I am trying to execute this code
Process process = new ProcessBuilder().command("mount").start();
process.waitFor();
to find out the sd card location and then afterwards checking if it is managed by vold and if the file system is vfat.
My question is if anyway this code can be comproprised and become a candidate for command injection in Android.
Couple points from my side.
Its not user input so there will be no command injection in that case. Can the whole Android OS environment be changed such that mount command can be ill used ?
cheers,
Saurav
ok...Currently i am reading /proc/mounts replacing the mount command.
Is this is the good way to do.
References for this solution
http://renzhi.ca/2012/02/03/how-to-list-all-sd-cards-on-android/
How can I get the list of mounted external storage of android device
code below
reader = new BufferedReader(new FileReader("/proc/mounts"));
String line;
while ((line = reader.readLine()) != null) {
// Output the line of output from the mount command
logger.debug(" {}", line);
if (line.startsWith("/dev/block/vold/")) {
Can anyone please if this is the correct way to do and is free of any security issues.
cheers,
Saurav
As you said, as long as you don't have any user input you're safe from this kind of injection.
The only case where you could be in trouble is if the mount binary have been replaced by a some malicious binary. To encounter this situation, the user must have had rooted the device and replaced the OS with a custom ROM.
I think you can assume that the mount command should run properly.
Related
I have been trying to run a few Linux commands on my android phone with
Process process = Runtime.getRuntime().exec(COMMAND);
BufferedReader in = new BufferedReader(new InputStreamReader(process.getInputStream()));
And noticed that I can only run specific commands and get the proper output even if the device is rooted with SuperSU (I have also tested it with a device without SuperSU on it).
For example, if I run ls and try to put it on a screen (through a TextView) as follows:
public void onBtnClick(View view) {
try {
EditText commandLine = findViewById(R.id.commandText);
Process process = Runtime.getRuntime().exec(commandLine.getText().toString());
BufferedReader in = new BufferedReader(new InputStreamReader(process.getInputStream()));
((TextView) findViewById(R.id.mainTextView)).setText(((TextView) findViewById(R.id.mainTextView)).getText() + "\n" + in.readLine());
commandLine.setText("");
} catch (IOException e) {
e.printStackTrace();
}
}
the output is acct which makes sense.
But on the other hand, if lets say I run pwd it gives me the following error:
W/System.err: java.io.IOException: Error running exec(). Command:
[pwd] Working Directory: null Environment: null
I did some research online and stumbled upon Termux that can have complete control over the phone through a terminal which is exactly what I'm looking to make (for my own learning and testing purposes).
And although it's just an emulator it can do exactly what I want but the only problem is that it requires I input the commands through the terminal.
What I'm here for is to sort of replicate what Termux does for myself so that I could run Linux commands properly from the Java code of the application, not requiring the user to actually input commands.
Can anyone help me with where to start and the basics of running those commands properly on my device?
Termux states that it doesn't work as a traditional Linux bash does since it sets its own virtual-ish environment when first setting up in its data directory in /data/data/com.termux/files/usr see here and here
Also, according to the official android docs, the exec(command) method,
Executes the specified string command in a separate process.
This is a convenience method. An invocation of the form exec(command)
behaves in exactly the same way as the invocation exec(command, null,
null).
So if it's a separate process, when executing a command, it will run it inside that process' directory (Each process in Linux gets its directory and is assigned an PID which os uses). So what the ls command gives you is simply whatever's inside that process' directory. You should be somewhere like /proc/31415/ and there's only a acct file (cgroup in regular Linux).
What you should be doing is running the command inside a directory by declaring it when invoking getRuntime().exec() see the link above to find the right one you'll need. I'd suggest using the override which handles all the parameters.
You'll need something like this:
String[] cmd = {"mkdir", "testDir"};
File env = new File(getFilesDir().getAbsolutePath());
Runtime.getRuntime().exec(cmd, null, env);
Also, it doesn't hurt to take a look at Termux's installer code (exec(). It'll give you a good overlook to setting up your environment as well as working with basic commands.
Also, I think you've done it already but double check to make sure that you're requesting WRITE_EXTERNAL_STORAGE permission for your application.
I change the permission of /system/xbin/tcpdump to 777 and write the code in my Android APP like below.
But I still get the error message "stderr=tcpdump: any: You don't have permission to capture on that device" and "stderr=(socket: Operation not permitted)".
Is there anyone know what's the problem here?
Thanks.
Process process
String[] cmd = {"/system/xbin/tcpdump", "-i any", "-w /sdcard/tcpdump.pkt"};
TextUtils.join(" ", cmd);
process = Runtime.getRuntime().exec(cmd);
BufferedReader errorReader = new BufferedReader(new InputStreamReader(process.getErrorStream()));
String line;
while ((line = errorReader.readLine()) != null) {
Log.d(TAG, "stderr="+line);
}
Android does not support raw sockets, which would include the ability to collect raw frames using a sniffer, by any user space process on non-rooted devices.
If you check the main support site for TCPDump on Android, you'll find that one of the very first requirements is a rooted Android device.
N.B.: This question about the serial number of the physical SD card, not the UUID of the mounted volume. These are two independent pieces of data.
In some versions of Android, and other variants of Linux, it's possible to get the serial number of a mounted SD card, e.g. by reading the contents of /sys/class/mmc_host/mmc0/mmc0:0001/serial or /sys/block/mmcblk0/device/serial (specific numbers may vary). In my testing this has worked pretty reliably, as long as the SD card is inserted in a built-in SD card slot (not mounted via USB adapter).
But as of Android 7.0 Nougat, the OS is said to be blocking access to this information, at least on some devices. I tested this by running a test app on a new Alcatel A30 GSM (Android 7.0), and in fact the above approach fails with a permission error:
java.io.FileNotFoundException: /sys/block/mmcblk0/device/serial (Permission denied)
at java.io.FileInputStream.open(Native Method)
For future reference, we (testing from an adb shell) have permissions to ls -ld the following:
/sys/class/mmc_host but not /sys/class/mmc_host/mmc0
/sys/block but not /sys/block/mmcblk0
Since the above approach no longer works,
Is there another way to obtain the serial number of a mounted SD card in Android 7.0 or later?
Failing that, is there any documentation or other statement from Google on plans for providing or not providing this function? I haven't found anything in the Android issue tracker, but maybe I'm not searching right.
To make sure the question is clear, I'm talking about what an ordinary (non-system) app running on a non-rooted device can do, with any permissions that an app can normally request and receive.
FYI, the /sbin directory doesn't seem to be readable, so commands like /sbin/udevadm aren't an option.
In Android N access to /sys nad /proc was significantly restricted, this was done to provide stricter sandboxes where applications run. This is explained in https://issuetracker.google.com/issues/37091475 as intentional. Actually its not said that all the data in /sys is not accessible, and Google is open to allow access to other files from this location:
If there are specific files in /sys you believe should be available to applications, but are not, please file a new bug where the request can be evaluated. For instance, /sys/devices/system/cpu is available to all processes, so it's inaccurate to say all of /sys is restricted.
I have a bad feeling that google is making changes similar to Apple where it is not allowed to gain hardware id-s. If that is not resolved then the solution is to use google account IDs instead. But I am aware it is not always possible, and will require major changes in business logic (licensing etc.).
Hopefully your bug report will be considered positively.
another related SO I found : File system changes in Android Nougat
Use StorageVolume.getUuid() on StorageVolume which you get from StorageManager.
The value is volume ID assigned during formatting of the card, and its length/format differs depending on file system type. For FAT32 it is XXXX-XXXX, for NTFS it's longer hex string, for Internal mass storage it returns null.
public String getSDCARDiD()
{
String sd_cid = null;
try {
File file = new File("/sys/block/mmcblk1");
String memBlk;
if (file.exists() && file.isDirectory()) {
memBlk = "mmcblk1";
} else {
//System.out.println("not a directory");
memBlk = "mmcblk0";
}
Process cmd = Runtime.getRuntime().exec("cat /sys/block/"+memBlk+"/device/cid");
BufferedReader br = new BufferedReader(new InputStreamReader(cmd.getInputStream()));
sd_cid = br.readLine();
//System.out.println(sd_cid);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return sd_cid;
}
try this: reference original link :Android get id of SD Card programmatically
adb shell cat /sys/class/mmc_host/mmc1/mmc1:*/cid
You can also try
sudo hwinfo --disk
to get information on your disks, including SD Cards.
Also try
sudo hdparm -I /dev/sdb | more
As an FYI to those looking into UUID or volume serial numbers of FAT type volumes under Android: Some Fujifilm cameras, including the X-T30 (Firmware 1.10) do not write a volume serial number into the FAT volume when formatting.
Under Windows, CHKDSK displays no volume serial number at all.
On Android, calling StorageVolume.getUuid() returns "0000-0000".
This is all fine and dandy, until you on Android mount two Fujifilm-formatted cards via a hub. Then there seems to be identity collision, where the Android OS prompts the user to format one of the cards. Separately they are accessible.
I'm guessing there are two combined problems here:
1) Fujifilm is not writing a volume serial number when formatting, and
2) Android uses the volume serial number as part of the mount point path, leading to collision.
Fujifilm and Google might both want to pay attention to this issue.
EDIT: Card formatted in a Nikon D810 also has the same problem, no Volume Serial Number.
I want to write an application which roots the device on which it is installed, I mean by installing this app you will be able to root your device without a computer, just like the app in the following link,
http://www.kingoapp.com/root-tutorials/how-to-root-android-without-computer.htm
I've searched a lot on how to do that using Java code for Android devices, but there was no clear solution to me. Based on my research, I think we need the following steps:
1- Being able to use shell commands in Android using Runtime.getRuntime().exec();
2- Executing a command that gains root privileges (I think su, but this needs a rooted device to be executed).
3- Initiate a root command that will root the device.
I couldn't find a code explanation on how to do the steps above. I want to understand this process first, the commands that can be used in it, then I want to try to implement it by myself. Since there are many apps on the store that offer this feature, then implementing it must be feasible.
Could anyone please explain to me how to implement this process?
Also, is there a possibility to write a code for the opposite process, which is unrooting the device?
Any help is appreciated.
Thanks.
To run root commands, you have to use the following format:
public void RunAsRoot(String[] cmds){
Process p = Runtime.getRuntime().exec("su");
DataOutputStream os = new DataOutputStream(p.getOutputStream());
for (String tmpCmd : cmds) {
os.writeBytes(tmpCmd+"\n");
}
os.writeBytes("exit\n");
os.flush();
}
where you pass in an array of strings, each string being a command that needs to be executed. For example:
String[] cmds = {"sysrw", "rm /data/local/bootanimation.zip", "sysro"};
As the question title suggest, I'm going to use atinout library in my android application to be able to send AT Commands to my device's gsm modem and get the response back.
I've searched the SO and other blogs and the best code I got is something like this, which does not cauese anything to be written to output :
Runtime r = Runtime.getRuntime();
Process process = r.exec(new String[] {"su", "-c", "echo -n -e 'AT\r' > /dev/smd0"});
BufferedReader in = new BufferedReader( new InputStreamReader(process.getInputStream()));
String line = "";
while ((line = in.readLine()) != null)
{
output+= line ;
}
tv.setText(output);
So my main concerns are :
1- How to send a simple AT commmad (like AT Ok) to the device's gsm modem and "print" the response back ?
2- I have no idea how to use the atinout library in an android application project, since it is written in C language.
By the way :
I have successfully rooted my Sony Xperia M Dual (C2005) phone and have SuperUser installed on it, so this prerequisite is met.
Also, I think I need some fundamental training on Unix commands and Serial communication and I really love to learn any needed material.
Finally, I'm on a tight deadline ! So the more straightforward , the better!
P.S. I don't want someone to write the code for me, I just need the guidelines.
Thanks for your help.
Step 0. Compile atinout for android and install it. For this I have no experience and cannot give any help other than some general guidelines that you need to replace CC = gcc in the Makefile with an appropriate cross compiler.
Step 1. Write all the AT commands you want to run into a file input.txt (using normal '\n' line endings, there is no need to mess with '\r' here).
Step 2. Change the exec line to
Process process = r.exec(new String[] {"su", "-c",
"atinout input.txt /dev/smd0 output.txt"});
Wait for the process to finish execution (process.waitFor() I think).
Step 3. Open the file output.txt and read the output from this instead of process.getInputStream().