Could someone explain the method to zipalign please?
Best wishes.
sathkartha said:
Could someone explain the method to zipalign please?
Best wishes.
Click to expand...
Click to collapse
zipalign -f -v <alignment> old.apk new.apk
-f is overwirte old apk file if you want to keep old apk remove the -f
-v is verbose mode
if you want to check an apk to see if it is already been zipaligned
zipalign -c -v <alignment> existing.apk
again
-v for verbose
-c is confirm
THIS IS NEEDED! for the <alignment> you can best choose 4 this will give the best results so the final lines will be
zipalign -f -v 4 old.apk new.apk or ofc zipalign -v 4 old.apk
zipalign -c -v 4 existing.apk
best is to have verbose mode always on to see if there are any errors
also you need to now zipalign file is located in /tools folder from SDK
so if you added it to system32 you can use the lines above otherwise run this command first "cd /path-to-sdk/tools"
when you build apk for 1.6+ android versions you can use Ant this will be used by default when building the apk in debug mode
most apps have this but not all (Ant align and signs the apk)
when you build apk's with eclipse you can use ADT plugin which also will automaticly align and sign the output.apk for you but only if you use the wizard for exporting the apk
and never do align and then sign this will break the align
always sign and then align but this is only when you build an apk and you export it without using the wizard
now you know everything about zipaligning lol
Thank you very much.
Best wishes.
Sent from my X10mini using XDA App
and what is alignment for?
With VEGAn 5.11 and Pershoot kernel. I want to do a few things when it boots up. I don't see the usual /etc/init.d kind of structure.
I did find init.rc and even found a link that describes its peculiar syntax. But editing that file (after remounting) doesn't "take" -- I assume it is on initfs and gets copied to a RAM disk on boot.
Is there anywhere easily user writeable where you can stick something in the boot sequence? Seems like that would be a common enough thing to need to do.
Thanks!
The init.rc is in the ramdisk, and the ramdisk is in the boot.img (found in all the stock and modded ROMs).
Here's a good guide on how unpack / repack that file: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
(obviously it's a bit technical) What I can tell you is that you don't need any cmdline options for the boot.img
Here's a real quick breakdown of what I do (Ubuntu user):
Code:
./unpack-bootimg.pl boot.img
go to the extracted ramdisk folder, make my changes and then:
Code:
find . | cpio -o -H newc | gzip > ../newramdisk.cpio.gz
cd ..
mkbootimg --kernel boot.img-kernel.gz --ramdisk newramdisk.cpio.gz -o newboot.img
"newboot.img" being my new boot.img. That's how the boot.img in all my mods are created.
Thank you and yeah I figured that was it. Technical is not an issue as I sling unix/linux for ages. Salute to you for all your work on this platform.
Well I cheated a little. Here's what I did:
I noticed that you had added to the bottom of /init.rc a one shot service for /system/etc/shuttle_ins.sh.
So I just remounted rw for /system and added the following to the TOP of /system/etc/shuttle_ins.sh:
# added by aaw
if [ -f /system/etc/rc.local ]; then
sh /system/etc/rc.local &
fi
# end aaw
So now I can put what I want in rc.local -- start up sshd or whatever. In this case here's what I actually wanted:
#!/bin/sh
# this is run at the end of the init.rc sequence if it exists
until mount | grep -m1 sdcard2 ; do sleep 5 ; done # wait for sdcard2 mount
mkdir /mnt/sdcard/sdcard2 # make mount point (might fail, but who cares?)
mount -o bind /mnt/sdcard2 /mnt/sdcard/sdcard2
Of course, this assumes I will always have sdcard2 or it spins. Could put a timeout in I guess, but for me this is always the case. Now things like players that only look in /sdcard can find stuff on sdcard2 as well.
A bit of a hack. I wonder if the release DEVs would consider adding an rc.local in user land in a nicer way? Maybe have a system rc.0 that does the -f test for rc.local and that way if you wanted to add an rc.local you could but if you didn't no harm or foul.
Or did I miss a smarter way to do this?
Thanks for the help (and the great releases, of course!).
I found this in the market: https://market.android.com/details?id=os.tools.scriptmanager
Lets you run scripts at boot time. Haven't tried it for that though, but it could work instead of my rc.local fix. A little different since I assume it runs late (after Android is up) unlike the rc.local which runs before Android, unless I'm mistaken.
Rooted PDAs only! Shell required!
Before doing the following steps, verify that you don't have an "/etc/resolv.conf"! I reckon none of the stock ROMs have one, but this tweak doesn't work with such a file in place.
Code:
ls -l /etc/resolv.conf || echo "ok"
If this prints some file details and you can use eg. "ping -c 3 www.google.com", you don't have the problem in the first place.
If it says "no such file..." and "ok", go ahead.
Make a file named "/mnt/sdcard/resolv.conf" containing, for example:
Code:
nameserver 8.8.8.8
nameserver 8.8.4.4
These are the IP numbers of the Google public DNS resolvers, BTW, but you can use any others.
Code:
mount -o remount,rw /system &&
ln -s /mnt/sdcard/resolv.conf /etc/
mount -o remount,ro /system
The problem: busybox and other C-programs use a library component called the "stub-resolver" to make IP-adresses from hostnames. This isn't capable of resolving by itself, so it parses "/etc/resolv.conf". The "nameserver" lines in there tell it where to send the UDP packets with questions like "what's the IP of Gmail.com?".
Java programs do this differently: they use "getprop" for the IPs of the nameservers, and vendor customized "dhcpcd" scripts populate the needed properties.
C-programs need the etc/resolv.conf for proper operation.
Q: what does this do for me?
A: first, it'll make symbolic hostnames work for C-programs like "wget", "ping", "nslookup" etc. As added benefit, you can see the names requested by Android programs if you give the IPs of some DNS-resolver you might have in a home LAN. Look at its logs!
Q: what are these '&&' combinations for?
A: well, we don't get to see them often, not even in developer scripts, but they are very useful! They logically "AND" commands. If the command or program before an '&&' fails, none of the following ones will get executed. So if the first "mount" doesn't work (a typo or whatever), the symbolic link by the "ln -s ..." won't be attempted at all, meaning less errors. POSIX requires compliant shells to do this type of short-circuit evaluation, so we can rely on it.
Q: why use a symlink ("ln -s ...") instead of a file?
A: This way you can change nameservers without remounting /system, in fact, you don't even need to be root for this. Change /sdcard/resolv.conf and you're set.
Q: which nameservers should I use?
A: with a patch to "/system/etc/dhcpcd/dhcpcd-hooks/20-dns.conf" it's possible to use the ones from your ISP provided DHCP lease. I thought a onetime manual configuration would do for the moment. You could search the web for the OpenDNS resolvers as an alternative, or use your providers resolvers (eg. from the APN config).
Although I already had resolv.conf added, your explanation for why it is needed was very informative!!! Thanks.
ino-xda said:
Make a file named "/mnt/sdcard/resolv.conf" containing, for example: ...
Click to expand...
Click to collapse
Q: will this work in etc/init.d/ scripts?
A: that depends on when they run. The symbolic link points to a file on the sdcard, thus it will work no sooner than the sdcard has been mounted, but before scanning for media files, icons etc. has finished. Once the device is fully up and running, it should work reliably.
Hello,
I want to install DNScrypt proxy 1.4 on my android phone. You can get it here : download.dnscrypt.org/dnscrypt-proxy/
Could someone please make a tutorial an tell me how to install this? I want it to work with following DNS server: https://dnscrypt.eu/
It is a great enhancement in security and I would be glad if someone can get it to work and tell us.
Regards
Is nobody interested in this? [emoji20]
Can't believe there is no response. Is no one of the XDA members who looked at this able to install DNScrypt on there phone?
Do you prefer flappy bird clones over such a security enhancement?
Bump again then.
Bump
Another bump for all secureless xda members
XDA members are not able to install a tar.gz package on their android phone? Aww, really guys?!
B u m p
Seriously, no one...?
How to install dnscrypt on android
Requirements:
rooted phone
installed busybox
some handy tools like terminal emulator or ssh daemon for testing purpose, file explorer with acces to system partition
dnscrypt: https://copy.com/M6r38z6g3iyj (thanks to GitHub esp. @daddybr, KionLi...) - files for arm7
About:
We need to run dnscrypt every time phone is booted - for this purpose is necessary to add script "dnscrypt" into "init.d" directory In this script-file you can also change parameters like used resolver/provider etc.
dnscrypt-proxy is main binary file which will provide dnscrypt service for us. There is also script to start/stop dnscrypt-proxy service anytime we need and made some other usefull things for us...
How to:
check if directory "init.d" in /system/etc/ exist - if there is not such directory use program "Universal Init.d" and create it - otherwise follow bellow
extract downloaded files and put it into same directories they are, just to system partition (u can use any file browser with access to system partition, eg. Solid Explorer)
check if there is file "resolv.conf in /system/etc/ directory
- if there is not such file create it and put this into it "nameserver 127.0.0.1"
- if there is such file check if "nameserver 127.0.0.1"and delete else
all files putted in directory /system/xbin/ should have right permission to work correctly
Checking functionality:
Easiest way is to visit "www.opendns.com/welcome"
If it is working you will get something like "Your Internet is safer, faster, and smarter..."
If it is not working you will get something like "OOPS..."
Other way is to run nslookup in terminal emulator and check if you get 127.0.0.1 and name, eg "nslookup 8.8.8.8"
The hardest way is to use wireshark or tcpdump and analyze traffic while browsing on the phone..., eg. http://askubuntu.com/questions/105366/how-to-check-if-dns-is-encrypted
Also you can check if dnscrypt-proxy is running in terminal , eg. "ps w |grep dnscrypt"
DNS setting
Did anyone got this one to work? I did all the steps mentioned but it seems that the resolv.conf is not being checked. I even try with apps to change dns settings (dnset, dnschanger..) it just seems that the dynamic dns assigment takes precedence, it keeps going to the dynamically assigned DNS server when on wifi and LTE. Aside from that I did not have any issues, dnscrypt runs fine with all arguments. I'm trying this on a Verizon Galaxy S5.
<dexter> said:
Did anyone got this one to work? I did all the steps mentioned but it seems that the resolv.conf is not being checked. I even try with apps to change dns settings (dnset, dnschanger..) it just seems that the dynamic dns assigment takes precedence, it keeps going to the dynamically assigned DNS server when on wifi and LTE. Aside from that I did not have any issues, dnscrypt runs fine with all arguments. I'm trying this on a Verizon Galaxy S5.
Click to expand...
Click to collapse
Yes, working here.
Had trouble with afwall though, but this post http://forum.xda-developers.com/showpost.php?p=54263022&postcount=8 helped me.
Script i've used:
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -A "afwall" --destination "208.67.220.220" -j RETURN
You can restrict the last line to only UDP 443 if you want.
Confirmed packets with tcpdump, blocked UDP 53 at my router.
piscoo said:
Yes, working here.
Had trouble with afwall though, but this post http://forum.xda-developers.com/showpost.php?p=54263022&postcount=8 helped me.
Script i've used:
Code:
$IPTABLES -t nat -D OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -D OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 || true
$IPTABLES -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
$IPTABLES -A "afwall" --destination "208.67.220.220" -j RETURN
You can restrict the last line to only UDP 443 if you want.
Confirmed packets with tcpdump, blocked UDP 53 at my router.
Click to expand...
Click to collapse
Could you please write a small, complete guide for the installation of DNScrypt? I still can't get it to work.
Draygon said:
Could you please write a small, complete guide for the installation of DNScrypt? I still can't get it to work.
Click to expand...
Click to collapse
Flash this zip from recovery. It works
Do you have any source for this?
How can I enter the IP address of the service I want to use?
Draygon said:
How can I enter the IP address of the service I want to use?
Click to expand...
Click to collapse
Edit /etc/init.d/dnscrypt and see here
So you compiled DNScrypt for Android from this source at github?
Draygon said:
So you compiled DNScrypt for Android from this source at github?
Click to expand...
Click to collapse
No. I just flashed zip file and investigated on it
Anyone flash this zip besides the guy who posted it? Can't find much reference to this file name anywhere dnscrypt-5-armv7-opendns.zip
lamero1 said:
No. I just flashed zip file and investigated on it
Click to expand...
Click to collapse
How do you set your phones global DNS setting for any dynamic IPs on any network? I cannot figure out how to point my phone to 127.0.0.1
Draygon said:
So you compiled DNScrypt for Android from this source at github?
Click to expand...
Click to collapse
Assuming you have the Android NDK installed (no idea how to do it under Windows; Cygwin has never been my forte... Under Arch all you need to do is install the packages from the AUR), it's insanely easy to do yourself, thanks to the build scripts in the libsodium and dnscrypt packages.
Code:
export ANDROID_NDK_HOME=${ANDROID_NDK} # Or wherever your NDK dump happens to be residing
mkdir ~/dnsc && pushd ~/dnsc
This part deals with signature verification, used to determine we have not received a tampered-with copy of DNSCrypt. This page is being delivered over unsecured HTTP, so don't necessarily trust what's being written here.
Again: REMEMBER THAT THIS PAGE IS UNSECURE (granted, I imagine a person intending to cause malice would remove these warnings but, hey, it's not like I have alternatives). I'm also not a security expert in the slightest, so it wouldn't be surprising if it transpired I was giving bad advice.
Read http://doc.libsodium.org/installation/README.html for instructions on how to get libsodium's SHA256 hashsum (which you can verify against the file you've got downloaded by running sha256sum) and for the public key used to sign the downloaded files. It can be imported by copying it, pasting it into a Notepad etc. instance, saving it and running gpg --import <whatever.gpg>.
Use your own judgement, other keyservers and Google to determine whether you have jedisct1's real key.
Download dnscrypt's dependency, libsodium:
Code:
curl -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz -O https://download.libsodium.org/libsodium/releases/libsodium-1.0.2.tar.gz.sig
Verify the file's signature:
Code:
gpg --verify libsodium-1.0.2.tar.gz.sig libsodium-1.0.2.tar.gz
I get the following (the warning can be ignored -- unless you've managed to verify the key with jedisct1 in person):
Code:
gpg: Signature made Tue 10 Feb 2015 10:59:17 AM GMT using RSA key ID 2B6F76DA
gpg: Good signature from "Frank Denis (Jedi/Sector One) <redacted>" [unknown]
gpg: aka "Frank Denis (Jedi/Sector One) <redacted>" [unknown]
gpg: aka "Frank Denis <redacted>" [unknown]
gpg: aka "Frank Denis <redacted>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 54A2 B889 2CC3 D6A5 97B9 2B6C 2106 27AA BA70 9FE1
Subkey fingerprint: 0C79 83A8 FD9A 104C 6231 72CB 62F2 5B59 2B6F 76DA
If everything looks OK, then continue. Conversely, if anything is out of place, then abort. Seriously.
Untar and go to the directory with the libsodium code:
Code:
tar xf libsodium-1.0.2.tar.gz && pushd libsodium-1.0.2
It's not in the tarball yet, so download this into the dist-build folder and chmod 0755 it.
If running into problems, edit aandroid-armv7-a.sh and do the following:
change TARGET_ARCH to arm
set the march value to armv7-a
Start building libsodium:
Code:
./dist-build/android-armv7-a.sh
I get the following dumped:
Code:
[email protected] ~/dnsc/libsodium-1.0.0 % ./dist-build/android-arm.sh
<configure output removed>
libsodium has been installed into /home/faheem/dnsc/libsodium-1.0.0/libsodium-android-arm
./dist-build/android-arm.sh 21.97s user 2.72s system 165% cpu 14.927 total
Note the line saying where libsodium has been installed. Let its value be stored in the environment:
Code:
export SODIUM_ANDROID_PREFIX=<folder where libsodium has been installed, as reported by android-arm.sh>
Consider removing debugging symbols to reduce the size of the file:
Code:
./android-toolchain-arm/arm-linux-androideabi/bin/strip $SODIUM_ANDROID_PREFIX/lib/libsodium.so
I won't repeat what's on the main dnscrypt.org site or, really, what I've already written.
popd back to the ~/dnsc folder and download the latest version of dnscrypt and its signature. Follow the instructions on the website to verify the tarball's SHA256SUM and run gpg like above to verify the tarball against the signature. If everything is OK, untar dnscrypt like we did libsodium.
Run to build:
Code:
./dist-build/android-armv7.sh
If running on Lollipop, make the changes below, as per alihassani:
add -fPIE to the end of the CFLAGS
place export LDFLAGS="-fPIE -pie" under the CFLAGS line
If running into problems running android-armv7.sh, make the applicable changes above again.
After it's been built, you'll get this:
Code:
[email protected] ~/dnsc/dnscrypt-proxy-1.4.1 % SODIUM_ANDROID_PREFIX="$HOME/dnsc/libsodium-1.0.0/libsodium-android-arm/" dist-build/android-armv7.sh
<configure output snipped>
dnscrypt-proxy has been installed into /home/faheem/dnsc/dnscrypt-proxy-1.4.1/dnscrypt-proxy-android-armv7
Again, consider stripping the resulting binary. Transfer, fix permissions etc.
Some notes:
The binary is dynamically linked to libsodium. If installing, you'll need to copy libsodium.so to /system/lib. If you're just testing you can put libsodium.so in the same folder as the dnscrypt-proxy binary and invoke dnscrypt-proxy as such: LD_LIBRARY_PATH=<path to current folder> ./dnscrypt-proxy
The prefix is weirdly set by the android-build script. You'll need to point dnscrypt to the resolver list manually (I recommend putting it somewhere on the system partition as a file on the [internal] SD card is too easy to change): https://github.com/jedisct1/dnscrypt-proxy/issues/123
Any Dev out there who might be willing to assist me with my J Theme Transmogrifier app?
Specifically I must change the app to Compile and Sign Apk's on the phone in a different way
than I am doing it currently. Google has given me just 14 days to remove my current method.
For example another method I am trying uses the aapt package function and I have it running the command:
aapt package -v -f -m
-S /data/data/com.johnmcwapps.jTransCm12/apktool/jTheme_src/res
-M /data/data/com.johnmcwapps.jTransCm12/apktool/jTheme_src/AndroidManifest.xml
-A /data/data/com.johnmcwapps.jTransCm12/apktool/jTheme_src/assets
-I /data/data/com.johnmcwapps.jTransCm12/files/builder.jar
-F /mnt/sdcard/jTransmogrifier12/jRed_Cm12Theme_US.apk
It runs without errors on the phone, however it just doesn't output the Red_CM12Theme_US.apk
I have no clue why.