Add USB OTG function for JB

[VirusBurst]

Many Android devices are OTG capable and the Linux Kernel allows to mount a .iso or .img as a drive and pass it to the OTG

https://f-droid.org/en/packages/streetwalrus.usbmountr/ does the mounting Job on Lineage OS 14 and 15 perfectly and is open-source!

You may want to implement this into your Web-Server, so that it automatically mounts the .img after the exploit is ready and then BOOM All in one JB invented ^^

But be aware, ROOT is maybe required! Am ready for testing ^^

[rareranger]

I'll look into it. Unfortunately I currently don't have access to a rooted device. It would be too difficult to code in the feature without one for testing and debugging.

[VirusBurst]

I'm not familiar with Android SDK anymore but AFAIK you can test and debug on PC with an emulator (some of them support root) and I (or we) can test it with real devices (I have two devices for testing, BQ Aquaris X5 Plus and Samsung Galaxy Nexus)

[rareranger]

@VirusBurst Testing time coming up.

[rareranger]

@VirusBurst let me know how it goes. I still don't have a rooted device and haven't set up an emulator so I'm flying almost blind.

https://github.com/rareranger/ps4jbandroid/releases/download/v3.0-alpha/ps4jb_v3.0-alpha.apk

[VirusBurst]

@rangerare HOLY MF, you DID IT! IT WORKS!

Android 8.1 (BQ Aquaris X5 Plus) did it! Attention by my side, which is normal, I received multiple messages about unsupported devices but that's normal since my phone still connects via MTP to the PS4 while providing the .img file but HELL YEAH

Waited until every message waved off the screen, pressed OK and BOOM! Jailbreak AND GoldHEN loaded by Android!

[VirusBurst]

OOPS I did it again...

Amazon Kindle Fire HD 7" with Android 7.1.2 (Nougat)

[VirusBurst]

Proudly confirming that even my oldest phone, Samsung Galaxy Nexus with Android 4.3...

AND A HUGE THANK YOU FOR EVEN SUPPORTING THAT OLD ANDROID SDK ♥

it works also there... on a +10 year old devices which basically mean... this kernel method of mounting an .img exist since a long time ago...

Now that's unfortunately where my part ends... I don't have any devices running Android 9 or higher... :( I hope that it will work too! But I'm pretty confident, that it will work! 👍

[rareranger]

@VirusBurst that's great.

Unfortunately I'm not sure it will work with the newer Android running devices.

That's why the developer of USBMountr stopped maintaining his app because of changes in the newer Android kernels.

Fortunately I should have my device rooted by sometime next week. Then I'll be able to support the devices running the latest version of Android.

😁

[rareranger]

@VirusBurst Test the latest version and let me know if it works on all your devices. Cheers.

https://github.com/rareranger/ps4jbandroid/releases/tag/v3.2

[VirusBurst]

Hell yeah, you nailed it with the latest version! 😎👍

[Yohoki]

Now if we could skip the USB step... That'd be awesome. XD

Well, then.... I'm gonna give this a go with a rooted Amazon Fire HD 8 running Android 11. That'll free up my USB stick. I've only got a 256GB, and it's a REALLY big waste to just have the hacked img on it. lmao

Great job, again.

UPDATE--

No go on Red Velvet. The exploit runs just fine and can be completed as normal with a thumb drive.

Trying to mount the hacked img in the app gives a prompt to allow root access, but logs:

Figuring out which backend to use...
Backend type found :: CONFIGFS
Operation ended with code: 1...

I waited at least 60 seconds to press the OK button on the exploit, but it still fails. It's possible I am not waiting long enough, if it takes a while to connect the device? I'm not sure. For some reason, I don't get prompts on my ps4 when I plug in USB devices, so I never know exactly when I can close the prompt even with the thumb drive.

[rareranger]

@Yohoki I'll have to do some testing on my phone once I root it. It's also running Android 11 so I can see what's the issue.

Thanks for testing. 👍🏻🙂

[Yohoki]

@Yohoki I'll have to do some testing on my phone once I root it. It's also running Android 11 so I can see what's the issue.

Thanks for testing. 👍🏻🙂

It should probably be tested on another device running Red Velvet. This old tab has entirely no business running 11, and is only doing so with an unofficial modded OS. So, it's entirely possible that it's just my tablet. I did run an OTG checker to see if it works, and it does say that I'm able to, but I really don't trust my tablet to ACTUALLY allow it. But it's the only rooted device I currently have.

[VirusBurst]

Connect your tablet to the PC, you should see another drive appearing and if you see this drive, then you're good to go...

[Yohoki]

Connect your tablet to the PC, you should see another drive appearing and if you see this drive, then you're good to go...

Man.... You know.......... See, this is why I'm not the dev. You just asked me if my monitor was plugged in, and I'm like.... "Umm.... Yeeeeees......" as I quickly go plug it in. XD I really should have thought to do that on my own. lol

It shows that the tablet has connected but says the device isn't recognized. Unplugging and reconnecting pops up a message saying that the device connected has malfunctioned or is not recognized. No drive is added (neither the regular android or the hacked img)

Checking in Minitool Partition, there is no drive shown in the devices list either. Neither does the partition wizard even think a refresh is necessary.

By contrast, Plugging in a "normal" flash drive shows the hacked exfat drive in windows explorer, as well as prompts a refresh in Minitool, showing both the hacked partition and the unallocated space afterwards.

[VirusBurst]

Hmm... sounds not good...

I'm curious... since you have root access Try https://www.drivedroid.io/ because I didn't got it to work with my devices but MAYBE my Android devices were too old for DriveDroid...

You may try at first on your PC because DD have many methods for mounting files but if that works... Although they stated in the last update, that they added compatibility for Android 9 :/

I mean... trail by error ^^

[Yohoki]

Looks like this app no longer works with Red Velvet, either. I'm able to install it, but part of the setup wizard involves setting a directory for storing ISO/IMG files. Clicking the button results in an error because of not having Read_External_Storage permission. I believe this has to do with the "Scoped Storage" added in 11.

Something I have read somewhere is that you can target android 10 and have a flag set in your manifest to enable legacy access, and this should bypass these scoped storage restrictions on 11(+?). I believe X-Plore and a few other file managers were using this flag for a while to still gain full access to folders outside of the app's own data folders.

[rareranger]

@Yohoki Welcome to the nightmare of maintaining Android apps. XD

Btw the developer for the USBMountr app from F-Droid deleted his GitHub repo.

I had to do a lot of digging to find one to see how he did the USB image mounting.

I had to go to archive.org to check an old snapshot of his GitHub and fortunately found someone who forked his repo.

I think you'll find this interesting @Yohoki :

https://github.com/armyboys1981/android_usb_msd#deprecation-notice

Also you get to check out how he had USB mounting working.

[VirusBurst]

https://github.com/ChendoChap/pOOBs4/pull/31

It looks like there is a great compatibility with DriveDroid... Maybe @rangerare can meet the dev from DriveDroid and merge their codes into the ULTIMATE PS4 Breaker by Android (No I'm 25 yrs old but still, I'd like to have a LOW ORBIT ION CANON for tattooing ants! °^° )

[rareranger]

@VirusBurst Does DriveDroid work on Android 11/12?

And I don't think you'd be doing much tattooing with a LOIC. Probably more of an ant BBQ. xD

[Yohoki]

Not sure if this is helpful or not, but I found a post on reddit from the dev of drivedroid. It's pretty old, but it mentions how DRiveDroid works 'under the hood':

setprop persist.sys.usb.config mass_storage,adb
setprop sys.usb.config mass_storage,adb
setprop sys.usb.state mass_storage,adb
echo 0 > /sys/class/android_usb/android0/enable
echo 18d1 > /sys/class/android_usb/android0/idVendor
echo 4e21 > /sys/class/android_usb/android0/idProduct
echo mass_storage,adb > /sys/class/android_usb/android0/functions
echo 1 > /sys/class/android_usb/android0/enable

What actually does enable mass_storage is the line that writes to /sys/class/android_usb/android0/functions. It calls the kernel's Android module to change its mode to mass_storage,adb. Since most kernels for Android are somewhat alike, mass_storage support is in all of them.

So, on many devices it'll just work. However some are quite wonky and I'm unsure why.

Keep in mind, that's info from 9 years ago, long before android 11's Scoped Storage.

[rareranger]

@Yohoki actually there are all sorts of different kernel configurations for enabling mass storage mode now. It's no longer as simple as above.

Here are some configs I just found by snooping around:

"/sys/devices/platform/s3c-usbgadget/gadget/lun#/"
"/sys/devices/msm_dwc3/f9200000.dwc3/gadget/lun#/"
"/sys/devices/platform/s3c-hsotg/gadget/lun#/"
"/sys/devices/platform/usb_mass_storage/lun#/"
"/sys/devices/platform/omap/musb-omap2430/musb-hdrc/gadget/lun#/"
"/sys/devices/platform/fsl-tegra-udc/gadget/lun#/"
"/sys/devices/platform/msm_hsusb/gadget/lun#/"
"/sys/devices/platform/msm_otg/msm_hsusb/gadget/lun#/"
"/sys/devices/platform/musb-ux500.0/musb-hdrc/gadget/lun#/"
"/sys/devices/platform/sw_usb_udc/gadget/lun#/"
"/sys/devices/platform/mt_usb/musb-hdrc.0.auto/gadget/lun#/"
"/sys/devices/platform/mali_dev.#/"
"/sys/devices/platform/dwc_otg.0/gadget/lun#/"
"/sys/devices/pci0000:00/0000:00:02.3/gadget/lun#/
"/sys/devices/soc.0/f9200000.ssusb/f9200000.dwc3/gadget/lun#/"
"/sys/devices/soc/6a00000.ssusb/6a00000.dwc3/gadget/lun#/"
"/sys/devices/gadget/<NULL>-lun#/"
"/sys/devices/gadget/lun#/"
"/sys/class/android_usb/android#/f_mass_storage/lun/"
"/sys/devices/virtual/android_usb/android#/f_mass_storage/lun_ex/"
"/sys/devices/virtual/android_usb/android#/f_mass_storage/lun/"
"/sys/devices/virtual/android_usb/android0/f_mass_storage/lun#/
"/config/usb_gadget/g1/functions/mass_storage.0/lun.#/"

[Pharaoh2k]

To "Mount exploit USB image" - is it required to physically connect the Android device with a USB OTG cable to a PS4 USB port, or can it be done via wifi?

[rareranger]

@Pharaoh2k

You need to connect the device with a USB cable to the PS4. No need for an OTG adapter. Just plug it in like you would for charging.

That "Mount exploit USB image" feature only works on rooted devices. It might not work if your device is running Android 11+. Good luck.

[Pharaoh2k]

@rareranger Sweet. Unfortunately, indeed it doesn't work with my Samsung Galaxy Note 10+ running Android 11. I am getting exit code 1. Hopefully you'll find a way to fix it. :)

[Pharaoh2k]

@rareranger Forgot to mention, my phone is rooted. ;)

[remlei]

tested v3.3 and it works for my MXQ Android TV Box that is rooted by default. All I did is find a USB A male to male cable since the USB port at the back of it (not the 3 usb on the right side) is actually a OTG port. I initially test the OTG function of this MXQ anroid box with Drivedroid and that works great and I tested it extfathax.img to jailbreak my PS4 and that works great.

Though mounting the extfathax.img is still a manual process on this app, I hope we get the raspberry pi 0 like kind of auto mount and unmount of the img file. And I wish this app can also run in the background as well (and auto start) of course as an option to enable and disable these.

[rareranger]

@Pharaoh2k @Yohoki Test the new version on your Android 11 devices and let me know if it works.

https://github.com/rareranger/ps4jbandroid/releases/latest/

[Yohoki]

@Pharaoh2k @Yohoki Test the new version on your Android 11 devices and let me know if it works.

https://github.com/rareranger/ps4jbandroid/releases/latest/

COVID has made me send my tablet with my kid this week for school at home. I'll test this as soon as I can get it back.

Regardless of results, thanks for keeping us in mind. :D

[Pharaoh2k]

@rareranger commented on Feb 4, 2022, 1:39 PM GMT+7:

@Pharaoh2k @Yohoki Test the new version on your Android 11 devices and let me know if it works.

https://github.com/rareranger/ps4jbandroid/releases/latest/

Unfortunately, it still doesn't work. Same exit code.

[rareranger]

@Pharaoh2k I'm going to need a list of the files you have in the /config mount-point and the /sys/class/UDC folder.

[Pharaoh2k]

@rareranger do you mean all the files in all their subfolders?

[Pharaoh2k]

Here you go: EDIT: Files deleted since already downloaded.

btw, my UDC folder is lower case (udc)

[rareranger]

@Pharaoh2k UDC being lower case makes a huge difference. Also your ROM doesn't have the mass_storage.0 function. I'll hack something up in the next build. Thanks for the file lists. Stay tuned for the next version.

[Yohoki]

Similar results. Although, one thing I noticed is that 'something' is working now.

Clicking the mount button gives the same exit code, but it switches my USB type from 'File Transfer' to 'Charging' (charging is my default state when plugging in my tablet). Clicking unmount gives exit code 0 now. It is no longer breaking things in the background and requiring a restart to get file transfer working again. I can no just plug my tablet into PC and transfer files again, where before I had to restart to get the different USB modes to show up in notifications.

I can get that list of files in just a few minutes, as well.

[Yohoki]

Having trouble copying the udc folder with X-Plore... I think there's some looping going on with the folders, so I hope a tree is good enough. I just used ADB and the LS command.

karnak:/sys/class/udc # su -c ls -R *
musb-hdrc:
a_alt_hnp_support  current_speed    is_otg          power         state
a_hnp_support      device           is_selfpowered  soft_connect  subsystem
b_hnp_enable       is_a_peripheral  maximum_speed   srp           uevent

musb-hdrc/power:
autosuspend_delay_ms  control  runtime_active_time  runtime_status  runtime_suspended_time

For the other folder, I can Zip it. There's a lot there, so I also made a tree.txt that just displays all the things. config.zip + Tree.txt "Not nearly as ugly" Tree.txt

I did notice in the config folder that I also don't have a mass_storage.0, but I DO have a mass_storage.usb0

[Pharaoh2k]

You can simply use Termux and do: su ls -R /config > /YOUR_STORAGE_PATH/configfiles.txt

[rareranger]

@Yohoki for yours the mass_storage function is called mass_storage.usb0. I'll need to add some wildcards to the code I'm using.

[Yohoki]

I'm not sure if that's a normal thing, or if that's because of the hacky nature of my ROM. Lineage is not officially supported on my tablet, and it really should not be running anything close to 11..... But it runs so nicely on it that I couldn't help but keep it. XD

But, ya, I saw the code earlier in usbmounter.kt and wondered if changing it there or a bit of regex would just make it work... But I've no idea how to begin getting from github to APK file. That's magic stuff that my old brain isn't ready to understand.

[rareranger]

@Yohoki XD. I just installed Windows 11 on my main, so now I have to reinstall Arch Linux on my laptop so I can fix the app in Android Studio.

[Pharaoh2k]

@rareranger Just out of curiosity - Why Arch and not Manjaro?

[rareranger]

@Pharaoh2k Arch because I was using Ubuntu and Debian before when running Linux and wanted to try something light with as little stuff as possible. My older laptop still has a HDD instead of an SSD and I wanted to see how snappy it could be with Arch. Plus setting up Arch from nothing is quite educational. 👌

[Yohoki]

oh, dear god I forgot about Win 11. I JUST upgraded from XP last year, and I dunno that I wanna go through with all that again.... Although, it was nice to see that I could actually upgrade for free from XP all the way up. lmao

No probs on the time frame, though. I really wasn't expecting it to work at all on newer firmware because of the changes and mass storage being killed off. I liked MS so much better than this new thing. Half the time my files don't show up in windows anymore without mass storage.

[rareranger]

@Pharaoh2k @Yohoki Guys I finally got some time to update the app. Can you check if USB mounting works in this version on your devices. https://github.com/rareranger/ps4jbandroid/releases/tag/v3.5.0-beta

[Pharaoh2k]

@rareranger Doesn't work.

On first attempt I get: Figuring out backend to use... Backend Type Found :: CONFIGFS Operation existed with code: 1...

[rareranger]

@Pharaoh2k Can you resend me the folder listing (recursive) of /config/usb_gadget/. I don't have a copy on my Windows machine of the one you sent before.

[Pharaoh2k]

@rareranger Sure:

/config/usb_gadget/:
g1

/config/usb_gadget/g1:
UDC
bDeviceClass
bDeviceProtocol
bDeviceSubClass
bMaxPacketSize0
bcdDevice
bcdUSB
configs
functions
idProduct
idVendor
os_desc
strings

/config/usb_gadget/g1/configs:
b.1

/config/usb_gadget/g1/configs/b.1:
MaxPower
accessory.0
acm.0
audio_source.0
bmAttributes
conn_gadget.0
dm.0
dm1.0
midi.0
mtp.0
ncm.0
ptp.0
rndis.0
strings

/config/usb_gadget/g1/configs/b.1/strings:
0x409

/config/usb_gadget/g1/configs/b.1/strings/0x409:
configuration

/config/usb_gadget/g1/functions:
accessory.0
acm.0
audio_source.0
conn_gadget.0
dm.0
dm1.0
ffs.adb
midi.0
mtp.0
ncm.0
ptp.0
rndis.0

/config/usb_gadget/g1/functions/accessory.0:

/config/usb_gadget/g1/functions/acm.0:
port_num

/config/usb_gadget/g1/functions/audio_source.0:

/config/usb_gadget/g1/functions/conn_gadget.0:

/config/usb_gadget/g1/functions/dm.0:

/config/usb_gadget/g1/functions/dm1.0:

/config/usb_gadget/g1/functions/ffs.adb:

/config/usb_gadget/g1/functions/midi.0:
buflen
id
in_ports
index
out_ports
qlen

/config/usb_gadget/g1/functions/mtp.0:

/config/usb_gadget/g1/functions/ncm.0:
dev_addr
host_addr
ifname
qmult

/config/usb_gadget/g1/functions/ptp.0:

/config/usb_gadget/g1/functions/rndis.0:
class
dev_addr
host_addr
ifname
os_desc
protocol
qmult
subclass

/config/usb_gadget/g1/functions/rndis.0/os_desc:
interface.rndis

/config/usb_gadget/g1/functions/rndis.0/os_desc/interface.rndis:
compatible_id
sub_compatible_id

/config/usb_gadget/g1/os_desc:
b_vendor_code
qw_sign
use

/config/usb_gadget/g1/strings:
0x409

/config/usb_gadget/g1/strings/0x409:
manufacturer
product
serialnumber

[rareranger]

@Pharaoh2k can you try to mkdir /config/usb_gadget/g1/functions/mass_storage.0 using root and see what happens.

[Pharaoh2k]

@rareranger mkdir command isn't found, so I tried with root explorer with r/w permissions, but it fails to make the directory. Should I try doing it in recovery (TWRP)?

[Pharaoh2k]

Actually, I can't even mount /config/ in TWRP recovery. EDIT: Or maybe it is already mounted, but empty.