Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-13T01:35:15Zhttps://gitlab.torproject.org/legacy/trac/-/issues/6988[orbot] Orbot relies on "which" to find the "su" binary.2020-06-13T01:35:15ZTrac[orbot] Orbot relies on "which" to find the "su" binary.On a stock system without busybox, requesting root access fails because "which"(a part of busybox) is not available.
D/Orbot (12049): executing shell cmds: which su; runAsRoot=false;waitFor=true
D/Orbot (12049): Could not acquire ro...On a stock system without busybox, requesting root access fails because "which"(a part of busybox) is not available.
D/Orbot (12049): executing shell cmds: which su; runAsRoot=false;waitFor=true
D/Orbot (12049): Could not acquire root permissions
############
% adb shell
shell@android:/ $ which which
/system/bin/sh: which: not found
127|shell@android:/ $su
shell@android:/ # echo -e '#!/system/bin/sh\necho /system/xbin/su' > /system/xbin/which
shell@android:/ # chmod 755 /system/xbin/which
shell@android:/ # which
/system/xbin/su
############
After that. It works.
**Trac**:
**Username**: MSalNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/6459error starting transparent proxy2020-06-13T01:23:34ZTracerror starting transparent proxyHi,
I have a Google Nexus S, Android 2.3.7, with Cyanogenmod-7.2.0-crespo
I have installed Orbot 0.2.3.10 from www.torproject.org.
Superuser access is granted to Orbot.
Starting Orbot I get:
- Setting up full transparent proxy
- Warning:...Hi,
I have a Google Nexus S, Android 2.3.7, with Cyanogenmod-7.2.0-crespo
I have installed Orbot 0.2.3.10 from www.torproject.org.
Superuser access is granted to Orbot.
Starting Orbot I get:
- Setting up full transparent proxy
- Warning: error starting transparent proxy
- Proxying!
- Bootstrapped 100% Done
Tor network is running
Check indicates: Sorry. You are not using Tor.
The transparent proxy do not work for me. (Always DISABLED)
What is wrong?
P.S. I was using Orbot on the same device with Cyanogenmod-7.1, and it was working properly with transparent proxying. After installing the Cyanogenmod-7.2.0-crespo rom the problem appeared.
Thanks a lot.
**Trac**:
**Username**: odadgariNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/6359make use of stream isolation2020-06-13T01:21:19Zpropermake use of stream isolationTorBirdy should not use the same circuit that any other torified applications may use. Streams should get isolated.
A different circuit should also be used for each account, similar to what Tor Browser does when isolating different doma...TorBirdy should not use the same circuit that any other torified applications may use. Streams should get isolated.
A different circuit should also be used for each account, similar to what Tor Browser does when isolating different domains.Sukhbir SinghSukhbir Singhhttps://gitlab.torproject.org/legacy/trac/-/issues/6264obfsproxy: Add support for dropping privileges and chrooting2020-06-13T01:19:12ZTracobfsproxy: Add support for dropping privileges and chrooting```
[PATCH 1/2] Make obfsproxy drop privileges if requested
Added --user and --group arguments which will make obfsproxy drop privileges
and switch to the given user/group.
The code for droping privileges is shamelessly taken from the ...```
[PATCH 1/2] Make obfsproxy drop privileges if requested
Added --user and --group arguments which will make obfsproxy drop privileges
and switch to the given user/group.
The code for droping privileges is shamelessly taken from the Tor project and
adopted to obfsproxy. The switch_id() function in src/common/compat.c was used.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
---
configure.ac | 3 +
src/external.c | 16 +++++++-
src/main.c | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/managed.c | 10 +++++
4 files changed, 147 insertions(+), 2 deletions(-)
[PATCH 2/2] Added support for chrooting obfsproxy
This patch adds --chroot=<dir> which will chroot the process as soon
as possible.
For more info about chrooting, see this URL:
<http://www.unixwiz.net/techtips/chroot-practices.html>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
---
src/main.c | 27 +++++++++++++++++++++++++--
1 files changed, 25 insertions(+), 2 deletions(-)
```
**Trac**:
**Username**: dazohttps://gitlab.torproject.org/legacy/trac/-/issues/6137Icon not in toolbar after killing2020-06-13T01:16:35ZTracIcon not in toolbar after killingOrbot icon is not in toolbar even though connected to the Tor network and Always-On Notifications is selected in the settings. I killed the Orbot application in the Android GUI and started it again by clicking on its icon but did not cli...Orbot icon is not in toolbar even though connected to the Tor network and Always-On Notifications is selected in the settings. I killed the Orbot application in the Android GUI and started it again by clicking on its icon but did not click the start button. The version is 0.2.3.15-ALPHA-1.0.8-RC3.
**Trac**:
**Username**: mattiNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5886Orbot needs wifi only option for Relay.2020-06-13T01:11:13ZNathan FreitasOrbot needs wifi only option for Relay.Orbot for Android has a Relay setting. And I would love to use it to help. However, you might want to enable as a default ACTIVE if on WiFi. That way everybody who downloads it can help when on WiFi and not while on a limited mobile p...Orbot for Android has a Relay setting. And I would love to use it to help. However, you might want to enable as a default ACTIVE if on WiFi. That way everybody who downloads it can help when on WiFi and not while on a limited mobile phone plan.
Or for those who have limited data plans, they can set the Relay to be on when WiFi is detected.
And if On when WiFi is detected, the phones can also serve as your Exit points. Furthering the cause.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5751Standardize SOCKS extensions to support proxied DNS queries2020-06-13T01:08:39ZRobert RansomStandardize SOCKS extensions to support proxied DNS queriesTor supports anonymous DNS resolution through its SocksPort, but no application (except the `tor-resolve` utility shipped with Tor) uses that feature, probably because it's not an IETF standard. Perhaps that should be changed.
This wil...Tor supports anonymous DNS resolution through its SocksPort, but no application (except the `tor-resolve` utility shipped with Tor) uses that feature, probably because it's not an IETF standard. Perhaps that should be changed.
This will probably involve designing a new DNS-resolution SOCKS command and implementing it in Tor; Tor's current SOCKS commands are not likely to be accepted as a standard (even if they're renumbered) because they do not support most of DNS's new and interesting features.https://gitlab.torproject.org/legacy/trac/-/issues/5469Orbot: can't specify node restrictions2020-06-13T01:02:26ZTracOrbot: can't specify node restrictionsI'm using Orbot (v0.2.3.10-alpha-1.0.7-FINAL, on Android ICS v4.0.1) and I can't seem to get the exit node I request.
In the Exit and Entrance Node fields I have "{us}" entered, yet sometimes I get IP's outside the US. Yesterday I got a ...I'm using Orbot (v0.2.3.10-alpha-1.0.7-FINAL, on Android ICS v4.0.1) and I can't seem to get the exit node I request.
In the Exit and Entrance Node fields I have "{us}" entered, yet sometimes I get IP's outside the US. Yesterday I got a UK ip.
Also, at random (usually after 30 minutes or so) I seem to lose connection to the Tor network without Orbot notifying me. I'm using Pandora from Canada.
**Trac**:
**Username**: dvdwsnNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5393orbot relay bug - orbot is not setting the relay values into torrc properly c...2020-06-13T01:00:46ZTracorbot relay bug - orbot is not setting the relay values into torrc properly causing orbot to not work when set as relayThis is about the bug discussed with 'n8fr8' on #guardianproject at freenode.
So, the relay functionality you said was broken and needs to be fixed for 'orbot' on smartphones.
I checked with the orbot version '0.2.3.10-alpha-orbot-1.0.7-...This is about the bug discussed with 'n8fr8' on #guardianproject at freenode.
So, the relay functionality you said was broken and needs to be fixed for 'orbot' on smartphones.
I checked with the orbot version '0.2.3.10-alpha-orbot-1.0.7-FINAL' and you have checked with the 'dev branch of the code' as you said (i suppose that means you have checked with latest version of code by compiling and running the latest updated version from git; i will do it too and let you know again). But none seemed to work. In fact, you said you were getting a more significant crash, when you enabled relaying on smartphone for dev branch of code.
You also thought if the problem is: whether the Relay conflict is with transproxying/root or with Tor client connection in general. But, i'm not sure if it later seemed not to be the problem.
Then, you told me to change the torrc file on my android phone, as you said that orbot is not setting the relay values properly which might be the reason for orbot not working as a relay on smartphone.
So, I will do that and let you know about it. I will also keep checking 'https://guardianproject.info/builds/Orbot/' to see if any new dev/debug release is posted.
Thankyou so very much for all your help, Mr.Nathan.
**Trac**:
**Username**: ruki_Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5305Orbot ( 0.2.3.10-alpha-1.0.7-FINAL) connection error2020-06-13T00:59:12ZTracOrbot ( 0.2.3.10-alpha-1.0.7-FINAL) connection errorOrbot was working fine . now it refuses to connect and displays a working status and the following errors .
D/Orbot ( 3435): Attempt: Error connecting to control port: /data/data/org.torproject.android/cache/control_auth_cookie (Per...Orbot was working fine . now it refuses to connect and displays a working status and the following errors .
D/Orbot ( 3435): Attempt: Error connecting to control port: /data/data/org.torproject.android/cache/control_auth_cookie (Permission denied)
D/Orbot ( 3435): java.io.FileNotFoundException: /data/data/org.torproject.android/cache/control_auth_cookie (Permission denied)
I am using a samsung i9100 on a stock rom and Orbot version 0.2.3.10-alpha-1.0.7-FINAL
**Trac**:
**Username**: TBA001Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/5130Allow obfsproxy to daemonize2020-06-13T01:19:17ZTracAllow obfsproxy to daemonizeI've been working on setting up obfsproxy and I ran into a minor issue: It doesn't seem possible to send the obfsproxy process into the background (i.e. daemonize it) if I'm running it as an external server and not in managed mode. If ...I've been working on setting up obfsproxy and I ran into a minor issue: It doesn't seem possible to send the obfsproxy process into the background (i.e. daemonize it) if I'm running it as an external server and not in managed mode. If I want to be able to specify the listening port for a bridge server I don't think there's a way to do this without running obfsproxy as an external server (please correct me if I'm wrong). However, there's no option to fork/detach from the terminal in the case of an external server, which seems a rather significant issue.
I've written a small patch for main.c that seems to correct this problem (see attached). This implements two command line arguments, "--daemonize", which, when specified will just send the program into the background and "--daemonize_with_pid=<pid_file>", which will daemonize and write the process id to the specified file. This patch only works on unix systems, but I've added #ifdef directives that only enable this code if unistd.h is defined, otherwise it will be completely ignored.
**Trac**:
**Username**: ericpaulbishophttps://gitlab.torproject.org/legacy/trac/-/issues/5096Support transferring bridge addresses in QR codes2020-06-13T03:02:59ZRobert RansomSupport transferring bridge addresses in QR codesAt some point (maybe in days, maybe in weeks), we will start distributing bridge addresses which contain multiple 80-bit-or-longer base32-encoded ‘cryptovariables’ (I don't know any other appropriate general term for them). Orbot users ...At some point (maybe in days, maybe in weeks), we will start distributing bridge addresses which contain multiple 80-bit-or-longer base32-encoded ‘cryptovariables’ (I don't know any other appropriate general term for them). Orbot users will want to not retype them into their puny phone keyboards.
See the ‘`libzbar`’ package for a QR-code decoder under the LGPL. See ‘`libqrencode`’ for a QR-code encoder under the LGPL. Neither of these can currently handle binary strings containing NULs (you don't want to be parsing/repacking bridge lines anyway, but you need to know about that bug before you use the QR-code hammer to pound e.g. OTR/GPG fingerprints, BitTorrent info hashes, or Curve25519/Ed25519 public keys).
Also, if you interact with a QR-code decoder through e.g. XML, don't get [bobbytabled](https://xkcd.com/327/). (P.S. ‘`zbarimg --xml`’ sucks.)Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/4678Orbot fails to start on Asus Transformer with Prime 2.1.1 FW2020-06-13T00:45:41ZTracOrbot fails to start on Asus Transformer with Prime 2.1.1 FWFor some reason Orbot fails to start on Asus Transformer with Prime v2.1.1 firmware.
----
**Trac**:
**Username**: alllexxFor some reason Orbot fails to start on Asus Transformer with Prime v2.1.1 firmware.
----
**Trac**:
**Username**: alllexxNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/4423Orbot flushes all foreign iptables rules2020-06-13T00:40:06ZTracOrbot flushes all foreign iptables rulesRegardless of whether transparency proxy is enabled or not, all foreign iptables rules get flushed when connecting or disconnecting to/from Tor.
Iptables chains stay untouched.
This is a big problem when using iptables based firewalls ...Regardless of whether transparency proxy is enabled or not, all foreign iptables rules get flushed when connecting or disconnecting to/from Tor.
Iptables chains stay untouched.
This is a big problem when using iptables based firewalls like "DroidWall" or "LBE Privacy Guard".
Example 1:
A internet access blocked application (a game, google location service, etc.) gets unblocked as soon as Orbot connects/disconnects to Tor.
Example 2:
A application should just be able to communicate through Tor. iptables related firewall blocks it. But Orbot's transparency proxy should allow it.
This still occures on the latest RC build:
"Orbot-1.0.6-Tor-0.2.3.7-alpha-RC3"
**Trac**:
**Username**: aribnsNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/4385Wizard comes up when you try to exit orbot2020-06-13T00:39:30ZSathyanarayanan GunasekaranWizard comes up when you try to exit orbotThe wizard doesn't kill itself due to android's weird handling of activities, so we manually have to kill it once the user clicks on "Options -> Exit".The wizard doesn't kill itself due to android's weird handling of activities, so we manually have to kill it once the user clicks on "Options -> Exit".Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3775Permission error on Orbot2020-06-13T00:27:16ZTracPermission error on OrbotThere's some kind of problem with permissions in Orbot. I'm not sure if this happens only to me, but when I try to start Tor, it cannot access cache/control_auth_cookie. I can chmod it every time, but it is a bit annoying.
**Trac**:
...There's some kind of problem with permissions in Orbot. I'm not sure if this happens only to me, but when I try to start Tor, it cannot access cache/control_auth_cookie. I can chmod it every time, but it is a bit annoying.
**Trac**:
**Username**: etnmichNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3595Connections with IPv4-mapped IPv6 addresses bypass transproxy2020-06-13T02:06:22ZTracConnections with IPv4-mapped IPv6 addresses bypass transproxyA user (DEplan on #guardianproject) reported that Gibberbot was using his real IP despite Orbot's transproxy being turned on; further research led to the conclusion that recent releases of Android seem to use IPv4-mapped IPv6 adresses fo...A user (DEplan on #guardianproject) reported that Gibberbot was using his real IP despite Orbot's transproxy being turned on; further research led to the conclusion that recent releases of Android seem to use IPv4-mapped IPv6 adresses for a large portion of connections. For examples, please see http://pastebin.com/Z4KDDq40. These connections completely bypass transproxy.
I am not yet sure about the circumstances under which Android employs these addresses.
The problems in finding a solution are that Android usually does not include ip6tables (though Orbot could simply package that) and kernels do usually not include IPv6 netfilter modules. The latter is a major issue, since Orbot can't package modules for every single kernel a user might be running.
As a side note, IPv6 does not support NAT (which is what transproxying is based on).
I'll try to figure out what triggers this behaviour of Android and find possible solutions (using sysctl to disable IPv6 does not solve it).
**Trac**:
**Username**: __sporkbombNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3572Disable Orbot transparent redirect for rfc1918 & localhost2020-06-13T00:23:02ZTracDisable Orbot transparent redirect for rfc1918 & localhostThe iptables rules setup on orbot to redirect all traffic through tor cause problems for when I'm on my wireless on my RFC1918 network or trying to access stuff bound onto localhost (vnc, ...).
Could the transparent redirect scripts be ...The iptables rules setup on orbot to redirect all traffic through tor cause problems for when I'm on my wireless on my RFC1918 network or trying to access stuff bound onto localhost (vnc, ...).
Could the transparent redirect scripts be updated to ignore RFC1918 & 127.0.0.X addresses?
**Trac**:
**Username**: dmz@zzservers.comNathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3082Orbot problems on rooted x10 with jit installed.2020-06-13T00:14:36ZNathan FreitasOrbot problems on rooted x10 with jit installed.JIT is the just in time compiler developed by someone on XDA for the X10. Apparently SE pulled it from the 2.1 build due to a risk of processor overheating. When you put it back you get a performance increase of 50% based on benchmarks...JIT is the just in time compiler developed by someone on XDA for the X10. Apparently SE pulled it from the 2.1 build due to a risk of processor overheating. When you put it back you get a performance increase of 50% based on benchmarks, with the slight cost that when the processor is maxed out it sometimes casues a reboot, although i dont think that was the issue here. Not had a problem with overheating yet, but got safeguards in place.
Went into settings (note given previous problems I had disabled start on boot, might be worth making this default initially?) and enabled logs, attatched to this email.
Note display was helpful on one attempt but blank apart from waiting animation on 2 others. No easy way to stop process apart from task killer.Nathan FreitasNathan Freitashttps://gitlab.torproject.org/legacy/trac/-/issues/3081Orbot start up problem/looping dialog2020-06-13T00:14:36ZNathan FreitasOrbot start up problem/looping dialog#1. Almost always it takes two (sometimes three) starts for Orbot to connect properly. One symptom is in #2 below. Another is that all looks good (connection sequence looks correct, drop down alert looks correct) but testing via check....#1. Almost always it takes two (sometimes three) starts for Orbot to connect properly. One symptom is in #2 below. Another is that all looks good (connection sequence looks correct, drop down alert looks correct) but testing via check.torproject.org shows no connection. Exiting and restarting usually yields a working connection.
#2. Frequently on the first try, the app shows the spinning white circular pattern in the black rectangle in front of the Orbot logo, "Orbot is starting" message under the logo, and then stays in that mode indefinitely.Nathan FreitasNathan Freitas