Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T03:16:32Zhttps://gitlab.torproject.org/legacy/trac/-/issues/12412Orbot broke using TransPort2020-06-13T03:16:32ZIsis LovecruftOrbot broke using TransPortOrbot (as of 14.0.3.1 and later) [sets `TransPort 0`](https://gitweb.torproject.org/orbot.git/commitdiff/2ce9ea92f14f7b5c04798809f0c262475766977e), which disables tor's `TransPort` entirely. This means that people who use iptables script...Orbot (as of 14.0.3.1 and later) [sets `TransPort 0`](https://gitweb.torproject.org/orbot.git/commitdiff/2ce9ea92f14f7b5c04798809f0c262475766977e), which disables tor's `TransPort` entirely. This means that people who use iptables scripts outside of Orbot (as described in [Mike Perry's recent blog post](https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy)) to redirect TCP traffic to the `TransPort` cannot do so.
Related, see #12411.
>
> Leaks are not the problem; they are the symptom. --Heather Brooke
>Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/12411Orbot broke using DNSPort2020-06-13T03:16:31ZIsis LovecruftOrbot broke using DNSPortOrbot 14.0.3.1 completely breaks networking, if you have firewall scripts which don't allow leaks.
**THIS MEANS THAT ORBOT IS LEAKING LIKE THE FUCKING PENTAGON PAPERS, EXCEPT NOT IN A GOOD WAY.**
This is because Orbot (as of 14.0.3.1 ...Orbot 14.0.3.1 completely breaks networking, if you have firewall scripts which don't allow leaks.
**THIS MEANS THAT ORBOT IS LEAKING LIKE THE FUCKING PENTAGON PAPERS, EXCEPT NOT IN A GOOD WAY.**
This is because Orbot (as of 14.0.3.1 and later) [sets `DNSPort 0`](https://gitweb.torproject.org/orbot.git/commitdiff/2ce9ea92f14f7b5c04798809f0c262475766977e), which disables tor's `DNSPort` entirely. This means that people who use iptables scripts outside of Orbot (as described in [Mike Perry's recent blog post](https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy)) to redirect UDP DNS traffic to the `DNSPort` cannot do so. It also means that _every other application will leak traffic all over the place_.
Currently, the only way to fix this mess is to force stop and uninstall Orbot, download an older (14.0.1) .apk onto another device, and copy it over manually to the broken one to reinstall it. This is ridiculous. You're practically bricking people's devices, and you're forcing them to jump through extreme hoops to preserve their anonymity.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/11559Orbot-v13.0.7-BETA-1: "Tor Tethering" not working2020-06-13T03:06:29ZcypherpunksOrbot-v13.0.7-BETA-1: "Tor Tethering" not workingHi,
I'm running the latest Orbot version [1] on a rooted Android 4.0.4 and enabled
"Tor Tethering" while enabling Internet via 3G, but the devices connecting to the hotspot are not routed over Tor (tested via checkip.dyndns.org).
Sho...Hi,
I'm running the latest Orbot version [1] on a rooted Android 4.0.4 and enabled
"Tor Tethering" while enabling Internet via 3G, but the devices connecting to the hotspot are not routed over Tor (tested via checkip.dyndns.org).
Should this work or is this a experimental feature anyway?
How can I help to debug this?
https://guardianproject.info/releases/Orbot-v13.0.7-BETA-1.apkNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5096Support transferring bridge addresses in QR codes2020-06-13T03:02:59ZRobert RansomSupport transferring bridge addresses in QR codesAt some point (maybe in days, maybe in weeks), we will start distributing bridge addresses which contain multiple 80-bit-or-longer base32-encoded ‘cryptovariables’ (I don't know any other appropriate general term for them). Orbot users ...At some point (maybe in days, maybe in weeks), we will start distributing bridge addresses which contain multiple 80-bit-or-longer base32-encoded ‘cryptovariables’ (I don't know any other appropriate general term for them). Orbot users will want to not retype them into their puny phone keyboards.
See the ‘`libzbar`’ package for a QR-code decoder under the LGPL. See ‘`libqrencode`’ for a QR-code encoder under the LGPL. Neither of these can currently handle binary strings containing NULs (you don't want to be parsing/repacking bridge lines anyway, but you need to know about that bug before you use the QR-code hammer to pound e.g. OTR/GPG fingerprints, BitTorrent info hashes, or Curve25519/Ed25519 public keys).
Also, if you interact with a QR-code decoder through e.g. XML, don't get [bobbytabled](https://xkcd.com/327/). (P.S. ‘`zbarimg --xml`’ sucks.)Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/11245Orbot bootstraped problem2020-06-13T03:00:57ZTracOrbot bootstraped problemOn my un rooted samsung galaxy note 10.1 Orbot only gets to bootstrapped 25%.
My system information:
Android version: 4.1.2
Model Number: GT - N8010
Log:
Orbot is starting…
Orbot is starting…
Tor binary exists: /data/data/org.torproje...On my un rooted samsung galaxy note 10.1 Orbot only gets to bootstrapped 25%.
My system information:
Android version: 4.1.2
Model Number: GT - N8010
Log:
Orbot is starting…
Orbot is starting…
Tor binary exists: /data/data/org.torproject.android/lib/libtor.so
Privoxy binary exists: /data/data/org.torproject.android/lib/libprivoxy.so
Obfsproxy binary exists: /data/data/org.torproject.android/lib/libobfsproxy.so
Xtables binary exists: /data/data/org.torproject.android/lib/libxtables.so
link RM err=0 out:
link LN err=0 out:
libtor.so: PRE: Is binary exec? true
(re)Setting permission on binary: /data/data/org.torproject.android/lib/libtor.so
libtor.so: POST: Is binary exec? true
tor: PRE: Is binary exec? true
(re)Setting permission on binary: /data/data/org.torproject.android/app_bin/tor
tor: POST: Is binary exec? true
libprivoxy.so: PRE: Is binary exec? true
(re)Setting permission on binary: /data/data/org.torproject.android/lib/libprivoxy.so
libprivoxy.so: POST: Is binary exec? true
libobfsproxy.so: PRE: Is binary exec? true
(re)Setting permission on binary: /data/data/org.torproject.android/lib/libobfsproxy.so
libobfsproxy.so: POST: Is binary exec? true
libxtables.so: PRE: Is binary exec? true
(re)Setting permission on binary: /data/data/org.torproject.android/lib/libxtables.so
libxtables.so: POST: Is binary exec? true
Orbot is starting…
got tor proc id: 21351
Tor process id=21351
Connecting to control port: 9051
SUCCESS connected to control port
SUCCESS authenticated to control port
Starting Tor client… complete.
adding control port event handler
SUCCESS added control port event handler
updating settings in Tor service
Starting privoxy process
/data/data/org.torproject.android/lib/libprivoxy.so /data/data/org.torproject.android/app_bin/privoxy.config &
orConnStatus (madiba): LAUNCHED
NOTICE: Bootstrapped 10%: Finishing handshake with directory server.
Privoxy is running on port:8118
Privoxy process id=21371
NOTICE: Bootstrapped 15%: Establishing an encrypted directory connection.
orConnStatus (itpol2): CONNECTED
orConnStatus (madiba): CONNECTED
NOTICE: Bootstrapped 20%: Asking for networkstatus consensus.
Circuit (1) BUILT: itpol2
NOTICE: I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
Circuit (2) BUILT: madiba
NOTICE: Bootstrapped 25%: Loading networkstatus consensus.
Circuit (2) CLOSED: madiba
NOTICE: I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus.
**Trac**:
**Username**: isaac868Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/10786orbot (13.0.4a) on android 4.3 didn't start - asus me302c tablet2020-06-13T02:52:25ZTracorbot (13.0.4a) on android 4.3 didn't start - asus me302c tabletIn the orbot start window I get the following information:
Orbot is starting…
Tor binary exists: /data/app-lib/org.torproject.android-2/libtor.so
Privoxy binary exists: /data/app-lib/org.torproject.android-2/libprivoxy.so
Obfsproxy bina...In the orbot start window I get the following information:
Orbot is starting…
Tor binary exists: /data/app-lib/org.torproject.android-2/libtor.so
Privoxy binary exists: /data/app-lib/org.torproject.android-2/libprivoxy.so
Obfsproxy binary exists: /data/app-lib/org.torproject.android-2/libobfsproxy.so
Xtables binary exists: /data/app-lib/org.torproject.android-2/libxtables.so
link RM err=0 out:
link LN err=0 out:
libtor.so: PRE: Is binary exec? true
(re)Setting permission on binary: /data/app-lib/org.torproject.android-2/libtor.so
libtor.so: POST: Is binary exec? true
tor: PRE: Is binary exec? true
(re)Setting permission on binary: /data/data/org.torproject.android/app_bin/tor
tor: POST: Is binary exec? true
libprivoxy.so: PRE: Is binary exec? true
(re)Setting permission on binary: /data/app-lib/org.torproject.android-2/libprivoxy.so
Orbot is starting…
libprivoxy.so: POST: Is binary exec? true
libobfsproxy.so: PRE: Is binary exec? true
(re)Setting permission on binary: /data/app-lib/org.torproject.android-2/libobfsproxy.so
libobfsproxy.so: POST: Is binary exec? true
libxtables.so: PRE: Is binary exec? true
(re)Setting permission on binary: /data/app-lib/org.torproject.android-2/libxtables.so
libxtables.so: POST: Is binary exec? true
Orbot is starting…
Couldn't start Tor process:
The tablet is unrooted. Tor version v0.2.4.20
**Trac**:
**Username**: wuzi8642Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/10647Orbot completely broken Android 4.1.22020-06-13T02:50:06ZTracOrbot completely broken Android 4.1.2I’ve used Orbot in the past on Android with success with different browsers, but the latest version seems to be completely broken as far as I could tell.
1. No matter what you do no application can see Tor running, so checking the Tor s...I’ve used Orbot in the past on Android with success with different browsers, but the latest version seems to be completely broken as far as I could tell.
1. No matter what you do no application can see Tor running, so checking the Tor status page shows that Tor is inactive even when it’s running.
The phone is rooted and I set “Transparent proxying to ON”
But not “Tor everything”
I then manually added different browsers in the add app section.
I tried in several different browsers including Orweb (marked as ‘latest’).
One browser seemed to realize it was connected to something but returned the message “There is a problem with the proxy server” and could not connect to anything.
All other browsers I tried simply ignore that Tor is running and connect directly (as seen on inspection of an IP checking site (or in Orweb that Check Tor page))
Currently this implementation of Tor on Android is completely unusable, which is a shame as it used to work great.
**Trac**:
**Username**: margoliaNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/10337I'm not sure what the error is here2020-06-13T02:43:32ZTracI'm not sure what the error is here```
Orbot is starting?
Orbot is starting?
(re)Setting permission on Tor binary
(re)Setting permission on Privoxy binary
(re)Setting permission on Obfsproxy binary
Orbot is starting?
got tor proc id: 18511
Tor process id=18511
Con...```
Orbot is starting?
Orbot is starting?
(re)Setting permission on Tor binary
(re)Setting permission on Privoxy binary
(re)Setting permission on Obfsproxy binary
Orbot is starting?
got tor proc id: 18511
Tor process id=18511
Connecting to control port: 9051
SUCCESS connected to control port
SUCCESS authenticated to control port
Starting Tor client? complete.
adding control port event handler
SUCCESS added control port event handler
Starting privoxy process
/data/data/org.torproject.android/app_bin/privoxy /data/data/org.torproject.android/app_bin/privoxy.config &
orConnStatus (CaptainPicard2): LAUNCHED
NOTICE: Bootstrapped 85%: Finishing handshake with first hop.
NOTICE: We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if run as a client) more easy for censors to block.
NOTICE: To correct this, use a more recent OpenSSL, built without disabling any secure ciphers or features.
Privoxy is running on port:8118
Privoxy process id=18521
Transparent Proxying: enabling...
enabling transproxy for app: com.forshared(10142)
enabling transproxy for app: mgeek.dolphin.[10114(10114)](10114(10114))
enabling transproxy for app: com.humblebundle.library(10107)
enabling transproxy for app: com.opera.browser(10138)
enabling transproxy for app: com.silvermoon.client(10099)
enabling transproxy for app: com.cloudmosa.puffin(10116)
enabling transproxy for app: com.valvesoftware.android.steam.community(10102)
enabling transproxy for app: com.google.android.youtube(10091)
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10142 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10142 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10142 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10142 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10142 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10142 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10142 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10142 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10142 -p udp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10067 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10067 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10067 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10067 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10067 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10067 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10067 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10067 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10067 -p udp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10114 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10114 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10114 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10114 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10114 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10114 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10114 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10114 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10114 -p udp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10107 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10107 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10107 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10107 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10107 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10107 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10107 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10107 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10107 -p udp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10138 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10138 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10138 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10138 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10138 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10138 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10138 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10138 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10138 -p udp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10099 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10099 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10099 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10099 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10099 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10099 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10099 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10099 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10099 -p udp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10116 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10116 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10116 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10116 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10116 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10116 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10116 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10116 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10116 -p udp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10102 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10102 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10102 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10102 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10102 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10102 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10102 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10102 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10102 -p udp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p tcp ! -d 127.0.0.1 -m owner --uid-owner 10091 -m tcp --syn -j REDIRECT --to-ports 9040 || exit
/data/data/org.torproject.android/app_bin/iptables -t nat -A OUTPUT -p udp -m owner --uid-owner 10091 -m udp --dport 53 -j REDIRECT --to-ports 5400 || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10091 -p tcp -d 127.0.0.1 --dport 5400 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10091 -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10091 -p tcp -d 127.0.0.1 --dport 9050 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10091 -p tcp -d 127.0.0.1 --dport 8118 -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10091 -p tcp -o lo -j ACCEPT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10091 -p tcp ! -d 127.0.0.1 -j REJECT || exit
/data/data/org.torproject.android/app_bin/iptables -t filter -A OUTPUT -m owner --uid-owner 10091 -p udp ! -d 127.0.0.1 -j REJECT || exit
;errCode=0;resp=FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
FIX ME! implement getprotobyname() bionic/libc/bionic/stubs.c:478
TorTransProxy resp code: 0
```
It stops at 85% and it doesnt go on to a green onion.
**Trac**:
**Username**: BubblesNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/9961Orbot contact information cannot be configured2020-06-13T02:36:07ZTracOrbot contact information cannot be configuredOrbot contact information cannot be configured in the settings menu and that leads to an INFO complaint about not set contact information in the log if Orbot is set up as a relay.
**Trac**:
**Username**: mattiOrbot contact information cannot be configured in the settings menu and that leads to an INFO complaint about not set contact information in the log if Orbot is set up as a relay.
**Trac**:
**Username**: mattiNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/9861Orbot: enter multiple bridges, but it only uses one2020-06-13T02:34:00ZTracOrbot: enter multiple bridges, but it only uses oneThis is Orbot 12.0.5 on Android 2.3.x.
* use bridges is checked
* obfuscated bridges is checked
* bridge addresses are 1 per line, IP:port
* I know >1 of these work as I operate some of them for testing
I see a LAUNCHED for every bridg...This is Orbot 12.0.5 on Android 2.3.x.
* use bridges is checked
* obfuscated bridges is checked
* bridge addresses are 1 per line, IP:port
* I know >1 of these work as I operate some of them for testing
I see a LAUNCHED for every bridge when I start up Orbot connecting, but, circuits are only ever built through the second bridge on the list, for whatever reason. I never see log messages about the others other than LAUNCHED at startup.
Please let me know if there is a better place to submit this bug - I can't find it with The Guardian Project.
**Trac**:
**Username**: gmorehouseNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/9725'About' section has outdated information2020-06-13T02:30:59ZMatt Pagan'About' section has outdated informationAccording to a user, the 'About' section in Orbot still says it uses Tor 0.2.3.According to a user, the 'About' section in Orbot still says it uses Tor 0.2.3.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3595Connections with IPv4-mapped IPv6 addresses bypass transproxy2020-06-13T02:06:22ZTracConnections with IPv4-mapped IPv6 addresses bypass transproxyA user (DEplan on #guardianproject) reported that Gibberbot was using his real IP despite Orbot's transproxy being turned on; further research led to the conclusion that recent releases of Android seem to use IPv4-mapped IPv6 adresses fo...A user (DEplan on #guardianproject) reported that Gibberbot was using his real IP despite Orbot's transproxy being turned on; further research led to the conclusion that recent releases of Android seem to use IPv4-mapped IPv6 adresses for a large portion of connections. For examples, please see http://pastebin.com/Z4KDDq40. These connections completely bypass transproxy.
I am not yet sure about the circumstances under which Android employs these addresses.
The problems in finding a solution are that Android usually does not include ip6tables (though Orbot could simply package that) and kernels do usually not include IPv6 netfilter modules. The latter is a major issue, since Orbot can't package modules for every single kernel a user might be running.
As a side note, IPv6 does not support NAT (which is what transproxying is based on).
I'll try to figure out what triggers this behaviour of Android and find possible solutions (using sysctl to disable IPv6 does not solve it).
**Trac**:
**Username**: __sporkbombNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/8500Warn the user about possible transparent proxying failure2020-06-13T02:06:22ZTracWarn the user about possible transparent proxying failureThe transparent proxying feature is very likely to fail for a number of reasons, the most common is lack of a firmware supporting the needed iptables magic, or bugs like #3595.
Currently orbot doesn't warn the user when this occurs, lea...The transparent proxying feature is very likely to fail for a number of reasons, the most common is lack of a firmware supporting the needed iptables magic, or bugs like #3595.
Currently orbot doesn't warn the user when this occurs, leading to a false sense of security.
* It only mentions "(Requires root)" in the settings menu: true, but not enough: a special firmware is required too. It should be mentioned (possibly with a link to https://www.torproject.org/docs/android.html.en )
* At orbot startup, a system notification message is issued, saying that transparent proxying has been correctly enabled, even when this is not the case!
Orbot should check more toroughly if transparent proxying is really working, and issue a BIG WARNING in the user interface if this is not the case (or if this can not be detected).
Also the web page at https://www.torproject.org/docs/android.html.en could be improved, though it mentions the requirement for a suitable firmware, the warning could be made more evident (now you have to read the fine print to find out about this limitation).
We could also suggest the user to always check if a particular app is behaving as expected, for example checking the current network connections using a netstat-like tool like Os monitor
(see: http://f-droid.org/repository/browse/?fdfilter=os%20monitor&fdid=com.eolwral.osmonitor )
**Trac**:
**Username**: criNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/8079WARNING: error starting transparent proxying!2020-06-13T01:55:43ZTracWARNING: error starting transparent proxying!Hi,
I'm getting "WARNING: error starting transparent proxying!". Looks similar to https://trac.torproject.org/projects/tor/ticket/3891 but thing is:
- it was working just after Orbot installation (no warn message + I verified this for ...Hi,
I'm getting "WARNING: error starting transparent proxying!". Looks similar to https://trac.torproject.org/projects/tor/ticket/3891 but thing is:
- it was working just after Orbot installation (no warn message + I verified this for some apps and tethering on https://check.torproject.org/).
- I have CyanogenMod-7.2.0-vision installed (root access is granted for Orbot).
I was trying to use Orbot-bundled iptables but with no change.
I'll try to attach debug log ASAP. If you'll need additional information please let me know.
regards
milo
**Trac**:
**Username**: miloNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/7254Orbot WARNs DNSPort and TransPort public address specified2020-06-13T01:40:54ZcypherpunksOrbot WARNs DNSPort and TransPort public address specified"WARN You specified and public address for DNSPort (and TransPort). Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason."
I don't have a good reason an..."WARN You specified and public address for DNSPort (and TransPort). Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason."
I don't have a good reason and want to fix this. There are 4 WARN messages, 1 DNSPort, another TransPort, another DNSPort and another Transport. They repeat as the Orbot log updates itself.
Orbot version 0.2.3.23-rc-1.0.11-RC6 on Samsung EXhibit II running CyanogenMod version 9-20120826_UNOFFICIAL-aancora-tmo
Hopefully I'm posting correctly in the correct place.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/7210Orbot hides the errors of the iptables rules2020-06-13T01:40:12ZTracOrbot hides the errors of the iptables rulesThe transparent proxy of orbot doesn't run in my phone. It shows a error in the notification area.
Yesterday, I decided review the debug log with adb and I found a (in my opinion) important problem in orbot.
You're running the rules of...The transparent proxy of orbot doesn't run in my phone. It shows a error in the notification area.
Yesterday, I decided review the debug log with adb and I found a (in my opinion) important problem in orbot.
You're running the rules of iptables with "/whatever/iptables rules | | exit". I know that my problem is due to some iptables rules but I can't see the error because you hide the error using "| | exit".
You can run each rule individually and check the exit code each time. I think my suggestion is better than the use of "| | exit" because with this orbot doesn't hide the errors.
Sorry if I don't send a patch but my know about java code is near to 0 :)
**Trac**:
**Username**: juanfra684Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/6988[orbot] Orbot relies on "which" to find the "su" binary.2020-06-13T01:35:15ZTrac[orbot] Orbot relies on "which" to find the "su" binary.On a stock system without busybox, requesting root access fails because "which"(a part of busybox) is not available.
D/Orbot (12049): executing shell cmds: which su; runAsRoot=false;waitFor=true
D/Orbot (12049): Could not acquire ro...On a stock system without busybox, requesting root access fails because "which"(a part of busybox) is not available.
D/Orbot (12049): executing shell cmds: which su; runAsRoot=false;waitFor=true
D/Orbot (12049): Could not acquire root permissions
############
% adb shell
shell@android:/ $ which which
/system/bin/sh: which: not found
127|shell@android:/ $su
shell@android:/ # echo -e '#!/system/bin/sh\necho /system/xbin/su' > /system/xbin/which
shell@android:/ # chmod 755 /system/xbin/which
shell@android:/ # which
/system/xbin/su
############
After that. It works.
**Trac**:
**Username**: MSalNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/6459error starting transparent proxy2020-06-13T01:23:34ZTracerror starting transparent proxyHi,
I have a Google Nexus S, Android 2.3.7, with Cyanogenmod-7.2.0-crespo
I have installed Orbot 0.2.3.10 from www.torproject.org.
Superuser access is granted to Orbot.
Starting Orbot I get:
- Setting up full transparent proxy
- Warning:...Hi,
I have a Google Nexus S, Android 2.3.7, with Cyanogenmod-7.2.0-crespo
I have installed Orbot 0.2.3.10 from www.torproject.org.
Superuser access is granted to Orbot.
Starting Orbot I get:
- Setting up full transparent proxy
- Warning: error starting transparent proxy
- Proxying!
- Bootstrapped 100% Done
Tor network is running
Check indicates: Sorry. You are not using Tor.
The transparent proxy do not work for me. (Always DISABLED)
What is wrong?
P.S. I was using Orbot on the same device with Cyanogenmod-7.1, and it was working properly with transparent proxying. After installing the Cyanogenmod-7.2.0-crespo rom the problem appeared.
Thanks a lot.
**Trac**:
**Username**: odadgariNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/6137Icon not in toolbar after killing2020-06-13T01:16:35ZTracIcon not in toolbar after killingOrbot icon is not in toolbar even though connected to the Tor network and Always-On Notifications is selected in the settings. I killed the Orbot application in the Android GUI and started it again by clicking on its icon but did not cli...Orbot icon is not in toolbar even though connected to the Tor network and Always-On Notifications is selected in the settings. I killed the Orbot application in the Android GUI and started it again by clicking on its icon but did not click the start button. The version is 0.2.3.15-ALPHA-1.0.8-RC3.
**Trac**:
**Username**: mattiNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5886Orbot needs wifi only option for Relay.2020-06-13T01:11:13ZNathan FreitasOrbot needs wifi only option for Relay.Orbot for Android has a Relay setting. And I would love to use it to help. However, you might want to enable as a default ACTIVE if on WiFi. That way everybody who downloads it can help when on WiFi and not while on a limited mobile p...Orbot for Android has a Relay setting. And I would love to use it to help. However, you might want to enable as a default ACTIVE if on WiFi. That way everybody who downloads it can help when on WiFi and not while on a limited mobile phone plan.
Or for those who have limited data plans, they can set the Relay to be on when WiFi is detected.
And if On when WiFi is detected, the phones can also serve as your Exit points. Furthering the cause.Nathan FreitasNathan Freitas