LXCBasedAndroid

References

Refers to :
https://github.com/elliott-wen/anbox-direct-gpu-access

This project could run android in lxc, with a modified UI for accessing the android UI.

Environment

Hardware and OS information is listed as:

# cat /proc/cpuinfo | grep 'model name'
model name	: Intel(R) Core(TM) i5-8265UC CPU @ 1.60GHz
$ free -m
              total        used        free      shared  buff/cache   available
Mem:          15765         336       14602         182         826       14960
Swap:          4095           0        4095
$ cat /etc/issue
Ubuntu 18.04.5 LTS \n \l

Steps

Initialize the environment via:

$ sudo apt-get install -y 
$ sudo apt-get upgrade -y
$ sudo apt-get install -y lubuntu-desktop
$ sudo apt-get install lxc  uidmap dkms
$ sudo usermod --add-subuids 100000-165536 dash
$ sudo usermod --add-subgids 100000-165536 dash
$ sudo chmod +x $HOME
$ cd ~/.config/
$ mkdir lxc
$ cd lxc/
$ vim default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
$ sudo vim /etc/lxc/lxc-usernet
  # USERNAME TYPE BRIDGE COUNT
  dash	veth lxcbr0 10
$ git clone https://github.com/anbox/anbox-modules.git
$ cd anbox-modules
$  ./INSTALL.sh
$ sudo reboot
$ mkdir -p /home/dash/emugui/disk
$ mkdir -p /home/dash/emugui/disk/data
$ mkdir -p /home/dash/emugui/disk/cache
$ git clone https://github.com/elliott-wen/anbox-direct-gpu-access.git
$ cd anbox-direct-gpu-access
$ sudo apt-get install -y clang libxcb1-devel libx11-xcb-dev libxcb-xinput-dev libxcb-present-dev libxcb-dri3-dev libxcb-icccm4-dev libpulse-dev 
$ ./build.sh
$ cd ~/.local/share/lxc
$ lxc-create -t busybox -n android
$ cd android
$ mv rootfs/ rootfs.back
$ tar xvf ~/rootfs.tar -C .
$ sudo /home/dash/anbox-direct-gpu-access-master/nsexex -b ~/.local/share/lxc/android/rootfs 0 100000 65536
$ mv config config.back
$ vim config

The config file for lxc is listed as:

# Template used to create this container: /usr/share/lxc/templates/lxc-busybox
# Parameters passed to the template:
# Template script checksum (SHA-1): 21abc1440b73cdb95d96d5459b27c3a87df9976f
# For additional config options, please look at lxc.container.conf(5)
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
#lxc.rootfs.path = dir:/home/elliott/.local/share/lxc/android/rootfs
lxc.rootfs.path = dir:/home/dash/.local/share/lxc/android/rootfs
lxc.mount.entry = /home/dash/emugui/disk/data data none bind,optional 0 0
lxc.mount.entry = /home/dash/emugui/disk/cache cache none bind,optional 0 0
lxc.mount.entry = /dev/dri/card0 dev/dri/card0 none bind,optional,create=file 0 0
lxc.mount.entry = /dev/dri/renderD128 dev/dri/renderD128 none bind,optional,create=file 0 0	
lxc.mount.entry = /dev/binder dev/binder none bind,optional,create=file 0 0
lxc.mount.entry = /dev/uinput dev/uinput none bind,optional,create=file 0 0
lxc.mount.entry = /dev/ashmem dev/ashmem none bind,optional,create=file 0 0
lxc.mount.entry = /tmp/android-dbus host none bind,optional,create=dir 0 0
lxc.mount.entry = /tmp/android-dbus/input dev/input none bind,optional,create=dir 0 0
lxc.mount.entry = /dev/fuse dev/fuse none bind,optional,create=file 0 0
lxc.signal.halt = SIGUSR1
lxc.signal.reboot = SIGTERM
lxc.uts.name = "android"
lxc.tty.max = 0
lxc.pty.max = 1024
lxc.tty.dir = ""
lxc.net.0.type="veth"
lxc.net.0.flags="up"
lxc.net.0.link="lxcbr0"


# When using LXC with apparmor, uncomment the next line to run unconfined:
lxc.apparmor.profile = unconfined
lxc.mount.auto = proc:mixed sys:mixed cgroup:mixed
lxc.autodev = 1
lxc.environment = PATH=/system/bin:/system/sbin:/system/xbin:/bin
lxc.init.cmd=/init

Change the mode for dev files:

sudo chmod 0600 -R /dev/binder  /dev/ashmem  /dev/dri/*

Then start the lxc instance via:

lxc-start -F -n android

adb connection

Install adb via:

# sudo apt-get install -y adb
# adb root
# adb connect 10.0.3.174
# adb  shell
# adb push ~/F-Droid.apk
# adb push ..... ....

Stop the intance:

# lxc -stop -n android -k

TurnRPIIntoAP

目的

将闲置的RPI变为一个AP,有线转无线,用于快速连接网络开发。

准备材料

下载2021-05-07-raspios-buster-armhf-lite.zip, 解压并写入SD卡,之后用SD卡启动RPI3, 默认用户名及密码是pi/raspberry, 写入后使用rpi-config扩充文件系统:

pi@raspberrypi:~ $ uname -a
Linux raspberrypi 5.10.52-v7+ #1441 SMP Tue Aug 3 18:10:09 BST 2021 armv7l GNU/Linux
pi@raspberrypi:~ $ cat /etc/issue
Raspbian GNU/Linux 10 \n \l

步骤

更改为tsinghua的源以加速:

# 编辑 `/etc/apt/sources.list` 文件,删除原文件所有内容,用以下内容取代:
deb http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib rpi
deb-src http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib rpi

# 编辑 `/etc/apt/sources.list.d/raspi.list` 文件,删除原文件所有内容,用以下内容取代:
deb http://mirrors.tuna.tsinghua.edu.cn/raspberrypi/ buster main ui

下载hostapd及dhcp服务器:

# sudo apt-get update -y
# sudo apt-get upgrade -y
# sudo apt-get install hostapd isc-dhcp-server iptables-persistent

配置DHCP服务器:

$ sudo vim /etc/dhcp/dhcpd.conf

找到以下行(这里需要注释掉默认的选项):

option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;

替换为:

#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;

找到以下行(这里是激活authoritative选项):

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;

替换为:

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

在文件的末尾添加以下定义:

subnet 172.16.42.0 netmask 255.255.255.0 {
	range 172.16.42.10 172.16.42.50;
	option broadcast-address 172.16.42.255;
	option routers 172.16.42.1;
	default-lease-time 600;
	max-lease-time 7200;
	option domain-name "local";
	option domain-name-servers 8.8.8.8, 8.8.4.4;
}

现在保存后退出。
现在编辑isc-dhcp-server的默认定义文件,配置其监听的端口:

# sudo vim /etc/default/isc-dhcp-server
.....
INTERFACESv4="wlan0"
INTERFACESv6="wlan0"

编辑wlan0的静态地址(这里我们顺便设置了eth0的静态地址):

# sudo vim /etc/network/interfaces
auto wlan0
iface wlan0 inet static
  address 172.16.42.1
  netmask 255.255.255.0
auto eth0
iface eth0 inet static
  address 192.168.1.117
  netmask 255.255.255.0
  gateway 192.168.1.33

配置hostapd:

# sudo vim /etc/hostapd/hostapd.conf
country_code=US
interface=wlan0
driver=nl80211
ssid=Pi_AP
country_code=US
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=xxxxxxxxxxxx
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wme_enabled=1

配置hostapd的默认配置文件:

# sudo vim /etc/default/hostapd
Find the line #DAEMON_CONF="" and edit it so it says DAEMON_CONF="/etc/hostapd/hostapd.conf"

配置NAT(网络地址转换) :

# sudo vim /etc/sysctl.conf

pi@raspberrypi:~ $ cat /etc/sysctl.conf  | grep ip_forward
net.ipv4.ip_forward=1

最后保存iptables:

sudo iptables -t nat -S
sudo iptables -S
sudo sh -c "iptables-save > /etc/iptables/rules.v4"

iptables-persistent会在启动的时候自动载入保存的规则。

如此则可以将RPi3作为一个无线接入点来使用。

WorkingTipsOnCloudMobilePhone

步骤

Install CentOS 7.4 :

/images/2021_08_26_11_32_24_795x590.jpg

With route:

[root@intelandroid ctctest]# ip route
default via 192.168.91.254 dev enp61s0f0 proto static metric 100 
192.168.89.0/24 dev enp61s0f0 proto kernel scope link src 192.168.89.108 metric 100 
192.168.91.254 dev enp61s0f0 proto static scope link metric 100 
[root@intelandroid ctctest]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp61s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq portid 3cd2e55e05da state UP qlen 1000
    link/ether 3c:d2:e5:5e:05:da brd ff:ff:ff:ff:ff:ff
    inet 192.168.89.108/24 brd 192.168.89.255 scope global enp61s0f0
       valid_lft forever preferred_lft forever
    inet6 fe80::1e1f:7e4d:5f9f:a2ab/64 scope link 
       valid_lft forever preferred_lft forever

Update grub:

# vim /etc/default/grub
...
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rhgb quiet modprobe.blacklist=ast"
...
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
# reboot

After reboot, check ast module is not loaded:

# lsmod | grep ast
Should be nothing here. 

WorkingTipsOnIntelSG1

Hardware & OS

Refers to:

https://www.h3c.com/en/Support/Resource_Center/EN/Severs/Catalog/Optional_Parts/GPU/Technical_Documents/Install/User_Guide/H3C_XG310_GPU_UG-5W100/

# cat /etc/issue
Ubuntu 20.04.1 LTS \n \l

# uname -a
Linux xxxxxxxxxxxxxxxxxx 5.4.48+ #1 SMP Wed Feb 3 10:57:04 CST 2021 x86_64 x86_64 x86_64 GNU/Linux

CPU and memory:

# cat /proc/cpuinfo
...
processor       : 95
vendor_id       : GenuineIntel
cpu family      : 6
model           : 85
 model name      : Intel(R) Xeon(R) Gold 6248R CPU @ 3.00GHz
...
# free -g
              total        used        free      shared  buff/cache   available
Mem:            503           3         496           0           3         497
Swap:             1           0           1

Steps

Steps:

# mkdir IntelAndroid
# tar xzvf xxxxxxxxxxxx.tar.gz

WorkingTipsOnOpenWRTCrossGFW

硬件配置

2核2G, 虚拟机, 其磁盘文件为openwrt-21.02.0-rc3-x86-64-generic-ext4-combined.img.

网络配置

隔离网络:

/images/2021_08_17_13_57_12_682x128.jpg

NAT网络:

/images/2021_08_17_13_57_12_682x128.jpg

启动完毕后,安装以下opkg包:

# opkg install redsocks

OpenWRT中配置:

Wan:

./images/2021_08_17_13_59_55_881x449.jpg

/images/2021_08_17_14_03_07_467x160.jpg

LAN:

/images/2021_08_17_14_00_17_604x551.jpg

/images/2021_08_17_14_02_14_508x152.jpg

Enable dhcp server:

/images/2021_08_17_14_02_34_580x398.jpg

Devices:

/images/2021_08_17_14_03_45_953x307.jpg

/images/2021_08_17_14_04_05_478x424.jpg

/images/2021_08_17_14_04_21_610x382.jpg

DNS:

/images/2021_08_17_14_04_47_552x604.jpg

redsocks items

/etc/redsocks.conf:

base {
        // debug: connection progress & client list on SIGUSR1
        log_debug = off;

        // info: start and end of client session
        log_info = on;

        /* possible `log' values are:
         *   stderr
         *   "file:/path/to/file"
         *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
         */
        // log = stderr;
        // log = "file:/path/to/file";
        log = "syslog:local7";

        // detach from console
        daemon = on;

        /* Change uid, gid and root directory, these options require root
         * privilegies on startup.
         * Note, your chroot may requre /etc/localtime if you write log to syslog.
         * Log is opened before chroot & uid changing.
         */
        // user = nobody;
        // group = nobody;
        // chroot = "/var/chroot";

        /* possible `redirector' values are:
         *   iptables   - for Linux
         *   ipf        - for FreeBSD
         *   pf         - for OpenBSD
         *   generic    - some generic redirector that MAY work
         */
        redirector = iptables;
}

redsocks {
        /* `local_ip' defaults to 127.0.0.1 for security reasons,
         * use 0.0.0.0 if you want to listen on every interface.
         * `local_*' are used as port to redirect to.
         */
        local_ip = 192.168.89.254;
        local_port = 12345;

        // listen() queue length. Default value is SOMAXCONN and it should be
        // good enough for most of us.
        // listenq = 128; // SOMAXCONN equals 128 on my Linux box.

        // `max_accept_backoff` is a delay to retry `accept()` after accept
        // failure (e.g. due to lack of file descriptors). It's measured in
        // milliseconds and maximal value is 65535. `min_accept_backoff` is
        // used as initial backoff value and as a damper for `accept() after
        // close()` logic.
        // min_accept_backoff = 100;
        // max_accept_backoff = 60000;

        // `ip' and `port' are IP and tcp-port of proxy-server
        // You can also use hostname instead of IP, only one (random)
        // address of multihomed host will be used.
        ip = 10.50.208.147;
        port = 8118;


        // known types: socks4, socks5, http-connect, http-relay
        type = socks5;

        // login = "foobar";
        // password = "baz";
}

redudp {
        // `local_ip' should not be 0.0.0.0 as it's also used for outgoing
        // packets that are sent as replies - and it should be fixed
        // if we want NAT to work properly.
        local_ip = 127.0.0.1;
        local_port = 10053;
        // `ip' and `port' of socks5 proxy server.
        ip = 10.0.0.1;
       port = 1080;
        login = username;
        password = pazzw0rd;

        // redsocks knows about two options while redirecting UDP packets at
        // linux: TPROXY and REDIRECT.  TPROXY requires more complex routing
        // configuration and fresh kernel (>= 2.6.37 according to squid
        // developers[1]) but has hack-free way to get original destination
        // address, REDIRECT is easier to configure, but requires `dest_ip` and
        // `dest_port` to be set, limiting packet redirection to single
        // destination.
        // [1] http://wiki.squid-cache.org/Features/Tproxy4
        dest_ip = 8.8.8.8;
        dest_port = 53;

        udp_timeout = 30;
        udp_timeout_stream = 180;
}

dnstc {
        // fake and really dumb DNS server that returns "truncated answer" to
        // every query via UDP, RFC-compliant resolver should repeat same query
        // via TCP in this case.
        local_ip = 127.0.0.1;
        local_port = 5300;
}

// you can add more `redsocks' and `redudp' sections if you need.

/etc/init.d/redsocks content:

##### /etc/init.d/redsocks######
#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org

START=90

# check if configuration exists
[ -e "/etc/redsocks.conf" ] || exit 0

start() {
        if [ -e "/var/run/redsocks.pid" ]; then
                echo "redsocks is already running"
                exit 0
        fi

        /bin/echo -n "running redsocks ..."

        # startup the safety-wrapper for the daemon
        /usr/sbin/redsocks -p /var/run/redsocks.pid

        /bin/echo " done"
}

stop() {
        if [ ! -e "/var/run/redsocks.pid" ]; then
                echo "redsocks is not running"
                exit 0
        fi

        /bin/echo -n "stopping redsocks ..."

        # kill the process
        /bin/kill $(cat /var/run/redsocks.pid)
        rm /var/run/redsocks.pid

        echo " done"
}

Iptables rules:

iptables -t nat -N REDSOCKS
# Ignore LANs IP address
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
# Anything else should be redirected to redsocks's local port
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -I zone_lan_prerouting -j REDSOCKS

Then with a reverse proxy you could cross gfw.
Reverse connect:

Internet machine(with 53 as its dns server):

ssh -o GatewayPorts=true -f -N -T -R *:18888:localhost:18888 docker@10.xxxxx
ssh -o GatewayPorts=true -f -N -T -R *:8118:10.10.3.19:1080 docker@10.xxxxxx
sudo socat tcp-listen:18888,reuseaddr,fork udp:127.0.0.1:53

Intranet machine:

socat -T15 udp4-recvfrom:53,bind=10.xxx.xxx.xx,fork tcp:localhost:18888