FORUMS
Remove All Ads from XDA

[NATIVE][ARM]Linux binaries for Android (EncFS, Cryptsetup, eCryptfs, PhotoRec..)

1,847 posts
Thanks Meter: 774
 
By DualJoe, Senior Member on 24th November 2017, 12:29 AM
Post Reply Email Thread
Native ARM Linux binaries
for Android


Open-source Linux binaries that run natively on Android (ARMv7) devices.
These are root tools and might damage your device severely. Use at your own risk. I take no responsibility whatsoever. If in doubt don't use them.

Minimum CPU: ARMv7/vfpv3-d16. Compiled against musl-libc/Android Kernel 3.4. Binaries are static, bionic/libc independent and should run on Android, TWRP, emulator or any other compatible ARM device. Musl is patched to iterate CPU cores by /proc/stat instead of _SC_NPROCESSORS_CONF/sched_getaffinity to prevent false detection due to ARM cpu core powersaving (offline cores). This should report CPU cores more reliably to multithreading apps.

Data recovery tools:
- PhotoRec 7.0 - PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks, CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.
- Testdisk 7.0 - Recover lost partitions and partition tables. For external sdcards. Never use it on internal mmc unless you know what you're doing.
- ext4magic 0.3.2 (with supplementary gnu date binary that can handle relative time like 'date -d "-20minutes" +%s')
- fidentity - A little utility sharing PhotoRec signature database. It identifies the type of data contained in a file and reports the extension as seen by PhotoRec.
- debugfs - Might be helpful on ext2 systems or other stuff.
- strace 4.20 - For debugging only. Mainly to catch syslog messages (as Android has no traditional /dev/log buffer).

Compression tools:
pixz - Parallel, indexed xz compressor
xz - Multicore aware version of xz/lzma (use --thread=0)

Misc:
- Hexcurse v1.60.0 - Hexcurse is a curses-base hex editing utility that can open, edit, and save files, editing both the hexadecimal and decimal values. 'ncurses' ui layout depends on TERM env variable. Change temporary with eg. 'TERM=xterm-256color hexcurse <file>'. See /system/etc/terminfo for possible terminals (xterm-256color, linux..).
- nethogs v0.8.5 - ncurse/nettop-like per-app separated speedmeter and traffic counter supporting high refresh rate. Try 'nethogs -d0' (speedmeter) or 'nethogs -v1' (traffic counter).
- rsync v3.1.3 - rsync is an open source utility that provides fast incremental file transfer. (--with-rsyncd-conf=/data/etc/rsyncd.conf)

Crypttools:
These crypttools are mostly frontend tools for the main backend that resides in the kernel. If your kernel hasn't been configured accordingly at compile time you might not be able to use all features.
Cryptsetup v2.0.1 - Cryptsetup is an utility used to conveniently setup disk encryption based on DMCrypt kernel module. These include plain dm-crypt volumes, LUKS volumes, loop-AES and TrueCrypt (including VeraCrypt extension) format.
eCryptfs-utils v111 - Frontend tools for the enterprise cryptographic filesystem for Linux. That's what Android/Google use for encryption. It's file-based (no container) and mounting can be automated by Termux widget. Needs shared libraries but is still portable. See notes below.
EncFS v1.9.4 - EncFS provides an encrypted filesystem in user-space. It runs in userspace, using the FUSE library for the filesystem interface.
gocryptfs - An encrypted overlay filesystem written in Go. Download here. Thanks to mirfatif.

Crypttools info:

Cryptsetup:

General Notes:
- Features like TrueCrypt, VeraCrypt and LUKS2 need 'userspace crypto api' enabled in kernel. Most Android kernels are probably not configured for that and you have to recompile your kernel or contact your kernel maintainer. For kernel 3.4 you need this:
Code:
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_USER_API=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
- If 'cryptsetup benchmark' is incomplete and says 'userspace crypto api not available' you might be affected. You can still use LUKS1 though. A full benchmark looks like this:
Code:
# cryptsetup benchmark

# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1       249186 iterations per second for 256-bit key
PBKDF2-sha256     327680 iterations per second for 256-bit key
PBKDF2-sha512      58829 iterations per second for 256-bit key
PBKDF2-ripemd160  227555 iterations per second for 256-bit key
PBKDF2-whirlpool   33539 iterations per second for 256-bit key
argon2i       4 iterations, 208288 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id      4 iterations, 207817 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
#     Algorithm | Key |  Encryption |  Decryption
        aes-cbc   128b    77.8 MiB/s    88.4 MiB/s
    serpent-cbc   128b           N/A           N/A
    twofish-cbc   128b    58.5 MiB/s    61.9 MiB/s
        aes-cbc   256b    61.5 MiB/s    68.4 MiB/s
    serpent-cbc   256b           N/A           N/A
    twofish-cbc   256b    58.5 MiB/s    61.8 MiB/s
        aes-xts   256b    95.1 MiB/s    86.9 MiB/s
    serpent-xts   256b           N/A           N/A
    twofish-xts   256b    60.0 MiB/s    61.8 MiB/s
        aes-xts   512b    74.1 MiB/s    67.2 MiB/s
    serpent-xts   512b           N/A           N/A
    twofish-xts   512b    60.3 MiB/s    62.0 MiB/s

LUKS:
Code:
** 10MB test image (luks.img) **
dd if=/dev/zero of=luks.img bs=1M count 10M
cryptsetup luksFormat luks.img
cryptsetup open luks.img myluks
mke2fs -t ext4 /dev/mapper/myluks
mkdir luks
mount /dev/mapper/myluks luks
** luks folder is ready here **
umount luks
cryptsetup close myluks
- If standard luksFormat cipher (aes-xts-plain64) doesn't work (not supported by your kernel) you can try one of the more compatible ciphers:
Code:
cryptsetup luksFormat -c cbc-essiv:sha256 luks.img myluks
cryptsetup luksFormat -c aes-plain luks.img myluks
- For LUKS2 (experimental) use:
Code:
cryptsetup luksFormat --type luks2 luks.img
- Use "cryptsetup -v --debug" for more verbose output (debugging). In case of errors.


Veracrypt:
Code:
cryptsetup open --type tcrypt --veracrypt veracrypt.tc myvera
cryptsetup status myvera
mkdir /data/myvera
mount /dev/mapper/myvera /data/myvera
umount /data/myvera
cryptsetup close myvera
- Use container from desktop system (created with real Veracrypt)
- "veracrypt.tc" is the veracrypt container name
- "myvera" is an arbitrary name (handle)
- Use "cryptsetup -v --debug" for more verbose output (debugging). In case of errors.

eCryptfs-utils:

General Notes:
These tools are not built statically as they explicitly rely on 'dlopen' (plugin system). Instead they are compiled with relative rpaths (./libs). That means dependencies (libraries in subfolders) must be present in the binaries folder and you have to be in the binaries folder itself (with 'cd') before invoking any binary. By this the binaries are still portable (system independent) as long as the subfolders are present. I've put the files into a tar.gz archive so permissions should be set +x already. Extract the archive into /data/local/bin for 'Example' below.
Code:
mkdir -p /data/local/bin
cd /data/local/bin
tar xf crypttools.armv7.20180204.tar.gz
cd ecryptfs
./ecryptfs-stat --help
More info: ArchLinux Wiki

Example:

Tested on /sdcard based on FUSE filesystem. sdcardfs untested. Might need selinux permissive.

We create a folder /sdcard/pics that can be enabled (files present) or disabled (no files present) by a click on a widget button (Termux script) and entering our password. The encryption is done on a per-file basis. The actual files are stored encrypted in /sdcard/efs/pics.

- You might need SuperSU or Magisk Superuser for 'su -mm'. That makes sure that all apps can see the mounted folder (mount namespace separation).
- Busybox needed
- Install Termux and Termux:Widget from F-Droid or Playstore
- Start it and enter:
Code:
pkg upgrade
pkg install tsu
exit
- Create script /data/data/com.termux/files/home/.shortcuts/efs-pics.sh and make sure permissions(700) and owner (take from parent folder) are correct.
Code:
#!/system/xbin/bash
su -mm -c "/system/xbin/bash -c /data/local/scripts/$(basename "$0")"
- Create script /data/local/scripts/efs-pics.sh (770/root):
Code:
#!/system/xbin/bash
set -e
PATH=$PATH:/data/data/com.termux/files/usr/bin

# Necessary because rpaths are relative
cd /data/local/bin/ecryptfs

# /data/myefskey contains the salted key.
# Don't forget to make a backup.
# Without it encrypted data is lost.
function enter_passphrase {
	read -p "Enter passphrase: " passphrase
	sig=$(printf "%s" "$passphrase" | ./ecryptfs-insert-wrapped-passphrase-into-keyring /data/myefskey -) || exit
	sig=$(echo $sig | cut -d "[" -f2 | cut -d "]" -f1)
}

CPATH1="/data/media/0/efs/pics"
CPATH2="/data/media/0/pics"
if ! mountpoint -q ${CPATH2}; then
	enter_passphrase
	echo ""
	mount -t ecryptfs -o ecryptfs_sig=$sig,ecryptfs_fnek_sig=$sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16 ${CPATH1} ${CPATH2} || (echo "$(basename "$0") mount failed!"; exit)
	./keyctl clear @u
	echo "$(basename "$0") mount successful! :)"
else
	umount ${CPATH2} || (echo "$(basename "$0") umount error $? :("; exit)
	echo "$(basename "$0") umount successful :)"
fi

# uncomment to force-close Termux window
# killall com.termux
- If your rom uses encryption already (/data/data) beware the './keyctl clear @u' command. It might flush *all* keys in the kernel including the Android encryption one (i'm not sure). This might lead to unpredicted behavior. Either comment it out (then your once injected key remains in the kernel keystore and someone could simply remount your folder without passphrase) or make yourself familiar with the keyctl command and handle it yourself. My phone is not encrypted so i cannot help here.
- Create random keyfile (/data/myefskey) and wrap it with passphrase. This might need 1-2 minutes depending on your devices entropy pool (/dev/random). Backup this key (/data/myefskey). Without it your encrypted data is lost. And don't forget the trailing '-' (minus) at the end of the line, it's important.
Code:
cd /data/local/bin/ecryptfs
read -p "Enter passphrase: " passphrase; printf "%s\n%s" $(busybox od -x -N 100 --width=30 /dev/random | head -n 1 | busybox sed "s/^0000000//" | busybox sed "s/[[:space:]]*//g") "${passphrase}" | ./ecryptfs-wrap-passphrase /data/myefskey -
- Create folders:
Code:
mkdir -p /sdcard/efs/pics /sdcard/pics
- Create Widget (Termux) and select 'efs-pics.sh'.
- Start it and enter your passphrase (you used above). If everything goes well (it will tell you) you can place files into /sdcard/pics and scrambled files should come up in /sdcard/efs/pics. Never write into /sdcard/efs/pics directly.
- Activate widget again. /sdcard/pics should get emptied.
- Optional: You can set /data/media/0/efs/pics to 700/root so no one can access/see the encrypted data.
The Following 11 Users Say Thank You to DualJoe For This Useful Post: [ View ] Gift DualJoe Ad-Free
 
 
1st December 2017, 03:14 AM |#2  
DualJoe's Avatar
OP Senior Member
DE
Thanks Meter: 774
 
More
Compression tools added.
Next are crypttools (ecryptfs-utils, cryptsetup).
The Following 2 Users Say Thank You to DualJoe For This Useful Post: [ View ] Gift DualJoe Ad-Free
30th December 2017, 01:32 PM |#3  
Junior Member
Thanks Meter: 6
 
More
Quote:
Originally Posted by DualJoe

Compression tools added.
Next are crypttools (ecryptfs-utils, cryptsetup).

Please add ecryptfs-simple
xyne.archlinux.ca/projects/ecryptfs-simple

Thanks.
31st December 2017, 02:30 PM |#4  
DualJoe's Avatar
OP Senior Member
DE
Thanks Meter: 774
 
More
Ecryptfs-simple is not POSIX compliant. It relies on an argv interface (to parse command-line parameters) that is a GNU extension that musl doesn't support.
The original eCryptFS is simple enough anyway (and its the upstream project). I will provide a quickstart example and a one button GUI controlled solution (Termux widget) to handle it.
The Following User Says Thank You to DualJoe For This Useful Post: [ View ] Gift DualJoe Ad-Free
7th January 2018, 11:32 AM |#5  
Junior Member
Thanks Meter: 6
 
More
Please to add gifsicle,
http://github.com/kohler/gifsicle

Thanks.
7th January 2018, 07:32 PM |#6  
DualJoe's Avatar
OP Senior Member
DE
Thanks Meter: 774
 
More
I only have gifsicle. The other ones are too complex for my setup atm.
Attached Files
File Type: zip gifsicle.zip - [Click for QR Code] (105.7 KB, 100 views)
The Following 2 Users Say Thank You to DualJoe For This Useful Post: [ View ] Gift DualJoe Ad-Free
7th January 2018, 10:52 PM |#7  
Junior Member
Thanks Meter: 6
 
More
Quote:
Originally Posted by DualJoe

I only have gifsicle. The other ones are too complex for my setup atm.

Thank you very much.
8th January 2018, 10:06 PM |#8  
Junior Member
Thanks Meter: 6
 
More
Please help me again to build giflossy (fork of gifsicle).
I really need it to compress (--lossy=N) the Gif file to be smaller.

https://github.com/kornelski/giflossy

Thanks.
9th January 2018, 04:56 PM |#9  
DualJoe's Avatar
OP Senior Member
DE
Thanks Meter: 774
 
More
Do you use them directly on your phone for web postings or something? What's your use case to not prefer a desktop system for this?
Attached Files
File Type: zip giflossy.zip - [Click for QR Code] (207.2 KB, 86 views)
The Following 2 Users Say Thank You to DualJoe For This Useful Post: [ View ] Gift DualJoe Ad-Free
9th January 2018, 05:33 PM |#10  
Junior Member
Thanks Meter: 6
 
More
Quote:
Originally Posted by DualJoe

Do you use them directly on your phone for web postings or something? What's your use case to not prefer a desktop system for this?

I use it directly on the phone, for learning purposes.
Using it on the phone is so handy that it can be easily used anywhere.

Thanks.
The Following User Says Thank You to buengeut For This Useful Post: [ View ] Gift buengeut Ad-Free
24th January 2018, 01:12 AM |#11  
Junior Member
Thanks Meter: 6
 
More
Please help me again to build lbzip2
http://lbzip2.org/

Thanks.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes