Andrax Install [Step by Step]

CyberPunk Tutorial
Andrax Install [Step by Step]

We have some android phones lying around and some spare time to conduct Andrax install. With a number of requests/questions related to install process, people experiencing varous issues, this seems like an ideal opportunity.

This will be nothing extravagant, a short info, rough guideline, core notes on install steps and issues we’ve encountered.

You should check general andrax info before proceeding, as well as android rooting details (steps). We’ll use Magisk to do it. Check android rooting post for more details on this.

Andrax Install

Jump to Andrax download page and choose your option/installer. APK, enable “Unkown sources”. Allow to stay connected, allow to access files..

Install the package/app:

Merge: 
INSTALL-min, 1, 2, 10

After that, allow Andrax a superuser rights (Magisk) and proceed with the Andrax install (Core files):

Andrax Install Package
Andrax Install Package

You could unpack core via Busybox/Termux install (check our previous post):

$ pkg install busybox
$ busybox tar -xvJf andrax.r1.tar.xz -C /data/data/com.thecrackertechnology.andrax/ANDRAX/
Busybox/Termux install
Busybox/Termux install

SELinux Issue with Andrax Install

The issue you might end up with is an inability to install core, at least on the first glimpse. You could try and install it automatically (via app) or manually (via busybox), but you’ll end up with the same message “INSTALL ANDRAX CORE!!!”:

Install Andrax Core
Install Andrax Core

This was a never ending nightmare.. hours were lost. Various attempts were made, different andrax versions, manual install via Andrax Recovery terminal and via Termux, permission adjustments, etc. Nothing worked, Andrax simply wouldn’t start. Trying to re-install or re-download didn’t yield any results:

<7_min> image
Andrax Re-download
Andrax Re-download

A system user who was the owner of ANDRAX directory couldn’t access it in “Andrax Recovery Mode”, but could do so via Termux.. strange. We made a wrong conclusions because of it, took the wrong path. As a very last idea, we looked into logcat information and we got “lucky”. We saw one line that told us what the issue potentially was/is:

$ adb -s ENU5T15B12000686 shell -t logcat
...
chnology.andrax: type=1400 audit(0.0:86): avc: denied { ioctl } for path="socket:[17610]" dev="sockfs" ino=17610 ioctlcmd=5414 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:system_server:s0 tclass=unix_stream_socket permissive=0
...

…a damn SELinux violation. Apparently “Andrax” (an untrusted app) was denied access to ioctrl permission on system_server (unix_stream_socket). SockFS – pseudo filesystem that manage the pipe/socket syscalls.

We forgot about that, it didn’t occur to us Android Security might be the issue, especially having in mind custom ROM, rooted phone via Magisk, etc. It was rarely mentioned to put SELinux to permissive mode on formal documentation and public threads.

Note: Mind your steps with SELinux when installing Andrax

To circumvent this, connect to adb shell and disable SELinux (/sys/fs/selinux/enforce):

$ adb shell
$ su
$ setenforce 0
Restart Andrax!
Andrax Welcome Screen & Tools
Andrax Welcome Screen & Tools

SELinux Info

Andrax SELinux Info

SELinux provides extra layer of security for resources in the system, providing MAC (Mandatory Access Control) / DAC (Discretionary Access Control). It operates in 3 modes:

  • Enforced : Actions contrary to policy are blocked and logged
  • Permissive : Actions are logged only
  • Disabled : SELinux disabled

General info on the SELinux:

  • < Android 4.3 : Sandboxes
  • >= Android 4.3 : SELinux
  • =Android 5.x : SELinux is fully enforced
    • Everything is in enforcing mode
    • No processes other than init should run in the init domain
    • Any generic denial (block_device, socket_device, default_service) indicates that devies needs a special domain
  • =Android 6.x : further hardened, reduced permissiveness to include better isolation between users, IOCTL filtering, reduced threat of expose services, further tightening of SELinux domains and /proc access
  • Android 7.x : lock down of app sandbox (reducing attack surface), broking monolithic mediaserver stack into smaller processes. Check Protecting Android with more Linux Kernel defenses and Hardening the media stack
  • Android 8.x : updated SELinux to work with Treble, separating lower-level vendor code from Android System Framework.

We’re not going to go into SELinux details for now, we’re going to leave it for some other time. There are a lot of online sources out there or books (e.g. Android Security Internals) you can use to get additional info.

Conclusion

If by any chance you don’t experience any of these “unsuspecting” issues, the installation process is relatively straightforward. Unfortunatelly, we weren’t that lucky and andrax install became a nightmare.

AndroidPentestingrootSmartphones