I don't know iptables that much but it has the option "-t mangle"... can this be used somehow?
Is it a transparent proxy, or are you somehow configuring Android to use a proxy?
As you can probably guess, I don't have a lot of dev experience with Android, but I do have lots of experience with proxies.
Well, I'm in Australia. I haven't been able to see the navigate option at all
Did you:
a) install Google Voice?
b) try to navigate within the US?
c) try creating a desktop shortcut to a "Directions" target and turn on navigation?
I've already used Wireshark, and it's talking to a Google server. However, the exchange looks a lot like normal driving directions, except with the identifier "DriveAbout" instead of "GMM".
I'm working on routing all connections to this server through a proxy so that I can replace "DriveAbout" with "GMM", to see if that will make it work.
We need a dump from a droid to compare the data, otherwise we're just guessing. Or possibly just a dump from a G1 that navigates in the US.
But to be honest, I looked at a wireshark dump myself and it seems to me that the application decides whether it can navigate or not. Either that or there's a flag embedded into the map data that's received. It's not trying to authorize to some other server or anything.
I thought navigation would be server side when it comes to the navigation portion. If it is server side, then there really isnt much that can be done.
Except that the only difference between Navigation and regular "driving directions" seems to be what the app calls itself when it talks to the server, as I explained in my first post. So if we can get the app to call itself "GMM" instead of "DriveAbout", then it might work.
What about using the queue options from iptables (NFQUEUE)?The mangle table is used for altering packets, but requires implementation of the specifics by iptables modules. For example, the type of service, or TOS, module can change a packet's IPv4 TOS field. But someone had to go and write the TOS module for it to be able to do anything.
Having said that, we can possibly use iptables to redirect the packets to a transparent proxy running somewhere, perhaps on the phone. The proxy can then fudge the requests to Google so they look like regular map browser access rather than the "driveabout" Maps android application. If the requests are being filtered at the Google end, then we would need to pretend to be something else to avoid getting filtered.
What about using the queue options from iptables (NFQUEUE)?
Then someone would just have to write the callback function (see http://linux.die.net/man/3/libipq) that modifies the packet (replaces the string) and does the admin stuff like recalculation md5 and ....
Maybe this howto is of use for any interested coder ;-)
Pushing this into userspace looks appealing.
I suspect it's a similar amount of work to writing any other extension/plug-in to iptables. There are plenty of guides and open-source examples to use, but much of the work would be in getting a toolchain to build kernel modules and libraries for the Android platform. Need to check that stock Android has the libipq library, otherwise we'd need to build and install it. This is all probably relatively easy, but my current lack of dev knowledge is making it seem harder. But don't let that stop us.
So the plan would be to have a script run when networking comes up, applies an iptables rule that matches outgoing port 80 packets, and pushes them to a userspace queue. We also write an app, need not run as root, which might make installation easier. The app gets packets from the queue, looks for packets going to google domains (in host header), looks for packets containing DriveAbout in the body, changes this to GMM (and likely some other fix-ups that we find along the way), re-calculates the checksum, and sends the packet on its way.
Hi there...
I m interested a lot in these pages.
Since i reversed the market application doing marketEnabler (The one which enable outside US people to buy apps from the market ) i could probably help..
As far i can remember the encoded data sent by marketEnabler was encoded with some kind of base64 encoding ..
It was a little modified but you can make a test with the simple base64 decoder routine and see if something changes..
Furthermore i think google did the client-side check because they knew someone will started working on hacking this .. ( Doing for marketEnabler was so simple )...
Fur the reasons above i do think there are no server side checks.
Hope this helps
im wondering why i cant use marketEnabler in 1.6 donutHi there...
I m interested a lot in these pages.
Since i reversed the market application doing marketEnabler (The one which enable outside US people to buy apps from the market ) i could probably help..