Cross-Compile for Android – Installing Tcpdump

After “rooting” an Android phone, I was attracted by the idea of installing supplementary binaries on the device. Usually after rooting the Android device, you will be finding Busybox installed. This application allows your Android phone to execute a list of common unix like commands such as ls, grep, ifconfig, awk etc… To retrieve the list of available command and the version of your Busybox just run Busybox without parameters from the command line:

$ busybox

At that time I was interested in monitoring the connection made by an application installed on the phone, so my target was to take Tcpdump onto the Android phone.

To achieve this task we firstly need to download the Android NDK from the following URL:

Install the arm compiler for your operating system, I have used arm-linux-gnueabi which should work for you as well.

Create an android-tcpdump folder with a toolchain sub-folder as shown below:

$ cd /var/tmp
$ mkdir {android-tcpdump, android-tcpdump/toolchain}

I have uncomssed the android-ndk in my opt directory. Run the make-standalone-toolchain.sh as shown in the following lines:

$ /opt/android-ndk/android-ndk-r7b/build/tools/make-standalone-toolchain.sh --platform=android-8 --install-dir=/var/tmp/android-tcpdump/toolchain
Auto-config: --toolchain=arm-linux-androideabi-4.4.3
Copying built binaries...
Copying sysroot headers and libraries...
Copying libstdc++ headers and libraries...
Copying files to: /var/tmp/android-tcpdump/toolchain
Cleaning up...
Done.

Setup the environment for the toolchain:

$ export CC=arm-linux-gnuenabi-gcc
$ export RANLIB=arm-linux-gnuenabi-ranlib
$ export AR=arm-linux-gnuenabi-ar
$ export LD=arm-linux-gnuenabi-ld

Then we would need to download the source pre of the tcpdump application and libpcap as well.

Let’s build and compile libcap:

$ tar zxvf libpcap-1.4.0.tar.gz
$ cd libpcap-1.4.0
$  ./configure --host=arm-linux --with-pcap=linux ac_cv_linux_vers=2

Build tcpdump but wait to compile, you have to patch print-isakmp.c’s setprotoent() and endprotoent() functions which are not “supported” on android.

$ cd ../tcpdump-4.4.0
$ ./configure --build=i386-linux-gnu --host=arm-linux-gnueabi --with-pcap=linux ac_cv_linux_vers=2 –with-crypto=no
$ sed -i".bak" "s/setprotoent/\/\/setprotoent/g" print-isakmp.c
$ sed -i".bak" "s/endprotoent/\/\/endprotoent/g" print-isakmp.c
$ make

tcpdump is ready, let’s upload it onto the phone:

$ adb push tcpdump-4.4.0/tcpdump /data/local/

PS: If you get permission denied from the above command is because you need to change permission for the /data/local directory.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s