flipchart Posted February 17, 2021 Share Posted February 17, 2021 Hey Guys I am trying to use my Screen Crab over Ethernet... So far I found this USB-C gigabit adapter with integrated power delivery port to work: https://www.delock.de/produkt/65402/merkmale.html?setLanguage=en After having fiddled around with this weird OpenWRT Installation on the Screen Crab, I've found the following commands to work and get the ethernet up and running: ifconfig eth1 10.13.37.22 netmask 255.255.255.0 up route add default gw 10.13.37.1 ndc resolver setnetdns eth1 8.8.8.8 8.8.4.4 after this I can ping and lookup dns records. The commands are entered by using the onboard serial connector within my Screen Crab (yes, warranty voided) Does anyone have any hints on how to get these commands run at boot? Link to comment Share on other sites More sharing options...
flipchart Posted February 17, 2021 Author Share Posted February 17, 2021 In case anyone out there is working in the same direction: mount -o remount,rw /dev/block/mmcblk0p1 /system mount -o remount,rw /dev/block/mmcblk0p1 /system lets you persistently edit files in /system which will be symlinked to /etc and the like on boot... rc.local does not work (tried with x permissions and simple touch command to writable /data) the solution probably lies here https://android.googlesource.com/platform/system/core/+/master/init/README.md Any help is appreciated! Link to comment Share on other sites More sharing options...
flipchart Posted February 18, 2021 Author Share Posted February 18, 2021 ok, got a step further: busybox vi /system/etc/mkshrc ================ add line to the end =================== /etc/eth-setup.sh & ======================================================== -> /system/etc gets mapped to /etc busybox vi /system/etc/eth-setup.sh ======================================================== #!/system/bin/sh # wait for eth1 while [[ $(/system/bin/ip a | /system/bin/grep -m 1 -o eth1) != "eth1" ]]; do /system/bin/sleep 1 done /system/bin/ifconfig eth1 10.13.37.22 netmask 255.255.255.0 up /system/bin/sleep 1 /system/bin/route add default gw 10.13.37.1 /system/bin/sleep 1 /system/bin/ndc resolver setnetdns eth1 8.8.8.8 8.8.4.4 /system/bin/sleep 1 exit 0 ======================================================== The "autorun" gets handled by the mkshrc script which by default gets loaded as there is a shell presented on tty... This now works, but C2 only works over WiFi. @darren & Team: How can I enable C2 connections, even if there is no WiFi (e.g. only my LAN)? Please help... please... Link to comment Share on other sites More sharing options...
flipchart Posted February 18, 2021 Author Share Posted February 18, 2021 ok, one step further: The sinner is "ScreenCrab.apk" which can be found at /system/priv-app/ScreenCrab/ScreenCrab.apk I decompiled the app online at http://www.javadecompilers.com and found in sources/org/hak5/screencrab/p004c2/Device.java this function: private String getWANInterfaceName() { return "wlan0"; } so my eth1 should be called wlan0 or I have to try to change this string in this apk. As I am not an Android Developper I first tried the renaming of the interface with some adjustments of my script: #!/system/bin/sh # wait for eth1 /system/bin/svc wifi disable while [[ $(/system/bin/ip a | /system/bin/grep -m 1 -o eth1) != "eth1" ]]; do /system/bin/sleep 1 done /system/bin/ifconfig eth1 down /system/bin/sleep 1 /system/bin/ip link set eth1 name wlan0 /system/bin/sleep 1 /system/bin/ifconfig wlan0 10.13.37.22 netmask 255.255.255.0 up /system/bin/sleep 1 /system/bin/route add default gw 10.13.37.1 /system/bin/sleep 1 /system/bin/ndc resolver setnetdns wlan0 8.8.8.8 8.8.4.4 /system/bin/sleep 1 exit 0 But so far wihtout success. Any help is appreciated, this is also why I attach the ScreenCrab.apk . @mods : If this violates any rules feel free to delete the attachement, I am just desperately seeking for help for my ScreenCrab <-> Ethernet project. Thanks for understanding! ScreenCrab.7z Link to comment Share on other sites More sharing options...
flipchart Posted February 19, 2021 Author Share Posted February 19, 2021 Ok, ScreenCrab.apk is a system app having this in its Manifest: android:sharedUserId="android.uid.system" And system apps with sharedUserId need to be signed with the same key as the system (as far as I understood). So there is currently no chance for me in getting this apk easily modded and working... Well, then, lets think around the other corner: ScreenCrab does store images offline every 5 sec. Why not write a script which uploads all these images to an sftp? Unfortunately, there is no curl on the ScreenCrab - but we have busybox with very useful tools like "mt" (Control magnetic tape drive operation) 🙂 But thankfully there is a precompiled curl - statically linked - available here: https://github.com/moparisthebest/static-curl Direct link: https://github.com/moparisthebest/static-curl/releases/download/v7.75.0/curl-armv7 Now all that's missing is a wrapper handling the file uploads and a wrapper checking the wrapper is always running... BTW: File transfer to the ScreenCrab can be done by having an http (no ssl) server serving the files and downloading them from the ScreenCrab with "busybox wget http://..." -> https://chryzsh.gitbooks.io/pentestbook/content/transfering_files.html Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.