Reasons why I run a network-wide adblocker…

v3ritasLeave a comment

In the last 24 hours…

Screenshot from Pi-Hole dashboard

For anyone else looking to run a network-wide adblocker, I recommend Pi-Hole. I have also recently started testing out AdGuard Home & will see in the long run if I decide to switch, or just leave it as a backup.

I run Pi-Hole as my primary DNS & DHCP server with an excessive number of blocklists (totaling ~4.5m blocked sites) & have no issues with it. I only started looking into AdGuard Home after a resource issue on my original Pi-Hole (it seems when I added Resilio Sync to my Pi, the system would lock up). So, I decided to replace RasPi 3 B+ with a RasPi 4, 8GB, & turn the original 3+ into the secondary AdGuard DNS server.

I definitely do like the AdGuard Home interface better than Pi-Hole, but will see if there’s actually enough there that will make me want to switch off Pi-Hole once & for all, or as my primary.

Goodbye Google Fi & Android

v3ritasLeave a comment

I find it pretty ironic that Google Fi is the reason I’m leaving Android as well. Whether it’s because of an actual Fi issue or juts a tower issue in my area, that caused me to finally switch off of Fi (something I’ve been meaning to do anyway), & I decided to switch to an iPhone to get more use out of my phone, but also so I could actually still communicate with some people on iMessage.

I guess I’ll also be looking into jailbreaking some more, especially since the phone I’m using for now is vulnerable to Checkra1n.

iOS14 Charger Connect\Disconnect Sounds

v3ritasLeave a comment

This seems to be very popular with the release of iOS14, & I’m writing this up as a personal reference so I don’t have to continue to watch the great setup video that u/zeeshan_02 posted on Reddit: Beginner’s Guide on Playing a Custom Sound when Connected to Charger!

Shortcut 01: Encode Audio
This converts a sound file (in my case I was using an MP3) to Base64, for later use by the next shortcut:

“Encode Audio” shortcut

Shortcut 02: Charger Connected
Sound that will be played when the charger is connected. The base64-encoded text should already be in the clipboard from the step above. You just have to paste that into the Text field:

“Charger Connected” shortcut

Shortcut 03: Charger Disconnected (Optional)
Can use the same sound for connect & disconnect if you want. I just wanted to have different sounds used. It’s the same setup as above, just using a different Base64 string. If you want the same sound for both actions, you can skip this.

Automation
Setup a new Personal Automation for when your device is connected or disconnected from power, or both, & run the appropriate shortcut for what you’re trying to do.

Automation to play the sounds based on your selection.

Super Mario 64 Natively on Android

v3ritasLeave a comment

Found a post on XDA about building Super Mario 64 for Android using Termux, & figured I’d try it out for fun.
Source: XDA Developers: Super Mario 64 can be natively run on Android without a Nintendo 64 emulator

Their instructions worked fine, so below is really just a copy & paste from the XDA post:

➜  ~ pkg install git wget make python getconf zip apksigner clang
Checking availability of current mirror: ok
Reading package lists... Done
Building dependency tree       
Reading state information... Done
apksigner is already the newest version (29.0.2-5).
clang is already the newest version (10.0.1-2).
getconf is already the newest version (0.5-1).
git is already the newest version (2.28.0).
make is already the newest version (4.3-1).
python is already the newest version (3.8.5).
wget is already the newest version (1.20.3-3).
zip is already the newest version (3.0-5).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
➜  ~ cd Development 
➜  Development git clone https://github.com/VDavid003/sm64-port-android
Cloning into 'sm64-port-android'...
remote: Enumerating objects: 15616, done.
remote: Total 15616 (delta 0), reused 0 (delta 0), pack-reused 15616
Receiving objects: 100% (15616/15616), 22.76 MiB | 5.71 MiB/s, done.
Resolving deltas: 100% (7567/7567), done.
➜  Development cd sm64-port-android 
➜  sm64-port-android git:(master) cp ~/storage/shared/Super\ Mario\ 64\ \(USA\).z64 baserom.us.z64
➜  sm64-port-android git:(master) sha256 baserom.us.z64 
The program openssl is not installed. Install it by executing:
 pkg install openssl-tool
➜  sm64-port-android git:(master) pkg install openssl-tool
Checking availability of current mirror: ok
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  openssl-tool
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 185 kB of archives.
After this operation, 643 kB of additional disk space will be used.
Get:1 https://dl.bintray.com/termux/termux-packages-24 stable/main aarch64 openssl-tool aarch64 1.1.1g-4 [185 kB]
Fetched 185 kB in 0s (214 kB/s)    
Selecting previously unselected package openssl-tool.
(Reading database ... 14219 files and directories currently installed.)
Preparing to unpack .../openssl-tool_1.1.1g-4_aarch64.deb ...
Unpacking openssl-tool (1.1.1g-4) ...
Setting up openssl-tool (1.1.1g-4) ...
➜  sm64-port-android git:(master) sha256 baserom.us.z64   
SHA256(baserom.us.z64)= 17ce077343c6133f8c9f2d6d6d9a4ab62c8cd2aa57c40aea1f490b4c8bb21d91
➜  sm64-port-android git:(master) md5sum baserom.us.z64 
20b854b239203baf6c961b850a4a51a2  baserom.us.z64
➜  sm64-port-android git:(master) ./getSDL.sh
~/Development/sm64-port-android/SDL ~/Development/sm64-port-android
--2020-09-20 11:56:47--  https://www.libsdl.org/release/SDL2-2.0.12.zip
Resolving www.libsdl.org... 2604:a880:1:20::181:e001, 192.241.223.99
Connecting to www.libsdl.org|2604:a880:1:20::181:e001|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 6784187 (6.5M) [application/zip]
Saving to: ‘SDL2-2.0.12.zip’

SDL2-2.0.12.zip                       100%[=======================================================================>]   6.47M  5.65MB/s    in 1.1s    

2020-09-20 11:56:49 (5.65 MB/s) - ‘SDL2-2.0.12.zip’ saved [6784187/6784187]

~/Development/sm64-port-android
➜  sm64-port-android git:(master) make --jobs 4
...
cp build/us_pc/sm64.us.f3dex2e.unsigned.apk build/us_pc/sm64.us.f3dex2e.apk
apksigner sign --cert certificate.pem --key key.pk8 build/us_pc/sm64.us.f3dex2e.apk
➜  sm64-port-android git:(master) ls
Android.mk   Makefile.split  assets           charmap.txt       enhancements       key.pk8        sm64.jp.sha1  text
CHANGES      README.md       assets.json      charmap_menu.txt  extract_assets.py  levels         sm64.ld       textures
Dockerfile   SDL             baserom.us.z64   data              first-diff.py      lib            sm64.sh.sha1  tools
Doxyfile     actors          bin              diff.py           format.sh          rename_sym.sh  sm64.us.sha1  undefined_syms.txt
Jenkinsfile  android         build            diff_settings.py  getSDL.sh          rsp            sound
Makefile     asm             certificate.pem  doxygen           include            sm64.eu.sha1   src
➜  sm64-port-android git:(master) ls build 
us_pc
➜  sm64-port-android git:(master) ls build/us_pc 
actors  bin   endian-and-bitwidth  level_rules.mk  lib         rsp                  sm64.us.f3dex2e.unsigned.apk  src   textures
assets  data  include              levels          libmain.so  sm64.us.f3dex2e.apk  sound                         text
➜  sm64-port-android git:(master)
Super Mario 64 running natively on my OnePlus 7 Pro.

OnePlus 7 Pro: Update System Firmware on Custom ROM

v3ritas5 Comments

Follow up to the OnePlus 7 Pro: LineageOS+MicroG post, where I mentioned I would have to update the Bluetooth & Modem firmware on my device. This fortunately went as smoothly as the LineageOS+MicroG install, so I’m very happy about that.

The first step was downloading the latest OxygenOS ZIP through this post: XDA Developers: [ROM][STOCK][FASTBOOT][OP7P] Stock Fastboot ROMs for OnePlus 7 Pro/ 7 Pro 5G by mauronofrio. The specific ZIP i pulled down from Android File Host was “10.0-GM21AA-OnePlus7ProOxygen_21.O.20_OTA_020_all_1909172051_db7a3f61-FASTBOOT.zip”. From there, it was just a simple matter of extracting that, images.zip, & flashing the bluetooth.img & modem.img files:

➜  Downloads cd 10.0-GM21AA-OnePlus7ProOxygen_21.O.20_OTA_020_all_1909172051_db7a3f61-FASTBOOT/images
➜  images file bluetooth.img
bluetooth.img: DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "MSDOS5.0", Bytes/sector 4096, sectors/cluster 4, root entries 512, Media descriptor 0xf8, sectors/FAT 3, sectors/track 63, heads 255, sectors 16384 (volumes > 32 MB), serial number 0xbc614e, unlabeled, FAT (16 bit)
➜  images file modem.img
modem.img: DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "MSDOS5.0", Bytes/sector 4096, sectors/cluster 4, root entries 512, Media descriptor 0xf8, sectors/FAT 10, sectors/track 63, heads 255, sectors 76800 (volumes > 32 MB), serial number 0xbc614e, unlabeled, FAT (16 bit)

➜  images adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of devices attached
➜  images adb devices
List of devices attached
1234abcd        device
➜  images adb reboot bootloader
➜  images fastboot devices
1234abcd        fastboot
➜  images fastboot flash bluetooth_a bluetooth.img
Sending 'bluetooth_a' (828 KB)                     OKAY [  0.030s]
Writing 'bluetooth_a'                              OKAY [  0.005s]
Finished. Total time: 0.049s
➜  images fastboot flash bluetooth_b bluetooth.img
Sending 'bluetooth_b' (828 KB)                     OKAY [  0.032s]
Writing 'bluetooth_b'                              OKAY [  0.005s]
Finished. Total time: 0.050s
➜  images fastboot flash modem_a modem.img
Sending 'modem_a' (161700 KB)                      OKAY [  4.308s]
Writing 'modem_a'                                  OKAY [  0.633s]
Finished. Total time: 4.954s
➜  images fastboot flash modem_b modem.img
Sending 'modem_b' (161700 KB)                      OKAY [  3.769s]
Writing 'modem_b'                                  OKAY [  0.696s]
Finished. Total time: 4.480s
➜  images fastboot reboot
Rebooting                                          OKAY [  0.002s]
Finished. Total time: 0.002s
➜  images

OnePlus 7 Pro: LineageOS+MicroG

v3ritas1 Comment

After a full weekend of originally getting CrDroid on my new OnePlus 7 Pro a few months back, I decided to switch to LineageOS+MicroG because I was never able to get location working on CrDroid. This was mostly due to the changes in Android 10, but when I was still unable to get it working with the new UnifiedNLP package, I just decided it was easier to switch & settled for reinstalling MicroG, which I had avoided on CrDroid because I wanted to avoid as many Google services as possible.

Since I had so many issues getting CrDroid setup in the first place (mainly due to me lack of experience with A\B partitions & not knowing I needed to flash OxygenOS first, then the ROM on top of it), I wanted to keep track of the exact steps I took to get LineageOS+MicroG so I could follow it the next time I decide I want to try a new ROM. Posting it here just makes it easier to come back to & maybe it will help out someone else.

First step was just backup & prep: Making sure I had backups of my messages, F-Droid repositories, 2FA tokens, as well as my list of installed apps.

One thing I was surprised at for the installation was that I wasn’t expected to flash an OxygenOS ROM first… Below are the two “guides” i followed:

OnePlus Forms: [ROM] LineageOS | OnePlus 7 [17.1][Android 10][OFFICIAL]
This one specifically included when to flash Magisk:
XDA Developers: [ROM]-[10-04-2020]-[microG] Unofficial LineageOS 17 w/ microG support by gigatex

Flashing Recovery: I thought this was one place where I had issues, but that may have only been on the Essential Phone, where I couldn’t boot recovery. that did work on the OP7Pro:

➜ OP7Pro adb reboot fastboot
➜ OP7Pro fastboot devices
0810d6ea fastboot
➜ OP7Pro fastboot boot twrp-3.4.0-0-guacamole.img
Sending 'boot.img' (31704 KB) OKAY [ 0.742s]
Booting OKAY [ 0.106s]
Finished. Total time: 0.886s
➜ OP7Pro

Once I was booted into TWRP I formatted DATA & pushed the LineageOS+MicroG & TWRP installer ZIPs, then rebooted to recovery again (without flashing anything). I ended up having to push the two ZIPs again because they were not present on the “SD Card” after the reboot. After pushing the files again I flashed & rebooted the system to complete setup.

An issue I did run into with Magisk appeared to be due to the A\B slots again. The fix seemed to be flashing when getting into TWRP, then manually changing the A\B slot, rebooting to recovery, & flashing again. Just a simple “Reboot > Recovery” didn’t change the slots.

I did just attempt a system update yesterday, & it was successful, following the same process I took during CrDroid: Use the internal updater, but DO NOT REBOOT through the updater. You have to go into Magisk Manager > Magisk Install > Install > Install to Inactive Slot (After OTA). You can then reboot & will still be rooted with Magisk.

I will have another update shortly about updating firmware, since I just noticed this morning that Bluetooth will not stay enabled. While on CrDroid the fix seemed to be flashing Bluetooth & Modem firmware from an official OxygenOS update.

Remapping Hardware Buttons: Mi MIX 3

v3ritasLeave a comment

Now that I was able to get my Mi MIX 3 setup with TWRP & a custom ROM (unofficial LineageOS 16 build), I started looking into remapping the AI button to something actually useful. I found a few posts to point me in the right direction, as well as a Magisk module that is supposed to handle this:

I tried out a bunch of the codes to see what would work, & for now just remapped the key to SEARCH, until I can find something better \ more useful.

There is a Magisk module for this, but I had issues making the selection during the install process: Magisk-Modules-Repo/XiaomiAI-remap. When I tried using the volume keys to change the intended function, it was actually changing my volume, not anything on the screen. Pressing the AI button during that process seemed to make changes to the choices, but still couldn’t get it working as intended. Instead, I just used the install.sh script for that module to make the change myself.

File: /system/usr/keylayout/gpio-keys.kl

cat gpio-keys.kl
# Copyright (c) 2013, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#     * Redistributions of source code must retain the above copyright
#       notice, this list of conditions and the following disclaimer.
#     * Redistributions in binary form must reproduce the above
#       copyright notice, this list of conditions and the following
#       disclaimer in the documentation and/or other materials provided
#       with the distribution.
#     * Neither the name of The Linux Foundation nor the names of its
#       contributors may be used to endorse or promote products derived
#       from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

key 115   VOLUME_UP
key 114   VOLUME_DOWN
key 102   HOME
key 528   FOCUS
key 766   CAMERA
key 689   CAMERA

I changed key 689 to SEARCH on my device. If I can get the key to open a specific app, then I will likely end up changing the key to perform that function. Sending the keyevent for CAMERA doesn’t appear to do anything on my phone, but that may just be due to running the custom ROM. To test, the command to input key events is: adb shell input keyevent << number or function >>

Custom ROM on Mi MIX 3

v3ritasLeave a comment

I recently picked up a Xiaomi Mi MIX 3 & was able to unlock the bootloader after the 72 hour waiting period. That wasn’t a problem, however getting TWRP up & running was where I had a problem.

For some reason, whenever I would flash TWRP, but device was stuck in a fastboot loop — could not reboot out of it, boot the TWRP image, or any other method of exiting fastboot. I finally got TWRP working properly after flashing perseus_global_images_9.5.17_20190517.0000.00_9.0 _global_134d3070e5.tgz. I tried flashing one of the China ROM’s, & that was of no help.

Since this was turning out to be nothing close to simple like other devices, I was then running into an issue flashing NanoDroid after my ROM. That one seemed to be related to the /system partition not being found. It looks like my partition was instead mounted as /system_root, but the NanoDroid install script was looking for /system. Managed to fix that as well:

Results of mount:


/dev/block/sde48 on /system_root type ext4 (rw,seclabel,relatime,block_validity,delalloc,barrier,user_xattr)

Remount /system_root as /system:

perseus:/ # mount -o bind /system_root/system /system

Taking a look at NanoDroid-20.8.91.20190525.zip\CommonInstaller: Lines 248-252:

if [ -f /system/init.rc ]; then
mkdir /system_root 2>/dev/null
mount –move /system /system_root
mount -o bind /system_root/system /system
fi

Once NanoDroid was working, I then needed to double check how to restore my backed up Signal messages: Signal: Backup & Restore Messages.

Protecting Linux Login with 2FA

v3ritasLeave a comment

This is definitely not the first time I’ve tried getting this working, but glad I was finally able to. Looks like if I had read a bit more, I never would have run into issues…

By the second or third time I ran into problems, I at least figured out why: with my home directory being encrypted, the “secret” 2FA files could not be accessed & verified.

Now for the fun part… It looks like Google had the instructions for encrypted home directories in the README the whole time.

Encrypted home directories
If your system encrypts home directories until after your users entered their password, you either have to re-arrange the entries in the PAM configuration file to decrypt the home directory prior to asking for the OTP code, or you have to store the secret file in a non-standard location:

auth required pam_google_authenticator.so secret=/var/unencrypted-home/${USER}/.google_authenticator

would be a possible choice. Make sure to set appropriate permissions. You also have to tell your users to manually move their .google_authenticator file to this location.

In addition to “${USER}”, the secret= option also recognizes both “~” and ${HOME} as short-hands for the user’s home directory.

When using the secret= option, you might want to also set the user= option. The latter forces the PAM module to switch to a dedicated hard-coded user id prior to doing any file operations. When using the user= option, you must not include “~” or “${HOME}” in the filename.

The user= option can also be useful if you want to authenticate users who do not have traditional UNIX accounts on your system.

So, after getting through that tedious “reading” thing, I followed their suggestion, & created the “unencrypted-home” directory, moved the ~/.google_authenticator file there, edited /etc/pam.d/common-auth & included the path to the file at the encrypted location. After that… Working as expected!

user@Hostname:~$ cat /etc/pam.d/common-auth | tail -n 1
auth required pam_google_authenticator.so secret=/var/unencrypted-home/${USER}/.google_authenticator