Using LINUX commands in App Inventor. Extension

Juan_Antonio · September 12, 2020, 8:15am

KIO4_Terminal.Run
commandLine ping -c 1 google.com

or

fahadboss10 · September 12, 2020, 8:18am

I meant to say that currently we get result after executing all the command.
Can we get result asynchronously? Like in shell or cmd.

Juan_Antonio · September 12, 2020, 10:51am

not possible with this extension, this is a workaround:
pingg

TIMAI2 · January 18, 2021, 3:14pm

I am finding on my Android 10 & 11 devices that there is nothing reported back with

ls /system/bin

System command files are there though. If you type:

which ls

you should get back

/system/bin/ls

Thanks Google

jean-marc_Latour · February 9, 2021, 7:00pm

Hello i Tried it but nothing happend...must i be rooted to use it ?

Taifun · February 9, 2021, 7:10pm

yes, as already mentioned

Taifun

pabloo · February 21, 2021, 3:33pm

Hi,
Is there an option to call this two commands in app inventor when button is clicked?

1) adb shell settings put global private_dns_mode off
2) adb shell settings put global private_dns_specifier some.dns

Juan_Antonio · February 21, 2021, 4:21pm

With this extension you cannot call ADB when you press a button in the application.

easrng · March 11, 2021, 3:27pm

It is possible but not easy to set up ADB like that. Instead, I suggest you set up Termux-ADB and use an ActivityStarter to run the command in Termux. You may need to root your device or unlock it's bootloader.

TIMAI2 · March 11, 2021, 4:25pm

@easrng

Do you have any details on how to access termux using Activity Starter ?

easrng · March 11, 2021, 4:30pm

Actually I was wrong, I don't think it will work with ActivityStarter, but it should be fairly simple to make an extension to run things in termux. See this comment for info on how to do it.

TIMAI2 · March 11, 2021, 4:40pm

Yes, that is where I have been looking. Most things make sense for Activity Starter, but not sure about this one:

Third-party program must declare com.termux.permission.RUN_COMMAND permission and it should be granted by user.

easrng · March 11, 2021, 5:40pm

Screen1.requestPermission maybe?

wensheng_jws · June 15, 2021, 4:21am

How can I install curl 7.58.0 on my phone? Thanks.

TIMAI2 · June 15, 2021, 2:35pm

You will probably need a rooted device.

Alternatively, if you have the patience, you could use Termux.....

Alec_Thom · July 29, 2022, 5:44pm

I love the Ping Command,
I wanted to check the ping between 2 servers to know what one was faster.

Jonathan_Urbina1 · February 24, 2024, 8:57pm

Hello everyone!!!

I wanted to know (roughly) what is possible and what is not possible through this extension and commands.
I saw that many have problems with the issue of asynchronicity of functions and calls, but that can be fixed using the extension Async Procedures and Background Tasks also with View Pager and Dynamic Components
Added to the Web Component to make calls to APIs such as FireBase and Supabase; you will have tons of options that can only be limited by your knowledge and imagination.
- Descarga de archivos JS, XML, HTML, <Scripts>, even an entire code or procedures.
For this reason, I need to know what the scope of this extension is and if it depends on whether the phone is rooted or connected by USB, Bluetooth, Wi-Fi, etc.
Because if it's "up to your imagination"... this is going to get crazy!!!.

I'm working on an App where security is crucial, to the point that the USB issue is driving me crazy.

With some friends we were doing some security analysis (penetration, injection, sniffing, memory scan, etc.)

And for reading the forum in search of ideas, techniques, etc. I came across this post, which automatically caught my attention.

Well, as Tony Stark said:

if-we-cant-protect-the-earth-we-will-avenge-it

And:

is-it-better-to-be-feared-or-respected

So I would like to know (based on your experience and knowledge), how much can be done with this extension.

TIMAI2 · February 24, 2024, 9:15pm

Functionality will depend on several factors:

Android version - the higher the version the less likely you can run commands
What executables are installed on what products/devices
You should also consider what can be done with:
adb - via USB on a real device
adb - on an emulator (which avoids USB)
Termux - an app which runs linux in a sandbox

Finally:

everything is hackable, with the right tools

Taifun · February 24, 2024, 9:21pm

Start reading this thread from the beginning to the end

Yes

Taifun

Jonathan_Urbina1 · February 25, 2024, 2:49am

Yeah!!! of course! even the hacker

So far the only "setback" with the extension is that it doesn't have the "Got Output" event that the component in Kodular does (which would save a lot of time).

But it can be supplemented through other techniques and strategies.

My friends and I are already evaluating some of them, which in themselves work for the purposes (even more) but there lies the problem of the ethical use of knowledge.

It is difficult to work under the premise of "Zero Trust" (speaking of security), because it is difficult to know when it is a kid who rooted the phone and send commands through ADB for an online game, or an evildoer who seeks to do harm at all costs.
Even revealing information about the technique or strategy used to secure the App through shell commands, etc. It can end up in the wrong hands and suddenly find ourselves plagued by junk applications that make use of these techniques.

Done!
We even looked for information about it elsewhere.

One of my friends is " BackTrack Lover " [Kali, NetHunter] and he knows more about security issues and all that stuffs.

And as for security about "reverse engineering", we also have an approach where; They only find the name of some variables (unreadable), calls to the api functions on the server (with unrecognizable parameters), the creation of components dynamically (from unknown returns from the api), There are no credentials, passwords, users or any information stored.
This is also why shell commands are an improvement in the code, since (even in their most limited use), they allow you to do things that cannot be done through appinventor.
That's without mentioning whether the user is "root" (which, simply knowing it), gives you another picture, without even making use of the super user.
Regarding the sniffing of the packages that are sent and received with the calls and callbacks to and from the API. We also take measures so that they literally do not find anything useful, even if they have the public ApiKey.

This has already been tested and gave more than satisfactory results.

My friend is caring more about the "capturing information from memory" problem right now.
The idea of this App that I am creating is to maximize the options of these platforms that are often underestimated for their "lack of control" in terms of the code and their limited options.

As well as other things in terms of information, data, user monitoring, hyper sensitive information.

And obviously the importance of free and open development platforms, and the need for them to receive the support they deserve, so that access to technology, knowledge and tools is universal and is only limited by the knowledge one has.

When I finish the project I will make a guide of what was done.