tailscaled as android service on boot

I need a tailscaled running as a service on my android boot so I can ssh it anytime (yes sshd is already up and running).

Tailscale does have an android app which utilize the andoird vpn service as a tun stack. Unfortunately android vpn is an exlusive service, meaning I cannot use other vpn services when using the tailscale app.

The solution, is to run tailscale arm binary directly in termux, just like sshd. Better, I can create a service.

[!IMPORTANT] The kernal mode in android will likely fail due to iptables incompatibility. As a consequence I have to use userspace networking mode, under which the device can be reached by will not have a transparent proxy to other devices in the subnet. See https://tailscale.com/kb/1112/userspace-networking.

## download tailscale
mkdir -p $PREFIX/opt/tailscale
cd $PREFIX/opt/tailscale
## see https://pkgs.tailscale.com/stable/#static
wget https://pkgs.tailscale.com/stable/tailscale_1.78.1_arm64.tgz
tar xf tailscale_1.78.1_arm64.tgz

## create service run
mkdir -p $PREFIX/var/service/tailscaled/log
tee $PREFIX/var/service/tailscaled/run <<EOF
PREFIX=/data/data/com.termux/files/usr/
sudo $PREFIX/opt/tailscale/tailscaled -tun=userspace-networking --state=$PREFIX/var/lib/tailscale/tailscaled.state --socket=$PREFIX/run/tailscale/tailscaled.sock --port=41641 --no-logs-no-support
EOF

## create service log
tee $PREFIX/var/service/tailscaled/log/run <<EOF
#!/data/data/com.termux/files/usr/bin/sh
# Get the name of the service from the PWD, this assumes the name of the
# service is one level above the log directory.
pwd=${PWD%/*} # $SVDIR/service/foo/log
service=${pwd##*/} # foo

mkdir -p "$LOGDIR/sv/$service"

exec svlogd -tt "$LOGDIR/sv/$service"
EOF

## start service
sv up tailscaled

## login
sudo $PREFIX/opt/tailscale/tailscale --socket=$PREFIX/run/tailscale/tailscaled.sock up

To start services on boot, see https://wiki.termux.com/wiki/Termux:Boot

OnePlus 13 custom recovery with adb

Follow this guide and find that op13 won't boot after flashing custom recovery.img.

Find possible solution which is to sign the recovery.img.

Take a wild guess that oos will only check if there is a sign but won't verify it. Ask chatgpt to provide guide on how to sign a recovery image with AVBv2.

git clone https://android.googlesource.com/platform/external/avb
openssl genrsa -out avb_private_key.pem 2048
openssl rsa -in avb_private_key.pem -pubout -out avb_public_key.pem
./avb/avbtool.py add_hash_footer --partition_name recovery \
  --image recovery.img \
  --partition_size <partition_size_in_bytes> \
  --key avb_private_key.pem \
  --algorithm SHA256_RSA2048

Turns out to be a successsful guess.

Chrome OS on Surface Pro 7

20210113

Working

except # Not Working

Not Working

  • Multi-touch Finger Input (Single-touch works)
  • Stylus Input
  • Camera
  • Surprise, dark mode hasn't been implemented in Chrome OS 87!

Have Problem Working

Speaker will make hissing noises with headphone injected

Mechanism

Chrome OS cannot be installed directly to PC due to hardware compatibility. Some hardware, e.g. the Intel Precise Touch Screen of Surface Pro, even requires special driver. Moreover, Chrome OS, or Android, are built to install on the entire disk (not a partition).

'brunch' is a framework project featuring these problems by including support for PC hardwares and installing Chrome OS on a .img disk mirror file.

Repo

sebanc/brunch: Boot ChromeOS on x86_64 PC (supports most Intel CPU/GPU or AMD Stoney Ridge)

Rammus recovery bin from CrOS Updates Serving

Bottle neck upstream repo

linux-surface/iptsd: Userspace daemon for Intel Precise Touch & Stylus

Install script

I use WSL to pack up the '.img' file. Due to the warning given by brunch readme, I made a special partition, a 32 GB NTFS 'G:\', i.e. '/mnt/g/' in wsl for safety concern. The img size is thus set at 31 (GB).

The reason to use NTFS is to facilitate disk operation in Windows. An EXT4 file system will work too, but not FAT32 due to lack of support of large file.

sudo apt-get install pv
sudo apt-get install cgpt
sudo bash chromeos-install.sh -src chromeos_13505.73.0_rammus_recovery_stable-channel_mp-v2.bin -dst /mnt/g/chromeos.img -s 31;

GRUB2

Need to disable Secure Boot and Bitlocker first.

Turning Secure Boot back on is an easy method to disable GRUB - thus booting directly into Windows.

I use grub2win for multi-boot. Add the boot code generated by brunch (next to the generated '.img' file) to grub.cfg to add the Chrome OS boot entry, and specify options=ipts in kernel parameters to enable touchscreen input.

Update

Follow instructions of BiteDasher/brcr-update: Script to update Chrome OS installed using the brunch framework

n2n

n2n is a solution for Virtual LAN.

With VLAN many things can be quite easy, e.g. SMB sharing across NAT.

wm density Crash Rescue

device: Mi MIX 2S system: MIUI 10

Try and fail

My device crashed after trying to modify window density.

su
wm density 120

Screen went dark, adb shell reports error.

.\adb shell wm density reset

Tried force reboot, not working, and adb shell no longer worked due to permission. Device auto reboot into recovery.

Tried everything from Google and nothing works.

Tried adb command when restarting but encountered error.

.\adb shell wm density reset
Security exception: Must hold permission android.permission.WRITE_SECURE_SETTINGS

Solution

This reminds me of a way to circumvent device password lock, which I accidentally bumped into 2 weeks ago when modifying status bar icon.

Simply rename/remove

/system/priv-app/MiuiSystemUI/MiuiSystemUI.apk

Then reboot, you'll find yourself home screen immediately!!! Do anything you like to fix the resolution.

Android Root

Things one can do after gainning root access of their Android. Pls note that this is not a guidance to unlock and root a Android device.

Date

20181110

Deviceļ¼š Xiaomi MIX 2S

Mobile Choice

Moving to Android

Finally, I decide to give up iOS, despite having using it for so many years. When I began to use iOS on 2011, it's still far less mature than today. People jailbroke it for better UI and more features. I can still remember some of the classic debian packages, i.e. SBSettings which iOS later introduced as Control Center. Good days back then. With Apple constructing its firewall taller and harder, jailbreaking is becoming much more difficult nowadays, not only for hackers, but also for common geeks. I'm not here to comment on the righteousness of Apple's action to promoting this. Objectively, fewer users means fewer developers, then fewer apps to serve even fewer users. To begin with, after iPhone 4s, iOS users can no longer freely downgrade their devices even one wants to enjoy fluency of earlier version. Year after year, the limits just became stronger and stronger. It finally leads to the collapse of jailbreaking community. A lot of cydia apps began to lose maintaince after iOS 9. I have my iPhone se locked at iOS 9.3.3 to keep it working fluently for 2 years. And after this only 2 years, with the screen malfunctioning, infra-red sensor no longer working, cameras poulluted by ashes and speakers making noises, it's high time I decided to move away from iOS, from Apple. (I'm a bit too objective here. What I am truly thinking, F**k Apple.) I choose to move on, and hope I can find some lost freedom from the Android world.