[SOLVED] How to enable adb authentication?

Post Reply
laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

[SOLVED] How to enable adb authentication?

Post by laci » Thu Jan 30, 2020 5:07 am

I only want to allow specific hosts to access my ODROID-N2 via adb. By default, any host can access it regardless of its fingerprint. How can I enable adb authentication?

Luke.go
Posts: 503
Joined: Mon May 30, 2016 1:55 pm
languages_spoken: english
Has thanked: 51 times
Been thanked: 52 times
Contact:

Re: How to enable adb authentication?

Post by Luke.go » Thu Jan 30, 2020 9:05 am


laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

Re: How to enable adb authentication?

Post by laci » Thu Jan 30, 2020 9:16 am

I can already connect via adb. I want my ODROID-N2 to disallow every adb connection over the network except from the hosts I explicitly allow.

User avatar
mad_ady
Posts: 8126
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, C4, N1, N2, H2, Go, Go Advance
Location: Bucharest, Romania
Has thanked: 564 times
Been thanked: 397 times
Contact:

Re: How to enable adb authentication?

Post by mad_ady » Thu Jan 30, 2020 3:54 pm

This topic sounds interesting. Subscribed

User avatar
codewalker
Posts: 958
Joined: Mon Feb 25, 2013 11:03 am
languages_spoken: english
ODROIDs: all
Has thanked: 35 times
Been thanked: 60 times
Contact:

Re: How to enable adb authentication?

Post by codewalker » Thu Jan 30, 2020 6:01 pm

Hi, laci.
We always build and release android as eng not user.
so adb authentication is off.

Code: Select all

346 LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
347 
348 ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
349 LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
350 LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
351 endif
352 
If you want to include adb authentication, you should rebuild android as not eng.
These users thanked the author codewalker for the post:
Kernel (Fri Jan 31, 2020 3:22 pm)

User avatar
mad_ady
Posts: 8126
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, C4, N1, N2, H2, Go, Go Advance
Location: Bucharest, Romania
Has thanked: 564 times
Been thanked: 397 times
Contact:

Re: How to enable adb authentication?

Post by mad_ady » Thu Jan 30, 2020 8:09 pm

Maybe there's a way to run some firewall on port 5555. I know netfilter is builtin, maybe there is an android iptables equivalent. This way you could have some level of filtering.

laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

Re: How to enable adb authentication?

Post by laci » Fri Jan 31, 2020 7:38 am

@codewalker Thanks, -DALLOW_ADBD_NO_AUTH is exactly what I'm looking for!

Ideally, I'd like to have selfinstall-odroidn2-eng-s922_9.0.0_64_master-38-20200110.img with -DALLOW_ADBD_NO_AUTH=0 . Where can I find exact instructions to build it?

User avatar
odroid
Site Admin
Posts: 34562
Joined: Fri Feb 22, 2013 11:14 pm
languages_spoken: English, Korean, Japanese
ODROIDs: ODROID
Has thanked: 809 times
Been thanked: 699 times
Contact:

Re: How to enable adb authentication?

Post by odroid » Fri Jan 31, 2020 9:16 am

laci wrote:
Fri Jan 31, 2020 7:38 am
Where can I find exact instructions to build it?
https://wiki.odroid.com/odroid-n2/softw ... ng_android
These users thanked the author odroid for the post:
Kernel (Fri Jan 31, 2020 3:23 pm)

User avatar
codewalker
Posts: 958
Joined: Mon Feb 25, 2013 11:03 am
languages_spoken: english
ODROIDs: all
Has thanked: 35 times
Been thanked: 60 times
Contact:

Re: How to enable adb authentication?

Post by codewalker » Fri Jan 31, 2020 9:20 am

edit this file
system/core/adb/Android.mk

or "lunch odroidn2-user"
laci wrote:
Fri Jan 31, 2020 7:38 am
@codewalker Thanks, -DALLOW_ADBD_NO_AUTH is exactly what I'm looking for!

Ideally, I'd like to have selfinstall-odroidn2-eng-s922_9.0.0_64_master-38-20200110.img with -DALLOW_ADBD_NO_AUTH=0 . Where can I find exact instructions to build it?

User avatar
codewalker
Posts: 958
Joined: Mon Feb 25, 2013 11:03 am
languages_spoken: english
ODROIDs: all
Has thanked: 35 times
Been thanked: 60 times
Contact:

Re: How to enable adb authentication?

Post by codewalker » Fri Jan 31, 2020 10:33 am

I've just built android as user but it did not boot becasuse of init.
Don't try to build as user. Sorry.

User avatar
codewalker
Posts: 958
Joined: Mon Feb 25, 2013 11:03 am
languages_spoken: english
ODROIDs: all
Has thanked: 35 times
Been thanked: 60 times
Contact:

Re: How to enable adb authentication?

Post by codewalker » Fri Jan 31, 2020 11:43 am

I edited Adnroid.mk and compiled adbd.

Code: Select all

$ vi system/core/adb/Android.mk

346 LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=0
347 
348 LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=0
349 LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1

$ mmm system/core/adb/
$ adb remount
$ adb push out/target/product/odroidn2/system/bin/adb/ /system/bin/

Code: Select all

[~]$ adb devices
List of devices attached
001e0642d4a3	unauthorized

[~]$ 
These users thanked the author codewalker for the post:
Kernel (Fri Jan 31, 2020 3:23 pm)

laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

Re: How to enable adb authentication?

Post by laci » Sat Feb 01, 2020 6:21 am

@codewalker I'm trying to build the selfinstall image. I haven't edited any files so far, but the build fails:

Code: Select all

$ make -j1 selfinstall
============================================
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=9
TARGET_PRODUCT=aosp_arm
TARGET_BUILD_VARIANT=eng
TARGET_BUILD_TYPE=release
TARGET_ARCH=arm
TARGET_ARCH_VARIANT=armv7-a-neon
TARGET_CPU_VARIANT=generic
HOST_ARCH=x86_64
HOST_2ND_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-4.18.0-25-generic-x86_64-Linux-Mint-19.3
HOST_CROSS_OS=windows
HOST_CROSS_ARCH=x86
HOST_CROSS_2ND_ARCH=x86_64
HOST_BUILD_TYPE=release
BUILD_ID=PQ3A.190801.002
OUT_DIR=out
============================================
[1/1] out/soong/.minibootstrap/minibp out/soong/.bootstrap/build.ninja
[55/56] glob prebuilts/ndk/stl.bp
[77/77] out/soong/.bootstrap/bin/soong_build out/soong/build.ninja
out/build-aosp_arm-cleanspec.ninja is missing, regenerating...
out/build-aosp_arm.ninja is missing, regenerating...
[26/955] including development/build/Android.mk ...
development/build/build_android_stubs.mk:43: warning: android_stubs_current 
development/build/build_android_stubs.mk:43: warning: metalava_android_stubs_current metalava_android_stubs_current
development/build/build_android_stubs.mk:43: warning: android_system_stubs_current 
development/build/build_android_stubs.mk:43: warning: android_test_stubs_current 
development/build/build_android_stubs.mk:43: warning: metalava_android_system_stubs_current metalava_android_system_stubs_current
development/build/build_android_stubs.mk:43: warning: metalava_android_test_stubs_current metalava_android_test_stubs_current
[312/955] including hardware/amlogic/audio/Android.mk ...
22:15:59 ckati failed with: signal: segmentation fault (core dumped)
build/make/core/main.mk:21: recipe for target 'run_soong_ui' failed
make: *** [run_soong_ui] Error 1
I've been searching for the solution, but haven't found anything. Any suggestions?

laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

Re: How to enable adb authentication?

Post by laci » Sat Feb 01, 2020 7:49 am

@codewalker I've realized that building the whole Android image is a tad overkill, and tried your exact suggestion. The build succeeded, but within out/target/product there is no "odroidn2" but "generic" directory, and within out/target/product/generic/system/bin there is only an adbd binary. Should I simply push this binary to my Odroid?

User avatar
tobetter
Posts: 5206
Joined: Mon Feb 25, 2013 10:55 am
languages_spoken: Korean, English
ODROIDs: X, X2, U2, U3, XU3, C1
Location: Paju, South Korea
Has thanked: 175 times
Been thanked: 543 times
Contact:

Re: How to enable adb authentication?

Post by tobetter » Sat Feb 01, 2020 3:28 pm

laci wrote:
Sat Feb 01, 2020 7:49 am
@codewalker I've realized that building the whole Android image is a tad overkill, and tried your exact suggestion. The build succeeded, but within out/target/product there is no "odroidn2" but "generic" directory, and within out/target/product/generic/system/bin there is only an adbd binary. Should I simply push this binary to my Odroid?
You must be missing the step that selecting the recipe to build for ODROID-N2, please do refer the link again.
https://wiki.odroid.com/odroid-n2/softw ... d#android1

AFAIK, @codewalker is testing to add the authentication with ENG build and will share the image if it works.

laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

Re: How to enable adb authentication?

Post by laci » Sun Feb 02, 2020 6:09 am

@tobetter Thank you, I did forget to select the recipe, indeed. This time, out/target/product/odroidn2/system/bin/adbd was created, and I've overwritten the adbd of my Odroid with it. This is what I get:

Code: Select all

$ adb connect 192.168.1.80
already connected to 192.168.1.80:5555
$ adb shell
error: device unauthorized.
This adb server's $ADB_VENDOR_KEYS is not set
Try 'adb kill-server' if that seems wrong.
Otherwise check for a confirmation dialog on your device.
No confirmation dialog is shown on my Odroid. What am I doing wrong?

User avatar
codewalker
Posts: 958
Joined: Mon Feb 25, 2013 11:03 am
languages_spoken: english
ODROIDs: all
Has thanked: 35 times
Been thanked: 60 times
Contact:

Re: How to enable adb authentication?

Post by codewalker » Mon Feb 03, 2020 11:56 am

I got the same result you had. there was no dialog.
We need time to debug.

Code: Select all

 46 public class UsbDebuggingActivity extends AlertActivity$
 47                                   implements DialogInterface.OnClickListener {$
 48     private static final String TAG = "UsbDebuggingActivity";$
 49 $
 50     private CheckBox mAlwaysAllow;$
 51     private UsbDisconnectedReceiver mDisconnectedReceiver;$
 52     private String mKey;$
 53 $
 54     @Override$
 55     public void onCreate(Bundle icicle) {$
 56         Window window = getWindow();$
 57         window.addPrivateFlags(WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);$
 58         window.setType(WindowManager.LayoutParams.TYPE_SYSTEM_DIALOG);$
 59 $
 60         super.onCreate(icicle);$
 61 $
 62         if (SystemProperties.getInt("service.adb.tcp.port", 0) == 0) {$
 63             mDisconnectedReceiver = new UsbDisconnectedReceiver(this);$
 64         }$
 65 $
 66         Intent intent = getIntent();$
 67         String fingerprints = intent.getStringExtra("fingerprints");$
 68         mKey = intent.getStringExtra("key");$
 69 $
 70         if (fingerprints == null || mKey == null) {$
 71             finish();$
 72             return;$
 73         }$
laci wrote:
Sun Feb 02, 2020 6:09 am
@tobetter Thank you, I did forget to select the recipe, indeed. This time, out/target/product/odroidn2/system/bin/adbd was created, and I've overwritten the adbd of my Odroid with it. This is what I get:

Code: Select all

$ adb connect 192.168.1.80
already connected to 192.168.1.80:5555
$ adb shell
error: device unauthorized.
This adb server's $ADB_VENDOR_KEYS is not set
Try 'adb kill-server' if that seems wrong.
Otherwise check for a confirmation dialog on your device.
No confirmation dialog is shown on my Odroid. What am I doing wrong?

laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

Re: How to enable adb authentication?

Post by laci » Mon Feb 03, 2020 8:37 pm

@codewalker Ok, excited for this feature! And also super excited that you guys plan to add it to the official ENG build. I do believe this would be very useful for securing dev boxes.

laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

Re: How to enable adb authentication?

Post by laci » Tue Feb 04, 2020 5:25 am

Given that implementing this is expected to take a while, I'm interested about the following workarounds to improve the security of my Odroid:

1. How can I change the default adb port?
2. How can I set up iptables, so that my Odroid is only accessible from a dedicated IP address?

User avatar
mad_ady
Posts: 8126
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, C4, N1, N2, H2, Go, Go Advance
Location: Bucharest, Romania
Has thanked: 564 times
Been thanked: 397 times
Contact:

Re: How to enable adb authentication?

Post by mad_ady » Tue Feb 04, 2020 1:45 pm

For #2: I have ATV and used Linux Deploy to install linux in a chroot. I installed iptables from apt and I am able to add new rules. But it's a bit overkill to install linux just to manipulate iptables. There must be other ways to control netfilter from android. See if there are iptables binaries built for Android

User avatar
mad_ady
Posts: 8126
Joined: Wed Jul 15, 2015 5:00 pm
languages_spoken: english
ODROIDs: XU4, C1+, C2, C4, N1, N2, H2, Go, Go Advance
Location: Bucharest, Romania
Has thanked: 564 times
Been thanked: 397 times
Contact:

Re: How to enable adb authentication?

Post by mad_ady » Tue Feb 04, 2020 3:35 pm

For #1 I think the port is defined in /system/build.prop

User avatar
codewalker
Posts: 958
Joined: Mon Feb 25, 2013 11:03 am
languages_spoken: english
ODROIDs: all
Has thanked: 35 times
Been thanked: 60 times
Contact:

Re: How to enable adb authentication?

Post by codewalker » Mon Feb 10, 2020 10:56 am

Edit system/core/adb/Android.mk

Code: Select all

LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=0

LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=0
LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
Compile adbd and replace that

Code: Select all

$ mmm system/core/adbd
$ adb remount
$ adb push out/target/product/odroidn2/system/bin/adbd /system/bin
Add ro.adb.secure=true property.

Code: Select all

$ adb remount
$ vi /system/build.prop

ro.treble.enabled=true                                                                
ro.adb.secure=true             
persist.sys.dalvik.vm.lib.2=libart.so

Sucess!
Image

laci
Posts: 12
Joined: Thu Jan 30, 2020 5:02 am
languages_spoken: english
ODROIDs: Odroid N2
Has thanked: 0
Been thanked: 0
Contact:

Re: How to enable adb authentication?

Post by laci » Sun Jun 21, 2020 12:11 am

@codewalker I'm back after a long break, just tried your last suggestion, and it did work. Thanks so much for your help!

Post Reply

Return to “Android”

Who is online

Users browsing this forum: No registered users and 0 guests