Related
Update: See saturn_de's thread for more modules:
http://forum.xda-developers.com/showthread.php?t=1455382
---
Asus failed big time with their ICS kernel. Not only did they leave out the tun module, they also left out several other required options.
After a lot of trial and error, I've found all the modules necessary to connect to VPN, at least using IPSec XAuth PSK mode with my employer's setup. It may or may not work for you.
Root is required. You can find the compiled modules attached. There is a _readme.txt file inside with instructions. Let me know your results!
Thanks to sklid for his initial tun.ko. If you're looking for cifs.ko, you can find it here:
CIFS kernel module for ICS.
Reserved, or something. Although I can hardly imagine actually needing this.
They also left out the ability to properly use the Battery setting for anything other than system processes - can you fix that in your kernel
Oh & can you fix the ad hoc network issue while your at it
Edited: I wished init.goldfish.sh would work. Anyone knows which script got called at startup?
I modified your instruction a bit as my shell script. It does not work if I tried with the ICS VPN - IPSec Xauth PSK. It works using VPN Widget from market.
You can copy the attached file into /etc and set executed permission for it via Root Explorer. When you need vpn, open terminal then execute it after becoming root. Then setup your vpn widget to connect.
huytrang90 said:
Edited: I wished init.goldfish.sh would work. Anyone knows which script got called at startup?
I modified your instruction a bit as my shell script. It does not work if I tried with the ICS VPN - IPSec Xauth PSK. It works using VPN Widget from market.
You can copy the attached file into /etc and set executed permission for it via Root Explorer. When you need vpn, open terminal then execute it after becoming root. Then setup your vpn widget to connect.
Click to expand...
Click to collapse
Is this the app you're talking about? VPNC Widget
If so, it may be something that vpnc supports but the built-in racoon doesn't. I wonder how your VPN is set up differently from mine. Could you post the logcat output (filtered by racoon) from when you're trying to connect using the built-in VPN tool?
I Thanked you for your effort and excellent documentation, but unfortunately my Prime reboots as soon as it completes Phase 2 negotiation. Can post gory details tomorrow if you're interested. Hopefully your work gets the attention of the devs at Asus!
Noxious Ninja said:
Is this the app you're talking about? VPNC Widget
If so, it may be something that vpnc supports but the built-in racoon doesn't. I wonder how your VPN is set up differently from mine. Could you post the logcat output (filtered by racoon) from when you're trying to connect using the built-in VPN tool?
Click to expand...
Click to collapse
That is correct program. I will get that logcat once I have access to PC.
Sent from my Transformer Prime TF201 using Tapatalk
Hey OP or anyone that knows, do you think this works with VPNsecure?
Tairen said:
Hey OP or anyone that knows, do you think this works with VPNsecure?
Click to expand...
Click to collapse
This VPNSecure? Maybe. I've used a PPTP VPN in Gingerbread on my phone before. I don't think ICS has built-in OpenVPN support, though, so you would have to use these kernel modules with the third-party OpenVPN Installer - assuming it still works with ICS.
If you decide to give it a try, let us know if/how it works.
Noxious Ninja said:
This VPNSecure? Maybe. I've used a PPTP VPN in Gingerbread on my phone before. I don't think ICS has built-in OpenVPN support, though, so you would have to use these kernel modules with the third-party OpenVPN Installer - assuming it still works with ICS.
If you decide to give it a try, let us know if/how it works.
Click to expand...
Click to collapse
Damnit so close. Just tried, got all the way through but when I tried to connect after typing in the passphrase this is what I got:
Wait..
Auth..
Get config..
FATAL: Cannot allocate TUN/TAP dev dynamically
My prime appears to connect fine but when I try to access any data over the connection it restarts.
Connection via the widget above works perfect tho!
Tairen said:
Damnit so close. Just tried, got all the way through but when I tried to connect after typing in the passphrase this is what I got:
Wait..
Auth..
Get config..
FATAL: Cannot allocate TUN/TAP dev dynamically
Click to expand...
Click to collapse
Is this from OpenVPN or PPTP? Are there any more detailed logs?
ssjgesus said:
My prime appears to connect fine but when I try to access any data over the connection it restarts.
Connection via the widget above works perfect tho!
Click to expand...
Click to collapse
Strange that multiple people are having restarts. I wonder if there's something in the vanilla Android kernel that doesn't match up with the Asus kernel, or something missing in my modules. It might just be a bug in Android, though. The VPNC Widget totally bypasses a lot of the built-in ICS VPN pieces and uses its own stuff instead.
Noxious Ninja said:
Is this from OpenVPN or PPTP? Are there any more detailed logs?
Strange that multiple people are having restarts. I wonder if there's something in the vanilla Android kernel that doesn't match up with the Asus kernel, or something missing in my modules. It might just be a bug in Android, though. The VPNC Widget totally bypasses a lot of the built-in ICS VPN pieces and uses its own stuff instead.
Click to expand...
Click to collapse
That program works well. It does complain about missing advance routing capability, but works nonetheless.
Sent from my Transformer Prime TF201 using Tapatalk
Noxious Ninja said:
Is this from OpenVPN or PPTP? Are there any more detailed logs?
Strange that multiple people are having restarts. I wonder if there's something in the vanilla Android kernel that doesn't match up with the Asus kernel, or something missing in my modules. It might just be a bug in Android, though. The VPNC Widget totally bypasses a lot of the built-in ICS VPN pieces and uses its own stuff instead.
Click to expand...
Click to collapse
It's what i get when using openvpn settings and following their instructions. I also directed the filepath to tun.ko as well. And yes i was trying to connect to one of their PPTP servers.
i am having restarts as well. how can i see the log of the vpn trying to connect?
ASUS released the kernel source today on their page, so can we get custom kernels now?
DroidHam said:
ASUS released the kernel source today on their page, so can we get custom kernels now?[/QUOT
Need unlocked bootloader & Recovery to flash.
Click to expand...
Click to collapse
When I issue "insmod tun.ko", I get
"insmod: init_module fail 'tun.ko' failed (Exec format error)"
I'm running the virtuous rom 9.4.2.15v2
Pls help
bklm1234 said:
When I issue "insmod tun.ko", I get
"insmod: init_module fail 'tun.ko' failed (Exec format error)"
I'm running the virtuous rom 9.4.2.15v2
Pls help
Click to expand...
Click to collapse
TUN is already enabled in the stock kernel that comes with Asus 9.4.2.15. It may not have been in earlier Samsung kernels before that. So, you shouldn't need to load that module.
you're right _motley. Thx so much.
I am using Criskelo v36 rom with siyah 2.6.9 kernel. Whenever I open and app that uses tapjoyads like Gift Cards, Prize per Day, Majority Feud... and click on get more points, they direct me to ws.tapjoyads.com/**** but the page does not open and immediately says that it is unavailable. I tried opening it on my PC and it worked fine. Can you help me resolve this issue this please?
Sounds like your ROM probably has ad-blocking, and has also blocked that domain.
Check /etc/hosts and remove that entry if present, or disable ad-blocking entirely.
If you're not comfortable remounting file systems and editing files, install AdAway from the market and select "Disable ad blocking".
oinkylicious said:
Sounds like your ROM probably has ad-blocking, and has also blocked that domain.
Check /etc/hosts and remove that entry if present, or disable ad-blocking entirely.
If you're not comfortable remounting file systems and editing files, install AdAway from the market and select "Disable ad blocking".
Click to expand...
Click to collapse
Thank you. adaway worked. Sorry it took a while to reply but I had my finals last week.
Hi there,
Is there any way to disable the need for security/lock screen (pin, password, or pattern) required to set-up a vpn connection?
The only thing I can find is a temp fix that works until reboot. Outlined Here. Are there more permanent fixes for this?
I am willing to run any ROM/mod that is needed to make this work, just need a push in the right direction!
Thanks!
vpn root works for me
Homerunnerd said:
Hi there,
Is there any way to disable the need for security/lock screen (pin, password, or pattern) required to set-up a vpn connection?
The only thing I can find is a temp fix that works until reboot. Outlined Here. Are there more permanent fixes for this?
I am willing to run any ROM/mod that is needed to make this work, just need a push in the right direction!
Thanks!
Click to expand...
Click to collapse
I use VPN root to bypass the security. It works great for me.
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
mkone5718 said:
I use VPN root to bypass the security. It works great for me.
Click to expand...
Click to collapse
Unfortunately, I need a L2TP security support. But thanks for the push in the right direction.
hi all,
I'm on a rooted nexus 7 running Lollipop and I'm trying to move some apps to the priv-app folder however I seem to be unable to create or copy any files in the system folder (or subfolders) at all. I can for instance create a folder in root but not in system. Always says 'failed', I tried ES, and Root explorer, including the built in scripts of those apps which try to move the apk themselves. Screenshot attached. Any ideas? Thanks
@bthere79,
It seems to me that you probably don't have Hidden Files and/or Root Explorer enabled in ES File Explorer. Check out my post here, and click on the two "here" links for complete instructions on how to accomplish that.
:good:
thenookieforlife3 said:
@bthere79,
It seems to me that you probably don't have Hidden Files and/or Root Explorer enabled in ES File Explorer. Check out my post here, and click on the two "here" links for complete instructions on how to accomplish that.
And don't forget to hit "Thanks!" on the bottom-right of this post! :good:
Click to expand...
Click to collapse
thanks for the answer but doesn't really help, that was all enabled already and I was mainly using Root Explorer anyway.
Anyone can help? thanks
You do know that the new security updates in android 5.0 has far stricter root restrictions. That folder may no longer be able to be edited by 3rd party apps
zelendel said:
You do know that the new security updates in android 5.0 has far stricter root restrictions. That folder may no longer be able to be edited by 3rd party apps
Click to expand...
Click to collapse
no i did not know.... surely there's a way round that? If that's the case I'd imagine other people would want to override that? That would mean you can't uninstall bloatware etc.
bthere79 said:
no i did not know.... surely there's a way round that? If that's the case I'd imagine other people would want to override that? That would mean you can't uninstall bloatware etc.
Click to expand...
Click to collapse
Could be why Google is trying to make them install them so they can be removed.
It could be just that the root apps need to be updated. Many 3rd party apps are having issues with stock things. Like heads up. So it could just be the apps need to be updated
Probably has something to do with SELinux Mode. I'm using an unofficial version of CM12 on my 1+1 and it was already set to permissive, but I tried the SELinux Mode Changer and it did work to change it back to Enforcing, so seems like it does work on Lollipop, despite that it doesn't technically support it (it also says it doesn't work with Samsung devices with Knox, though I have used it on dozens without issues). I would try and use that to change to permissive, and then you should be able to make changes to the system easier.
https://play.google.com/store/apps/details?id=com.mrbimc.selinux
es0tericcha0s said:
Probably has something to do with SELinux Mode. I'm using an unofficial version of CM12 on my 1+1 and it was already set to permissive, but I tried the SELinux Mode Changer and it did work to change it back to Enforcing, so seems like it does work on Lollipop, despite that it doesn't technically support it (it also says it doesn't work with Samsung devices with Knox, though I have used it on dozens without issues). I would try and use that to change to permissive, and then you should be able to make changes to the system easier.
https://play.google.com/store/apps/details?id=com.mrbimc.selinux
Click to expand...
Click to collapse
thanks i'll give it a go
es0tericcha0s said:
Probably has something to do with SELinux Mode. I'm using an unofficial version of CM12 on my 1+1 and it was already set to permissive, but I tried the SELinux Mode Changer and it did work to change it back to Enforcing, so seems like it does work on Lollipop, despite that it doesn't technically support it (it also says it doesn't work with Samsung devices with Knox, though I have used it on dozens without issues). I would try and use that to change to permissive, and then you should be able to make changes to the system easier.
https://play.google.com/store/apps/details?id=com.mrbimc.selinux
Click to expand...
Click to collapse
didn't make any difference any other ideas?
An Xposed module to disable SSL verification and pinning on Android using the excellent technique provided by Mattia Vinci.
The effect is system-wide.
Useful for various security audits.
GitHub repository | Xposed repository
Nice module. Could this be done in Magisk?
ViRb3 said:
An Xposed module to disable SSL verification and pinning on Android using the excellent technique provided by Mattia Vinci.
The effect is system-wide.
Useful for various security audits.
GitHub repository | Xposed repository
Click to expand...
Click to collapse
Okay, but why would I want to disable it and what is pinning?
Posted from my way cool LG V20 (H910) Nougat 7.0
joluke said:
Nice module. Could this be done in Magisk?
Click to expand...
Click to collapse
Probably, but that would be very overkill. The EdXposed framework (which can load this module) is based on Magisk and passes SafetyNet, check it out.
Zeuszoos said:
Okay, but why would I want to disable it and what is pinning?
Posted from my way cool LG V20 (H910) Nougat 7.0
Click to expand...
Click to collapse
It comes into play when analyzing encrypted traffic from apps, e.g. malware. First, here's some resources that explain how to analyze traffic: https://en.wikipedia.org/wiki/Man-in-the-middle_attack, https://security.stackexchange.com/...ent-man-in-the-middle-attacks-by-proxy-server
Basically, you would need to proxy traffic to your computer and replace the server certificate with your own one (that you can decrypt). However, Android won't recognize that homemade certificate and reject it. To prevent this, sometimes you can import it in your phone's settings. But then there's certificate pinning, which forces an app to use ONLY the specified certificate and nothing else. So even if you add your hommade certificate to the trusted list, it will still be different and thus rejected. This module gets rid of both problems by making Android accept any certificate without verification. Needless to say, this is extremely insecure, but for our purposes it saves a ton of effort
Thanks you very much for this! I love it, I can see all the ssl data
not working for *.googleapis.com, any idea?
Hello vibr3,
I appreciate your great work on that script. I'm on FOS 6.0 on firetv 4k, I installed the module in xposed but running it wouldn't do anything. It seems like it's not working probably on my SDK25, android 7.1.
I've been using your awesome module (alongside Fiddler/CharlesProxy) for the past couple of weeks, and it's been working perfectly for a couple of apps that I needed to reverse engineer.
However, some apps (e.g. Instagram) won't accept the CA certificate that I use (self signed, user-installed). Is there anything I can do to be able to decrypt traffic for these kind of apps?
I use LineageOS 14.1
DRSDavidSoft said:
I've been using your awesome module (alongside Fiddler/CharlesProxy) for the past couple of weeks, and it's been working perfectly for a couple of apps that I needed to reverse engineer.
However, some apps (e.g. Instagram) won't accept the CA certificate that I use (self signed, user-installed). Is there anything I can do to be able to decrypt traffic for these kind of apps?
I use LineageOS 14.1
Click to expand...
Click to collapse
Same question for YouTube app
Is there any method to bypass certificate verification for nonroot. ?
@ViRb3
Could you advice me please? If i disable certificate pinning using your application but still don't see the requests in the fiddler where can be a problem?
What is it that when I try to use this, it says the app cannot be on the deny list. What if the app is root protected and ssl pinning enabled at the same time?