Sunday, March 14, 2021

Evercoss S50: iptables to block buildin bloatware

Note:

  1. you need to run as root or use mtk-su to run temporary root created by Diplomatic
  2. Termux with wget installed

These are backgroud connections capture in NoRoot Firewall by Grey Shirts

Anti Theft
ip 36.110.234.87 port 80 whois: CHINANET-BJ 36.110.0.0 - 36.110.255.255 CIDR 36.110.0.0/16
ip 104.192.109.67 port 5227 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 211.151.195.194 port 80 whois: CHINA-21VIANET 211.151.0.0 - 211.151.255.255 CIDR 211.151.0.0/16

com.android.sc
ip 47.90.110.234 port 80 whois: AL-3 47.88.0.0 - 47.91.255.255 CIDR 47.88.0.0/14
ip 104.192.110.206 port 80 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 104.192.110.243 port 80 whois: CHINANET-LAX-IDC-2014 104.192.108.0 - 104.192.111.255 CIDR 104.192.108.0/22
ip 124.156.123.59 port 443 whois: ACEVILLEPTELTD-SG 124.156.96.0 - 124.156.191.255 CIDR 124.156.96.0/19 124.156.128.0/18
ip 180.163.251.181 port 80 whois:CHINANET-SH 180.160.0.0 - 180.175.255.255 CIDR 180.160.0.0/12

Config Center
ip 104.182.110.205 port 443 whois: SIS-80-7-29-2014 104.176.0.0 - 104.191.255.255 CIDR 104.176.0.0/12

Initiator
ip 101.198.192.187 port 80 whois: QIHOO 101.198.196.0 - 101.198.199.255 CIDR 101.198.196.0/22
ip 101.198.192.189 port 80 whois: QIHOO 101.198.196.0 - 101.198.199.255 CIDR 101.198.196.0/22

The format to run iptables to drop packages

/system/bin/iptables -I INPUT -s [ip] -j DROP

Create script s50_iptables.sh

#!/bin/sh
echo "Inserting iptables"

if [ "$(/system/bin/iptables -S INPUT | grep -ce '36.110.0.0/16 -j DROP')" != 0 ]
then
    echo "Skiped 36.110.0.0/16 -j DROP"
else
    /system/bin/iptables -I INPUT -s 36.110.0.0/16 -j DROP
    echo "Added 36.110.0.0/16 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '104.192.108.0/22 -j DROP')" != 0 ]
then
    echo "Skiped 104.192.108.0/22 -j DROP"
else
    /system/bin/iptables -I INPUT -s 104.192.108.0/22 -j DROP
    echo "Added 104.192.108.0/22 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '211.151.0.0/16 -j DROP')" != 0 ]
then
    echo "Skiped 211.151.0.0/16 -j DROP"
else
    /system/bin/iptables -I INPUT -s 211.151.0.0/16 -j DROP
    echo "Added 211.151.0.0/16 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '47.88.0.0/14 -j DROP')" != 0 ]
then
    echo "Skiped 47.88.0.0/14 -j DROP"
else
    /system/bin/iptables -I INPUT -s 47.88.0.0/14 -j DROP
    echo "Added 47.88.0.0/14 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '124.156.96.0/19 -j DROP')" != 0 ]
then
    echo "Skiped 124.156.96.0/19 -j DROP"
else
    /system/bin/iptables -I INPUT -s 124.156.96.0/19 -j DROP
    echo "Added 124.156.96.0/19 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '124.156.128.0/18 -j DROP')" != 0 ]
then
    echo "Skiped 124.156.128.0/18 -j DROP"
else
    /system/bin/iptables -I INPUT -s 124.156.128.0/18 -j DROP
    echo "Added 124.156.128.0/18 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '180.160.0.0/12 -j DROP')" != 0 ]
then
    echo "Skiped 180.160.0.0/12 -j DROP"
else
    /system/bin/iptables -I INPUT -s 180.160.0.0/12 -j DROP
    echo "Added 180.160.0.0/12 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '104.176.0.0/12 -j DROP')" != 0 ]
then
    echo "Skiped 104.176.0.0/12 -j DROP"
else
    /system/bin/iptables -I INPUT -s 104.176.0.0/12 -j DROP
    echo "Added 104.176.0.0/12 -j DROP"
fi

if [ "$(/system/bin/iptables -S INPUT | grep -ce '101.198.196.0/22 -j DROP')" != 0 ]
then
    echo "Skiped 101.198.196.0/22 -j DROP"
else
    /system/bin/iptables -I INPUT -s 101.198.196.0/22 -j DROP
    echo "Added 101.198.196.0/22 -j DROP"
fi

echo "Done"

To run the script, open Termux and run mtk-su to gain root

Download the script

# wget http://garasiku.my.id/folder/s50_iptables.sh.txt

Rename and change permission

# mv ./s50_iptables.sh.txt ./s50_iptables.sh
# chmod 744 ./s50_iptables.sh

Run it

# ./s50_iptables.sh

To check it run

# /system/bin/iptables-save | grep INPUT

Or

# /system/bin/iptables -S INPUT

Known Problem: After restarting or boot the device, the firewall rules will be flush! In the future, I will fix to to put it in /system/etc/init and run it when the device finish booting.

To run on ADB, replace #!/bin/sh to #!/system/bin/sh.

Credit:

  • MTK-SU by Diplomatic
  • NoRoot Firewall by Grey Shirts
  • Application Inspector by UBQSoft
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)