[Q] Prevent relock with IPTABLES on FritzBox? - Windows Phone 7 Development and Hacking

Hi!
This is my first post, so I would like to say thanks for all the helpful information on this forum first...
I'm wondering if it would be possible to stop relock of WP7 by rejecting the access to developerservices.windowsphone.com and developerservices.windowsphone-int.com with IPTABLES on a modified FritzBox.
From my understanding the relock happens by either the phone or zune checking one of the domains to see if the phone is a registered developer unit.
I'm using WLAN and LAN connection at home via my FritzBox-router, on which I could install IPTABLES in a modified firmware an add rules like
iptables -A FORWARD -d developerservices.windowsphone.com -j REJECT
iptables -A FORWARD -d developerservices.windowsphone-int.com -j REJECT
I'm not sure if the phone would relock itself using a 3G connection or if the blocking of the domains would cause any side-effects.
What do you think of this "solution"?

Try reading up on this at this thread:
http://forum.xda-developers.com/showthread.php?t=922454

Thanks for the answer.
I read this post already, but it states you would have to disable WLAN prior to sync. Furthermore I had my WP7 relocked once without syncing it with zune, so I thougt IPTABLES would perhaps be a more secure and a more comfortable way regarding it wouldn't be neccessary to disable WLAN.

Well you could edit registry or use one of the xaps that does it for you, depending on witch device you use.

Related

[Q] Use PC's Internet via USB at Defy (opposite of thethering)

At home or in office, Defy is connected via USB to PC (to load). Is it possible to use the PC internet connection also for the Defy - maybe with the Motorola Software? In this case Defy gets an IP, so there must be some connection.
I miss this feature from WinMob (via ActiveSync) which can exactly do this.
The developer of "Moto Tethering USB" plans to add this feature. I don't know any other solutions, so you'll need to wait for that. Unless someone else knows something. I'd be especially happy for a solution that work on Linux (Moto Tethering USB doesn't).
Good to know. I have encouraged him in his thread.
Nice Question.....I'll wait for the Answer...
The procedure for Reverse USB Tethering with Android 2.2 given on this page might help... blog.mycila.com/2010/06/reverse-usb-tethering-with-android-22.html
it's pleasure to hear the new plan
there's already a app that can auto set the htc phone sharing the PC' net connection via usb
and defy is also badly in need of one
Is is easy on LINUX. You must use adb from android sdk tools.
Script for creating connection via USB and settings your PC to forward to LAN (Internet). Tested on FC12.
#! /bin/sh
ADB=/usr/local/bin/adb
DEVLAN=`route -n | grep "^0.0.0.0" | awk "{ print \\$8;}"`
IPLAN=`ip addr show dev ${DEVLAN} | grep "inet " | awk "{print \\$2}" | cut -f1 -d/`
echo "Setting up..."
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
iptables -t nat -A POSTROUTING -o ${DEVLAN} -j SNAT --to ${IPLAN}
echo "Starting PPP daemon..."
$ADB ppp "shellppd nodetach noauth defaultroute usepeerdns /dev/tty" nodetach noauth noipdefault notty 192.168.6.1:192.168.6.2
while [ "`/sbin/ifconfig | grep 192.168.6.1`" == "" ]; do
sleep 1
done
$ADB shell "setprop net.dns1 8.8.8.8"
$ADB shell "setprop net.dns2 8.8.4.4"
echo "Connected."
Click to expand...
Click to collapse
There is one problem. Downloader didn't works. It can't detect, that Android is online. It thinks that connection is closed. But browsing on market, browser, opera, all applications, that did'nt detect type of connection, work normal.
Have anybody solution?
Are there any news to reverse tethering? Best under Windows?
this will be simply awesome.........
as i dont have wifi at my home i am looking for this....
did anybody find something on this...
U can try this one..
If u hav wifi facility in ur laptop or desktop, u can use connectify software to share ur internet connection.
shall be waiting on this .... specially for windows
For windows you will find this thread helpfull
http://forum.xda-developers.com/showthread.php?t=1371345
informative
can't we.
isn't there a way to treat defy as a pc give it static ip on the network or using ics and add a route to using the pc internet? when i connect my defy it get an ip on my home router.
is there any ideas.

[SOLVED] OpenVPN Full Tunnel

Short Version:
Got an OpenVPN server on my NAS. GN connects & works fine; remote resources are reachable. I now want to know how I can route all traffic through the tunnel. (Is this possible?)
Long Version:
For those times when I'm traveling (domestically and internationally) and/or using a questionable Internet connection, I'd like to secure the connection.
I've got a [stock] rooted GN running Jelly Bean with BusyBox installed. My NAS has two built-in VPN solutions one of which being OpenVPN so I got that setup which created an .ovpn file containing the following configuration:
Code:
dev tun
tls-client
remote YOUR_SERVER_IP 1194
# The "float" tells OpenVPN to accept authenticated packets from any address,
# not only the address which was specified in the --remote option.
# This is useful when you are connecting to a peer which holds a dynamic address
# such as a dial-in user or DHCP client.
# (Please refer to the manual of OpenVPN for more information.)
#float
# If redirect-gateway is enabled, the client will redirect it's
# default network gateway through the VPN.
# It means the VPN connection will firstly connect to the VPN Server
# and then to the internet.
# (Please refer to the manual of OpenVPN for more information.)
#redirect-gateway
# dhcp-option DNS: To set primary domain name server address.
# Repeat this option to set secondary DNS server addresses.
#dhcp-option DNS DNS_IP_ADDRESS
pull
proto udp
script-security 2
ca ca.crt
comp-lzo
reneg-sec 0
auth-user-pass
After installing OpenVPN Installer & OpenVPN Settings, I had to manually symlink busybox, ifconfig, and route from /system/bin to /system/xbin in order for OpenVPN to run properly.
Code:
#Note: In an attempt to be thorough, and for any Googlers or forum searchers (+1)...
#First I had to mount /system as read/write via:
mount -o -rw,remount /system
#Then create the symlinks via:
ln -s /system/bin/busybox /system/xbin/busybox
ln -s /system/bin/ifconfig /system/xbin/ifconfig
ln -s /system/bin/route /system/xbin/route
#Then remount /system as read-only via:
mount -o ro,remount /system
Once all of the above was setup, I initiated the connection, successfully authenticated, and was able to reach remote resources without issue.
What I would like to do at this point is get it setup so that I can have a second profile that routes all traffic through the VPN. I assume its a client-side configuration change but I really don't know at this juncture.
Many thanks!
Doesn't CyanogenMod ROM have native OpenVPN support? I think the OpenVPN client on CM has an option to route all traffic through the VPN. I think for what you want to do you should need a custom ROM or kernel that supports iptables.
iptables is a system file that allows the system to redirect network traffic usually for apps like tethering, firewalls, and proxies.
Sent from my Galaxy Nexus using Tapatalk 2
Thanks for taking the time to reply KemikalElite.
I've got BusyBox 1.20.2 installed and I do have an iptables binary (v1.4.11.1). With solutions like Hotspot Shield VPN that don't require root yet supports encryption for all traffic, I figured root + OpenVPN + BusyBox + iptables would be sufficient.
My initial assumption was that I would need to make some changes to my OpenVPN configuration to encrypt & route all traffic through the tunnel. But maybe I've been thinking about this all wrong and its less about OpenVPN and more about running a custom script once connected to route everything through the tunnel; and vice versa when I disconnect to restore the original configuration.
Perhaps I should be scouring OpenVPN forums?
Phylum said:
Thanks for taking the time to reply KemikalElite.
I've got BusyBox 1.20.2 installed and I do have an iptables binary (v1.4.11.1). With solutions like Hotspot Shield VPN that don't require root yet supports encryption for all traffic, I figured root + OpenVPN + BusyBox + iptables would be sufficient.
My initial assumption was that I would need to make some changes to my OpenVPN configuration to encrypt & route all traffic through the tunnel. But maybe I've been thinking about this all wrong and its less about OpenVPN and more about running a custom script once connected to route everything through the tunnel; and vice versa when I disconnect to restore the original configuration.
Perhaps I should be scouring OpenVPN forums?
Click to expand...
Click to collapse
You have the tun module as well right?
code.google.com/p/android-openvpn-settings/issues/list
Check through some of those issues. Something did say that the DNS servers may need to be manually set.
OpenVPN is so complex because of the config options. I find it easier to use native PPTP connections since there's no config only authentication and it routes all traffic automatically.
Sent from my Galaxy Nexus using Tapatalk 2
You need to enter "redirect-gateway" into your ovpn config file.... Just remove the # in the your config
Thanks for the reply ZiCoN!
I should have mentioned this sooner - terribly sorry for omitting this.
Once I got the VPN connected, I did the old 'what is my ip' to verify the route. It was still using the provider's network, but I could reach my NAS and other remote devices in the 192.168.x.x range - so the VPN itself was working. After reading the mini explanation in the config file I enabled 'redirect-gateway' and after reconnecting I could no longer access the Internet. I checked the OpenVPN Manual I added 'def1' after the 'redirect-gateway' statement, reconnected but still no go: I can no longer access the Internet. Remote resources are still accessible in both scenarios.
KemikalElite said:
You have the tun module as well right?
code.google.com/p/android-openvpn-settings/issues/list
Check through some of those issues. Something did say that the DNS servers may need to be manually set.
OpenVPN is so complex because of the config options. I find it easier to use native PPTP connections since there's no config only authentication and it routes all traffic automatically.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
I somehow missed this when drafting my last reply. I think you're right about it being a DNS problem. I made a change to the config file (adding a few lines for 'dhcp-option DNS x.x.x.x') and within OpenVPN used the 'Fix DNS' button.
Thanks all for your time, thoughts, opinions and instructions!
Phylum said:
Thanks for the reply ZiCoN!
I should have mentioned this sooner - terribly sorry for omitting this.
Once I got the VPN connected, I did the old 'what is my ip' to verify the route. It was still using the provider's network, but I could reach my NAS and other remote devices in the 192.168.x.x range - so the VPN itself was working. After reading the mini explanation in the config file I enabled 'redirect-gateway' and after reconnecting I could no longer access the Internet. I checked the OpenVPN Manual I added 'def1' after the 'redirect-gateway' statement, reconnected but still no go: I can no longer access the Internet. Remote resources are still accessible in both scenarios.
Click to expand...
Click to collapse
You probably need to allow traffic to route back along the vpn film the internet. On your gateway, route vpn addresses to the VPN server and make sure forwarding is enabled on the vpn server.
Questions go in Q&A
Read forum rules and stickies before posting
Thread moved
FNM

[Q] Reverse tether ("internet passthrough") on DHD using JellyTime ROM?

Hi.
I didn't want to start this in the JellyTime dev thread and take it off-topic, and figured a separate thread would be more useful to anyone searching for this.
Aim: Access the internet on my DHD using my Linux PC's internet connection.
Set-up: Ubuntu 12.04, Desire HD (European), JellyTime R21.
Process/progress so far:
I found a script here... I modified it a little, so it looks like this:
Code:
#!/bin/bash
adb shell 'echo 6 > /sys/devices/platform/msm_hsusb/usb_function_switch'
sleep 1
adb shell ifconfig usb0 192.168.99.5 netmask 255.255.255.0 up
sleep 1
adb shell setprop net.dns1 8.8.8.8
get_ip ()
{
ifconfig usb0 | grep inet | awk '{print $2}' | sed 's/addr://' | grep .
}
echo "waiting for IP on computer usb0"
while [[ `get_ip` < 192 ]];do sleep 2; done
ip=`get_ip`
echo "IP adress is $ip "
adb shell route add default gw $ip dev usb0
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
If I set my device to "USB tether" mode, running (as su) "ifconfig usb0 up" works fine, but running the above script generates:
Code:
/system/bin/sh: can't create /sys/devices/platform/msm_hsusb/usb_function_switch: No such file or directory
waiting for IP on computer usb0
connect.sh: 14: connect.sh: cannot open 192: No such file
connect.sh: 14: connect.sh: [[: not found
IP adress is 192.168.42.245
No such process
Is the problem that usb_function_switch is not present in Cyanogenmod? If so, I guess randomblame (the JellyTIme dev) would have to add this to his DHD port of CM10. I think it has been added for the HTC Hero.
Incidentally, I also tried using this app. I followed the instructions, and can ping my DHD from the PC, but pressing the start button throws the message "No tetherable USB interface!".
Any tips and advice (even if it's just telling me it's not possible, and that I should give up now) would be appreciated.
Thanks.
EDIT (P.S.): If we can come to the conclusion that this is something to do with the ROM (e.g. usb_function_switch) then I will create an issue for this in the ROM issue tracker... but I didn't want to do that immediately in case it is just me missing something obvious.
Well, even if you create the usb_function_switch file, the ROM still doesn't support Internet pass-through, so putting "6" in it won't do anything. You can put it on the issue tracker, but I have not yet seen a non-Sense ROM have that feature.
bananagranola said:
Well, even if you create the usb_function_switch file, the ROM still doesn't support Internet pass-through, so putting "6" in it won't do anything. You can put it on the issue tracker, but I have not yet seen a non-Sense ROM have that feature.
Click to expand...
Click to collapse
Really? It supports USB tethering... I was pretty sure that was all that was needed... See this.
lawrencew said:
Really? It supports USB tethering... I was pretty sure that was all that was needed... See this.
Click to expand...
Click to collapse
First of all, I'm not sure if that site you're quoting is for the Desire or the Desire HD. Second, USB tethering allows the computer to use the phone's internet (which is supported); internet pass-through is the other way around. Third, I could be wrong about JellyTime supporting internet pass-through; where did you see that?
bananagranola said:
First of all, I'm not sure if that site you're quoting is for the Desire or the Desire HD. Second, USB tethering allows the computer to use the phone's internet (which is supported); internet pass-through is the other way around. Third, I could be wrong about JellyTime supporting internet pass-through; where did you see that?
Click to expand...
Click to collapse
I was under the impression that passthrough uses the same connection as tether, but with slightly different config.
Could definitely use that...the reverse tether would be great in remote area's with spotty connections as well as in buildings like hospitals.
lawrencew said:
I was under the impression that passthrough uses the same connection as tether, but with slightly different config.
Click to expand...
Click to collapse
If that's true, that's really interesting.
Well, we have to find out how it works because i want to use JB but i can't because it doesn't has Reverse Tether. Sense Roms are my only Option and i hate that. If someone gets the solution it would be nice if you make a tutorial for that.
Found a solution. Search the forum for Reverse Tethering 2.30 .

VPN + Wifi Tethering = Extremely Slow

I have a vpn service that I connect to on a regular basis. I want to wifi tether to two other android devices with this VPN connection. However, when I have the VPN connected and wifi tether on my G4, the clients connect at a VERY slow rate (>1 kb/s). I can't even pull up a Google in Chrome because it's so slow.
I have seen on the interwebs that I need to run some iptables commands like so...
Code:
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE
But this has no effect. I think these procedures might be a little outdated since we are on 5.1. Does anyone know of a VPN+Tether procedure that works on our G4's?
Bump
Solved!
NOTE: This required root access
1. Install WiFi Tether Router from the Play Store ($2.80)
2. Configure WiFi Tether Router like so:
Code:
Interface wlan0
Method 2
Channel 1
Encryption wpa2-psk (Don't forget to set password)
"No Firmware Reload" <- UNCHECKED
3. Connect to your VPN (I used the stock G4 settings)
4. Enable Wifi Tether Router (Asks for Root)
5. Enjoy!
All clients that connect to your G4 via Wifi Tether Router should now be within the VPN. You can check this by going to http://whatismyipaddress.com/

dnsmasq.conf location?

In the latest 5.0.3 build for the 5T, I see dnsmasq is running in /system/bin/dnsmasq
Awesome, I want to use it. The question is, if I put my config file in /system/etc/dnsmasq.conf will dnsmasq see it and run my config? If not there, where does it need to go in order to work?
Interesting.
I'll give it a try later today.
I'd say put your configuration and see if that works. Not sure if cycling the connection would work or if you'll need a full reboot tho.
W.
Awesome, please let us know.
For those who are unfamiliar with dnsmasq, it allows users to block domains (e.g. malware.com) without having to also block all of its subdomains (e.g. www.malware.com, infect.malware.com, hidden01.malware.com, hidden02.malware.com, etc).
The /etc/hosts file commonly used to block connections cannot do this, it requires you to list every subdomain, which turns blocking sites into a game of whack-a-mole as malware sites simply invent new subdomains every day.
That's why dnsmasq is so important, and I'm glad to see that the service is running on Android.
dnsmasq is used only during tethering. Right?
Actually, you cannot find dnsmasq.conf in any directory. I think it is hard-coded in settings app.
But, you can follow these steps to use your own dnsmasq.conf
turn on tethering
kill dnsmasq
Code:
killall dnsmasq
run dnsmasq with your own configuration
Code:
dnsmasq -C /path/to/dnsmasq.conf -x /path/to/dnsmasq.pid
enjoy
This requires your device to be rooted. I use this method to host captive portal on my android device.

Categories

Resources