[Guide] Compiling dropbear 2015.67

wolfdude · Jun 24, 2015

Hi,

This is a guide on compiling the latest (as of 2015-06-24) dropbear SSH daemon (2015.67) for the Nexus 7 2013 but should also work for other ARM architecture Android devices. The guide is mainly based off the work from the blog http://blog.xulforum.org/index.php?post/2013/12/19/Compiling-Dropbear-for-a-Nexus-7-tablet which is an excellent guide to getting an older version of dropbear running on ARM Android devices.

I've modified the patch made by the original author to work on the latest dropbear version. There are not much changes from ver 2013.58 to 2015.67. The main difference seems to be the support for Elliptical Curve encryption.

** START DISCLAIMER **

I did not write the original codes/patch myself and have not scrutinized it for any security issues. USE IT AT YOUR OWN RISK.

** END DISCLAIMER **

Here's the list of requirements :-

1) Dropbear 2015.67 source code - dropbear-2015.67.tar.bz2 (https://matt.ucc.asn.au/dropbear/releases/dropbear-2015.67.tar.bz2)
2) Patch to compile for Android - dropbear-v67-android-patch-20150630 (https://goo.gl/Obo6kT) OR alternatively, you can use the patch from user serasihay (https://goo.gl/ip6Tkb).
3) A recent Linux distro (I use Ubuntu 14.04.2 LTS).
4) Development tools i.e. C compiler, linker, etc... all the necessary tools to run configure, make, etc..
5) Android NDK (I'm using rev 10e) installed & setup on Linux.

Steps :-

(1) Extract the source code to a directory of its own :-

Code:

tar xjf dropbear-2015.67.tar.bz2
cd dropbear-2015.67

(2) Patch the source :-

Code:

patch -p1 < dropbear-v67-android-patch-20150630

(3) Run configure :-

Code:

./configure --build=x86_64-unknown-linux-gnu --host=arm-linux-androideabi \
  --disable-zlib --disable-largefile --disable-loginfunc \
  --disable-shadow --disable-utmp --disable-utmpx --disable-wtmp \
  --disable-wtmpx --disable-pututline --disable-pututxline --disable-lastlog

(4) Edit config.h, search for USE_DEV_PTMX and add the following line after that :-

Code:

#define USE_DEV_PTMX 1

(5) Run make :-

Code:

STATIC=1 MULTI=1 SCPPROGRESS=0 PROGRAMS="dropbear dropbearkey scp dbclient" make strip

(6) You should end up with a single static binary "dropbearmulti" which you should link dropbear, dbclient/ssh, dropbearkey and scp to.

Code:

./dropbear -h
Dropbear server v2015.67 https://matt.ucc.asn.au/dropbear/dropbear.html
Usage: ./dropbear [options]
-A Android Mode, specify a user explicitly
-N Android Mode, user name
-C Android Mode, password
-R Android Mode, public key file (authorized_keys)
-U Android Mode, UID
-G Android Mode, GID
-b bannerfile    Display the contents of bannerfile before user login
        (default: none)
-r keyfile  Specify hostkeys (repeatable)
        defaults:
        dss /etc/dropbear/dropbear_dss_host_key
        rsa /etc/dropbear/dropbear_rsa_host_key
        ecdsa /etc/dropbear/dropbear_ecdsa_host_key
-F        Don't fork into background
-E        Log to stderr rather than syslog
-m        Don't display the motd on login
-w        Disallow root logins
-s        Disable password logins
-g        Disable password logins for root
-B        Allow blank password logins
-j        Disable local port forwarding
-k        Disable remote port forwarding
-a        Allow connections to forwarded ports from any host
-p [address:]port
        Listen on specified tcp port (and optionally address),
        up to 10 can be specified
        (default port is 22 if none specified)
-P PidFile    Create pid file PidFile
        (default /var/run/dropbear.pid)
-i        Start for inetd
-W <receive_window_buffer> (default 24576, larger may be faster, max 1MB)
-K <keepalive>  (0 is never, default 0, in seconds)
-I <idle_timeout>  (0 is never, default 0, in seconds)
-V    Version

I will assume you know what to do with the binary file generated so will not elaborate on the process.

Hope it works for you guys. I'll be happy to help out anyone who needs more details.

NOTE: I have posted a similar guide for building dropbear for an x86 Android device in the Zenfone 2 forum (http://xdaforums.com/zenfone2/general/compiling-dropbear-2015-67-zenfone-2-t3142222). The steps are mostly similar.

Cheers.

UPDATE: 2015-06-29
- I've updated the patch to fix dbclient/ssh client using password authentication.

UPDATE: 2015-06-30
- Reverted the patch for the dbclient fix as NDK does not have getpass() function. Looks like dbclient with password auth will seg fault until we can find an alternative to getpass().

UPDATE: 2015-06-30 (2)
- Uploaded yet another update to the patch to include a version of getpass(). Hopefully it works

UPDATE: 2015-07-02
- Added alternate dropbear patch by serasihay (Thanks!). Details of changes can be found here :- http://xdaforums.com/showpost.php?p=61649194&postcount=14

serasihay · Jun 28, 2015

Thank you for the guide, wolfdude!

I'm more interested in the client rather than the server, though.

Have you tried it? Does it work for you? For me, it doesn't.

I'm tying to connect to a remote host using the password authentication, but a segmentation fault occurs just after accepting the key of the remote host. It doesn't get to ask for the password.

The crosscompilation process goes without errors. I copy the binary to the Nexus, I do the symlinks in /system/xbin, etc.

I run the client from Terminal Emulator, and the remote host key is correctly stored in .ssh/known_hosts, inside the app's "app_HOME" directory found in /data.

On the remote server I can see that the connection request is received, the provided user is successfully identified as valid/existing; and the key algorithm exchange seems to succeed, too... But after that the connection is closed by the client... :-?

wolfdude · Jun 28, 2015

Hi serasihay,

Yes, I'm getting a Seg Fault too when I use the SSH client and using password auth. When I use an identity file, I don't get a SegFault and it connects successfully. I'm not sure what's causing the Seg Fault. When I get some time, I might have to run it through a debugger to find out. There might be more patches required to get the client working.

Cheers.

serasihay · Jun 28, 2015

Thank you for confirming it, wolfdude.

I also think that there's more code to be patched.

I'm reading to learn how to debug the binary...

Never done this on Android...

Thanks again for your time!

wolfdude · Jun 29, 2015

Hi Serasihay,

I've updated the patch to fix the seg fault issue. Turns out that the original patch commented out a chunk of code that was required for password authentication. Please test it out and hopefully this works well for you.

Cheers.

serasihay · Jun 29, 2015

It looks like you've uploaded the old patch again by mistake...

I diffed both files and they are exactly the same.

Yesterday I made good progress learning how to debug remotely a binary running on an Android device. I had to recompile the binary without striping the symbols, etc.

I'm a bit out of my depth here, but I'll continue trying to understand where's the flaw.

Code:

$ adb forward tcp:5039 tcp:5039
$ ./android-ndk-r10e/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin/arm-linux-androideabi-gdb
[...]
(gdb) target remote :5039
(gdb) symbol-file dropbear-2015.67/dropbearmulti
Reading symbols from dropbear-2015.67/dropbearmulti...done.
(gdb) run
The "remote" target does not support "run".  Try "help target" or "continue".
(gdb) continue
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x000527cc in strlen (s=0x0) at bionic/libc/arch-arm/bionic/strlen.c:62
62      bionic/libc/arch-arm/bionic/strlen.c: No such file or directory.
(gdb) backtrace 
#0  0x000527cc in strlen (s=0x0) at bionic/libc/arch-arm/bionic/strlen.c:62
#1  0x0000aff0 in cli_auth_password ()
#2  0x0000a7ec in cli_auth_try ()
#3  0x0000f534 in cli_sessionloop ()
#4  0x000161a0 in session_loop ()
#5  0x0000f16c in cli_session ()
#6  0x0000d604 in cli_main ()
#7  0x00008228 in main ()
(gdb) frame 1
#1  0x0000aff0 in cli_auth_password ()
(gdb) info frame
Stack level 1, frame at 0xbecbf848:
 pc = 0xaff0 in cli_auth_password; saved pc = 0xa7ec
 called by frame at 0xbecbf860, caller of frame at 0xbecbf7d0
 Arglist at 0xbecbf844, args: 
 Locals at 0xbecbf844, Previous frame's sp is 0xbecbf848
 Saved registers:
  r4 at 0xbecbf834, r5 at 0xbecbf838, r6 at 0xbecbf83c, r11 at 0xbecbf840, lr at 0xbecbf844
(gdb)

serasihay · Jun 29, 2015

I guess the code commented out in the patch that you are referring to is the one that, in cli-auth.c, does the following aasignement:

Code:

password = getpass(prompt);

It makes sense, because from the debugging "session" I posted int my previous post, one could deduce that the problem is that a null string is passed to cli_auth_password ()...

But, unhappily, the function getpass is not provided by the Android C library (Bionic). If you try to build with a "corrected" patch, you end up with this error:

Code:

cli-auth.o:cli-auth.c:function getpass_or_cancel: error: undefined reference to 'getpass'

I'll try to find a workaround. Any help will be appreciated!

wolfdude · Jun 30, 2015

serasihay said:
I guess the code commented out in the patch that you are referring to is the one that, in cli-auth.c, does the following aasignement:

...

I'll try to find a workaround. Any help will be appreciated!

Hi serasihay,

You're on the right track

That is indeed the function causing the seg fault. I've updated the post to have the correct URL to the CORRECT patch now. Please try again and let me know how it goes.

Cheers.

serasihay · Jun 30, 2015

Hi wolfdude,

The corrected patch you've uploaded is like the one I already tried. As I was saying in my previous post:

serasihay said:
But, unhappily, the function getpass is not provided by the Android C library (Bionic). If you try to build with a "corrected" patch, you end up with this error:

Code:

cli-auth.o:cli-auth.c:function getpass_or_cancel: error: undefined reference to 'getpass'

So, in my opinion, it's a matter of finding an alternative to "getpass", or implementing a new one... I'm reading what would be the better solution.

Thank you again for your time!

Cheers.

wolfdude · Jun 30, 2015

Ahh... apologies for not reading correctly. I see what you meant now. I did my compile/build on an x86 android device and I assumed that it would also work for ARM using the NDK. Let us know how you go with the getpass() alternative.

Thanks.

wolfdude · Jun 30, 2015

Hi serasihay,

Ok... I've uploaded another patch this time to include a getpass() function which I pinched & modified from the GLIBC library. Hopefully it works as expected. Again... I didn't audit it for any security issues so use at your own risk

Cheers.

serasihay · Jun 30, 2015

Thank you very much for your help and efforts, wolfdude.

I've taken my chances with your new patch...

But the code doesn't compile, either.

Now the problem is with the "getline" function:

Code:

cli-auth.o:cli-auth.c:function getpass: error: undefined reference to 'getline'

I'll keep struggling with it as time allows...

Edit:

I've found a working getpass function. The code compiles and allows me to successfuly login to my remote machine!

https://github.com/CyanogenMod/android_external_dropbear/blob/cm-12.0/netbsd_getpass.c

When I get time I'll see if it is secure to include it and what would be the proper way to do so. I'm out of my depth here.

Of course, feel free to make a new patch or whatever you consider appropriate, surely you're more experienced than I am!

wolfdude · Jul 1, 2015

Good to know you have it working now. I'm no developer too so can't really comment on which ever is better. As long as it works right

Cheers.

serasihay · Jul 1, 2015

I've uploaded the patch that makes the dropbear client work for me.

https://goo.gl/ip6Tkb

Basically, it is the one you uploaded initially, but it corrects the problem with the getpass function by using the one implemented in the file netbsd_getpass.c.

To sum it up, my patch differs from your first one in that:

* Adds two new files, netbsd_getpass.h and netbsd_getpass.c.
* Modifies cli-auth.c to include the netbsd_getpass.h in order to use its getpass function.
* Modifies the Makefile.in so that the netbsd_getpass.c object is compiled and included into the dropbearmulti binary.
* Modifies options.h to change the path of the SSH which is used in scp.c to: _PATH_SSH_PROGRAM "/system/xbin/dbclient"; i.e.: it assumes that you do the appropiate symlink in /system/xbin...

Cheers!

wolfdude · Jul 2, 2015

Good stuff! I'll update the original post to have a link to your patch.

Thanks.

serasihay · Jul 2, 2015

I'll be happy if it helps anyone.

Thank you!

MonaLisaOverdrive · Jul 9, 2015

If you have openssl ported to Android, there's a simple, useful patch that substitutes crypt with openssl's DES_crypt.

Link to the description (which contains a link to the patch) is here: http://www.gossamer-threads.com/lists/openssh/bugs/55836

Note: DES encryption isn't the best, but it's better than cleartext. I did look through the openssl headers/libs for an AES_crypt or 3DES_crypt but couldn;t find anything

tim.mothery@gmail.com · Jul 14, 2015

static compile... 'No such file or directory" error

Excellent guide -- wolfdude & serasihay thank-you. I'm new to andriod and was clueless on how to do this.

I have the dbclient running, but only if I compile without the STATIC=1. Whenever I use static I get an "sh: ./dbclient: No such file or directory" error immediately upon execution. Any idea why this is happening?

I'm using a Motorola Moto G (the new Moto G sometimes called the Moto G2). As the non-static is quite a bit smaller and seems to run okay I'm wondering if not using static will bomb on other devices and I'm just lucky with the Moto G.

wolfdude · Jul 14, 2015

Hi,

No idea why you can't compile it as static... but if the dynamic executable works for you then it should be ok.

Cheers.

jonny789 · Sep 24, 2015

I have tried to compile dropbear with both patches. But everytime it shows ::

gcc -I./libtomcrypt/src/headers/ -I. -I. -Os -W -Wall -Wno-pointer-sign -DDROPBEAR_SERVER -DDROPBEAR_CLIENT -DDBMULTI_dropbear -DDBMULTI_dbclient -DDBMULTI_dropbearkey -DDBMULTI_dropbearconvert -DDBMULTI_scp -DDROPBEAR_MULTI -c -o netbsd_getpass.o netbsd_getpass.c
netbsd_getpass.c: In function 'getpass':
netbsd_getpass.c:68:18: error: '_PASSWORD_LEN' undeclared (first use in this function)
netbsd_getpass.c:68:18: note: each undeclared identifier is reported only once for each function it appears in
netbsd_getpass.c:68:14: warning: unused variable 'buf' [-Wunused-variable]
netbsd_getpass.c:114:1: warning: control reaches end of non-void function [-Wreturn-type]
make: *** [netbsd_getpass.o] Error 1

[Guide] Compiling dropbear 2015.67

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Member

Senior Member

New member

Member

Senior Member

Similar threads

Top Liked Posts