IssueTracker

Same here. Without thist, my mountscripts won't work. Is there a way to add the Android Device in the Whitelist?

Yes, any mount script is broken because it must execute the mount command under "adb shell"

Android 4.2 made mounting miserable due to he multiuser changes
Android 4.2.2 makes it 4x more miserable...

Yes, the problem is real. Is there any alternate method? I really miss my server's shares.

This is a very unfortunate regression.  I find myself constantly reaching for my Galaxy Note 1 over my Nexus 10 now because I can mount my cifs shares on it (4.1.2).  Please restore the abd loopback functionality or better yet implement a mount point where shares public to all installed android apps can be mounted.

This is a retrograde step. Localhost connections to adb should not pose any external security threat and should not be subject to RSA security. Is it possible to generate an RSA key for localhost ? and if one existed would a localhost connection to adb then be allowd ?

After digging the (confusing) adb/adbd source code:

- adbd reads available keys in /data/misc/adb/adb_keys. These are base64 encoded string and I'm not sure at this point what they are
- the first time adb is executed on device, it will generate a private key and public key in /data/.android, named adbkey and adbkey.pub. This this the same than on a PC but not at the same location (uses $HOME/.android and on a device $HOME value is /data)

The device is offline due to adb <-> adbd authentification failing, I think because the entry corresponding to localhost is missing in /data/misc/adb/adb_keys.

adbd only reads /data/misc/adb/adb_keys. So the question is what process adds entries to it. My guess is that it is the activity displaying the "the computer's RSA key fingerprint is: <fingerprint>" popup that is displayed the first time an USB host connects.

So I think if the correct entry is added to adb_keys either manually or with a small standalone executable (needs root but since the purpose to fix this is to mount which also requires root, this is not a problem), it would work.

The other option is to recompile adbd so the gloabal variable auth_enabled is forced to 0 in adbd.c, to disable the auth negociation.

Btw a side effect of this issue is that if you want to do ADB through WiFi you must still authorize it first plugging an USB cable.

I just hit the same issue, and I think I discovered a workaround by accident: If your device is plugged into a PC while you establish the local adb connection, the popup shows and you can accept the key. Afterwards, connections succeed even if the device isn't plugged in.

@7: nice one.

I finally found a simple way to add the localhost public RSA key to /data/misc/adb/adb_keys, which can be useful for autmated scripts. localhost adb must have been launched at least once so it has generated the public key for localhost in /data/.android/adbkey.pub. This is only needed once:


stop adbd
mount -o remount /data
cat /data/.android/adbkey.pub >> /data/misc/adb/adb_keys
mount -o remount,rw /data
start adbd


adbd must be restarted after modifying /data/misc/adb/adb_keys as it reads it on startup.

correction: "mount -o remount,rw /data" should read "mount -o remount,ro /data"

correction (bis): no need to remount /data, it is already writable. So this is just:

stop adbd
cat /data/.android/adbkey.pub >> /data/misc/adb/adb_keys
start adbd

Cool - but don't have /data/.android/adbkey.pub and neither "adb connect localhost" nor "adb shell ls" create one.

How do you get adbkey.pub created?

@11: there's more to it as I found out.

the adb server process forked initially by adb will create $HOME/.android and the private and pub keys if they do not exist.

if this adb server process is forked under the shell user (the default unless you start it with a root terminal), $HOME = /data, but /data is not writable by the shell user, so nothing is created (your issue I believe).

so the trick is to create the .android directory elsewhere, for example on the SD Card:

adb kill-server    
HOME=/sdcard adb start-server

at this point you should have /sdcard/.android  and the 2 keys in it. Simply append the public key to /data/misc/adb/adb_keys

force adbd to reload adb_keys (only needed once):

stop adbd
start adbd

then connect to localhost and check that the device is online:

adb connect localhost
adb devices
adb shell ls   <= should work

The thing to remember is that the next time the adb server process is started, it must be able to access the .android directory so must be started with

HOME=/sdcard adb start-server

Thanks - it did work.

I was thinking of some permission problem and tried to copy the RSA public and private keys from my PC to /data/.android. As the pub key is already included in/data/misc/adb/adb_keys that should have worked immediately - but I screwed up something somewhere else...

@7: Tried this on a Nexus 7 32GB, 4.2.2 Rooted - No popup - adb connected localhost - still offline. Tried in both USB debug mode not USB debug mode - same result - no popup.

@8/9/10 : Tried this on a Nexus 7 32GB, 4.2.2 Rooted - Checked /data/misc/adb/adb_keys and public key has been appended (unknown@localhost) - stop / start adbd - adb connected localhost - still offline.

Any ideas ?

@14: you must make sure that the adb server process (that talks to adbd) has loaded the private and pub keys from the .android directory. kill it and restart it with the .android parent folder specified by the HOME variable. See post #12.

Still offline.
I tried this:

root@android:/ # adb kill-server
root@android:/ # home=/sdcard adb start-server
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
root@android:/ # stop adbd
root@android:/ # cat /data/.android/adbkey.pub >> /data/misc/adb/adb_keys
root@android:/ # start adbd
root@android:/ # adb connect localhost
connected to localhost:5555
root@android:/ # adb devices
List of devices attached
localhost:5555  offline

@15: Thank you. Spot on. The adb server was auto started by the first call to adb and at that time HOME was set to '/' (root), so that's where it was looking for the RSA keys. Killed adb server and restarted with HOME=/data and all is OK.

@16: HOME in upper-case ?

@16: HOME in upper-case ?
 
Also. if you can write to /data, i.e. adbkey.pub has been created in /data/.android and 'cat /data/.android/adbkey.pub >> /data/misc/adb/adb_keys' works then you need to start the adb server with HOME=/data, e.g.
    stop adbd
    adb kill-server
    HOME=/data adb start-server
    start adbd
    adb connect localhost
    adb devices
localhost should now be online (i.e show as device not offline)

Yes, the HOME is uppercase, but still not working. I tried with HOME=/data with no luck. I will try again tomorrow.

Ok, now the adb works, but my mountscripts still not working. When I try to load kernel modules, I get 'Exec format error'. :-\

This thread has been of great help to my project. To return the favor, I've attached a template shell script I've created for free use: (CC:SA 3.0)

(1) Checks Android version
(2) Applies RSA key patches (if necessary, >4.2.1)
(3) Creates network ADB settings in .prop (if necessary, otherwise uses existing settings)
(4) Auto-elevates ADB permissions to allow root access (if necessary)
(5) Cleans up after itself and returns the above to prior when done

Usage:

adbSendCmd "whoami"

It is possible to abstract this shell script by modifying to simply run arguments passed to it ($*), but that would necessitate having it store connection parameters in a temporary file. (ie. "send_adb.sh 'echo Hello World'; send_adb.sh 'mount'; end_adb.sh"

As it stands, this script is self-contained and cleans up on exit. Calling it repeatedly will cause init/shutdown each time. If you have a set series of commands simply edit them in at the bottom. I hope this helps.

@22: very nice script. I have done something very similar but less general
 

A few remarks:

- you use sed to remove the key from adb_keys. sed is only available if busybox is installed which may not be the case on all rooted devices. And alternative way to remove the key just usin grep:

ADBD_PUB_KEYS=${ANDROID_DATA}/misc/adb/adb_keys
ADB_PUB_KEY=${ANDROID_DATA}/.android/adbkey.pub
ADB_PUB_KEY_CONTENT=`cat ${ADB_PUB_KEY}`
grep -v "${ADB_PUB_KEY_CONTENT}" ${ADBD_PUB_KEYS} > ${ADBD_PUB_KEYS}.tmp
> ${ADBD_PUB_KEYS}
cat ${ADBD_PUB_KEYS}.tmp >> ${ADBD_PUB_KEYS}
rm ${ADBD_PUB_KEYS}.tmp

- after adding the key in adb_keys, I would add a new line so additional keys start on new line:

cat $ANDROID_DATA/.android/adbkey.pub >> $ANDROID_DATA/misc/adb/adb_keys
echo >> $ANDROID_DATA/misc/adb/adb_keys

- to make the script even more robust, I'd check that the localhost device is really online (requires the cut command, so busybox):

if [ -x /system/xbin/cut ] ; then

    DEVICE_LINE=`adb devices | grep localhost`
    SERIAL=`echo ${DEVICE_LINE} | cut -f1 -d ' '`
    STATUS=`echo ${DEVICE_LINE} | cut -f2 -d ' '`
   
    if [ "${SERIAL}" = "" ]; then
        exit_error "could not find adb localhost device";
    fi
   
    if [ "${STATUS}" != "device" ]; then
        exit_error "adb localhost device is not online";
    fi

fi

As a related note for anyone with the ADB issue, I realized my (and anyone's) ADB proxy script won't return exit codes properly. Please see the discussion (and recommended solution) here; it is easily implemented.

http://code.google.com/p/android/issues/detail?id=3254

Guys, Can anyone please help me access my Galaxy S3 phone by disabling the USB debugging RSA popup?My screen is not working and I cant click on accept to accept the key for USB debugging. Either I need an automated way to accept the USB debug RSA key without touching the screen or else I need to disable that authentication altogether.Please help me...

Thank you