Synacktiv-contrib / Modmobmap

Map 2G/3G/4G and more cellular networks in real live with a simple smart phone, pretty much like osmocomBB monitoring feature.
97 stars 72 forks source link

Cant start Modmomap #2

Closed shepardac closed 5 years ago

shepardac commented 5 years ago

So I have a galaxy s5. Everything is installed. I verified that the adb devices command that my OS (Ubuntu) sees my phone

python3 modmobmap.py -s /home/jo/Android/Sdk => Requesting a list of MCC/MNC. Please wait, it may take a while... Traceback (most recent call last): File "modmobmap.py", line 52, in cops = sm.getCOPSfromRIL() File "/home/jo/Modmobmap/engines/android/generic/ADBshell.py", line 124, in getCOPSfromRIL devfile = self.getDevfile() File "/home/jo/Modmobmap/engines/android/generic/ADBshell.py", line 99, in getDevfile raise ADBError('dev') engines.android.generic.ADBshell.ADBError: 'libRIL use an unsupported argument.'

help would get greatly appreciated

FlUxIuS commented 5 years ago

Hi, Seems like the tool is not able to retrieve the RIL tty path on the phone. Did you run the script with the same rights as you run ADB in normal use? If true, can you give me the result of the following commands using ADB?: getprop rild.libargs

shepardac commented 5 years ago

Hello,

Thank you for your response I really appreciate it. Yes I do. Here is the result

shell@kltetmo:/ $ getprop rild.libargs

shell@kltetmo:/ $

FlUxIuS commented 5 years ago

That is strange! I'm actually trying it on my Samsung Galaxy S5 and it results as follows:

shell@klte:/ $ getprop rild.libargs
-d /dev/smd0

Can you type the following command?: shell@klte:/ $ ls /dev/smd*

Alternatively, you can also try to expose your AT TTY interface to host by typing #0808# . This will expose a /dev/ttyACM or /dev/ttyUSB* to your host you can use with "-a ATMODE" parameter of Modmobmap. Unfortunately, on my Samsung Galaxy S5 in stock ROM, I can't expose a AT TTY and a ADB service in the same time. But maybe in your case, it could work.

Also are you using a stock ROM or something else? And which ROM? That would help me to patch or orientate users.

Thank you! :)

shepardac commented 5 years ago

Yes here is the output:

shell@kltetmo:/ $ ls /dev/smd* /dev/smd0 /dev/smd1 /dev/smd11 /dev/smd2 /dev/smd21 /dev/smd22 /dev/smd27 /dev/smd3 /dev/smd36 /dev/smd4 /dev/smd5 /dev/smd6 /dev/smd7 /dev/smd_cxm_qmi /dev/smd_data_0 /dev/smd_logging_0 /dev/smd_pkt_loopback /dev/smd_sns_adsp /dev/smd_sns_dsps /dev/smd_test_framework /dev/smdcnt_rev0 /dev/smdcnt_rev1 /dev/smdcnt_rev2 /dev/smdcnt_rev3 /dev/smdcnt_rev4 /dev/smdcnt_rev5 /dev/smdcnt_rev6 /dev/smdcnt_rev7 /dev/smdcnt_rev8 /dev/smdcntl0 /dev/smdcntl1 /dev/smdcntl10 /dev/smdcntl11 /dev/smdcntl2 /dev/smdcntl3 /dev/smdcntl4 /dev/smdcntl5 /dev/smdcntl6 /dev/smdcntl7 /dev/smdcntl8 /dev/smdcntl9

So when I enter that command on the phone I am only presented with either CP or AP. I have played around with the different ADB sessions with similar results. under AP the USB settings im allowed to choose is -MTP -MTP + ADB -PTP -PTP + ADB -RNDIS + DM + MODEM -RMNET + DM + MODEM -DM + MODEM + ADB

I also have Android version 6.0.1

Lastly, interesting development, I re-rooted my phone and was able to pull some information but again it errored out here is the log.

jo@town:~/Modmobmap$ sudo python3 modmobmap.py -s /home/jo/Android/Sdk [sudo] password for tojo: adb server version (36) doesn't match this client (40); killing...

anyways thank you for your hlp

FlUxIuS commented 5 years ago

Hi,

I'll require a final manipulation to make a little patch. Can you try to type the following command: setprop rild.libargs "-d /dev/smd0" or just /dev/smd0. That will help me to make a little patch for your version but also to suggest alternatives :)

Thanks again!

shepardac commented 5 years ago

Hello, I entered the commands and It worked and was able to pull the network information without erroring out. The only thing I noticed is that it did not log any of the information. Also and I am not sure if this is by design but the program never finished, only would stop if I Ctrl-C . Here is my log below

jo@downtown:~/Modmobmap$ sudo python3 modmobmap.py -s /home/jo/Android/Sdk => Requesting a list of MCC/MNC. Please wait, it may take a while... [+] New cell detected [CellID/PCI-DL_freq (674e119-687)] Network type=3G PLMN=310-410 Band=2 Downlink UARFCN=687 Uplink UARFCN=287 [+] New cell detected [CellID/PCI-DL_freq (674e118-687)] Network type=3G PLMN=310-410 Band=2 Downlink UARFCN=687 Uplink UARFCN=287 [+] New cell detected [CellID/PCI-DL_freq (674e0fb-687)] Network type=3G PLMN=310-410 Band=2 Downlink UARFCN=687 Uplink UARFCN=287 [+] New cell detected [CellID/PCI-DL_freq (ffffffff-687)] Network type=3G PLMN=310-410 Band=2 Downlink UARFCN=687 Uplink UARFCN=287 [+] New cell detected [CellID/PCI-DL_freq (6742ab7-687)] Network type=3G PLMN=310-410 Band=2 Downlink UARFCN=687 Uplink UARFCN=287 ^CTraceback (most recent call last): File "modmobmap.py", line 52, in cops = sm.getCOPSfromRIL() File "/home/jo/Modmobmap/engines/android/generic/ADBshell.py", line 136, in getCOPSfromRIL while not stdout_queue.empty() and stop is False: KeyboardInterrupt

^CTraceback (most recent call last): File "modmobmap.py", line 52, in cops = sm.getCOPSfromRIL() File "/home/jo/Modmobmap/engines/android/generic/ADBshell.py", line 136, in getCOPSfromRIL while not stdout_queue.empty() and stop is False: File "/usr/lib/python2.7/Queue.py", line 96, in empty n = not self._qsize() KeyboardInterrupt

Again thank you for your time and help

FlUxIuS commented 5 years ago

Okay next thing you can do, because the AT+COPS commands takes maybe too much time to responds. You can also modify the JSON file in the "cache" directory with your operators list: https://github.com/Synacktiv/Modmobmap/blob/master/cache/operators.json

After doing that, launch the tool with the parameter "-o" too use the cache :) I've introduced the cache file in case AT+COPS output could be difficult to get. I'll put another tool in my TODO stack to use the Injector technique of Collin Mulliner to perform a more stable Man-In-The-Middle to be able to injet AT commands and gets feedbacks without problems! :) Normally this should work and you will be able to use CTRL+C to interrupt and get your JSON output.

Continue to give as much feedback as possible to allow the tool to be more user friendly! :)