[Guide] Compiling dropbear 2015.67

Search This thread
By:
Advanced…
S

serasihay

Member
Sep 17, 2012
9
2
jonny789 said:
netbsd_getpass.c:68:18: error: '_PASSWORD_LEN' undeclared (first use in this function)
Click to expand...
Click to collapse

I guess you're not using the gcc included in the Android NDK... :-?

'_PASSWORD_LEN' is defined in pwd.h; this header is provided with the Android NDK.

---------- Post added at 11:25 PM ---------- Previous post was at 11:19 PM ----------
MonaLisaOverdrive said:
I'm late to this question, but you need to build dropbear from sources or could you use a prebuilt version?
Click to expand...
Click to collapse

From source.
 
Last edited:
F

fecaleagle

Member
Dec 30, 2015
21
2
Hey @wolfdude and @serasihay,

Thanks so much for putting this guide (and especially the patches) together. I used @wolfdude's patch and cross-compiled the correct version of DropBear for an Amazon Fire TV (2nd generation). I installed it and was able to produce and use the rsa and dss host keys, and the server appears to start without issue.

I am starting the server for testing purposes using the following command:

dropbear -A -N root -U 0 -G 0 -C password -d /sdcard/DropBear/dropbear_dss_host_key -r /sdcard/DropBear/dropbear_rsa_host_key -F -E

Everything seems to start correctly, but when I connect from my iPhone (Prompt 2), the stdout immediately replies:

[22370] Jan 04 10:17:35 Child connection from 192.168.1.158:58458
void endusershell()(3) is not implemented on Android
void endusershell()(3) is not implemented on Android
[22370] Jan 04 10:17:36 password auth succeeded for 'root' from 192.168.1.158:58458
[22370] Jan 04 10:17:37 Exit (root): Disconnect received

When I connect from Windows (Putty), I receive:

[22414] Jan 04 10:20:51 Child connection from 192.168.1.156:2776
void endusershell()(3) is not implemented on Android
void endusershell()(3) is not implemented on Android
[22414] Jan 04 10:21:09 password auth succeeded for 'root' from 192.168.1.156:2776
[22414] Jan 04 10:21:09 Exit (root): Exited normally

I have not attempted to re-compile using @serasihay's patch, but I am wondering if you guys have a hunch as to what's going awry here. I initially tried using public-key authentication, and I receive the same message and disconnect.

Thanks,
William

Edit: Okay, when I attempt to connect from OpenWrt, which I believe uses a DropBear client, the server doesn't return anything different, but the client reports:

CANNOT LINK EXECUTABLE DEPENDENCIES: "libc.so" is 32-bit instead of 64-bit

I will look into it, but I assume this is a cross-compilation mistake, so maybe you guys can help me along. :)

Edit 2: Yes, according to this post, http://xdaforums.com/fire-tv/general/root-firetv2-ssh-unable-to-connect-t3259530, I must have built it using the wrong toolchain. Thanks to everybody on this forum for humoring me. It's taken me quite a bit of time to get my bearings dealing with Android.

Edit 3: So, I rebuilt using what seems to be the correct toolchain. The file command reports:

./dropbearmulti: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, stripped

Clients still receive CANNOT LINK EXECUTABLE DEPENDENCIES: "libc.so" is 32-bit instead of 64-bit.

I've posted my toolchain setup at, http://xdaforums.com/fire-tv/help/requesting-help-make-standalone-t3285824/post64641693#post64641693, if anybody would care to review it.
 
Last edited:
G

Geofferey

Senior Member
Jan 1, 2011
200
223
Long Beach, CA
If you are trying to compile this for 64bit android you will also need to modify
Code: 
svr-chansession.c
in order to successfully login


& change

Code: 
addnewvar("LD_LIBRARY_PATH", "/system/[COLOR="Red"]lib[/COLOR]");

to:

Code: 
addnewvar("LD_LIBRARY_PATH", "/system/[COLOR="Lime"]lib64[/COLOR]");


or just comment out the line, which is probably better

Code: 
 [COLOR="lime"]/*[/COLOR] addnewvar("LD_LIBRARY_PATH", "/system/lib64"); [COLOR="Lime"]*/[/COLOR]


I spent the whole day looking for this very simple fix lol.

EDIT:
I'm still having issues with the password implementation. I can login with dropbear or openssh terminal clients, but other apps that use a graphical interface such as putty, winscp, filezilla, etc all fail to login with password.
 
Last edited:
  • Like
Reactions: yifeikong
You must log in or register to reply here.

Similar threads

owenbeals
Ultimate [VIDEO Guides] How To Root, Unlock Bootloader and More! New Nexus 7 (2013)
Replies
125
Views
134K
G
gfdjeep
rkhat
[Guide] Repartition Nexus7(2013) to increase system partition - Extra Space for Rom
Replies
105
Views
97K
J
JohannesL2021
R
Nexus 7 (2013) Take Apart Repair Guide
Replies
80
Views
93K
J
JohannesL2021
C
  • Locked
Nexus 7 2013 Timur's Kernel USB OTG + Charging is here
Replies
607
Views
241K
stamatis
stamatis
T
  • Locked
[REF]Nexus 7 (2013) Stock OTA URLs
Replies
488
Views
206K
oldblue910
oldblue910

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 5
    W
    wolfdude
    Hi,

    This is a guide on compiling the latest (as of 2015-06-24) dropbear SSH daemon (2015.67) for the Nexus 7 2013 but should also work for other ARM architecture Android devices. The guide is mainly based off the work from the blog http://blog.xulforum.org/index.php?post/2013/12/19/Compiling-Dropbear-for-a-Nexus-7-tablet which is an excellent guide to getting an older version of dropbear running on ARM Android devices.

    I've modified the patch made by the original author to work on the latest dropbear version. There are not much changes from ver 2013.58 to 2015.67. The main difference seems to be the support for Elliptical Curve encryption.

    ** START DISCLAIMER **

    I did not write the original codes/patch myself and have not scrutinized it for any security issues. USE IT AT YOUR OWN RISK.

    ** END DISCLAIMER **

    Here's the list of requirements :-

    1) Dropbear 2015.67 source code - dropbear-2015.67.tar.bz2 (https://matt.ucc.asn.au/dropbear/releases/dropbear-2015.67.tar.bz2)
    2) Patch to compile for Android - dropbear-v67-android-patch-20150630 (https://goo.gl/Obo6kT) OR alternatively, you can use the patch from user serasihay (https://goo.gl/ip6Tkb).
    3) A recent Linux distro (I use Ubuntu 14.04.2 LTS).
    4) Development tools i.e. C compiler, linker, etc... all the necessary tools to run configure, make, etc..
    5) Android NDK (I'm using rev 10e) installed & setup on Linux.

    Steps :-

    (1) Extract the source code to a directory of its own :-

    Code: 
    tar xjf dropbear-2015.67.tar.bz2
cd dropbear-2015.67
    (2) Patch the source :-

    Code: 
    patch -p1 < dropbear-v67-android-patch-20150630
    (3) Run configure :-

    Code: 
    ./configure --build=x86_64-unknown-linux-gnu --host=arm-linux-androideabi \
  --disable-zlib --disable-largefile --disable-loginfunc \
  --disable-shadow --disable-utmp --disable-utmpx --disable-wtmp \
  --disable-wtmpx --disable-pututline --disable-pututxline --disable-lastlog
    (4) Edit config.h, search for USE_DEV_PTMX and add the following line after that :-

    Code: 
    #define USE_DEV_PTMX 1
    (5) Run make :-

    Code: 
    STATIC=1 MULTI=1 SCPPROGRESS=0 PROGRAMS="dropbear dropbearkey scp dbclient" make strip
    (6) You should end up with a single static binary "dropbearmulti" which you should link dropbear, dbclient/ssh, dropbearkey and scp to.

    Code: 
    ./dropbear -h
Dropbear server v2015.67 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: ./dropbear [options]
-A Android Mode, specify a user explicitly
-N Android Mode, user name
-C Android Mode, password
-R Android Mode, public key file (authorized_keys)
-U Android Mode, UID
-G Android Mode, GID
-b bannerfile    Display the contents of bannerfile before user login
        (default: none)
-r keyfile  Specify hostkeys (repeatable)
        defaults:
        dss /etc/dropbear/dropbear_dss_host_key
        rsa /etc/dropbear/dropbear_rsa_host_key
        ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-F        Don't fork into background
-E        Log to stderr rather than syslog
-m        Don't display the motd on login
-w        Disallow root logins
-s        Disable password logins
-g        Disable password logins for root
-B        Allow blank password logins
-j        Disable local port forwarding
-k        Disable remote port forwarding
-a        Allow connections to forwarded ports from any host
-p [address:]port
        Listen on specified tcp port (and optionally address),
        up to 10 can be specified
        (default port is 22 if none specified)
-P PidFile    Create pid file PidFile
        (default /var/run/dropbear.pid)
-i        Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0, in seconds)
-I <idle_timeout>  (0 is never, default 0, in seconds)
-V    Version
    I will assume you know what to do with the binary file generated so will not elaborate on the process.

    Hope it works for you guys. I'll be happy to help out anyone who needs more details.

    NOTE: I have posted a similar guide for building dropbear for an x86 Android device in the Zenfone 2 forum (http://xdaforums.com/zenfone2/general/compiling-dropbear-2015-67-zenfone-2-t3142222). The steps are mostly similar.

    Cheers.

    UPDATE: 2015-06-29
    - I've updated the patch to fix dbclient/ssh client using password authentication.

    UPDATE: 2015-06-30
    - Reverted the patch for the dbclient fix as NDK does not have getpass() function. Looks like dbclient with password auth will seg fault until we can find an alternative to getpass().

    UPDATE: 2015-06-30 (2)
    - Uploaded yet another update to the patch to include a version of getpass(). Hopefully it works ;)

    UPDATE: 2015-07-02
    - Added alternate dropbear patch by serasihay (Thanks!). Details of changes can be found here :- http://xdaforums.com/showpost.php?p=61649194&postcount=14
    View
    1
    W
    wolfdude
    Hi serasihay,

    Yes, I'm getting a Seg Fault too when I use the SSH client and using password auth. When I use an identity file, I don't get a SegFault and it connects successfully. I'm not sure what's causing the Seg Fault. When I get some time, I might have to run it through a debugger to find out. There might be more patches required to get the client working.

    Cheers.
    View
    1
    W
    wolfdude
    Hi Serasihay,

    I've updated the patch to fix the seg fault issue. Turns out that the original patch commented out a chunk of code that was required for password authentication. Please test it out and hopefully this works well for you.

    Cheers.
    View
    1
    S
    serasihay
    Hi wolfdude,

    The corrected patch you've uploaded is like the one I already tried. As I was saying in my previous post:

    serasihay said:
    But, unhappily, the function getpass is not provided by the Android C library (Bionic). If you try to build with a "corrected" patch, you end up with this error:

    Code: 
    cli-auth.o:cli-auth.c:function getpass_or_cancel: error: undefined reference to 'getpass'
    Click to expand...
    Click to collapse

    So, in my opinion, it's a matter of finding an alternative to "getpass", or implementing a new one... I'm reading what would be the better solution.

    Thank you again for your time!

    Cheers.
    View
    1
    W
    wolfdude
    Hi serasihay,

    Ok... I've uploaded another patch this time to include a getpass() function which I pinched & modified from the GLIBC library. Hopefully it works as expected. Again... I didn't audit it for any security issues so use at your own risk ;)

    Cheers.
    View

New posts