What a year! After more than one year, this blog is still alive!
“They besought him of how canst one become so fullsome [as him] in the midst of rude men; `Dost as they dost not!`, he sweren”
That’s it for now …
[to all the people who are reading this directly, through a feed, through Fedora Planet, through Fedora Planed feed, etc.]
- Hellow! How do you do?
[to anybody who is listening out there!]
- Greetings from planet earth!
When I first bought my Android Samsung Exhibit II smartphone I was mostly interested in working with Android as an embedded Linux operation system and perhaps doing some projects on it; but the Android Debugging Bridge (ADB) shell wasn’t really comfortable and more or less convinced me that it’s not really meant to be used that way. Plus I really don’t like Java so I just forgot about the Linux inside.
[Almost] Everything was going smoothly until a few days ago 1 I got locked out of my phone. Android asks for the connected Google account credentials if someone forgot the gesture code or if someone entered too many wrong codes. The problem is that I had disabled data connection since I don’t have data service, and moreover, I had turned off wifi in order to to preserve battery that morning; so there is no internet access and thus Android could not verify my username and password with Google! 
2
My first reaction was to try some special codes such as blank password or 0000, but soon I realized that nothing could be done from outside and the only way was to hack into my phone! Luckily for me, I had left the USB debugging option enabled since I initially tried adb, so getting a shell was as easy as connecting to my phone and running adb.
Since my knowledge of Android internals wasn’t any further than the fact that it’s Linux based, I had no idea of the security methods, controlling the device, etc.. I’m not complaining because I believe that is exactly what makes hacking fun 3
These are my main ideas on how to work around the problem:
1- Enable the wireless (`iw`, `wpa_supplicant`, etc.)
[Too long, didn't write!] Didn’t work! I had used `iw` and `wpa_supplicant` to connect a WRT54GL Linksys wireless router (with OpenWRT installed on it) to another wireless network (yes, client mode!) before, but Android doesn’t have `iw` on it and apparently `wpa_supplicant` couldn’t initiate the connection appropriately.
For more information about `iw` (even though Android doesn’t have it, almost all distros do) and `wpa_supplicant` Refer to The Respective Manuals. 4
In short, the cool thing about `iw` is that you can perform network level AND hardware level operations with it, kinda like `ip` but for wireless devices. A few of useful commands that I use sometimes are:
2- Connect my phone to internet using my laptop as a gateway (`iptables`, `ip route`, etc.)
The idea is simple, I’m sure lot’s of you have tried to share internet between two systems at one point before; could be a virtual machine, an embedded system, a PC without wifi card, or getting internet from your 3G phone! As a matter of fact I did succeed to do so with my Android phone, but for some reason the lock didn’t let me in; I could ping Google from the shell, but perhaps the applications can only access internet through predefined ways (wifi and 3G)
For more information refer to `iptables` and `ip` manual pages. I found this link 5 to be very informative, even though the purpose is different and it’s mainly graphical, it’s for the same cause. `ip` and `iptables` are two network related commands that you must know how to work with! Some basic examples:
3- Break the lock (resetting the lock, etc.)
Honestly, I didn’t expect this one to work! I mean, seriously, it shouldn’t be so easy to break the lock! But it worked!
DONE! The lock is gone! And I wasn’t even root! Apparently /efs is where Android stores many of it’s important properties files, many of which are readable only by root, but anybody can unmount it! This is certainly a security flaw that I’m sure it fixed in the newer versions of Android (mine is Gingerbread 2.3).
Conclusion: But the point of this post wasn’t just to reveal a security flaw after 6 months! The point was to show you that at the end of the day, Linux does as Linux does, no matter what the distribution is or what kind of cpu architecture is running it. I learned things from my phone that became useful later while working with servers! Again, Linux does as Linux does; just find the inner shell, and you’re all set. Maybe you’ll only need to enable usb debugging on Android, or perhaps you’ll have to open up your Amazon Kindle and connect a serial port to a secret port, but in the end, you will feel as if you’re working with your own system, you’ll feel like home.
Notes:
well, actually 6 months ago when I drafted this post! ↩
Do I really need to mention that I couldn’t enable any of those while in lockout? Give me some credit, man! ↩
just to clarify: hacking equals curiosity, IMO. ↩
aka. RTRM :-p I’m gonna start a “respect the manual” movement someday … ya’ll see … ↩
I’ve just bought a Raspberry Pi and I did pretty much the same thing, in terminal! I’ll write about it soon ↩