efforg/rayhunter#524

View on GitHub →
#524 Support for KaiOS devices
untitakeruntitaker, edited OpenIdeas

https://wiki.bananahackers.net/en/devices

I think it would make sense to look into KaiOS-related devices and whether rayhunter can run on them. There’s already some preliminary work done to root those phones, and the rooting procedure seems fairly similar across quite a few devices. The devices are in the same price range as pocket routers, and so they’re just cheap enough to buy them for testing, unlike a lot of Android phones.

Many devices there are EOL though.

Comments (2)
Jane6442Jane6442, edited

I tried to run rayhunter on a Nokia Banana 8110 4G, and it works easily. It should works in the exact same way for Nokia 2720 Flip and Nokia 800 Tough. I used Wallace Toolbox to get root. The rooting script is easy to embedded in rayhunter, but it use a adb daemon binary adbd which need to be uploaded on the phone. can only be launched from a KaiOS app ; it use an undocumented API which run root shell commands, so it can be used to obtain an adb root shell. A KaiOS app will always be needed to obtain root. We could also make a KaiOS app (it’s a simple web app) to be able to get basic info of rayhunter directrly from the phone, and make a notification in case of alert. Also, we can’t use frame buffer as for tplink or orbic to interract with the screen.

How to get one

  • ~40€ on Aliexpress in Europe link

Installation process

  • Install WallaceToolbox and use it to get an adb root shell.

  • Push rayhunter-daemon in /data/rayhunter and config.toml At the first run without config file, we got an error because df -h that doesn’t exist, but busybox df -h which is similar for the Uz801. If we change the config file for Uz801 it works.

  • We need to remount /system with write access mount -o remount,rw /system

  • We create a startup script and adb push in /etc/ Many paths have to be modified compared to the original rayhunter startup script.

    • There is even no /etc/init.d folder. Init script in /etc start with init.nameofmyscript
    • start-stop-daemon have to be called by busybox start-stop-daemon
    • /tmp is in /data/local/tmp/
#! /system/bin/sh

set -e

case "$1" in
start)
    echo -n "Starting rayhunter: "

    busybox start-stop-daemon -S -b --make-pidfile --pidfile /data/local/tmp/rayhunter.pid \
    --startas /system/bin/sh  -- -c "RUST_LOG=info exec /data/rayhunter/rayhunter-daemon /data/rayhunter/config.toml > /data/rayhunter/rayhunter.log 2>&1"

    echo "done"
    ;;
  stop)
    echo -n "Stopping rayhunter: "
    busybox start-stop-daemon -K -p /data/local/tmp/rayhunter.pid
    echo "done"
    ;;
  restart)
    $0 stop
    $0 start
    ;;
  *)
    echo "Usage init.rayhunter_daemon { start | stop | restart }" >&2
    exit 1
    ;;
esac

exit 0

it can be pushed in /etc/init.rayhunter_daemon To auto start that script at boot, it can be put at the end of /etc/init.qcom.post_boot.sh`

I made an install script banana-rh.tar.gz

Web browser integration

We can open Rayhunter web page, but it can’t load. (PNG Image, 240 × 320 pixels) Maybe we could make a very web page to let start and stop rayhunter on that device?

Jane6442Jane6442

One advantage of KaiOS phones over routers is that, by default, they can be configured as Wi-Fi clients while still having 4G enabled. This means you can have a SIM card without data and still send alerts using the Wi-Fi internet connection.