KuLiD
commented
3 years ago im just here to follow the thread, have same problem with S8+...
Open sbrk42 opened 3 years ago
KuLiD
commented
3 years ago im just here to follow the thread, have same problem with S8+...
matthiasseemoo
commented
3 years ago I think that there is currently no other way than to recompile the kernel with disabled selinux. At least if you want to use tools such as nexutil in its current form. If everything you want to do is part of your firmware, you can simply replace the firmware file and it should work.
On 11. May 2021, at 15:11, KuLiD @.***> wrote:
im just here to follow the thread, have same problem with S8+...
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/nexmon/issues/478#issuecomment-838447860, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ773SP32KEQNU67SDC6FDTNEUJRANCNFSM44VHI3QQ.
sbrk42
commented
3 years ago Hi @matthiasseemoo, I have tried to flash Lineage on the s20 (unofficial). Then I was able to use setenforce 0 and it worked (got "Permissive" when run getenforce).
However, I tried to install the patched firmware file at "/vendor/firmware" and "/vendor/etc/wifi" path but it dosent worked (got driver error when using nextutil -m2).
Maybe you can check this out if there is another way to install it on S20 with Lineage.
matthiasseemoo
commented
3 years ago what was the original wifi firmware version? maybe it does not match the new one. does nexutil work with the original firmware?
On 12. May 2021, at 08:37, sbrk42 @.***> wrote:
Hi @matthiasseemoo https://github.com/matthiasseemoo, I have tried to flash Lineage on the s20 (unofficial). Then I was able to use setenforce 0 and it worked (got "Permissive" when run getenforce). However, I tried to install the patched firmware file at "/vendor/firmware" and "/vendor/etc/wifi" path but it dosent worked (got driver error when using nextutil -m2).
Maybe you can check this out if there is another way to install it on S20 with Lineage.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/nexmon/issues/478#issuecomment-839502875, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ773TTJDJOZAUHDTHQC4LTNIOZ3ANCNFSM44VHI3QQ.
sbrk42
commented
3 years ago what was the original wifi firmware version? maybe it does not match the new one. does nexutil work with the original firmware? … On 12. May 2021, at 08:37, sbrk42 @.***> wrote: Hi @matthiasseemoo https://github.com/matthiasseemoo, I have tried to flash Lineage on the s20 (unofficial). Then I was able to use setenforce 0 and it worked (got "Permissive" when run getenforce). However, I tried to install the patched firmware file at "/vendor/firmware" and "/vendor/etc/wifi" path but it dosent worked (got driver error when using nextutil -m2). Maybe you can check this out if there is another way to install it on S20 with Lineage. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#478 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ773TTJDJOZAUHDTHQC4LTNIOZ3ANCNFSM44VHI3QQ.
How do I determine the original wifi firmware version?
matthiasseemoo
commented
3 years ago Either run strings on your firmware file or nexutil -V when the firmware is loaded.
On 18. May 2021, at 10:47, sbrk42 @.***> wrote:
what was the original wifi firmware version? maybe it does not match the new one. does nexutil work with the original firmware? … <x-msg://3/#> On 12. May 2021, at 08:37, sbrk42 @.***> wrote: Hi @matthiasseemoo https://github.com/matthiasseemoo https://github.com/matthiasseemoo https://github.com/matthiasseemoo, I have tried to flash Lineage on the s20 (unofficial). Then I was able to use setenforce 0 and it worked (got "Permissive" when run getenforce). However, I tried to install the patched firmware file at "/vendor/firmware" and "/vendor/etc/wifi" path but it dosent worked (got driver error when using nextutil -m2). Maybe you can check this out if there is another way to install it on S20 with Lineage. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#478 (comment) https://github.com/seemoo-lab/nexmon/issues/478#issuecomment-839502875>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ773TTJDJOZAUHDTHQC4LTNIOZ3ANCNFSM44VHI3QQ https://github.com/notifications/unsubscribe-auth/ACZ773TTJDJOZAUHDTHQC4LTNIOZ3ANCNFSM44VHI3QQ.
How do I determine the original wifi firmware version?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/nexmon/issues/478#issuecomment-842980910, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ773VNKBQSUXPSMENGEHLTOISQNANCNFSM44VHI3QQ.
sbrk42
commented
3 years ago Original firmware version is 18.41.90 :(
sbrk42
commented
3 years ago @matthiasseemoo can you please publish the way to recompile kernel with selinux disabled? I've tried follow this https://pucarasec.wordpress.com/2020/06/09/debugging-the-samsung-android-kernel-part-1/ to recompile the kernel and change in configuration file (exynos9830-x1slte_defconfig) CONFIG_SECURITY_SELINUX=n but no success.
matthiasseemoo
commented
3 years ago And the firmware version 18.41.8.9 for the S20 does not work?
On 18. May 2021, at 12:00, sbrk42 @.***> wrote:
Original firmware version is 18.41.90 :(
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/nexmon/issues/478#issuecomment-843033196, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ773VBWTP3BXGB2DLA6E3TOI3EJANCNFSM44VHI3QQ.
matthiasseemoo
commented
3 years ago I did not perform the selinux disabling on my own, I was just working with a phone that had selinux disabled.
On 19. May 2021, at 10:41, sbrk42 @.***> wrote:
@matthiasseemoo https://github.com/matthiasseemoo can you please publish the way to recompile kernel with selinux disabled? I've tried follow this https://pucarasec.wordpress.com/2020/06/09/debugging-the-samsung-android-kernel-part-1/ https://pucarasec.wordpress.com/2020/06/09/debugging-the-samsung-android-kernel-part-1/ to recompile the kernel and change in configuration file (exynos9830-x1slte_defconfig) CONFIG_SECURITY_SELINUX=n but no success.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/seemoo-lab/nexmon/issues/478#issuecomment-843883674, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACZ773WN3VOSLTRMKJWQOD3TON2UDANCNFSM44VHI3QQ.
ghost
commented
3 years ago @sbrk42 To disable SEL you have to compile the kernel using these flags:
# CONFIG_SECURITY_SELINUX_ALWAYS_ENFORCE is not set
CONFIG_SECURITY_SELINUX_ALWAYS_PERMISSIVE=yAlso if that's too much work, some custom recoveries built with prebuilt kernel should also give you SEL permissive.
EDIT: Just found out you're on Exynos. Try to find your kernel tree on GitHub first. If not then you might want to head over and use Samsung's source.
ghost
commented
3 years ago @matthiasseemoo Ok umm this might be interesting. So I've just tried nexmon on my S10 and seem to be experiencing a similar issue even with permissive SELinux.
ifconfig wlan0 up/down works fine but nexutil consistently reports __nex_driver_io: error ret=-1 errno=95 for everything I've tested other than nexutil -V. This is probably due to the newer driver 18.40.44 rather than the 18.38.18 in the repo. If I directly replace a patched version compiled from the repo into /vendor/etc/wifi, my Wi-Fi seems to be dead after restarting the interface. I've backed up and attached here my original /vendor/etc/wifi/bcmdhd_sta.bin_b1. This is from an S10 on the last version of Android 10.
ghost
commented
3 years ago Here's the full log of commands I've executed (with MAC addresses and other sensitive info redacted):
/data/data/com.termux/files/home/nexutil # ifconfig
rmnet_ipa0 Link encap:UNSPEC
UP RUNNING MTU:9216 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 TX bytes:0
dummy0 Link encap:Ethernet HWaddr
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 TX bytes:630
wlan0 Link encap:Ethernet HWaddr
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1256 errors:0 dropped:0 overruns:0 frame:0
TX packets:1323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope: Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 TX bytes:0
/data/data/com.termux/files/home/nexutil # getenforce
Permissive
/data/data/com.termux/files/home/nexutil # ./nexutil -V
firmware 18.40.44 (B1 Network/rsdb) FWID 01-5698084
vendorid 0x14e4
deviceid 0x4470
radiorev 0xa05fb
chipnum 0x4375
chiprev 0x5
chippackage 0x0
corerev 0x52
boardid 0x891
boardvendor 0x14e4
boardrev P403
driverrev 0x0
ucoderev 0x5a02454
bus 0x0
phytype 0xb
phyrev 0x2c
anarev 0x0
nvramrev 0xc16d1
platform | firmware | vendorid | deviceid | radiorev | chipnum | chiprev | chippackage | corerev | boardid | boardvendor | boardrev | driverrev | ucoderev | bus | phytype | phyrev | anarev | nvramrev
-------------------- | -------------------------------- | -------- | -------- | ---------- | ------- | ------- | ----------- | ------- | ------- | ----------- | -------- | --------- | --------- | --- | ------- | ------ | ------ | --------
unknown | 18.40.44 (B1 Network/rsdb) FWID 01-5698084 | 0x14e4 | 0x4470 | 0xa05fb | 0x4375 | 0x5 | 0x0 | 0x52 | 0x891 | 0x14e4 | P403 | 0x0 | 0x5a02454 | 0x0 | 0xb | 0x2c | 0x0 | 0xc16d1
@sbrk42 To disable SEL you have to compile the kernel using these flags:
# CONFIG_SECURITY_SELINUX_ALWAYS_ENFORCE is not set CONFIG_SECURITY_SELINUX_ALWAYS_PERMISSIVE=ySource: mohammad92/android_kernel_samsung_sm8150@10ab15e
Also if that's too much work, some custom recoveries built with prebuilt kernel should also give you SEL permissive.
EDIT: Just found out you're on Exynos. Try to find your kernel tree on GitHub first. If not then you might want to head over and use Samsung's source.
@JQ555888
I have download the source from samsung. This flag isnt show in S20 source code but is seems that in the selinux Makefile there is a flag ccflags-y += -DCONFIG_ALWAYS_ENFORCE=true. I've try to change it to false and recompile but when i flash the boot.img it seems that the kernel isnt flash at all (uname -a give me an old banner of the kernel).
Also i've tried to change CONFIG_SECURITY_SELINUX=n in the exynos9830-x1slte_defconfig.
If you have any idea what am I doing wrong I'd like to here.
As I sed i've try to follow this tutorial https://pucarasec.wordpress.com/2020/06/09/debugging-the-samsung-android-kernel-part-1/ ...
tnx
ghost
commented
3 years ago @sbrk42 I'm not an expert but if I were you I would have tried this kernel source rather than the official one since it seems someone else's already been working on it and should provide you with a better starting point. It's possible there's other stuff you have to modify to achieve SELinux permissive. https://github.com/Exynoobs/android_kernel_samsung_exynos990
Also since you mentioned you were previously running LineageOS with permissive SELinux I would suggest you look into the kernel they used and work from there if you have no clue what to do with the official source.
ghost
commented
3 years ago @matthiasseemoo
My apologies for the notifications but here's the dmesg output. Wi-Fi gets enabled no problem now but I'm not sure if this is the expected behavior. The original firmware was 18.40.44 and it's been replaced with 18.38.18. nexutil -g0 outputs 0x000000: 77 6c e4 14 wl.., which seems to be wrong. Hope this helps <3
[ 4711.160250] dhd_bus_devreset: == Power ON ==
[ 4711.184024] dhd_bus_devreset: dhdpcie_bus_clock_start OK
[ 4711.184265] dhd_bus_aspm_enable_dev: EP DISABLE, linkctrl_before: 0x10110142 linkctrl_after: 0x10110140
[ 4711.184361] dhd_bus_aspm_enable_dev: RC DISABLE, linkctrl_before: 0x3011004a linkctrl_after: 0x30110048
[ 4711.186965] dhdpcie_cto_init: set CTO prevention and recovery enable/disable 1
[ 4711.261693] dhd_irq_set_affinity : irq set affinity cpu:0x2
[ 4711.261772] dhd_set_blob_support: ----- blob file exists (/vendor/etc/wifi/bcmdhd_clm.blob)-----
[ 4711.261776] dhd_bus_download_firmware: firmware path=/vendor/etc/wifi/bcmdhd_sta.bin_b1, nvram path=/vendor/etc/wifi/nvram.txt_1rh_es43_b1
[ 4711.261781] dhdpcie_dump_resource: BAR0(VA): 0x0000000000000000, BAR0(PA): 0x0000000060800000, SIZE: 32768
[ 4711.261784] dhdpcie_dump_resource: BAR1(VA): 0x0000000000000000, BAR1(PA): 0x0000000060400000, SIZE: 4194304
[ 4711.261862] dhdpcie_download_code_file: dhd_tcm_test_enable 0
[ 4711.261865] dhdpcie_download_code_file: download firmware /vendor/etc/wifi/bcmdhd_sta.bin_b1
[ 4711.261870] dhd_os_open_image1: /vendor/etc/wifi/bcmdhd_sta.bin_b1 (1160102 bytes) open success
[ 4711.387500] dhd_os_open_image1: /vendor/etc/wifi/nvram.txt_1rh_es43_b1 (13063 bytes) open success
[ 4711.387512] dhdpcie_download_nvram: dhd_get_download_buffer len 13063
[ 4711.387542] dhdpcie_download_nvram: process_nvram_vars len 9196
[ 4711.416957] dhdpcie_bus_write_vars: Download, Upload and compare of NVRAM succeeded.
[ 4711.417160] dhd_bus_aer_config: Configure AER registers for EP
[ 4711.417178] dhd_bus_aer_config: Configure AER registers for RC
[ 4712.027428] dhdpcie_readshared: max H2D queues 40
[ 4712.027600] dhdpcie_oob_intr_register OOB irq=218 flags=1
[ 4712.027845] dhd_bus_start: Initializing 43 h2drings
[ 4712.027946] dhd_prot_init:3219: h2d_max_txpost = 512
[ 4712.027973] dhd_prot_init:3228: MAX_RXBUFPOST = 511
[ 4712.028114] dhd_prot_d2h_sync_init(): D2H sync mechanism is XORCSUM \x0d
[ 4712.028253] dhd_bus_hostready : Read PCICMD Reg: 0x00100006
[ 4712.028404] dhd_bus_dump_dar_registers: dar_clk_ctrl(0xa08:0x1010040) dar_pwr_ctrl(0xa0c:0x30000) dar_intstat(0xa10:0x0)
[ 4712.028430] dhd_bus_dump_dar_registers: dar_errlog(0xa60:0x0) dar_erraddr(0xa64:0x0) dar_pcie_mbint(0xa68:0x0)
[ 4712.028459] dhd_bus_hostready: Ring Hostready:92
[ 4712.028735] dhd_send_d2h_ringcreate ringid: 3 idx: 46 max_h2d: 43
[ 4712.028763] dhd_send_d2h_ringcreate: sending d2h EDL ring create: \x0a max items=256; len_item=2048; ring_id=3; low_addr=0xf9c80000; high_addr=0x0
[ 4712.028811] dhd_get_memdump_info: MEMDUMP ENABLED = 2
[ 4712.033434] dhd_sync_with_dongle: GET_REVINFO device 0x4470, vendor 0x14e4, chipnum 0x4375
[ 4712.037545] dhd_sync_with_dongle: RxBuf Post : 2048
[ 4712.047894] dhd_read_cis: Local CIS buffer is alloced
[ 4712.052469] dhd_read_cis: get cisdump, UNSUPPORTED
[ 4712.052510] dhd_clear_cis: Local CIS buffer is freed
[ 4712.063532] dhd_preinit_ioctls: hostwake_oob enabled
[ 4712.067534] dhd_os_open_image1: /vendor/etc/wifi/bcmdhd_clm.blob (29804 bytes) open success
[ 4712.072548] dhd_check_current_clm_data: ----- This FW is not included CLM data -----
[ 4712.078601] dhd_dbg_msgtrace_seqchk seq out of order, dhd 21, dongle 1
[ 4712.193500] dhd_check_current_clm_data: ----- This FW is included CLM data -----
[ 4712.212050] dhd_preinit_ioctls get scan_features, UNSUPPORTED
[ 4712.336728] dhd_prot_ioctl: SET PM to 2
[ 4712.371426] dhd_preinit_ioctls: event_log_max_sets: 25 ret: 0
[ 4712.378854] dhd_preinit_aibss_ioctls aibss , UNSUPPORTED
[ 4712.387836] dhd_control_he_enab he_enab (1) set successed
[ 4712.393986] [WIFI_SEC] dhd_logtrace_from_file : LOGTRACE On/Off from sysfs = 1
[ 4712.483120] dhd_pno_init: Support Android Location Service
[ 4712.541004] dhd_rtt_init : FTM is supported
[ 4712.566341] dhd_preinit_ioctls: Monitor mode is not enabled in FW cap
[ 4712.566421] dhd_bus_devreset: WLAN Power On Done
[ 4712.627327] dhd_bus_aspm_enable_dev: RC ENABLE , linkctrl_before: 0x30110048 linkctrl_after: 0x3011004a
[ 4712.627747] dhd_bus_aspm_enable_dev: EP already enabled linkctrl: 0x10110142
[ 4712.627771] dhd_irq_set_affinity : irq set affinity cpu:0x1
[ 4712.627800] dhd_irq_set_affinity : irq set affinity cpu:0x70
[ 4712.642856] dhd_generate_rand_mac_addr:generated new MAC=52:xx:xx:xx:x6:af
[ 4712.723954] dhd_pktlog_filter_existed(): This pattern is existed
[ 4712.723961] dhd_pktlog_filter_existed(): arg 12 0xffff 0x888e
[ 4712.724294] dhd_pktlog_filter_existed(): This pattern is existed
[ 4712.724299] dhd_pktlog_filter_existed(): arg 12 0xffff 0x0806
[ 4712.724590] dhd_pktlog_filter_existed(): This pattern is existed
[ 4712.724595] dhd_pktlog_filter_existed(): arg 12 0xffffff0000000000000000ff 0x080045000000000000000001
[ 4712.724885] dhd_pktlog_filter_existed(): This pattern is existed
[ 4712.724890] dhd_pktlog_filter_existed(): arg 12 0xffffff0000000000000000ff00000000000000000000ffffffff 0x0800450000000000000000110000000000000000000000430044
[ 4712.725167] dhd_pktlog_filter_existed(): This pattern is existed
[ 4712.725172] dhd_pktlog_filter_existed(): arg 12 0xffffff0000000000000000ff00000000000000000000ffffffff 0x0800450000000000000000110000000000000000000000440043
[ 4712.725466] dhd_pktlog_filter_existed(): This pattern is existed
[ 4712.725471] dhd_pktlog_filter_existed(): arg 12 0xffffff0000000000000000ff000000000000000000000000ffff 0x0800450000000000000000110000000000000000000000000035
[ 4712.725772] dhd_pktlog_filter_existed(): This pattern is existed
[ 4712.725778] dhd_pktlog_filter_existed(): arg 12 0xffffff0000000000000000ff00000000000000000000ffff0000 0x0800450000000000000000110000000000000000000000350000
[ 4712.726044] dhd_pktlog_filter_existed(): This pattern is existed
[ 4712.726048] dhd_pktlog_filter_existed(): arg 12 0xfffff00000000000ff 0x86dd6000000000003a
[ 4712.769167] dhd_dbg_verboselog_printf: Log print water mark is reached, console logs are dumped only to debug_dump file
[ 4712.841403] dhd_set_suspend: Remove extra suspend setting
[ 4712.842639] dhd_enable_packet_filter: enter, value = 0
[ 4712.864529] dhd_set_suspend lpas, UNSUPPORTED
[ 4712.872180] dhd_is_associated: WLC_GET_BSSID, NOT ASSOCIATED
[ 4712.874959] dhd_irq_set_affinity : irq set affinity cpu:0x70
[ 4712.882702] dhd_enable_adps adps, UNSUPPORTED
[ 4712.927327] dhd_enable_adps adps, UNSUPPORTED
[ 4749.948501] dhd_set_suspend: force extra Suspend setting
[ 4749.948511] dhd_enable_packet_filter: enter, value = 1
[ 4750.045164] dhd_is_associated: WLC_GET_BSSID, NOT ASSOCIATED
[ 4750.100326] dhd_is_associated: WLC_GET_BSSID, NOT ASSOCIATED
mzakharo
commented
3 years ago No need to install Lineage on S10, just use stock ROM, and flash CruelKernel (https://forum.xda-developers.com/t/kernel-2020-12-01-cruel-kernel-s10-note10-v3-9.4063495/) with TWRP.
dukesilverrr
commented
3 years ago @JQ555888 your output to the nexutil -g0 outputs 0x000000: 77 6c e4 14 wl.., actually appears to be correct, as it correctly prints the magic number containing "wl" via the following IOCTL:
/* common ioctl definitions */
#define WLC_GET_MAGIC 0from drivers/net/wireless/broadcom/bcmdhd_101_16/include/wlioctl_defs.h in the kernel driver source
@JQ555888 did you ever end up resolving your __nex_driver_io: error ret=-1 errno=95 issue? I'm seeing something similar. Thanks!
dukesilverrr
commented
3 years ago For those who see this error, I have found that the driver's IOCTL processing code will throw these types of errors when the IOCTL is either "private", "local", or unimplemented in the firmware.
Hi, it would be nice if you can publish your way to disable SELinux on the S10/20 devices... I have rooted my devices (Magisk) and try
setenforce 0but direct after when im doinggetenforcei still get "Enforcing". When im try to install patched firmware, onifconfig wlan0 down/upcommand, i got "permission denied" and nexmon driver error onnexutil -m2command.Help pls!!! tnx.