that after I replaced fw_bcmdhd.bin with the patched one then I cannot get Wifi working anymore. It just turns itself off when I try to turn it on. Maybe that is also some permission hell. I am doing some research on that right now. |
|
Run the command for airodump-ng, not aircrack. After installing the firmware, turning the wifi on and running |
|
I managed to fix it. It's working. Here's what I had to do to get this bloody Nexmon firmware working. I needed to chmod fw_bcmdhd.bin to 644 to match the stock firmware (-rw-r--r--). This is why it wasn't working. For some reason it's not like that and the only way to replace the firmware right now is in TWRP. Including placing nexutil in /system/bin and chmod 755 it. I can use Wifi now and it doesn't fail to load the firmware. Chip is in monitor mode now when I run Hijacker and I can see now my APs. Now it's your turn to have SAR support.
|
|
I'm glad it works. I'd be happy to make it work, but unfortunately I can't run LineageOS 17.1 on my device, so I can't test anything. If you want you can help me figure out what goes wrong. I'll need you to follow the instructions below and tell me what happens. Starting conditions:
I'll assume that:
Procedure:
Follow the steps above, pay attention to the starting conditions, and tell me what works and what doesn't. Steps 3 and 4 are expected to fail (would be interesting if they worked), steps 5 and 7 might fail because of SAR (?), the rest are fairly simple. |
|
I can already see that that step 5 will fail without even trying. ROM maintainer even told which line is problematic in the code and it's the busybox one: But I did try the busybox command and this is what you get: |
|
Maybe the solution is simple: https://android.stackexchange.com/questions/220370/how-to-modify-system-priv-app-in-android-10 Edit: I did try this and busybox was happy. It returned nothing so I assume it worked. |
|
Ok, what about the rest? |
|
Because this is my main phone and I needed it today. It already has the patched firmware and nexutil in the right place. First I need to revert everything and I didn't have time for that. That's all I could test. Please read the two tweets and the Stack Exchange link. It explains why this doesn't work... |
|
Flashed the latest ROM version in TWRP. That undo everything I did manually from TWRP. It reverted to stock firmware and it deleted nexutil from I cleared data and cache for Hijacker. Ran it once and dropped the files in Ran Terminal and got myself root with Key part here!
I copied firmware Copied nexutil with cp Last part. Also very important.
Now you must either detect SAR. ROM maintainer said something about providing a zip that you can flash in TWRP that does the same thing. Copy the files in the correct directories and do the chmod for the two files. That's also a decent fix. You just flash it from TWRP after the ROM and you don't even need to touch the Install Nexmon option from Settings. |
|
Ok, so what you're telling is that all I have to change to fix this is to change the command to remount |
|
That's what I understand from current behavior. What I wrote worked for me and I might even create a zip for myself that does the same thing. At least on this LineageOS 17.1 ROM on hammerhead. I will quote topjohnwu's tweet again:
|
|
Alright, give this a try. The changes have been pushed. |
|
For some reason it hangs as soon as I tap on Install when I try to install the firmware and management utility. Something is still not right. |
|
Give me a logcat, I can't work with "it hangs". Edit: Also, give me the output of |
|
This might be a better one. |
|
Ah yeah my bad. That's what you get when you program something you can't quite test. |
|
An unknown error occurred. |
|
God dammit... ok third time's the charm.. |
|
Unexpected Error with a a restart/send via email button. |
|
I need to test this last one a bit more. It said it installed the firmware and utility but it didn't work straight away. I had to do it one more time. Reflash the same ROM to undo changes and trying again. But here's logcat just in case. |
|
I think this is good now. Same kind of second result. I had to run Hijacker again to show SSIDs. Which is no big deal. Edit: I can see /system is not remounted as read-only. This is extremely dangerous. I have one question still. May I ask why fw_bcmdhd.bin is chmod 755? Is execute needed? I see |
|
The system is remounted as ro after the operation, but there are no messages in logcat because I assume that since the install() function passed the 'remount as rw' point, then I don't have to verify anything and print debugging messages. I honestly can't remember why I put in 755 instead of 644. I don't even see any Did you see any problems with this last apk? |
|
If you mean Hijacker-release-v1.5-beta.12.4.zip then that was fine. It did what it was supposed to do and the end result was seeing SSIDs in Hijacker. This time I needed to reboot to make Hijacker work but that's not really a bug. It did copy the necessary tools. But I might have found another bug. When I tap on watch for a 5GHz network it gives me the "Airodump is not running!" message. |
|
I made a few more changes, please test this and if all goes well I will upload it. Hijacker-release-v1.5-beta.12.5.zip The issue with the 5Ghz network probably has something to do with the channel not being read correctly by airodump-ng, so the resulting command might fail. As I can't replicate this right now, I can't investigate it further. Check the reading for the channel of the network you are trying to 'Watch', if it's something weird this might be the cause. |
|
Tag @aircrack-ng for latest note |
|
Tried Last build you uploaded. Installed the apk, reverted changes on the ROM I have with flashing over the same ROM in TWRP, booted back in, cleared storage & cache for Hijacker, ran it, agree to things, tap on install, management utility in /system/bin, install again. Closed Hijacker, reopen it and I can see networks on the list. As for tools, I don't know what versions are they and if they are updated or not. I didn't check those yet. But I did find the other issue here that's exactly like mine so I did not find anything new. I guess it's fine now for others as well? @kimocoder would updating aircrack-ng binary fix this issue? Edit: Changelog looks promising for aircrack-ng. Mainly the PMKID stuff. Another feature I'd like to see in Hijacker one day. But there's a separate issue opened for that as well. |
|
I remember an old bug in airodump-ng where it couldn't get the channel correctly, and I know this has been fixed. There also has been a release recently, which include the fix for sure. Without having the output, it's hard to know what is wrong; even just getting the CSV (or PCAP) file would help. |
|
@aircrack-ng Thank you for confirming. I checked and Hijacker has 1.2 rc4. Very outdated. This is our only issue probably. First I would try updating it and see if the issue is resolved. |
|
I am aware that the binaries are old. I had trouble compiling them by myself for arm as PIEs, so I used these, if I remember correctly I got them from nexmon. |
|
I can try compiling new binaries if you'd like. Let me know what cross compiler, and what parameters I need. |
|
That would be awesome, thank you. The binaries I'm using are built from here, they were built with NDK for Android, which I'm not very familiar with. @sztihamer is right, they are version 1.2-rc4. Perhaps you could start there? |
|
The main source for the binaries, mostly used on Android project is the one below https://github.com/kriswebdev/android_aircrack As @chrisk44 says above, it's also used in the Nexmon repo. However, there are newer binaries available too already, take a look in the commits on top below https://github.com/TheMMcOfficial/nexmon/commits/master armv8 support commit is also there |
|
1.2-beta2 is even older than what we have. The Nexus 5 is not armv8 though. This other one is 1.5.2 but I don't see any binaries. |
|
Has to be cross-compiled with the NDK 11c (used in Nexmon) |
|
Yes. I'm aware of that. Are there any precompiled 1.5.2 binaries out there or only that source? Sorry if I misunderstood you but it sounded like there's some in that repo. |
|
I recommend building from source, it's fairly plain simple as it's all there already |
|
That's beyond me. Can you do that for us please or we should wait for @aircrack-ng 1.6? I would prefer latest in Hijacker but 1.5.2 should be sufficient I guess to test channel bug. |
|
Yeah, both aircrack-ng and reaver binaries should be updated 👍 Hijacker is really an awesome tool/app. Unfortunately no, I'm not next to any computer for another week |
|
Then we wait because that's our only option. I glad we got SAR support though. That's one step forward. Simplest thing would be official Android NDK builds. But I don't decide that. Would be cool though. |
|
Absolutely, me too. I also use external adapters with the tool on Android 10, working like a charm 🥇 |
Hijacker fails to show any networks with the latest version on LineageOS 17.1 on the Nexus 5.
Link to ROM:
https://forum.xda-developers.com/google-nexus-5/orig-development/rom-lineageos-17-1-nexus-5-hammerhead-t4039273
https://sourceforge.net/projects/hammerhead-lineageos/files/17.1/
Logs in this post and explanation why Hijacker won't work. Because of SAR (system as root):
https://forum.xda-developers.com/showpost.php?p=81807009&postcount=106
I have latest stable version of Magisk installed (20.3) but I guess tools are not loading nor the firmware is getting swapped with the Nexmon one.
The text was updated successfully, but these errors were encountered: