Pages

Wednesday, April 28, 2010

DNS Tunnelling on Android

I have a Motorola Milestone, its somewhat awesome, but what would make it awesome-er is ... tunnelling TCP/IP over DNS! Any device that can support covert, high latency, text based network protocols should. And rooting the phone isn't required.

It turns out it is suprisingly easy to get simple C code running on an Android phone, if you don't mind statically compiling and don't have many dependencies. The results are sort of bloated though.

You can download a precompiled sods client (sdt) for Android (the binary will also work on Nokia tablets running Maemo) from here. I compiled sdt using scratchbox. You'll need a sods server and a domain set up, of course (here are instructions).

Copy sdt to your phone. I moved it to the sd card.

If you don't have ConnectBot installed, get it from the Android market now. Start up ConnectBot and create a new local host. This will start a shell on the phone.

Change to the ConnectBot data directory; we'll use it to hold the sods client.
cd /data/data/org.connectbot
Create a new directory or use the files directory (I have no idea what will happen to these directories when ConnectBot is upgraded).
mkdir bin
cd bin
Copy sdt and change the permissions:
cp /sdcard/tmp/sdt .
chmod 744 sdt
./sdt -h
Now create a new local host to run sdt. Do a long press on the new entry and select "Edit Host".
Choose the "Post-login automation" item. This will let us run commands when the shell is started.
The flags to sdt can be manually specified or wrapped in a shell script.
Here is an example shell script (called sd):
#!/system/bin/sh

PORT=22220

S=${1:-0}
PORT=$((PORT+$S))

T=${2:-TXT}

NS1=`getprop net.dns1`
NS=${3:-$NS1}
./sdt -t $T -r $NS -p $PORT -s $S -vvvv x.a.example.com x.b.example.com x.n.example.com
Create a new ssh host, connecting to localhost and whatever port sdt has been configured to listen on (using the -p flag).

Test it out. In the ConnectBot host list, select the sdt host.
Hit the back button, then select the ssh host.
If everything works out, a glorious, if slow, ssh session over DNS should be the reward.
After login, run GNU screen (in case the connection drops). I usually run console apps, but ConnectBot supports port forwarding for those times you need to run send data from other apps over the tunnel (forwarding through a proxy like ziproxy works well).
centerim: IRC over SSH over TCP/IP over DNS
Web browsing over DNS on a phone using w3m

Update: 2011-03-13

I've switched phones to an HTC Desire Z (running Android 2.2) and one of my first tasks was to get sods running on it.
  1. I was getting permission errors copying from the sdcard to the connectbot directory so I resorted to using "cat":
    
    cd /data/data/org.connectbot/bin
    cat /sdcard/tmp/sdt > sdt
    chmod 755 sdt
    ./sdt -h
    
  2. If you are having problems connecting to the sods server, make sure another sdt process is not running. To do this, run "ps" and "kill" from the ConnectBot shell or kill the ConnectBot application.

2 comments:

  1. i like this very much. i am running a openvpn connection over the ssh tunnel but i have problems setting the new default gw after connecting to the ovpn server. speed is very slow, but i love to travel invisible through an airport wlan :) kind regards

    ReplyDelete
  2. On Android, DNS tunneling can also be done with VPN-over-DNS: the client is available for free on the Android Market (Google Play) and the VPN server farm is hosted on the Amazon Cloud. Totally free, very easy to install, and able to transport SSH by means of the TCP redirection port capability. See www.vpnoverdns.com for further informations

    ReplyDelete