OBSOLETED Some tips, tricks, and hacks for advanced users of Samsung galaxy S4 active (I9295) or other Android 4.2.2 (Jelly Bean) smartphones
Presently I am using Graphene OS, which I consider an acceptable solution concerning privacy and security, while being compatible with
necessary ``mainstream'' apps. I would still prefer a true Linux phone with an Android sandbox, but there is none meeting all the requirements so far.
The text below is outdated and obsoleted.
A couple of years ago, on my
page dedicated to Nokia N900 I have
expressed a dislike for Android. However, the availability of LTE connectivity motivated me recently (2014) to get a newer phone.
I considered the
Jolla phone, but I could not find reliable information whether its
LTE capabilities are compatible with networks in Czech republic, so I in the end did not dare to buy it.
Choosing the least evil, I ended with a Samsung galaxy S4 active (I9295) phone running Android 4.2.2.
Update 2021: I would choose
PinePhonePro now.
I have used some Android tablet just
as a reader before, so it was not my first encounter with this system, though. I must say that my dislike for Android
did not disappear, in particular I do not understand why one should need to install "apps" for such basic things
like sshd, terminal emulator, etc., which should be provided in the basic operating system, not to speak about the necessary "rooting" of the device. And sometimes the apps even want a payment or bother you with some ads. I prefer free GNU software :-).
On the other hand, I found it quite possible to find apk files
without making an account at google, which was good, since I absolutely refuse to feed my personal data to such a big brother company.
Now enough complaints, as a hardware the phone is quite nice and one can survive with Android, as full-fledged gnu/linux based phones are still extremely rare.
Below I give some notes and tips and tricks which I learned during the customization of the device.
It is mostly a compilation of previously known matter, which was however rather scattered over the net and sometimes
not so easy to find (a lot of things I found also did not work for this particular device and system), so I wrote this
for my own future reference and posted it here in the hope that it might be useful for others too.
My contribution are scripts to send/receive SMS and to manipulate the event calendar from the command line
and some executables which I have cross-compiled.
Rooting Samsung galaxy S4 active (I9295) with Android 4.2.2
Rooting an Android phone is an absolute must for a serious smartphone user, the first thing to do after purchase ;-).
Actually, I took care about this during the decision process which phone to buy, checked that there is a known procedure for rooting it and downloaded
the necessary files before final decision to buy the phone.
There are MANY HOWTOs on the net, I followed
the one at Androidtechnics, which worked flawlessly, except that I had to install USB drivers from a different source I do not remember exactly. For convenience I give the files here
USB_Drivers_1.5.27.0.exe and
CF-Auto-Root-jflte-jfltexx-gti9505.zip.
In spite of avoiding use of Windows for usual work, I did not want to take the risk that something with the rooting
will go wrong if I run Odin under Wine or VirtualBox and I end up bricking the device, so I used genuine Windows 8.1 for this procedure.
The rooting firmware contains the SuperSU app, so you do not need to install it separately.
Later I found that
a rooting tool is available also for the newer Android KitKat 4.4.2 firmware, but I did not want to go through all the installation again, with possible new problems on the way, so I stayed with 4.2.2.
Transferring files between Linux PC and Samsung galaxy S4 active Android 4.2.2 phone
The next thing to do after rooting is transferring the apk files to be installed, contacts, music, books, videos etc. into the phone.
If you do not want to give your personal data to various clouds, you need to transfer them from your PC.
I am avoiding windows as much as possible, so only Linux PC is meant henceforth.
There is of course the possibility to use 'adb push/pull', but I wanted a more convenient and transparent filesystem-type access.
To my big surprise and dislike, after connecting the phone to USB, no /dev/sdb appeared. I have subsequently found that
newer Android devices use MTP for data transfer, to avoid the need of unmounting the exported partitions.
I agree partly with the motivation, as it is sometimes convenient to transfer files to/from mounted partition
in the phone, but I still think that the USB mass storage should have been retained as an option, even if at least
only for external sdcard, since it is supported everywhere and quite efficient and bug free, in contrast to MTP.
This can be achieved with the app called "SGUSBMassStorageEnabler_2.3.1" (needs root), again something which
should be available in factory default!
Fortunately, Linux now supports MTP via fuse and "simple-mtpfs" implementation worked fine for me:
simple-mtpfs -s -o allow_root -o hard_remove -o intr /mnt/samsung
fusermount -u /mnt/samsung
for mounting and unmounting the phone.
Without the "-s" option it did hang when copying a directory with about 100 files.
I noticed a problem with files over 2GB size, though, maybe due to FAT, I am not sure and did not investigate further.
Later I noticed that after connecting the phone /dev/ttyAMA0 appears on the PC and its peer in the phone is /dev/ttyGS0.
The MTP seems to use these device files for the communication. You can use them for other purpose too - simply try "cat" to/from them,
but this of course breaks MTP until phone is unplugged/plugged to USB again.
Getting root command line and ssh/scp access to Samsung galaxy S4 active (I9295) with Android 4.2.2
The next step is to get a root command line on the phone. For use within the phone I install Term.apk, BusyBox.apk,
and hackerskeyboard-v1034rc16.apk which all worked flawlessly. However, this is more kind of a toy, or for emergency recovery;
for serious work
you need to ssh into the phone from a PC. I tried several apps - SSHDroid in several version and also DroidSSHdv06 (this is ads-free), but always I got "child error" - after successful authentication via password or RSA there seems to be some
problem with spawning a shell. Some trick with setting umask to 0 which I found on some forums did not help.
Finally, I decided NOT to run sshd as root, setting port to listen to unprivileged 2222. I could log in
and get a shell with user identity inherited from sshd.
Then I tried "su", but it did hang! After some trial/error I found that it is necessary to go to the
settings of superSU application and switch off the dialog asking about giving permissions to every app which requests
it, change to "grant permission always". This is obviously a security nightmare, but I did not find a better solution yet.
(If you know, drop me an email :-)).
So, finally I really owned the phone ;-).
To my bad surprise I found a moment later that scp does not work:
scp -P 2222 file root@vpnsamsung:/storage/extSdCard/
sh: scp: not found
I tried: ln -s /data/data/br.com.bott.droidsshd/files/bin/dropbearmulti /system/bin/scp
But the result is just another error message: "unknown user 10194lost connection"
Again, I HATE android and its creator google! Why a working ssdh with scp support is not in the factory firmware!!!
Why to need to waste time on such things!!!!!!
If you reply that 99% of the phone users will never need it, I reply with the
low cost of the flash memory and GNU sources for free!
I thought I will have to cross-compile ordinary openssh for ARM and install its binaries,
but I found a solution
here.
Installing the modified version of
ssh and scp binaries to /system/xbin solved the problem.
Yet another problem is lurking around corner: ssh from the phone to external server blocks on reading /dev/random - there is not enough entropy available, you have to move finger over the touchscreen to generate some...
I really dislike that android did not keep the GNU software core, in the busybox version of commands half of options is missing :-(.
Already the Posix-incompatible filesystem layout is annoying, not to speak about different init system etc. etc.
To have a specilized java-based GUI with the "apps" is a good idea, but the underlying system should have been kept compatible to GNU/Linux - no problem with the power of the hardware even a few years ago.
(And yes, Nokia N900 did run the GUI on top of X11 - perfect backward compatibility!)
To summarize this horror story:
In my view Android is just a mutilated Linux :-(((.
Activating LTE network on the Samsung galaxy S4 active I9295 with Android 4.2.2
I have noticed that the phone connects always to UMTS network even where I could get LTE connection with a USB modem.
The menu for network type selection even did not show any LTE option. I have
found on the net, that this might
happen with some telecom operators who were not timely included in some list of LTE networks maintained by Samsung.
The newer firmware 4.4.2 should not suffer this problem any more (not tested personally).
The quick remedy is to delete the file
rm /data/property/persist.radio.lteon
which contained the word 'false'. After this the LTE/UMTS/GSM option appeared in the menu, but the phone for some reason
still preferred UMTS (stronger signal?). So I installed the application Viaero 4G Toggle 3.0, which allows more detailed
control, even enforcing 'LTE only' mode, and it worked.
I have also found that the preferred net can be changed by sqlite3 in /data/data/com.android.providers.settings/databases/settings.db, for example:
sqlite3 /data/data/com.android.providers.settings/databases/settings.db "update global SET value=11 WHERE name='preferred_network_mode'"
but this seems to be effective only after reboot.
Further applications I installed at Samsung galaxy S4 active
First application to be installed (except Term, BusyBox, and DroidSSHd) is the
APK permission remover, and all other apps should be installed through it, carefully inspecting them and removing unneeded permissions. Permissions can be modified only
when installing the application, later change requires a reinstall. I find this application really excellent and absolutely essential.
AndroidIDChanger - spoof the unique Android-id, which is exposed for example to WIFI access points. Needs a reboot after the change to become effective.
Android IMSI catcher detector - but deleted it later, since it does not seem to work properly; use SnoopSnitch instead!
Anmap - NMap scanner for Android. For command line access a wrapper script is needed:
#!/system/bin/sh
cd /data/data/com.android.nmap/files
/data/data/com.android.nmap/files/nmap $*
Antox - free and decentralized alternative to Skype
at.zweng.bankomatinfos2_16 - read info from RFID creditcards
Accelerometer - get data from accelerometer and gyro
Autostart - this allows to start android apps at boot time - I do it with openvpn
Barometer - get data from pressure sensor
Bitshark - Wireshark-like packet capture/analysis for android
C:GEO - geocaching
Compass - read info from magnetometer
Cumulus - a simple aeronautical navigation for hobby VFR flying (probably the only open source one with EU airspace maps)
DNS Lookup - again something that should have been provided in the base system!!!
DroidSheep and guard - prevention of ARP spoofing MITM attacks (session-id cookie hijacking) on public wifi
EbookDroid - book reader
eCL0WN - ePassport NFC reader
Es Task Manager - kill unwanted processes from GUI
FBReader - another book reader
Firefox - (I removed the permission to give my location to web sites, as well as access to contacts and personal data). I also installed adblock+ addon, and was unpleasantly surprised that the android version does not support noscript. Otherwise the browser works fine.
I use a script started periodically by cron (see below) to delete cookies, history and cache frequently.
Floating stopwatch
G-NetTrack - give misc info about the cellular network
Hacker's Keyboard - much better than the default soft-keyboard
Init.d toggler - this hacks into the android boot process and installs /system/etc/init.d for user boot time scripts (again something which should be available by default)
However, I had to adapt the installed
/system/bin/sysinit script to work properly, the logwrapper program failed for some reason.
MifareClassicTool-1.8.1 - tool to communicate with Mifare Classic NFC smartcards
MPlayer - obvious ...
NFCProxy - tool to proxy NFC transactions
NFC Reader - simple smartcard ATR reader
OpenVPN-Installer-0.2.4 and OpenVPN-Settings-0.4.14 - worked flawlessly on first attempt
OSMAND - maps, car navigation (the download limit can be circumvented on a rooted device by directly installing the maps)
PryFi-v1.21-beta - to prevent tracking based on WiFi MAC address
QRcode Scanner - sometimes useful, its permissions have to be drastically limited
Reaver_for_Android (RfA) - WPS Wifi cracking tool ... however, it seems that this phone is not supported by bcmon and iwconfig wlan0 mode monitor reports "Operation not supported on transport endpoint"
Scientific Calculator apk
Set DNS and Set DNS Pro - again something that should have been provided in the base system!!!
Change of DNS servers by the app works fine, except for some busybox program, which cannot resolve. The lookup mechanism is different than in Unix, I could not find any resolv.conf file nor any suitable documentation.
ShellMS - a key application: enables sending SMS from adb shell, with a proper configuration wirelessly over VPN, see later. I hate typing sms on a touch screen when I sit at a computer, which I do most of the time I am awake :-)
Sipdroid - I use
VoIP over VPN to make encrypted calls. Configuration of this app. was trivial. See below for more info.
Skype - just for calling people who did not install TOX yet :-)
SnoopSnitch - a tool for 2G and 3G network security analysis by SRLABS.de - it can detect IMSI catchers, silent and binary SMS which are processed in the baseband processor and it is thus probably the only way to detect an attack over the baseband
SwiFTP - actually I will maybe remove it after I got scp working
TrevE_LoggingTestApp - to find (key)loggers and spyware preinstalled on your phone and remove them
tw.com.method.rfidtool - tool to read/write some RFID tags
USB Mass Storage Enabler - to allow Mass storage access to external SDCard.
Viaero 4G Toggle 3.0 - the default menu does not allow enough detail in selection of preferred network types, this is the remedy
VLC - video player
Xserver - if I want to run some cross-compiled Linux program. Notice: for security, iptables should be used to filter TCP6000 port listening from everywhere except loopback interface.
ZANavi - navigation based on OpenStreetMaps, which can be pre-loaded to avoid data roaming.
I have just loaded the maps from the menu via the app., but reportedly there is some linux program to convert .osm files for ZANavi yourself.
Running TOR on the Android 4.2.2 phone
Running TOR on the android phone is not difficult, as installation of ORBOT and ORWEB was straightforward.
However, Android itself is not a good environment concerning user's privacy, it has apparently rather been design with
ease of spying on the end-user by google and telecom companies in mind :-). See a
a blog at torproject.org.
However, it cannot be recommended to run TOR on a smartphone if personal safety is in question, due to the inherent
insecurity of smartphone design.
Even if the Android OS can be secured on itself, there is a potential vulnerability for remote OTA exploits via the baseband
processor, which nowadays is more intimately connected to the main system than via USART as it used to be in early GSM days.
Moreover, since the basenabd has a direct connection to microphone and GPS, it can be used in this way for spying on the user, even if the Android OS remains untouched.
It would be great if an open hardware/open source baseband processor existed - implemented using FPGA with open source
verilog code, which could then be resistant to such attacks, but this is so far a dream.
On a desktop one can do such things with USRP and Gnuradio, but it would certainly be very difficult to make it mechanically compact and with a reasonable power consumption to be mobile.
Recently, Snowden claimed that NSA is able to install malware to any smartphone over the baseband processor and get thus a complete control over it, so this is not only a theoretical threat.
Possibly the Snoopsnith application could detect such attacks, but it is not sure and certainly there is no way how to block them.
Smartphones must thus be considered principially insecure devices and avoided if strong privacy is required.
In other words, the only secure smartphone is one with its battery removed.
I personally do not store any personal data on the device except contacts and calendar necessary for convenient use (and avoid any syncing
to third party cloud services anyway) and never use it for banking, ssh to my servers, or other sensitive operations.
Cross-compiling and installing native binaries to Samsung galaxy S4 active (I9295) with Android 4.2.2
I have noticed that /system is mounted read-only in this android version, so you cannot simply
copy the binaries to /system/bin and /system/xbin. Fortunately, once you have root command line,
the help is simple: mount -o remount,rw /system. You can remount back to 'ro' later to prevent
accidental erasure of something.
I was pleasantly surprised that due to the extreme popularity of ARM architecture cores,
the
binaries which I compiled for Raspberry Pi are compatible and run flawlessly on this Samsung.
They are "ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, for GNU/Linux 2.6.16, not stripped".
They were however just command-line based programs, for example strace and tcpdump (the latter seemed to work even being dynamically linked).
For more serious work I have installed the Android NDK, where the cross-compilation can be invoked in this way:
setenv PATH /opt/android-ndk-r8d/toolchains/arm-linux-androideabi-4.7/prebuilt/linux-x86/bin/:$PATH
setenv SYSROOT /opt/android-ndk-r8d/platforms/android-14/arch-arm/
arm-linux-androideabi-gcc --sysroot=$SYSROOT ...
For compilation of wireless-tools package (iwconfig etc.) I have just changed CC setting in
the Makefile to: CC = arm-linux-androideabi-gcc --sysroot=/opt/android-ndk-r8d/platforms/android-14/arch-arm/
and compiled it using the NDK. Alternative possibility is described
here.
I have installed to the android's /system/bin directory some essential native binary programs like: bash, tcsh, vim, sqlite3, gawk, iwconfig
Sometimes I had problems with ./configure for the cross-compilation, I have then compiled and STATICALLY linked
the program natively on Raspberry Pi, using --prefix=/system, the resulting executable always worked fine except some nuisances mainly concerning the paths incompatibility of Android with standard Unix.
You can download a
executables.tar.gz file with all native binaries and shared libraries I have added
to the android phone. A larger part of them I have crosscompiled myself, a few ones I downloaded from elsewhere.
Bluetooth connection of Samsung galaxy S4 active (I9295) with Android 4.2.2 to Linux PC
In order to contact to the phone when it is offline, it is possible to use Bluetooth tethering, which implements TCP/IP over Bluetooth.
(Wifi or USB tethering would be possible, too, but the former prevents simultaneous Wifi connection of the phone, while the latter requires a cable.)
To pair the phone and PC, first put the phone into discoverable mode and then
PC# hcitool scan
to find the phone's Bluetooth address. You can then check for the available BT services by:
sdptool records XX:XX:XX:XX:XX:XX using the found address from previous step.
Then use bluetoothctl on the PC to pair (assuming you run BlueZ 5 or higher on the Linux):
[bluetooth]# default-agent
[bluetooth]# agent on
[bluetooth]# pair XX:XX:XX:XX:XX:XX
(input PIN when prompted)
[bluetooth]# info XX:XX:XX:XX:XX:XX
[bluetooth]# trust XX:XX:XX:XX:XX:XX
[bluetooth]# connect XX:XX:XX:XX:XX:XX
Provided the phone and PC have already been paired, it is quite simple:
Enable "Bluetooth" tethering in the phone
PC# /usr/bin/dbus-send --system --type=method_call --dest=org.bluez /org/bluez/hci0/dev_XX_XX_XX_XX_XX_XX org.bluez.Network1.Connect string:'nap'
where dev_XX_XX_XX_XX_XX_XX should be replaced with the bluetooth address of your phone
PC# /etc/init.d/net.bnep0 start
(ln -s /etc/init.d/net.lo /etc/init.d/net.bnep0 if needed)
Now you can connect to the phone's bluetooth IP address (192.168.44.1 in my case) via ssh or adb
In particular, this can be used for the SMS sending/receiving as described below.
Getting "DUN" access to baseband modem via AT commands would be desirable for backward compatibility, but I did not find a way to easily do it.
Running SIP client via OpenVPN on Samsung galaxy S4 active (I9295) with Android 4.2.2 to make encrypted VoIP calls from the smartphone using your own asterisk server
To make encrypted VoIP calls from the android smartphone, you can
tunnel SIP through VPN connection to your own asterisk server, providing thus encrypted VoIP connectivity to a closed group of friends.
Sipdroid application worked for me on the first try, just setting the SIP server to my VPN server running asterisk, and corresponding asterisk login credentials.
However I had to rob it of the permission to redirect calls, since it did otherwise try to handle calls to 'normal' numbers, while in my setup it works only inside my private VPN network. The Samsung galaxy S4 has powerful enough processor to do all the openvpn encryption fast enough not to affect the sound quality, which might be a problem with low-end phones.
However, for a serious use I do not recommend to employ an Android phone for this purpose at all, since this system is potentially
full of backdoors from various closed source system parts.
Using adb to backup Samsung galaxy S4 active (I9295) with Android 4.2.2
First of all, developer options have to be enabled in the phone menu: go to settings/more/about device and 7-time click "Build number".
Then go to settings/more/developer options and enable USB debugging.
The rest is also very simple:
adb backup -apk -shared -all -f samsung.ab
adb restore samsung.ab
A little adb tutorial can be found
here.
Using adb shell/native command line on on Android 4.2.2 phone
To start an application from command line:
adb shell am start -n com.package.name/com.package.name.ActivityName
For example
# am start -a android.intent.action.MAIN -n com.android.settings/.Settings
See also the
reference on github and
"am" command description at phonesdevelopers.com.
Start the dialing application from command line/adb shell:
service call phone 2 s16 +xxxxxxxxxxxx
To list available services:
service list
Some things which I found on the net did not work, for example 'adb shell svc data enable' crashed.
How to read/write Android filesystem and recovery images on Linux
The main Android filesystem image is in a particular 'sparse file format', which can be converted to/from mountable linux image:
1. mkdir sys
2. simg2img system.img sys.raw
3. mount -t ext4 -o loop sys.raw sys/
The other way around: make_ext4fs -s -l 512M -a system new.img sys/
You need to install special android support packages into your linux distro to get the simg2img and make_ext4fs commands (or install them from sources).
For more detail see the
tutorial at XDA-developers
For recovery image see the tutorial
imajeenyus.com.
The tools
unpackbootimg, mkbootimg and
mkbootfs will be needed as well as the standard unix cpio.
Running ADB over TCP/IP (WiFi,VPN,Bluetooth) on Samsung galaxy S4 active (I9295) with Android 4.2.2
For first time (after phone reboot), connect phone to USB and run adb:
adb usb
adb devices ... check that the device is recognized
adb tcpip portnumber
(remove USB plug)
adb connect IP:portnumber
adb devices ... check that the device is recognized
Now you can issue adb commands wirelessly.
NOTE: there is a security hole since adb daemon in the phone will listen on all interfaces.
You should use iptables to drop all incoming packets except from tun0 of your openvpn network!!!
See below in the iptables section.
Next time (after your PC reboot) issue just the commands:
adb connect IP:portnumber
adb devices ... check that the device is recognized
Note: default portnumber is 5555, but you can choose any non-privileged port (>1024)
However, I did not succeed to run adb in loopback (connecting from the phone's command line to itself). I installed the public key:
cat /data/media/0/.android/adbkey.pub >>/data/misc/adb/adb_keys
and restarted the daemon, but adb always hanged. Using strace I found out that
regardless of the port specified it tried to connect to 5038. When running the adbd on this port (issuing adb tcpip 5038 from PC), the adb on localhost hanged again,
this time in read() from the TCP socket. I gave up further attempts, since it was not absolutely essential for me to get this working.
Running iptables on Samsung galaxy S4 active (I9295) with Android 4.2.2
Iptables binary can be installed by an apk, or is part of the rooting package or busybox package.
There are, however, again some incompatibilities with linux: getprotobyname() is not implemented
in bionic libc, so you cannot use -p TCP or UDP. Looking into /etc/protocols on a PC shows
TCP is 6 and UDP 17, so the android command lines preventing adb over tcp from anywhere except openvpn tun0 and bluetooth
reads:
iptables -I INPUT -p 6 --dport portnumber -j DROP
iptables -I INPUT -p 6 -i tun0 --dport portnumber -j ACCEPT
iptables -I INPUT -p 6 -i bt-pan --dport portnumber -j ACCEPT
where portnumber is the one you choose by 'adb tcpip' command
If running xserver, to prevent remote X-windows connections one can use similarly
iptables -I INPUT -p 6 --dport 6000 -j DROP
iptables -I INPUT -p 6 -i lo --dport 6000 -j ACCEPT
Running command at boot time on Samsung galaxy S4 active (I9295) with Android 4.2.2
For android applications use the Autostart application, for shell scripts use Init.d toggler apk, which hooks into the default boot script and
installs /system/etc/init.d, where one can install his own scripts named "01-something" etc., for example start cron, set firewalling by iptables, etc.
However, I had to adapt the installed
/system/bin/sysinit script to work properly, the logwrapper program failed for some reason.
Running cron on Samsung galaxy S4 active (I9295) with Android 4.2.2
I could not get the busybox cron working, so I tried to cross-compile vixie-cron using NDK. This did not work due to some missing include files, so I finally compiled vixie-cron and statically linked it on RPi, after some changes to fix paths
and to circumvent broken getpwnam and getpwuid. The modified source is
vixie-cron-4.1-modified.tar.gz, the binaries can be downloaded in the collection mentioned above
Sending and receiving SMS from Linux command line via Samsung galaxy S4 active (I9295) with Android 4.2.2
This is for me an absolute must. I promised to myself that if I do not achieve this, I will use a big hammer on the Samsung phone,
curse their software engineers and use my old N900 forever :-))).
Sending SMS by command line on Android smartphone using adb and ShellSMS
Fortunately for the phone I succeeded :-). Obviously I was not alone nor the first one who wants to do this, so there is
an application "ShellMS", which installs support for sending SMS via adb from the PC directly:
adb shell am startservice --user 0 -n com.android.shellms/.sendSMS -e contact +international_phone_number -e msg "text of the message"
Reading SMS by command line on Android smartphone using sqlite3 to directly manipulate the database
The incomming messages are stored in a database, which can be read and modified by sqlite3 (after ssh/su as root into the phone):
echo 'select * from sms;' | sqlite3 -csv /data/data/com.android.providers.telephony/databases/mmssms.db
Provided this information it is easy to write a script which automates the necessary steps.
Here are the ones I have written:
'sms', to be used as 'sms +number|contact_name' for sending from PC's command line; the text is being read from stdin and ended by CTRL-D or a line containing single '.' character (mailx-like).
Messages longer than 160 chars are automatically split.
It uses contacts stored as .vcf in the PC.
Second script is
'smsr' for reading the sms database of both incoming and outgoing ones from the phone's command line,
it also allows deleting 'smsr del number' or deleting all 'smsr cleanall'.
The database files used by smsr are /data/data/com.android.providers.telephony/databases/mmssms.db with the messages
and /data/data/com.android.providers.contacts/databases/contacts2.db for number-> name conversion, which is done
by an additional script
'contact', called from smsr.
For listing call log I use the script
'calls'.
Unfortunately, I did not find out yet how to automatically delete the SMS notifications and the SMS counter displayed at the "messaging" icon.
The script marks the messages and threads as seen, but does not restart the 'badge provider' to update the displayed number of messages.
The scripts require a TCP/IP connection to the phone, which can be done conveniently (with constant private IP) via openvpn or via bluetooth (see above).
Command line script to work with the event calendar (sqlite3 based) on Samsung galaxy S4 active (I9295) with Android 4.2.2
I also like to access and manipulate the event calendar from command line, as I did previously with my N900.
The database file is /data/data/com.android.providers.calendar/databases/calendar.db.
I had to write a different script now, since the database organization is quite different, however, it is standard SQL again.
The script is called
'calendar' and can be invoked in four ways:
calendar - lists all events with their number id's
calendar del number [number ...] - deletes specified events
calendar clean - deletes all events in the past
calendar add "EVENT_NAME" "LOCATION" DATE - adds a new event, non-repetitive, with alarm 15 minutes ahead
DATE is in any format recognizable by 'date -d' unix command. For example:
calendar add dinner "favorite pub" Dec 31 20:00 2014
Writing the script was not completely trivial, as the events are stored in several interlinked tables,
Julian day calculation was necessary etc. It also requires some custom-built binaries, see above for their download.
Note: the calendar script needs /tmp (for tcsh << construct): mkdir /data/tmp; mount -o remount,rw /; ln -s /data/tmp /tmp; mount -o remount,ro /
How to change android_id from command line
sqlite3 /data/data/com.android.providers.settings/databases/settings.db
update secure set value='0123456789abcdef' where name='android_id';
Freeing space on /system on Samsung galaxy S4 active (I9295) with Android 4.2.2
I have noticed that /system has become almost full on my phone after installing
just a few static binaries to /system/ bin :-(. Using 'du' it was easy to determine the culprit - the preinstalled garbage bloatware in /system/app, where multimegabyte .apk files reside. To see worts of them, 'll|sort -k 4|tail -30'.
I have made 'mkdir /data/app/preinstalled' and moved some of the worst there
and subsituted them by symbolic links.
(Note that the stupid busybox substitute of 'ln' cannot do 'ln -s blabla/* dest/', I had to use foreach in tcsh.)
However, then I noticed that the android system does not follow the symlinks and some
important apps were then missing from the GUI. So I returned them back, selecting not by size, but just the crapware which I did not want to use anyway.
This freed over 300M on /system, making place enough.
Possibly one could install the removed apk files as downloaded applications,
but I did not try this as there was no need.
Some information about the radio interface layer (RIL) on Android
Read logfiles: adb logcat -v threadtime -b radio
The cellular network IPv4 interface works as a host-less modem:
rmnet_usb0 gets an IP address from private range, ip route default goes to the modem's address
I was not able to find reasonable documentation about RIL, unfortunately ...
How Google and Amazon attempt to spy on you using your own Android smartphone and how to prevent it
It is obvious that companies like Google and Amazon try to collect information
about their users and make a profit from it in many ways.
These practices are highly controversioal, and several people warned about them, see for example
this article and
this article and
this article and
Wiki about Carrier_IQ.
You might agree with this being done to you, and if you have an account with them for e-mail or other cloud services, or even if you use google search or youtube without an account, you actually agree with this and give your data away voluntarily.
However, I have found out using wireshark, that my Android phone was sending some packets to their servers even when the phone was idle, browser was closed,
and, obviously, I had no accounts with these big brother companies nor did I install applications which would be allowed to e.g. share my location (see above how to restrict permissions of the applications).
Some information was transmitted over HTTP protocol, some was UDP to non-standard ports,
some was encrypted HTTPS to 1e100.net (which
might be innocent, or not, but since it is encrypted you never know).
Moreover, I found that when switching on camera, the phone sends https packets to 31.186.231.35.
I find this
absolutely unacceptable! The ps command shows more than 300 processes running (!) on an idle phone right after bootup, so there is a plenty of possible backdoors and information leaks. I did not try to identify which processes/apps are responsible for this behavior, but rather I used iptables (started from init.d - see above) to prevent this communication:
iptables -I OUTPUT --dest 74.125.136.188 -j DROP
iptables -I OUTPUT --dest 54.231.10.72 -j DROP
iptables -I OUTPUT --dest 54.229.105.203 -j DROP
iptables -I OUTPUT --dest 176.34.155.23 -j DROP
iptables -I OUTPUT --dest 173.194.116.0/16 -j DROP
iptables -I OUTPUT --dest 216.58.0.0/16 -j DROP
iptables -I OUTPUT --dest 31.186.231.0/24 -j DROP
iptables -I OUTPUT --dest 64.233.0.0/16 -j DROP
iptables -I OUTPUT --dest 74.125.0.0/16 -j DROP
iptables -I OUTPUT --dest 66.102.0.0/16 -j DROP
iptables -I OUTPUT --dest 108.177.0.0/16 -j DROP
iptables -I OUTPUT --dest 52.24.0.0/16 -j DROP
iptables -I OUTPUT --dest 239.255.255.0/24 -j DROP
iptables -I OUTPUT --dest 224.0.0.0/24 -j DROP
iptables -I OUTPUT --dest 52.8.0.0/16 -j DROP
iptables -I OUTPUT --dest 3.122.0.0/16 -j DROP
iptables -I OUTPUT --dest 3.121.0.0/16 -j DROP
iptables -I OUTPUT --dest 88.198.113.0/8 -j DROP
iptables -I OUTPUT --dest 188.120.253.0/8 -j DROP
iptables -I OUTPUT --dest 172.253.0.0/16 -j DROP
iptables -I OUTPUT --dest 142.250.0.0/16 -j DROP
iptables -I OUTPUT --dest 192.254.0.0/16 -j DROP
To repeat this at boottime, I have placed it in /etc/init.d/02-iptables
It is also necessary to periodically check by tcpdump and put additional IPs in the blacklist, since the list is not complete
and might change in time.
As a side-effect of this, I had to resign on google search and youtube videos on the phone, but I installed
duckduckgo instead as an alternative search engine in firefox.
It might be somewhat inconvenient when using the phone for tethering to PC,
but it might be possible to solve it with some more elaborate rules.
The above list of IPs might be incomplete - was based on a few hours wireshark session - and may also vary geographically, so you should check for yourself.
I also did not check the IPv6 connectivity, which might be available via some cell providers (yet).
There is also a lot of offline logging being done; the
TrevE's security test can be employed to identify the culprits. A paid "pro" version of the app can clean the phone from the GUI, but if you know the command line, it is easy to remove the logfiles yourself, an ideal
job for the cron daemon (see above).
The most clean solution to these problems would be to install a completely open source system like cyanogenmod, but I did not try that, partly being afraid that some hardare might now work properly with it, partly due to lack of time,
I have spent already time enough on all the stuff described above, just to force the phone to meet modest privacy expectations!
My Electronics page
My hobby page
My main page with e-mail contact
TOP of my family pages