Sunday, October 20, 2019

wi fi - Connecting to WiFi via ADB Shell


I've tried all publicly discussed methods I could find to connect to WiFi via ADB on a phone with a broken screen (no display/no touch). The closest I have got is via wpa_cli using the method #1 described below.


Other methods that I tried are also mentioned but with no success. My goal for this broken phone is to use it as a headless server either via LinuxDeploy or native apps for Android, and for that I need to get VNC running and for that I need to connect to Wifi somehow.


Solutions for connecting to Wifi OR otherwise getting VNC access to the Android display (using ADB usb only) are welcome. I don't have a USB-C Network card so using that isn't an option at this stage.


Method #1 - Using WPA_CLI


In this case I leave /data/misc/wifi/wpa_supplicant.conf and /data/misc/wifi/WifiConfigStore.xml untouched and just pop into wpa_cli using adb shell


wpa_cli Setup


> add_network
0

> set_network 0 scan_ssid 1
OK
> set_network 0 ssid "my_ssid"
OK
> set_network 0 key_mgmt WPA-PSK
OK
> set_network 0 psk "my_wifi_pass"
OK
> enable_network 0
OK

<3>CTRL-EVENT-STATE-CHANGE id=-1 state=3 BSSID=00:00:00:00:00:00 SSID=
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
<3>Trying to associate with SSID 'fy-huawei-m9'
<3>CTRL-EVENT-STATE-CHANGE id=-1 state=5 BSSID=00:00:00:00:00:00 SSID=
<3>CTRL-EVENT-STATE-CHANGE id=0 state=6 BSSID=00:00:00:00:00:00 SSID=fy-huawei-m9
<3>Associated with 50:01:d9:41:d7:00
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>CTRL-EVENT-STATE-CHANGE id=0 state=7 BSSID=50:01:d9:41:d7:00 SSID=fy-huawei-m9

<3>CTRL-EVENT-STATE-CHANGE id=0 state=8 BSSID=50:01:d9:41:d7:00 SSID=fy-huawei-m9
<3>WPA: Key negotiation completed with 50:01:d9:41:d7:00 [PTK=CCMP GTK=CCMP]
<3>CTRL-EVENT-CONNECTED - Connection to 50:01:d9:41:d7:00 completed [id=0 id_str=]
<3>CTRL-EVENT-STATE-CHANGE id=0 state=9 BSSID=50:01:d9:41:d7:00 SSID=fy-huawei-m9
<3>CTRL-EVENT-DISCONNECTED bssid=50:01:d9:41:d7:00 reason=3 locally_generated=1
<3>CTRL-EVENT-STATE-CHANGE id=0 state=0 BSSID=50:01:d9:41:d7:00 SSID=fy-huawei-m9
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS

Looks like the wifi interface associates momentarily with the SSID but then immediately disconnects.



Logcat Output
01-01 00:16:25.358  1074  1913 D WifiService: setWifiEnabled: true pid=2849, uid=0, package=com.android.shell
01-01 00:16:25.358  1074  1913 I WifiService: setWifiEnabled package=com.android.shell uid=0 enable=true
01-01 00:16:25.362   756   756 I android.hardware.wifi@1.0-service: Wifi HAL started
01-01 00:16:25.371   756   756 I android.hardware.wifi@1.0-service: Wifi driver is ready: Success
01-01 00:16:25.625   756   756 I WifiHAL : Initializing wifi
01-01 00:16:25.625   951   963 I LOWI-8.5.0.3.a: [LOWIController] isWifiEnabled: Wifi is now enabled
01-01 00:16:25.635   756   756 I WifiHAL : mpdu_size_threshold : 128, aggressive_statistics_gathering : 0
01-01 00:16:25.636  1074  1675 I WifiVendorHal: Vendor Hal started successfully
01-01 00:16:25.636  1074  1675 D WificondControl: Setting up driver for client mode

01-01 00:16:25.770  1074  1675 D WifiStateMachine: Setting OUI to DA-A1-19
01-01 00:16:25.772   756   756 E WifiHAL : wifi_set_scanning_mac_oui: requestResponse Error:-1
01-01 00:16:25.774  1074  1675 E WifiVendorHal: setScanningMacOui(l.1445) failed {.code = ERROR_UNKNOWN, .description = unknown}
01-01 00:16:25.784  1074  1675 I WifiVendorHal: Driver: 5.1.1.28U Firmware: FW:1.0.0.133.0 HW:WCN3990_V2.1
01-01 00:16:25.799  1074  1110 I WifiService: requestActivityInfo uid=1000
01-01 00:16:25.799  1074  1110 I WifiService: reportActivityInfo uid=1000
01-01 00:16:25.799  1074  1110 I WifiService: getSupportedFeatures uid=1000
01-01 00:16:25.835  1074  1675 D WifiConnectivityHelper: Firmware supported feature set: 48931bf
01-01 00:16:25.836  1074  1677 I WifiScanningService: wifi driver loaded with scan capabilities: max buckets=6
01-01 00:16:25.840  1074  1675 D WifiConnectivityHelper: Firmware roaming supported with capabilities: max num blacklist bssid=16 max num whitelist ssid=4

01-01 00:16:25.841  1074  1675 D WifiNative-wlan0: configureRoaming
01-01 00:16:25.842  1074  1675 I WifiStateMachine: disconnectedstate enter
01-01 00:16:25.844  1074  1675 D WifiStateMachine: resetting EAP-SIM/AKA/AKA' networks since SIM was changed
01-01 00:16:25.844  1074  1675 I chatty  : uid=1000(system) WifiStateMachin identical 2 lines
01-01 00:16:25.845  1074  1675 D WifiStateMachine: resetting EAP-SIM/AKA/AKA' networks since SIM was changed
01-01 00:16:25.854  1074  1110 I WifiService: requestActivityInfo uid=1000
01-01 00:16:25.854  1074  1110 I WifiService: reportActivityInfo uid=1000
01-01 00:16:25.854  1074  1110 I WifiService: getSupportedFeatures uid=1000
01-01 00:16:25.939  1835  1973 I QCNEJ/CndHalConnector: -> SND notifyWifiP2pStateChanged(5)
01-01 00:16:55.456  1074  1913 D WifiService: setWifiEnabled: true pid=2876, uid=0, package=com.android.shell

01-01 00:16:55.456  1074  1913 I WifiService: setWifiEnabled package=com.android.shell uid=0 enable=true
01-01 00:17:35.524  1074  1110 I WifiService: requestActivityInfo uid=1000
01-01 00:17:35.524  1074  1110 I WifiService: reportActivityInfo uid=1000
01-01 00:17:35.525  1074  1110 I WifiService: getSupportedFeatures uid=1000
01-01 00:19:35.647   756  2865 I WifiHAL : event received NL80211_CMD_VENDOR, vendor_id = 0x1374, subcmd = 0x6a
01-01 00:19:36.272   756  2865 I WifiHAL : event received NL80211_CMD_VENDOR, vendor_id = 0x1374, subcmd = 0x6b
01-01 00:19:36.441  1074  1675 W WifiConfigManager: Looking up network with invalid networkId -1
01-01 00:19:36.442  1074  1675 W WifiStateMachine: Connected to unknown networkId -1, disconnecting...
01-01 00:19:37.260   756  2865 E WifiHAL : Few pkt stats messages missed: rcvd = 0, prev = 0
01-01 00:19:37.260   756  2865 I WifiHAL : Fate Tx-Rx: Packet fate stats stop received

01-01 00:19:58.058  1074  1110 I WifiService: requestActivityInfo uid=1000
01-01 00:19:58.058  1074  1110 I WifiService: reportActivityInfo uid=1000
01-01 00:19:58.059  1074  1110 I WifiService: getSupportedFeatures uid=1000

The key line here are:


01-01 00:19:36.441  1074  1675 W WifiConfigManager: Looking up network with invalid networkId -1
01-01 00:19:36.442  1074  1675 W WifiStateMachine: Connected to unknown networkId -1, disconnecting...

Looks like the WifiConfigManager won't let me connect to a network which isn't defined in /data/misc/wifi/WifiConfigStore.xml


Method #2 - Naive definition in wpa_supplicant.conf



In this attempt I simply define the entwork in wpa_supplicant.conf and don't touch /data/misc/wifi/WifiConfigStore.xml


Here is what my wpa_supplicant.conf looks like:


wpa_supplicant.conf


update_config=1
ctrl_interface=DIR=/data/system/wpa_supplicant GROUP=wifi
eapol_version=1
ap_scan=1
fast_reauth=1

network={

    ssid="my_ssid"
    psk="my_wifi_pass"
    key_mgmt=WPA-PSK
    priority=241
}

I then proceed to disable and re-enable the wifi service using svc wifi disable and svc wifi enable, and even reboot the phone but in both cases it doesn't seem to even attempt connecting to the network. The invalid networkId -1 message still pops up.


Logcat Output:


01-01 00:00:06.649  1062  1062 D WifiService: resetting networks because SIM was removed
01-01 00:00:06.649  1062  1062 D WifiService: resetting country code because SIM is removed

01-01 00:00:06.649  1062  1062 D WifiService: resetting networks because SIM was removed
01-01 00:00:06.649  1062  1062 D WifiService: resetting country code because SIM is removed
01-01 00:00:06.649  1062  1670 D WifiStateMachine: resetting EAP-SIM/AKA/AKA' networks since SIM was changed
01-01 00:00:06.650  1062  1670 D WifiStateMachine: resetting EAP-SIM/AKA/AKA' networks since SIM was changed
01-01 00:00:07.055  1062  1073 D WificondControl: Scan result ready event
01-01 00:00:07.061  1062  1670 W WifiConfigManager: Looking up network with invalid networkId -1

Method #3 - Copying WifiConfigStore.xml from a different phone connecting to this SSID


As a last ditch attempt, I restored the original wpa_supplicant.conf and copied over WifiConfigStore.xml from a phone running the same Android version that successfully connects to the WiFi network in question. Then I rebooted the phone


WifiConfigStore.xml





    
    
        
            
                "fy-huawei-m9"WPA_PSK
                "fy-huawei-m9"
                
                "THEFORTUNE"

                
                
                
                
                02
                0b
                01
                0f
                06
                

                
                
                
                
                
                
                
                
                
                

                
                
                
                android.uid.system:1000
                time=08-02 08:39:20.369
                
                android.uid.system:1000
                
                
                

            
            
                NETWORK_SELECTION_ENABLED
                NETWORK_SELECTION_ENABLE
                "fy-net-ac"WPA_PSK
                
                
            
            
                DHCP

                NONE


wpa_supplicant.conf



01-01 00:00:05.424  1073  1637 D WifiConfigStore: Reading from user store completed in 4 ms.
01-01 00:00:05.440  1073  1637 D WifiConfigStore: Writing to stores completed in 16 ms.
01-01 00:00:05.440  1073  1637 D WIFI    : got request NetworkRequest [ TRACK_DEFAULT id=6, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ] with score 0
01-01 00:00:05.442  1073  1637 D WifiConnectivityHelper: Firmware supported feature set: 48931bf
01-01 00:00:05.442  1073  1637 D WifiConnectivityHelper: Firmware roaming supported with capabilities: max num blacklist bssid=16 max num whitelist ssid=4
01-01 00:00:05.443  1073  1637 D WifiNative-wlan0: configureRoaming
01-01 00:00:05.443  1073  1637 D WIFI    : got request NetworkRequest [ TRACK_DEFAULT id=3, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ] with score 0
01-01 00:00:05.443  1073  1637 D WIFI    : got request NetworkRequest [ TRACK_DEFAULT id=9, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ] with score 0
01-01 00:00:05.443  1073  1637 D WIFI    : got request NetworkRequest [ REQUEST id=1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ] with score 0
01-01 00:00:05.443  1073  1637 D WIFI_UT : got request NetworkRequest [ TRACK_DEFAULT id=6, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ] with score 0

01-01 00:00:05.443  1073  1637 D WIFI_UT : got request NetworkRequest [ TRACK_DEFAULT id=3, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ] with score 0
01-01 00:00:05.443  1073  1637 D WIFI_UT : got request NetworkRequest [ TRACK_DEFAULT id=9, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ] with score 0
01-01 00:00:05.443  1073  1637 D WIFI_UT : got request NetworkRequest [ REQUEST id=1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ] with score 0
01-01 00:00:05.445  1073  1676 I SupplicantP2pIfaceHal: Registering ISupplicant service ready callback.
01-01 00:00:05.447  1073  1689 I SupplicantP2pIfaceHal: IServiceNotification.onRegistration for: android.hardware.wifi.supplicant@1.0::ISupplicant, default preexisting=true
01-01 00:00:05.447  1073  1689 I zygote64: Looking for service android.hardware.wifi.supplicant@1.0::ISupplicant/default
01-01 00:00:05.449  1073  1689 D SupplicantP2pIfaceHal: entering getInterface()
01-01 00:00:05.449  1073  1689 D SupplicantP2pIfaceHal: getInterface() completed successfully.
01-01 00:00:05.449  1073  1689 D SupplicantP2pIfaceHal: leaving getInterface() with result = android.hardware.wifi.supplicant@1.0::ISupplicantP2pIface@Proxy
01-01 00:00:05.450  1073  1689 D SupplicantP2pIfaceHal: entering registerCallback()

01-01 00:00:05.450  1073  1689 D SupplicantP2pIfaceHal: registerCallback() completed successfully.
01-01 00:00:05.450  1073  1689 D SupplicantP2pIfaceHal: leaving registerCallback()
01-01 00:00:05.450  1073  1689 I SupplicantP2pIfaceHal: Completed initialization of ISupplicant interfaces.
01-01 00:00:05.484  1073  1632 I WifiService: getConfiguredNetworks uid=1000
01-01 00:00:05.543  1073  1073 D WifiService: resetting networks because SIM was removed
01-01 00:00:05.543  1073  1073 D WifiService: resetting country code because SIM is removed
01-01 00:00:05.543  1073  1637 D WifiStateMachine: resetting EAP-SIM/AKA/AKA' networks since SIM was changed
01-01 00:00:05.544  1073  1073 D WifiService: resetting networks because SIM was removed
01-01 00:00:05.544  1073  1073 D WifiService: resetting country code because SIM is removed
01-01 00:00:05.544  1073  1637 D WifiStateMachine: resetting EAP-SIM/AKA/AKA' networks since SIM was changed

01-01 00:00:05.556  1073  1676 D SupplicantP2pIfaceHal: entering setWpsDeviceName(Android_d3d3)
01-01 00:00:05.556  1073  1676 D SupplicantP2pIfaceHal: setWpsDeviceName(Android_d3d3) completed successfully.
01-01 00:00:05.556  1073  1676 D SupplicantP2pIfaceHal: leaving setWpsDeviceName(Android_d3d3)
01-01 00:00:05.556  1073  1676 D SupplicantP2pIfaceHal: entering setSsidPostfix(-Android_d3d3)
01-01 00:00:05.557  1073  1676 D SupplicantP2pIfaceHal: setSsidPostfix(-Android_d3d3) completed successfully.
01-01 00:00:05.557  1073  1676 D SupplicantP2pIfaceHal: leaving setSsidPostfix(-Android_d3d3)
01-01 00:00:05.557  1073  1676 D SupplicantP2pIfaceHal: entering setWpsDeviceType(10-0050F204-5)
01-01 00:00:05.557  1073  1676 D SupplicantP2pIfaceHal: setWpsDeviceType(10-0050F204-5) completed successfully.
01-01 00:00:05.558  1073  1676 D SupplicantP2pIfaceHal: leaving setWpsDeviceType(10-0050F204-5)
01-01 00:00:05.558  1073  1676 D SupplicantP2pIfaceHal: entering setWpsConfigMethods(virtual_push_button physical_display keypad)

01-01 00:00:05.558  1847  1956 I QCNEJ/CndHalConnector: -> SND notifyWifiP2pStateChanged(5)
01-01 00:00:05.559  1073  1676 D SupplicantP2pIfaceHal: setWpsConfigMethods(virtual_push_button physical_display keypad) completed successfully.
01-01 00:00:05.559  1073  1676 D SupplicantP2pIfaceHal: leaving setWpsConfigMethods(virtual_push_button physical_display keypad)
01-01 00:00:05.559  1073  1676 D SupplicantP2pIfaceHal: entering getDeviceAddress()
01-01 00:00:05.559  1073  1676 D SupplicantP2pIfaceHal: getDeviceAddress() completed successfully.
01-01 00:00:05.560  1073  1676 D SupplicantP2pIfaceHal: leaving getDeviceAddress() with result = 82:ad:16:7a:57:57
01-01 00:00:05.560  1073  1676 D SupplicantP2pIfaceHal: entering flush()
01-01 00:00:05.561  1073  1676 D SupplicantP2pIfaceHal: flush() completed successfully.
01-01 00:00:05.561  1073  1676 D SupplicantP2pIfaceHal: leaving flush()
01-01 00:00:05.561  1073  1676 D SupplicantP2pIfaceHal: entering serviceFlush()

01-01 00:00:05.561  1073  1676 D SupplicantP2pIfaceHal: serviceFlush() completed successfully.
01-01 00:00:05.561  1073  1676 D SupplicantP2pIfaceHal: leaving serviceFlush()
01-01 00:00:05.561  1073  1676 D SupplicantP2pIfaceHal: entering listNetworks()
01-01 00:00:05.562  1073  1676 D SupplicantP2pIfaceHal: listNetworks() completed successfully.
01-01 00:00:05.562  1073  1676 D SupplicantP2pIfaceHal: leaving listNetworks() with result = []
01-01 00:00:05.562  1073  1676 D SupplicantP2pIfaceHal: entering saveConfig()
01-01 00:00:05.569  1073  1676 D SupplicantP2pIfaceHal: saveConfig() completed successfully.
01-01 00:00:05.569  1073  1676 D SupplicantP2pIfaceHal: leaving saveConfig()
01-01 00:00:06.108  1073  1834 D WificondControl: Scan result ready event
01-01 00:00:06.113  1073  1637 W WifiConfigManager: Looking up network with invalid networkId -1


Still no luck. Don't know what else I can do at this point but not giving up just yet.




-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

samsung galaxy s 2 - Cannot restore Kies backup after firmware upgrade

I backed up my Samsung Galaxy S2 on Kies before updating to Ice Cream Sandwich. After the upgrade I tried to restore, but the restore fails ...