Tuesday, November 9, 2021

Debian Bullseyes: installing zoneminder (1.34.23-1)

 

Requirements:

  • MariaDB
  • Apache2

Installing packages

# apt-get install zoneminder apache2 mariadb-server-10.5 mariadb-client-10.5 php php7.4 libapache2-mod-php7.4 php7.4-mysql

# chown www-data:www-data /usr/share/zoneminder/ -R

# chown root:www-data /etc/zm/ -R

# a2enmod cgi

# a2enmod rewrite

# a2enconf zoneminder

Set root password (optional). For the first time after installation, password for mariadb root is blank.

# mysqladmin -u root -p password yournewpass

Create DB, User and Password. Omit option -p for mariadb root if you do not set password.

# mysql –u root –p

MariaDB [(none)]> CREATE USER 'zmuser' IDENTIFIED BY 'zmpass';

MariaDB [(none)]> CREATE DATABASE zm;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON zm.* TO 'zmuser'@'localhost';

Creating DB

# mysql -u zmuser -p < /usr/share/zoneminder/db/zm_create.sql

NOTE: if change user, password or database, you need to change file in /etc/zm/zm.conf

# ZoneMinder database name

ZM_DB_NAME=zm

# ZoneMinder database user

ZM_DB_USER=zmuser

# ZoneMinder database password

ZM_DB_PASS=zmpass

Restarting services

# systemctl restart apache2

# systemctl restart zoneminder

From browser open URL http://localhost/zm

References:

  • https://forums.zoneminder.com/viewtopic.php?t=29355
  • https://wiki.zoneminder.com/Debian_11_Bullseye_with_Zoneminder_1.36.x

Thursday, October 14, 2021

Raspberry Pi Model B: Setup Raspbian Wheezy SD Card using Debian Bullseye PC

 

Raspberry Pi (c)2011.12 is very old and slow machine. I decided to reinstall the OS using legacy one, i.e. Wheezy version (End of Support).

On Debian Bullseye PC

Download Raspbian Wheey image from http://downloads.raspberrypi.org/raspbian/images/raspbian-2015-05-07/
and extract it

$ unzip 2015-05-05-raspbian-wheezy.zip

Insert SD Card and check SD Card

# dmesg
...
[ 2554.400733] usb 2-2: Product: Mass Storage Device
[ 2554.400740] usb 2-2: Manufacturer: Generic
[ 2554.400746] usb 2-2: SerialNumber: 058F63666433
[ 2554.402183] usb-storage 2-2:1.0: USB Mass Storage device detected
[ 2554.402877] scsi host1: usb-storage 2-2:1.0
[ 2555.552033] scsi 1:0:0:0: Direct-Access     Multiple Card  Reader     1.00 PQ: 0 ANSI: 0
[ 2555.553827] scsi 1:0:0:0: Attached scsi generic sg1 type 0
[ 2556.192885] sd 1:0:0:0: [sdb] 15523840 512-byte logical blocks: (7.95 GB/7.40 GiB)
[ 2556.197840] sd 1:0:0:0: [sdb] Write Protect is off
[ 2556.197858] sd 1:0:0:0: [sdb] Mode Sense: 03 00 00 00

The SD Card is at sdb

Warning: Careful to select disk, this command will erase all of your data in sdb.

# umount /dev/sdb
umount: /dev/sdb: not mounted.
# dd bs=4M if=/home/dedetok/master/raspbian/2015-05-05-raspbian-wheezy.img of=/dev/sdb status=progress

On Raspberry Pi Model B

Insert your SD Card into Raspberry Pi Model B, mouse, keyboard, HDMI/TV and Power your Raspberry. Running and configuring Raspbery Pi 2 Model B for the first time will show these menu

1. Expand File System
2. Change User Password
3. Enable Boot to Desktop/Scratch
4. International Options
5. ....

You need to:

  1. Expand File System option 1
  2. Change user (default user is pi) password option 2
  3. Change boot to desktop if you wish option 3

You can alter this configuring later by running

$ sudo raspi-config

Raspbian Wheezy support has been terminated and repository was moved to legacy http://legacy.raspbian.org/. To update your Raspbian Wheezy you need to:

  1. edit /etc/apt/sources.list
    deb http://legacy.raspbian.org/raspbian wheezy main contrib non-free rpi
    #deb http://mirrordirector.raspbian.org/raspbian/ wheezy main contrib non-free rpi
    # Uncomment line below then 'apt-get update' to enable 'apt-get source'
    #deb-src http://archive.raspbian.org/raspbian/ wheezy main contrib non-free rpi
  2. edit /etc/apt/sources.list.d/raspi.list
    #deb http://archive.raspberrypi.org/debian/ wheezy main
    # Uncomment line below then 'apt-get update' to enable 'apt-get source'
    #deb-src http://archive.raspberrypi.org/debian/ wheezy main
  3. edit /etc/apt/sources.list.d/collabora.list
    #deb http://raspberrypi.collabora.com wheezy rpi

You need to download and install legacy repository public key for raspbian wheezy

$ wget http://legacy.raspbian.org/raspbian.public.key
$ sudo apt-key add ./raspbian.public.key
OK

To update your system run:

$ sudo apt-get update
$ sudo apt-get upgrade -y

By default, root user is disable. To enable root and login as root

$ sudo passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
$ su -
Password:
#

You do not need to type sudo for manage your system. After that you don't need monitor, keyboard and mouse, you can ssh your Raspberry Pi.

Note: By Default SSH Server is enable and running after boot

Running on:

  • Raspberry Pi (c)2011.12 Model B+ Revision 1.0
  • SD Card 8Gb

Monday, August 23, 2021

Debian Bullseye: upgrade from Debian Buster XFCE

 

Edit /etc/apt/sources.list

# main security
deb https://security.debian.org/debian-security bullseye-security/updates main
#deb-src https://security.debian.org/debian-security bullseye-security/updates main

# main mirror Indonesia
deb http://kebo.pens.ac.id/debian bullseye main
deb http://kebo.pens.ac.id/debian bullseye-updates main

# NON FREE
deb https://deb.debian.org/debian bullseye main contrib non-free

# BACKPORTS
deb https://deb.debian.org/debian bullseye-backports main

Update without new packages

# apt upgrade --without-new-pkgs

During upgrade, you need to restart some services.

Restart, open root terminal and make full upgrade (required more than 800MB)

# apt full-upgrade

Restart your PC.

Clean up unused installer

# apt-get autoclean && apt-get autoremove -y

If you get trouble connecting to internet (can not resolve servername) after upgrading edit /etc/resolv.conf

search 8.8.8.8 1.1.1.1
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 1.1.1.1

Restart your networking

# systemctl restart networking

If you install dnsmasq and get trouble connecting to internet (can not resolve servername) after upgrading, edit /etc/dnsmasq.conf

#no-resolv
# dedetok 2021-08-18
no-resolv
server=8.8.8.8
server=1.1.1.1

Reboot

Wednesday, August 4, 2021

jdk11: Eclipse MariaDB Connector/J

 

Minimum Java Project JavaSe-1.8.

Adding MariaDB Connector/J 2.7.3 to Eclipse 2021-06:

  1. Download MariaDB Connector/J 2.7.3 (stable) from https://downloads.mariadb.org/connector-java/2.7.3/
  2. Put JAR file in [Workspace] -> [project_name] -> lib (create folder lib)
  3. Right click on Package Explorer -> [project_name] -> Properties
  4. Java Build Path -> Library -> Add External JARs, point it to [Workspace]/[project_name]/lib/mariadb-java-client-2.7.3.jar
  5. Click Apply and Close

Example code to access MariaDB database

package com.dedetok;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;

public class TesCon {
    public static void main(String[] args) throws ClassNotFoundException, SQLException {
        String muser = "my_user";
        String mpass = "my_password";
        String murl = "jdbc:mariadb://localhost:3306/my_database_name";
        Class.forName("org.mariadb.jdbc.Driver");
        Connection connection = DriverManager.getConnection(murl, muser, mpass);
        System.out.println("ok");
    }
}

Sunday, July 18, 2021

Android Studio: moving project from windows to Debian 10

Backup:

  1. all files in
    [Workspace] -> [app_name]
    backup jks and iml file
  2. Folder
    [Workspace] -> [app_name] -> [app]
    Exclude folder release and build

DO NOT BACKUP: Hiden folder (.gradle, .idea), gradle

Restore all folder structure into your new Workspace folder in new OS

Before you open your project in new OS, adjust your files depend on your your SDK, SDK version and Buildtool version, edit file

[workspace] -> [app_name]
local.properties
    sdk.dir=/home/[username]/Android/Sdk

[workspace] -> [app_name] -> [app]
build.gradle
    compileSdkVersion 31
    buildToolsVersion "31.0.0"
    ...
        targetSdkVersion 31

You can safely open your project, Android Studio will make same adjustment, download some necessary library and reconfigure your project.

Tested on

  • Debian Buster
  • Android Studio 4.2.x
  • moving project from windows to Debian

Thursday, July 15, 2021

Debian Buster (Debian 10): install mysql workbench

 

Download mysql workbench from https://downloads.mysql.com/archives/workbench/

I use mysql-workbench-community version 8.0.19 for ubuntu 18.04 i.e. mysql-workbench-community_8.0.19-1ubuntu18.04_amd64

Install libtinfo5

# apt-get install  libtinfo5

Install mysql workbench using dpkg

# dpkg -i mysql-workbench-community_8.0.19-1ubuntu18.04_amd64

NOTE:

  • only mysql workbench community for Ubuntu 18.04 will work on Debian Buster (10)

Monday, July 5, 2021

Debian Buster: LAMP + PhpMyadmin

 

LAMP: Linux Apache2 MariaDB PHP + PhpMyyadmin

Install mariadb

# apt-get install mariadb-server  mariadb-client  

Set mysql root password

# mysqladmin -u root password [yourpassword]

Install Apache2 and PHP

# apt-get install apache2 php libapache2-mod-php php-gd php-mysql

Disable autostart

# systemctl disable mariadb
# systemctl disable apache2

install phpmyadmin

  1. Install depedency php-twig (> 2.9) from backport
    # apt-get install -t buster-backports php-twig
  2. Install phpmydmin
    # apt-get install phpmyadmin php-bz2 php-curl php-tcpdf php-zip
Using browser open http://localhost/phpmyadmin/index.php

Debian Buster: install all in one hp ink tank 315

 

Detect hp ink tank 315 detected by system

# dmesg
...
[   66.017856] usb 3-2: new high-speed USB device number 2 using xhci_hcd
[   66.170313] usb 3-2: New USB device found, idVendor=03f0, idProduct=1053, bcdDevice= 1.00
[   66.170319] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.170322] usb 3-2: Product: Ink Tank 310 series
[   66.170324] usb 3-2: Manufacturer: HP
[   66.170326] usb 3-2: SerialNumber: CN83B2G1YK06PH
[   66.198225] usblp 3-2:1.1: usblp0: USB Bidirectional printer dev 2 if 1 alt 0 proto 2 vid 0x03F0 pid 0x1053
[   66.198300] usbcore: registered new interface driver usblp

Install CUPS and hplip

# apt-get install system-config-printer hplip cups hplip-ppds  

If CUPS error

# tail /var/log/cups/error_log
X [09/Jun/2021:13:20:46 +0700] No valid Listen or Port lines were found in the configuration file.

Edit /etc/cups/cupsd.conf

# vi /etc/cups/cupsd.conf
Listen 127.0.0.1:631

Configure printer via Browser http://localhost:631/

  1. Administration -> Add Printer
  2. HP Ink Tank 310 series USB CN83B2G1YK06PH HPLIP (HP Ink Tank 310 series), Next
  3. Continue
  4. Model: HP Ink Tank 310 Series hpijs, 318.12 (en), Add Printer
  5. Filled User Name with root and its password, Ok

Install XSane for scanner

# apt-get install xsane sane-utils

Detect hp ink tank 315 scanner

# lsusb
Bus 004 Device 002: ID 03f0:1053 HP, Inc
# sane-find-scanner

  # sane-find-scanner will now attempt to detect your scanner. If the
  # result is different from what you expected, first make sure your
  # scanner is powered up and properly connected to your computer.

  # No SCSI scanners found. If you expected something different, make sure that
  # you have loaded a kernel SCSI driver for your SCSI adapter.

found USB scanner (vendor=0x03f0 [HP], product=0x1053 [Ink Tank 310 series]) at libusb:004:002
  # Your USB scanner was (probably) detected. It may or may not be supported by
  # SANE. Try scanimage -L and read the backend's manpage.

  # Not checking for parallel port scanners.

  # Most Scanners connected to the parallel port or other proprietary ports
  # can't be detected by this program.

Try your scanner

# scanimage -L
device `hpaio:/usb/Ink_Tank_310_series?serial=CN83B2G1YK06PH' is a Hewlett-Packard Ink_Tank_310_series all-in-one

or

$ scanimage > image.pnm

To install driver print to pdf

# apt-get install printer-driver-cups-pdf

Wednesday, May 19, 2021

Android Studio: generate apk for ApkPure

 

You can upload your application to 3rd party like apkpure:

https://apkpure.com/submit-apk

In Anroid Studio 4, Compile option are:

  • APK
  • V1 (Jar Signature) checked
  • V2 (Full APK Signature) checked

Start Upload

  • Package Name    : com.example.com
  • What's new    : update
  • Your Name    : developer_name
  • Your Email    : developer_email@example.com

Android java: play-services-ads 20.1.0 and gradle 6.5+

 

We are going to

  1. implementation 'com.google.android.gms:play-services-ads:20.1.0'
  2. java compile with xlint to check deprecation api
  3. gradle 6.5+

Edit build.gradle project

...
buildscript {
    repositories {
        jcenter()
        google()
    }
    dependencies {
        classpath 'com.android.tools.build:gradle:4.1.3'

        // NOTE: Do not place your application dependencies here; they belong
        // in the individual module build.gradle files
    }
}
...
allprojects {

    repositories {
        jcenter()
        google()
    }

    gradle.projectsEvaluated {
        tasks.withType(JavaCompile) {
            options.compilerArgs << "-Xlint:deprecation"
        }
    }
}
...

Edit build.gradle(:app)

...
android {
    compileSdkVersion 30
    buildToolsVersion "30.0.3"
...
dependencies {
    implementation fileTree(dir: 'libs', include: ['*.jar'])
    androidTestImplementation 'androidx.test.espresso:espresso-core:3.3.0'
    implementation 'androidx.appcompat:appcompat:1.2.0'
    implementation 'androidx.constraintlayout:constraintlayout:2.0.4'
    testImplementation 'junit:junit:4.12'
    androidTestImplementation 'androidx.test:runner:1.3.0'
    implementation 'com.google.android.gms:play-services-ads:20.1.0'
}
...

Edit AndroidManifest.xml

<manifest>
...
    <application>
    ...
        <!-- Sample AdMob app ID: ca-app-pub-3940256099942544~3347511713 -->
        <meta-data
            android:name="com.google.android.gms.ads.APPLICATION_ID"
            android:value="ca-app-pub-xxxxxxxxxxxxxxxx~yyyyyyyyyy"/>
...


# main_activity.xml
...
    <!-- 20210220 -->
    <android.widget.FrameLayout
        android:id="@+id/adContainerView"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:layout_below="@id/scroll_view"
        android:layout_centerHorizontal="true"
        android:layout_alignParentBottom="true"
        app:layout_constraintBottom_toBottomOf="parent"
        app:layout_constraintEnd_toEndOf="parent"
        />
...


Edit MainActivity.java

...
    private FrameLayout adContainerView; // 20210220
    private AdView adView;
...  
    private Handler myHandler = new Handler(Looper.getMainLooper()); // new Handler() deprecated 20210220  
...

    @Override
    protected void onCreate(Bundle savedInstanceState) {
      super.onCreate(savedInstanceState);
      setContentView(R.layout.activity_main);
      ...
      MobileAds.initialize(this, new OnInitializationCompleteListener() {
         @Override
         public void onInitializationComplete(InitializationStatus initializationStatus) {
         }
      });
      adContainerView = findViewById(R.id.adContainerView);
      // Step 1 - Create an AdView and set the ad unit ID on it.
      adView = new AdView(this);
      // Banner test = ca-app-pub-3940256099942544/6300978111
      adView.setAdUnitId("ca-app-pub-xxxxxxxxxxxxxxxx~yyyyyyyyyy"); // CHANGE IT
      adContainerView.addView(adView);
      loadBanner();
      ...
    }

    // 20210220 start
    private void loadBanner() {
        // Create an ad request. Check your logcat output for the hashed device ID
        // to get test ads on a physical device, e.g.,
        // "Use AdRequest.Builder.addTestDevice("ABCDE0123") to get test ads on this
        // device."
        //AdRequest adRequest = new AdRequest.Builder().addTestDevice("ABCDE0123").build();
        AdRequest adRequest = new AdRequest.Builder().build();

        AdSize adSize = getAdSize();
        // Step 4 - Set the adaptive ad size on the ad view.
        adView.setAdSize(adSize);


        // Step 5 - Start loading the ad in the background.
        adView.loadAd(adRequest);
    }

    private AdSize getAdSize() {
        // Step 2 - Determine the screen width (less decorations) to use for the ad width.
        //Display display = getWindowManager().getDefaultDisplay(); // deprecated 20210220

        DisplayMetrics outMetrics = new DisplayMetrics();
        // display.getMetrics(outMetrics); // deprecated 20210220
        outMetrics = getApplicationContext().getResources().getDisplayMetrics(); //

        float widthPixels = outMetrics.widthPixels;
        float density = outMetrics.density;

        int adWidth = (int) (widthPixels / density);

        // Step 3 - Get adaptive ad size and return for setting on the ad view.
        return AdSize.getCurrentOrientationAnchoredAdaptiveBannerAdSize(this, adWidth);
    }
    // 20210220 end
...

Tuesday, March 30, 2021

Evercoss Genpro X Pro S50 removing malware Android.Downloader.4930 /system/lib/libcheckperlib.so

 

Requirement:

  • rooted android or temporary root using mtk-su create by Diplomatic
  • pc with adb or Termux

This are steps to remove malware Android.Downloader.4930 /system/lib/libcheckperlib.so using Termux created by Grey Tshirts:

  1. Create these bash script and save it as s50_patch2021.sh
    #!/system/bin/sh

    FILE="/system/lib/libcheckperlib.so"

    echo "checking $FILE"

    if [ -f $FILE ]; then
     echo "File $FILE exists."
     echo "Try remount system rw."
     /system/bin/mount -o rw,remount /system
     echo "Backing up $FILE."
     /system/bin/mkdir /sdcard/dedetok
     /system/bin/cp $FILE /sdcard/dedetok
     echo "Removing $FILE"
     /system/bin/rm $FILE
     echo "Remount system ro"
     /system/bin/mount -o ro,remount /system
     echo "Done, reboot your Evercoss S50"
    else
     echo "File $FILE does not exist."
    fi
  2. Or you can download it from this site. Open Termux and type
    $ wget http://garasiku.my.id/folder/S50_patch2021.sh.txt
  3. rename it
    $ mv ./S50_patch2021.sh.txt ./S50_patch2021.sh
  4. change permission
    $ chmod 744 ./S50_patch2021.sh
  5. run mtk-su and run the cript
    # ./S50_patch2021.sh
  6. reboot your phone

Don't forget to run your antivirus after reboot your phone. android is not save operating system.

Android: How to backup your google contact when your account has been deleted by google

 

If your google account was blocked or deleted by google, Do not immediately remove your account. We need google account to backup our contact from old device into new device.

Backup your contact

  1. Open google contact
  2. Goto settings -> Export
  3. Leave name as contacts.vcf and save. It will backup all of your existing contact into Download folder on your device.

Create new google account

  1. Open Settings for your phone
  2. Goto Accounts -> Add account -> Google
  3. Fill all required data, for example dedetoke@gmail.com

Move your contact into your new google account

  1. Open google contact
  2. Tap on top right image profile and change your contact to your new google account for example dedetoke@gmail.com
  3. Goto settings -> Import
  4. Select .vcf file and choose your new google account for example dedetoke@gmail.com
  5. select contacts.vcf from Download folder
  6. Follow instruction until import finish
  7. Done, your contact will be backup into your new google account.

For whatsapp, if you want to save your chat you need to change your backup into your new google account.

You can do this, anytime google blocked or deleted your account, simple create a new account and let your dead email keep by google.

Sunday, March 14, 2021

Evercoss S50: iptables to block buildin bloatware

Note:

  1. you need to run as root or use mtk-su to run temporary root created by Diplomatic
  2. Termux with wget installed

These are backgroud connections capture in NoRoot Firewall by Grey Shirts

Anti Theft
ip 36.110.234.87 port 80 whois: CHINANET-BJ 36.110.0.0 - 36.110.255.255 CIDR 36.110.0.0/16
ip 104.192.109.67 port 5227 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 211.151.195.194 port 80 whois: CHINA-21VIANET 211.151.0.0 - 211.151.255.255 CIDR 211.151.0.0/16

com.android.sc
ip 47.90.110.234 port 80 whois: AL-3 47.88.0.0 - 47.91.255.255 CIDR 47.88.0.0/14
ip 104.192.110.206 port 80 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 104.192.110.243 port 80 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 124.156.123.59 port 443 whois: ACEVILLEPTELTD-SG 124.156.96.0 - 124.156.191.255 CIDR 124.156.96.0/19 124.156.128.0/18
ip 180.163.251.181 port 80 whois:CHINANET-SH 180.160.0.0 - 180.175.255.255 CIDR 180.160.0.0/12

Config Center
ip 104.182.110.205 port 443 whois: SIS-80-7-29-2014 104.176.0.0 - 104.191.255.255 CIDR 104.176.0.0/12

Initiator
ip 101.198.192.187 port 80 whois: QIHOO 101.198.196.0 - 101.198.199.255 CIDR 101.198.196.0/22
ip 101.198.192.189 port 80 whois: QIHOO 101.198.196.0 - 101.198.199.255 CIDR 101.198.196.0/22

The format to run iptables to drop packages

/system/bin/iptables -I INPUT -s [ip] -j DROP

Create script s50_iptables.sh

#!/bin/sh
echo "Inserting iptables"

if [ "$(/system/bin/iptables -S INPUT | grep -ce '36.110.0.0/16 -j DROP')" != 0 ]
then
    echo "Skiped 36.110.0.0/16 -j DROP"
else
    /system/bin/iptables -I INPUT -s 36.110.0.0/16 -j DROP
    echo "Added 36.110.0.0/16 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '104.192.108.0/22 -j DROP')" != 0 ]
then
    echo "Skiped 104.192.108.0/22 -j DROP"
else
    /system/bin/iptables -I INPUT -s 104.192.108.0/22 -j DROP
    echo "Added 104.192.108.0/22 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '211.151.0.0/16 -j DROP')" != 0 ]
then
    echo "Skiped 211.151.0.0/16 -j DROP"
else
    /system/bin/iptables -I INPUT -s 211.151.0.0/16 -j DROP
    echo "Added 211.151.0.0/16 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '47.88.0.0/14 -j DROP')" != 0 ]
then
    echo "Skiped 47.88.0.0/14 -j DROP"
else
    /system/bin/iptables -I INPUT -s 47.88.0.0/14 -j DROP
    echo "Added 47.88.0.0/14 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '124.156.96.0/19 -j DROP')" != 0 ]
then
    echo "Skiped 124.156.96.0/19 -j DROP"
else
    /system/bin/iptables -I INPUT -s 124.156.96.0/19 -j DROP
    echo "Added 124.156.96.0/19 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '124.156.128.0/18 -j DROP')" != 0 ]
then
    echo "Skiped 124.156.128.0/18 -j DROP"
else
    /system/bin/iptables -I INPUT -s 124.156.128.0/18 -j DROP
    echo "Added 124.156.128.0/18 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '180.160.0.0/12 -j DROP')" != 0 ]
then
    echo "Skiped 180.160.0.0/12 -j DROP"
else
    /system/bin/iptables -I INPUT -s 180.160.0.0/12 -j DROP
    echo "Added 180.160.0.0/12 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '104.176.0.0/12 -j DROP')" != 0 ]
then
    echo "Skiped 104.176.0.0/12 -j DROP"
else
    /system/bin/iptables -I INPUT -s 104.176.0.0/12 -j DROP
    echo "Added 104.176.0.0/12 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '101.198.196.0/22 -j DROP')" != 0 ]
then
    echo "Skiped 101.198.196.0/22 -j DROP"
else
    /system/bin/iptables -I INPUT -s 101.198.196.0/22 -j DROP
    echo "Added 101.198.196.0/22 -j DROP"
fi

echo "Done"

To run the script, open Termux and run mtk-su to gain root

Download the script

# wget http://garasiku.my.id/folder/s50_iptables.sh.txt

Rename and change permission

# mv ./s50_iptables.sh.txt ./s50_iptables.sh
# chmod 744 ./s50_iptables.sh

Run it

# ./s50_iptables.sh

To check it run

# /system/bin/iptables-save | grep INPUT

Or

# /system/bin/iptables -S INPUT

Known Problem: After restarting or boot the device, the firewall rules will be flush! In the future, I will fix to to put it in /system/etc/init and run it when the device finish booting.

To run on ADB, replace #!/bin/sh to #!/system/bin/sh.

Credit:

  • MTK-SU by Diplomatic
  • NoRoot Firewall by Grey Shirts
  • Application Inspector by UBQSoft

Android mtk-su: running Termux as root

 

For android release before 2020 with mtk processor, you can temporary root your phone using mtk-su created by Diplomatic. It is good to block bloatware behave badly!

You can make Termux as a root and make some system change to block bloatware. The steps are:

1. Download and install Termux from Play Store, APKPure, APKMirror or provider you trust.

2. Run termux and install wget
$ pkg install wget
Note: Do not install as root!

3. Download mtk-su created by Diplomatic or download from this site
$ wget http://garasiku.my.id/folder/mtk-su_r23.zip

4. unzip
$ unzip mtk-su_r23.zip

5. run it

$ ./arm/mtk-su
#
or
$ ./arm64/mtk-su
#

After your prompt change to #, you are a root user!

Reference link:

https://forum.xda-developers.com/t/amazing-temp-root-for-mediatek-armv8-2020-08-24.3922213/

Wednesday, March 10, 2021

Android Evercoss S50: using mtk-su to block hosts api.os.qiku.com and api-en.os.qiku.com

command verbose to block api.os.qiku.com and api-en.os.qiku.com

$ adb pull /system/etc/hosts ./

edit hosts
127.0.0.1       localhost
127.0.0.1       api.os.qiku.com
127.0.0.1       api-en.os.qiku.com
::1             ip6-localhost
::1             api.os.qiku.com
::1             api-en.os.qiku.com

$ adb push ./hosts /data/local/tmp/

$ adb shell
EVERCOSS_S50:/ $ cd /data/local/tmp
EVERCOSS_S50:/data/local/tmp $ ./mtk-su                                        
UID: 0  cap: 3fffffffff  selinux: permissive  
EVERCOSS_S50:/data/local/tmp # mount -o rw,remount /system
EVERCOSS_S50:/data/local/tmp # cat hosts
127.0.0.1       localhost
127.0.0.1       api.os.qiku.com
127.0.0.1       api-en.os.qiku.com
::1             ip6-localhost
::1             api.os.qiku.com
::1             api-en.os.qiku.com
EVERCOSS_S50:/data/local/tmp # cp hosts /system/etc/     
EVERCOSS_S50:/data/local/tmp # cat /system/etc/hosts
127.0.0.1       localhost
127.0.0.1       api.os.qiku.com
127.0.0.1       api-en.os.qiku.com
::1             ip6-localhost
::1             api.os.qiku.com
::1             api-en.os.qiku.com
EVERCOSS_S50:/data/local/tmp # mount -o ro,remount /system

Done!

Note: For Evercoss S50, You need to FORCE STOP and DISABLE "Anti-Theft"!

Download mtk-su from https://forum.xda-developers.com/t/amazing-temp-root-for-mediatek-armv8-2020-08-24.3922213/

Sunday, January 31, 2021

Using 3rd party android store - Your google account was blocked because you don't want to send a proof of ID Card

 

My backup email dedetoke@gmail.com has been blocked by google, because I don't want to send a proof of ID Card nor Credit Card. Please reject any mail from dedetoke@gmail.com.

If your google has been blocked by google due to validation your ID or age or what ever reason, your applications build by google will not be able to used anymore. Don't delete your applications, your applications can be update using 3rd party provider, I will used apkpure.

You need to uninstall Google Play Games, if it is not build in your phone! or disable it!

Install apkpure to replace your google play store:

  1. Go to setting -> security -> allow install from unknown source
  2. Download apkpure from https://apkpure.com/apkpure/com.apkpure.aegon/download
  3. Install apk apkpure

Now you can update your applications (cover the most applications in google play store).

If you want and trust huawei, you can install Huawei Mobile Service to replace google play games.

  1. Download and install latest Huawei App Gallery Apk from https://consumer.huawei.com/en/mobileservices/appgallery/
  2. After that go to Me -> Setting -> Game Services
  3. It will ask you to download and install HMS (huawei mobile service). it is base on open source google mobile service.

Keep using Android without google play games nor google play store until mobian os ready for the most mobile phones

TESTED ON: EVERCOSS GENPRO X PRO S50 Android 7.0

Tuesday, January 5, 2021

Android MTK Bug to remove Android bloatware (mtk-su)

 

There is a bug in MTK Devices that affected to most MTK Handset with Android firmware release before 2020.

You can gain root in MTK Device, using mtk-su https://forum.xda-developers.com/t/amazing-temp-root-for-mediatek-armv8-2020-08-24.3922213/ or https://forum.xda-developers.com/t/rapid-temporary-root-for-hd-8-hd-10.3904595/.

I try to remove bloatware in Genpro X Pro S50 (Android 7.0) i.e. com.android.sc (Android/Trojan.Syringe.AD part of System Application).

I'm sorry I unable to conpile twrp source nor magisk source for Genpro X Pro S50.

Requirement Any PC with any operating system with:

  • working adb
  •  phone/hangset with developer option and USB debugging enable

1. download mtk-su.zip (versi 23 or latest) from https://forum.xda-developers.com/t/amazing-temp-root-for-mediatek-armv8-2020-08-24.3922213/ or https://forum.xda-developers.com/t/rapid-temporary-root-for-hd-8-hd-10.3904595/ and unzip it.

2. push ./arm/mtk-su into /data/local/tmp

$ adb push ./arm/mtk-su /data/local/tmp/
./arm/mtk-su: 1 file pushed, 0 skipped. 78.7 MB/s (60840 bytes in 0.001s)

3 login into handset shell and change permission to execute

$ ./adb shell

EVERCOSS_S50:/ $ cd /data/local/tmp
EVERCOSS_S50:/data/local/tmp $ chmod 755 mtk-su

4. run ./mtk-su

EVERCOSS_S50:/data/local/tmp $ ./mtk-su -v                    
armv7l machine
param1: 0x1000, param2: 0x8040, type: 4
Building symbol table
kallsyms_addresses pa 0x40bc2460
kallsyms_num_syms 54191, addr_count 54191
kallsyms_names pa 0x40bf7330, size 646794
kallsyms_markers pa 0x40c951c0
kallsyms_token_table pa 0x40c95510
kallsyms_token_index pa 0x40c95890
Patching credentials
Parsing current_is_single_threaded
c0362760: MOVW R0, #0x8d50
c0362764: MOVT R0, #0xc102
Possible list_head tasks at offset 0x290
comm swapper/0 at offset 0x400
Found own task_struct at node 1
cred VA: 0xc9dbe000
init_task VA: 0xc1028d50
Parsing avc_denied
c0aeca70: MOVW R12, #0x1278
c0aeca74: MOVT R12, #0xc113
selinux_enforcing VA: 0xc1131278
Setting selinux_enforcing
Switched selinux to permissive
starting /system/bin/sh
UID: 0  cap: 3fffffffff  selinux: permissive

5. try to remove com.android.sc

EVERCOSS_S50:/data/local/tmp # pm uninstall -k --user 0 com.android.sc
Success

NOTE:

  1. This method can not remove com.android.sc permanenly.
  2. adb push must be place at directory /data/local/tmp !
  3. # means you are in root mode.
  4. after you restart your device, com.android.sc still active!

FOR EDUCATION PURPOSE ONLY

  1. source code com.android.sc Syringe.AD https://garasiku.my.id/android_malware_source/com.android.sc-1.3.3-1033_source_from_JADX.zip
  2. source code "App Settings" droped by com.android.sc https://garasiku.my.id/android_malware_source/com.app.settings.amtapp-2.66-266_source_from_JADX.zip
  3. source code com.viysr.wkcx droped by com.android.sc https://garasiku.my.id/android_malware_source/com.viysr.wkcx-1.0-1_source_from_JADX.zip