Introduction
This is my first Android application and I'm looking for testers and feedback.
LUKS Manager
LUKS Manager provides on-the-fly encryption (AES by default) to virtual folders on Android devices.
The virtual folders can be dynamically mounted, unmounted, created and deleted as needed.
(Think TrueCrypt like functionality)
Volumes and loopback device information are stored in: /mnt/sdcard/luks/.data
And the encrypted volumes are mounted at: /mnt/sdcard/luks/<volume_name>
Requirements
The Android device must:
Be rooted
Have a kernel that supports secure dm-crypt modes and loopback devices
Have a current version of BusyBox installed
Have SuperUser app installed
This package contains:
A statically compiled, stripped and UPX compressed version of cryptsetup for the ARM using the tools provided by the The Guardian Project.
A statically compiled and stripped version of mkdosfs from dosfstools package for the ARM7.
A bash shell script called "luks" that does volume management.
And a native java app that provides a GUI interface to the luks script, a basic file explorer and simple text editor.
Download
You can find more on the apps homepage at:
nemesis2.qx.net/pages/LUKSManager/
Or the Android Market:
market.android.com/details?id=com.nemesis2.luksmanager
Changelog
Version 2.3:
Major rewrite to the luks shell script and GUI app to support user defined volume locations.
Encryption cipher and keysize are now user definable. (kernel support required)
Moved storage of volume information from /mnt/sdcard/luks/.data to /data/data/com.nemesis2.luksmanager/.data
Prompts to upgrade if loop device files are found in SDCard .data directory.
Removed top level restriction on file explorer activity.
Default file system changed from EXT4 to EXT2.
FAT file system support now enabled by default.
Added volume mount and unmount desktop shortcuts.
Added notification when volumes are mounted. (Can be toggled off in preferences)
Added landscape support to the main and volume edit activities.
Added basic SDcard support to install binaries routine.
(Fixes java.lang.NullPointerException on binary install.)
Added toggle to disable binary hash checks on startup. This enables
customized luks scripts and/or binaries.
Small fix to application initialization. (hopefully fixes odd reboot
issue on some devices)
Attempts to unmount volumes on ACTION_SHUTDOWN and MEDIA_EJECT broadcasts.
Additional checks and error handling if no volumes exist.
Additional error handling in luks script during volume mounting and creation.
Added required BusyBox applet checks on startup.
About Dialog additions / changes.
Small text changes (formatting and typo fixes).
Version 2.2:
Recompiled lm.crypsetup binary under android-ndk-r6b.
Hopefully this will stop segfaults on various devices.
Version 2.1:
Added widget:
When volumes are mounted the widget will turn red and display the number of currently mounted volumes.
A single touch unmounts all volumes.
Rewrote luks script and internal routines to use busybox all the time to avoid toolbox/busybox symlink conflicts.
Added the ability to password protect the create/remove buttons, volume properties and preferences dialog.
Improved error handling in luks script on mount.
Added additional scripts: pre-mount and pre-unmount.
Added volume management Activity.
Volume mount points are now user defineable.
The volumes loopback device is now user definable.
Added an internal file editor (to edit bash scripts).
(Editor can be used outside of LUKS Manager to edit files).
Fixed Force Close when mounting with a blank password.
Version 2.0: Added Preferences Activity.
Now allows FAT formatted volumes.
(works w/FreeOTFE on windows)
Improved error handling/cleanup on failed volume creation.
Added lm.mkdosfs binary to assets.
The lm.mkdosfs binary is sha1 hashed and replaced if out-dated or changed.
Remove Binaries nows includes the lm.mkdosfs binary.
Added additional menu options to Activities.
Increased debug logging and added system probe.
(Don't enable for normal usage!)
Added option to launch Explorer on volume mount.
Redirected stderr to stdout using redirectErrorStream.
Added validation checks to volume creation. (non-blank, sanitize filename).
Moved to dp units instead of pixels for display scaling.
Fixed a few items that needed to be .destroyed (oops).
SD Card path fix (typo fix).
File Explorer now saves/recalls list view position on directory changes and when opening files.
About Dialog updates.
Added run script on mount/unmount: <volume>.mount.sh and <volume>.unmount.sh
Added su/root check on startup.
Version 1.9:Renamed cryptsetup to lm.cryptsetup to avoid overwriting pre-existing copies.
LUKS script will use cryptsetup if it exists, solves Samsung Galaxy S2 issues.
(Users will need to manually restore the cryptsetup binary if it was overwritten!)
Added sanity checks to File Explorer. (path /mnt/sdcard must exist)
File Explorer now saves and restores path on rotation change.
Moved about html to assets file instead of an inline string.
Version 1.8: Removed Internet Access Permission (decided not to include ads).
The cryptsetup binary is no longer UPX compressed in an attempt to improve compatibility.
The cryptsetup and luks binaries are now sha1 hashed and replaced if outdated or changed.
Since "Unmount All" can take a while to complete it has been changed to an AsyncTask.
When mounted all volumes will get chmod 777 applied recursively to avoid file permission issues.
Numerous improvements and changes to the internal file explorer.
Slight wording changes to activity titles and About Dialog.
Added change log to About Dialog.
Version 1.7: Added file explorer (no longer requires ASTRO File Manager)
Updated the About Dialog
First Market Release
Version 1.6: updated and optimized the icon and background images
Updated the About Dialog
Updated failure logging to syslog
Version 1.5: now quotes passwords (oops)
Spaces in volume names are converted to underscores: _
About dialog updated
Version 1.4: code refactoring
Added about/homepage menu items
Added "Remove Binaries" to remove /system/bin files: luks and cryptsetup
Added explore menu option to explore to volume location (requires Astro Filemanager)
Added background
Version 1.3: moved binaries into apk and added extractor/binary installer
Version 1.2: first public release
Screen Shots
Any Kernals for the OTA Sense
Nemesis][ said:
Introduction
This is my first Android application and I'm looking for testers and feedback.
LUKS Manager
LUKS Manager provides on-the-fly encryption (AES by default) to virtual folders on Android devices.
The virtual folders can be dynamically mounted, unmounted, created and deleted as needed.
(Think TrueCrypt like functionality)
Volumes and loopback device information are stored in: /mnt/sdcard/luks/.data
And the encrypted volumes are mounted at: /mnt/sdcard/luks/<volume_name>
Requirements
The Android device must:
Be rooted
Have a kernel that supports secure dm-crypt modes and loopback devices
Have a current version of BusyBox installed
Have SuperUser app installed
This package contains:
A statically compiled, stripped and UPX compressed version of cryptsetup for the ARM using the tools provided by the Guardianproject.
A bash shell script called "luks" that does volume management.
And a native java app that provides a GUI interface to the luks script.
Download
You can find more on the apps homepage at:
nemesis2.qx.net/pages/LUKSManager/
(I've been a long time lurker but since I'm a first time poster I'm not allowed to post this is the main Android App Dev section nor am I allowed to post external links. )
Screen Shots
Click to expand...
Click to collapse
Hi I was wondering if you knew any kernals for the Gingerbread sense OTA cuz ive been looking around for some but i couldnt find any. THX if you reply
h4ck0rk1d said:
Hi I was wondering if you knew any kernals for the Gingerbread sense OTA cuz ive been looking around for some but i couldnt find any. THX if you reply
Click to expand...
Click to collapse
This has been mentioned again and again, there will bo NO custom kernels for the 2.3 update until the source is released. Be patient.
Sent from my MiuiSpeedy
Won't download the full file on my phone using the stock browser and dolphin HD. 1 star because I can't install it. Just joking, but can you put up a mirror please? The download link seems to work fine in Chrome, but mobile browsers it seems to crap out on.
Sent from my PG06100 using XDA App
Download Fixed (I believe)
OK. I believe I've fixed mobile downloads on the server so please try again.
And I've also updated LUKS Manager to v1.4. (lots of little fixes, tweaks)
-N2
Here's a pretty icky bug report for you: LuksManager fails to create a volume if you use spaces in the password.
Ron Overdrive said:
Here's a pretty icky bug report for you: LuksManager fails to create a volume if you use spaces in the password.
Click to expand...
Click to collapse
Thanks for catching that. Version 1.5 should now quote passwords properly.
Any other issues? (I know I should validate user input more on volume creation; but the luks script should handle failures gracefully.)
-N2
Released v1.6
Version 1.6 notes:
Images updated and optimized using optipng.
Updated the about box text.
Added additional failure logging to syslog.
And did a small bit of code cleanup.
just tried this on my hero and its almost very good it seems to create, mount and unmount ok but i'm getting an error that it cant find mkdir (i think this might be because my busybox is in /system/xbin rather than /system/bin?) and also the graphics for the buttons dont seem to resize so on a low resolution screen they overlap and arent readable.
clarkk said:
just tried this on my hero and its almost very good it seems to create, mount and unmount ok but i'm getting an error that it cant find mkdir (i think this might be because my busybox is in /system/xbin rather than /system/bin?) and also the graphics for the buttons dont seem to resize so on a low resolution screen they overlap and arent readable.
Click to expand...
Click to collapse
Ok, I switched over from pixels to dp units. It seems to render fine in the emulator with the display settings for the Hero. Please let me know if it works.
Nemesis][ said:
Ok, I switched over from pixels to dp units. It seems to render fine in the emulator with the display settings for the Hero. Please let me know if it works.
Click to expand...
Click to collapse
Thanks looks great now on the screen, still have a problem mounting though, could it auto-detect the location of busybox or have a changeable option?
Some feature recomendations to consider:
* auto-mount select volumes on startup
* auto-dismount all volumes on shutdown
* auto-dismount all volumes on X number of failed lockscreen attempts
* graphical support for moving/linking directories/files into encrypted volumes (so we can link our folders for downloads, camera, dropbox, etc. to the volumes directly)
Sent from my PG06100 using XDA App
Doesn't work on HTC DesireHD/Android 2.3.3 and Tattoo/Cyanogenmod 7.0.3
Code:
# dd if=/dev/zero of=1.vol bs=1024k count=1024
# lm.cryptsetup luksFormat 1.vol
lm.cryptsetup luksFormat 1.vol
...
Verify passphrase: 1
device-mapper: reload ioctl failed: Invalid argument
Failed to setup dm-crypt key mapping for device /dev/loop0.
Check that kernel supports aes-cbc-essiv:sha256 cipher (check syslog for more info).
#
Relevant syslog lines
Code:
<3>[ 3257.202941] device-mapper: table: 254:0: crypt: Error initializing ESSIV hash
<4>[ 3257.203338] device-mapper: ioctl: error adding target to table
Looks like kernel problem... Any way to fix? YES.
Compile sha256_generic.ko as module, insmod it and all works normally.
Important note - kernel compilations with default NDK toolchain creates
broken module - kexec error - bad relocations: 27 - R_ARM_PLT32.
To compile correct module for your kernel use code sorcery arm compiler.
Details -on cyanogenmod's "compile kernel" page.
on which roms it is working ? i have zte blade - i know wrong topic but what rom should i install to have it working ?
xtam said:
on which roms it is working ? i have zte blade - i know wrong topic but what rom should i install to have it working ?
Click to expand...
Click to collapse
I think it'll work on any rom that has root, but I could be wrong. I use the latest CyanogenMod Nightlies.
Xtam, 2.0 GUI starts working for me with cyanogen 7.x ROM. It requires sha256_generic.ko module for aes-cbc-essiv cipher (FreeOTFE volume), but aes-cbc-plain volume works without additional modules.
Ron Overdrive said:
Some feature recomendations to consider:
* auto-mount select volumes on startup
* auto-dismount all volumes on shutdown
* auto-dismount all volumes on X number of failed lockscreen attempts
* graphical support for moving/linking directories/files into encrypted volumes (so we can link our folders for downloads, camera, dropbox, etc. to the volumes directly)
Click to expand...
Click to collapse
Ron,
I'll look into/consider adding some of those. I've add some code to unmount the volumes on shutdown but I'm not 100% sure it's working properly.
I like the idea of unmounting them all on after X number of failed lock screen attempts. Not quite sure how I can hook into that however.
In version 2.1 you can set the mount point; not sure if I'll write a GUI interface for symlinking however.
-N2
I'm having problems unmounting volumes in 2.1. Whenever I attempt to unmount a volume it tells me without any errors its unmounted, but when you try to remount the volume or check the status its still mounted.
I have a Samsung Infuse which is basically an i9000 galaxy S with a bigger screen and like most galaxy S devices I know of, it has internal storage which is mounted to /mnt/sdcard and an external sd card which is mounted to /mnt/sdcard/exteral_sd. I really like the app and it works perfectly, however I have a problem. It wants to create the volume on the internal sdcard instead of the external one. I edited the lukspath in the luks script but it keeps overwriting it when I start up the gui and go to create a volume. Is there a way to make this setting stick in the luks script without recompiling? Or could you update the app to allow people to change where it creates the volume? I just need to be able to create a volume in /mnt/sdcard/external_sd/. Thanks!
Nice app, thank you Nemesis.
Another suggestion for improvement: it would be nice to be able to change a volume password.
This is very frustrating... expert help needed. I have a Samsung Fascinate running AOKP JB 4.2.1 under a clean install (...formatted my system, data, datadata, cache & dalvik prior).
On phone startup, "media storage" seems to scan all internal audio files. The audio list exists... but after a while, the list just disappears and I no longer can choose my ringtones, music, etc. from any application depending on "media storage". I found out the list of media files are in the "internal.db" database under /data/data/com.android.providers.media/databases. So I cleared the "media storage" data, restarted the phone, n observed the folder contents...
On startup, "internal.db" shows up @ ~100 kb and doesn't change in file size. What does change in size is the accompanying wal-file, "internal.db-wal". According to sqlite.org, the wal-file will maintain the audio list and commit it to the database "internal.db" after so many records. Yet, at some point this wal-file drops from ~700 kb of records to 0 kb... no idea why. This is when i can't access my music.
For a long time, this wasn't an issue. I believe the records from the wal-file were already successfully committed to the database. Then I must've cleared the data (for some reason), thereby having "media storage" rebuild the database from scratch... and ultimately revealing an issue with the wal-file. I've even uninstalled the "media storage" package "mediaprovider.apk" from /system/app via TitaniumBackup. Rebooted. Then reinstalled the apk to /system/app. Rebooted. Same issue happens! All else is working perfectly.
I'm no sqlite expert, but is there some way i can force the wal-file to commit? Any other advice? Yes, I googled all i could think of. And i'd like to avoid reinstalling my ROM. Your help is greatly appreciated.
[EDIT]
Found a workaround...
1 - Delete the contents of the folder /data/data/com.android.providers.media/databases.
2 - Reboot and wait ~5 min after startup to let the media store reindex all ur media. DO NOT configure any app's ringtones/sounds just yet.
3 - In terminal, enter the following commands. You should see "x | y | z" after the checkpoint command... where x is 0 (database is ok), y is the number of modified pages, and z is the number of pages successfully committed to the database. y and z should be equal and much greater than 0. If the result is not as described, the database is probably screwed up and u were too late. Go back to step 1 and repeat.
$ su
# cd /data/data/com.android.providers.media/databases
# sqlite3 internal.db
> pragma wal_checkpoint(FULL);
> .exit
# exit
$ exit
4 - Trust the workaround and start configuring ur ringtones/sounds now... or reboot again and ensure the media store database stays fixed. I recommend the latter.
5 - 3 sir!
[/EDIT]
Checked posts / searched for an existing answer... didn't see anything (please move this post if it is in the wrong section)
So I have a app, when I open it asks me what Google ID to uses (preferred ID) but after selecting a Google ID I can not change to a different ID
- If I clear the App Cache the selected ID persists
- If I clear the App Data the selected ID clears and the app returns to the select ID option
- I keyword searched for the App name on my device (Nexus 5x)with Root Explorer (12 different file locations, with subfolders and a bunch of empty folders)
Clearing App Data is a working interim solution, the downside is that every time I clear the App Data the app "downloads assets" (40mb+ ~40 times per day - 1.6Gb!)
What I am hoping to find is a app / script / terminal / log solution that will tell me what file is being modified when I select the Google ID, so I can delete that file re-open the app and change Google Logon
(I contacted the app developer, they said they may be able to fix the problem on the next patch eta 12-24 months)
So I have tried these apps:
https://play.google.com/store/apps/details?id=file.observer
https://play.google.com/store/apps/details?id=scd.lcex
https://play.google.com/store/apps/details?id=eu.thedarken.sdm
But I didn't see system changes (root level) or I didn't know what to look for in LogCat
Any help or suggestions are appreciate!
- I do not have a computer with me (ADB) will be about 7 days before I can try that
- I have been experimenting with deleting files / folders and testing to see if I get lucky (probably not the best method)
- I am not a developer
My current process (as of today) - I clear the app data, then restore the app data with TB (just restoring doesn't clear the sign in status)
As long as my TB backup is "always" in the signed out state, then the "app assets" restore with no issues (and I don't have to keep downloading them)
I am looking for a way to get these (2) operations into a single script / file / shortcut, but it is working for now
I did try the terminal with cp -a (copy the assets - app had a error on library permissions when the files were restored) chmod, chown, and find (try and locate the file) but had minimal success
I wasn't paying attention to what I was doing after updating some apps, and froze some some application that is necessary, now my CATS60 will not boot. The app likely just uses the disable or hide command, but I am not sure what I misclicked, so I need to get a list or currently disabled apps or reenable all apps. I entered TWRP recovery, mounted all partitions, and connected through ADB shell.
This is what I get when I try to find out what's enabled/disabled:
Code:
# pm list packages
CANNOT LINK EXECUTABLE: library "libqc-opt.so" not found
page record for 0x7fb1658010 was not found (block_size=64)
adbd is running as root, and the file does exist:
Code:
~ # find / -name 'libqc-opt.so'
/system/vendor/lib/libqc-opt.so
/system/vendor/lib64/libqc-opt.so
I am using TWRP as recovery, and recovering system, data, and boot from backup does not fix this.
Does anyone know either
How can I make pm command work from recovery?
Where is the list of disabled apps stored, so I can manually edit it?
Thank you.
I found the list as used by the app (com.ramdroid.appquarantine), and it appears I blocked Google Calendar. However I have not found any way to "unfreeze" the app through recovery, this is simply a tracking file the app uses, not the actual enable/disable for Google Calendar.
Setting PATH and LD_LIBRARY_PATH environment variables does not help. Running it from inside the folder containing libqc-opt.so causes it to fail on a different external link.
Copying it to a second file called pm2, opening in vi and adding exports gets me as far as:
Code:
CANNOT LINK EXECUTABLE: cannot locate symbol "__android_log_close" referenced by "/system/lib64/libandroid_runtime.so"
Is it possible to chroot inside adb, and what do I need to mount first in order to do so? I don't know enough about Android to know which parts of the system I actually need.
If anyone knows descriptions to miuiop please share, I'm curious what they do.
What App Ops does is allow a user to revoke an individual permission for an app. When the app then starts and tries to make an Android system call to access something that the user has now forbidden then Android will return an error and won’t grant access to that data or functionality.
As you can see there are several numbers starting with 100xx. These are the app IDs (UID = user IDs) the system is dealing with. Every app has a corresponding UID which is needed for file permission rights. Example: If only a certain app (UID 10666) has the permission to open a certain folder, the folder will be restricted to u0_a666 (=user 0, that's you, + app UID 10666)
Usually the first UID slots 10001, 10002, ... are system apps since they get started first upon an initial boot of your device. I assume that MIUIOP belongs to the MIUI optimization, but not sure about that. But you can figure it out with the help of the UIDs:
Apk Analyzer - Apps on Google Play
Detailed reports of the applications on your device. 📱
play.google.com
Selecting an app shows you its UID. Unfortunately it doesn't show you the UID in the app's list directly.
So the uid number could be different across different miui versions… unlike standard appops which are the same regardless of device?
Posting a list of the apps just because:
10008 com.miui.core.internal.editor.services
10017 - com.miui.systemui.overlay.devices.android
10020 - com.android.theme.font.notoserifsource (Noto Serif / Source Sans Pro)
10026 - com.android.internal.systemui.onehanded.gestural (One Handed Mode)
10033 - com.android.overlay.gmstelephony
10036 - com.android.systemui.gesture.line.overlay
10037 - com.miui.systemui.carriers.overlay
The app UIDs are assigned ongoing by your system on first boot (for system apps) or after installation (for user apps). Example: The first app you install on your device gets the UID 10201 then the second one gets 10202 and so on. It doesn't depend on your MIUI version or sth like this.