Closed JonnyTech closed 4 years ago
Try this: https://github.com/ViRb3/overseer
I have big plans to improve it, I'll hopefully find the time soon
Thanks @ViRb3 but it does not run.
# ./overseer
sh: ./overseer: can't execute: Permission denied
Have tried chmod 777
and running from both adb shell
and an installed root terminal. Copied file to /system/
and /data/
too. Does it produce logs anywhere?
cat /proc/cpuinfo
states processor is ARMv7 Processor rev 4 (v7l)
.
getprop ro.product.cpu.abi
returns armeabi-v7a
.
OS is AOSP 9
.
Executables are only valid under the temp directory, so:
/data/local/tmp
Ah, good tip!
OK, so it runs now but then reboots my phone after about a minute..
The program is probably reading a file that serves as a trigger and shuts down/does some other weird behavior to your device. Try excluding the /dev
and /sys
directories. The file you're looking for is probably under /persist
. I will try to rewrite this program but it won't be soon.
Also try /data/vendor/oemvitems
Still reboots: ./overseer xxxxxxxxxxxx -v -b /dev /sys /data/vendor/oemvitems > log.txt
log.txt
Seems like both cases crash at /system/lib/vnd
, try blacklisting /system/lib
And I meant try searching in data/vendor/oemvitems
, that's where's the MAC on a OnePlus 5T.
How does it scan a specific folder? It only displays a blacklist parameter in help.
Ah, I'm afraid I haven't implemented specific searches then. Try going through the files manually I guess.
Could also help if you look at the wifi code in your device's kernel source code.
Thete is no oemvitems
in data/vendor/
. Shall continue tomorrow, need sleep now. Thanks for your help so far.
Good luck, and no problems!
BTW even with ./overseer XXXXXXCXXXCC -v -b /sys/ /dev/ /system/ > /storage/0101-0101/xfer/log.txt
it still scans /system
and crashes in the same place.
PS in case you have more time and knowledge than I do, kernel sources are here: https://github.com/MiCode/Xiaomi_Kernel_OpenSource/tree/tiare-o-oss
I pulled all files from the phone using root adb then scoured them looking for the MAC in text or binary format without success. Is it possible that the MAC is read from hardware and stored in /sys without being copied elsewhere?
I do not know. What phone model do you have exactly? Here's the device tree for Xiaomi Redmi Note 4 & 4x (Mido)
: https://github.com/zeelog/android_device_xiaomi_mido
And here's the MAC file for that: https://github.com/zeelog/android_device_xiaomi_mido/blob/lineage-16.0/wifi/WCNSS_qcom_cfg.ini#L44
After some research, it looks like the original MAC of every Qualcomm device is stored in its NV (non-volatile) memory. It seems like you can change it using the Qualcomm Product Support Tools
, but that looks overkill and potentially dangerous to me.
Now, there seem to be a lot of abstraction layers on top of that NV data. Sadly, it varies widely from phone to phone and kernel implementations. Try to search in your device's trees and kernels, every phone I've seen so far stores that data in an easily writable file somewhere. On the other hand, Android Q will provide a different MAC for each WiFi network, so the struggle will end soon. Maybe an XPosed/Riru module could be created to do this on older versions.
Good luck!
The device tree for my device (link above) also has a WCNSS_qcom_cfg.ini
file but the addresses there do not correspond to the actual MAC of the adaptor.
The NV memory seems inaccessible - I have root and TWRP but neither can see a nvram
partition like mediatek
devices can.
The randomised MAC address will only be used when scanning networks (http://www.network-usa.com/2019/04/android-q-your-mac-address-on-wifi-networks-will-be-random.html)
The false MAC address is generated only once per network. In other words, when you connect twice on a WiFi network at different times, the same address is used. It remains however associated only with this network.
Also, not all devices support it - I have the current AOSP Q beta and the option is not available, neither in wifi settings, privacy or developer options.
I have found an app that successfully changes the MAC:
"Change my MAC" https://play.google.com/store/apps/details?id=net.xnano.android.changemymac https://forum.xda-developers.com/android/apps-games/app-root-change-mac-spoof-wifi-mac-t3394540
Now I just have to figure out what it does...
Hmm, it seems to edit text file /sys/devices/soc/a000000.qcom,wcnss-wlan/wcnss_mac_addr
- thought that was not possible..
Well, I guess it could be write-mapped. Have you tried changing that file?
su
cat /sys/devices/soc/a000000.qcom,wcnss-wlan/wcnss_mac_addr
# assume format is 112233445566
echo 112233445566 > /sys/devices/soc/a000000.qcom,wcnss-wlan/wcnss_mac_addr
It also changes another file: /persist/WCNSS_qcom_wlan_nv.bin
but it is not obvious what is done. I shall be at a computer in a day or two and shall analyse then report back.
The solution really is as simple as:
echo 88:99:de:ad:be:ef > /sys/devices/soc/a000000.qcom,wcnss-wlan/wcnss_mac_addr
No other files are touched. Do you think that you could add to nMac
? This would probably open it up to a whole load of qualcomm devices as well as all the mediatek ones it already supports :)
For the sake of completeness, can you please share the result of:
stat /sys/devices/soc/a000000.qcom,wcnss-wlan/wcnss_mac_addr
?
I can add it, but I have no environment set up to build a new release.
Here you go:
File: `/sys/devices/soc/a000000.qcom,wcnss-wlan/wcnss_mac_addr'
Size: 4096 Blocks: 0 IO Blocks: 512 regular file
Device: 10h/16d Inode: 23489 Links: 1
Access: (600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2019-05-16 08:45:25.207383859
Modify: 2019-05-16 13:24:51.091904315
Change: 2019-05-16 13:24:51.091904315
I shall set up a build environment and test next week. Thanks!
Have not forgotten about this, but been busy lately. Found Xamarin for Linux: https://github.com/0xFireball/xamarin-android-linux
Then shall follow guide in wiki: https://github.com/ViRb3/nMAC/wiki/Creating-a-new-device-layout
For my reference:
devices
folder: https://github.com/ViRb3/nMAC/tree/master/nMAC/Devicesprivate static async Task<DeviceModel> DetectDevice()
<Compile Include="Devices\Qualcomm.cs" />
I have been unable to get Xamarin to work with Linux and have no access to a Windows device. @ViRb3 are you able to to implement my findings?
Hi there! I'm afraid that I haven't used or worked on this app for over a year and I don't have any of the tooling neccessary to implement your findings. New devices have a dynamic MAC so I haven't had to change it. Sorry, I hope you understand.
That's cool, thanks for replying.
I have used nMac on a multitude of rooted devices running various versions of Android without problem. All of these devices had a Mediatek chipset. Now I own a phone with a Qualcomm chipset. But I have been unable to locate a file containing the MAC address except - except for one in /sys - which I know from previous discussions is unusable. Is this a known issue or can you suggest any way to locate the file?