Android : How to remove “captive portal” detection on android 4.2.2 and 4.3

When Samsung pushed it’s new version of android (4.3), I felt frustrated.

I spent some time working on a small “autologin” application that was downloaded by more than 3000 users on playstore – and the modification they brought broke the logic behind the “autologin” mechanism.

OK – What were those adaptations…  I did not have a clue…  So, I remembered the famous motto from Luke Skywalker : use the Code, Luke ! and downloaded Android code from google website (2 gigabytes !) – you can find them on source.android.com.

Finding the faulty code was not very hard, after all : you just have to look for some strings in the UI, and find&grep it in the whole source code (strings are stored in XML files).

For example :

find . -type f -name “*.xml”|while read f; do grep -l “Wi-Fi networks” $f;done

grindgrindgrind and you get a list of xml files containing the string “Wi-Fi networks”.

By using this method on XML and java files, I finally found out the guilty class : the naughty beast is called “CaptivePortalTracker.java”

The source code contains a method named “isCaptivePortal” which begins with the lines :


private boolean isCaptivePortal(InetAddress server) {
...
if(!mIsCaptivePortalCheckEnabled) return false;
...

So there seems to be a possibility (by changing the mIsCaptivePortalCheckEnabled) to bypass the captive portal detection.

mIsCaptivePortal is linked to a global parameter named “CAPTIVE_PORTAL_DETECTION_ENABLED” – which is just a string (“captive_portal_detection_enabled”).

I found out on this page how to change global parameters… Unfortunately I needed root access on my device – and this appeared more difficult than expected – mostly because most tutorials are “kitchen recipes” specific to one device or one firmware version…

I won’t recommend to flash rom with “Odin” as this crashed my device (I had to reflash the factory *.tar.md5 from sammobile.com). Apparently 4.3 firmware is harder to root than its predecessors.

But it was perfectly feasable without windows and odin.  Google SDK (adb) and the appropriate rooting app are sufficient.  Here is how I proceeded.

Download SafeRoot&Disable_KNOX.zip (follow this link, full instructions from this site)

Extract everything to some working directory, and type manually the commands listed in the *.bat file :


adb push getroot /data/local/tmp/
adb shell chmod 755 /data/local/tmp/getroot
adb push su /data/local/tmp/
adb push Superuser.apk /data/local/tmp/
adb push install-recovery.sh /data/local/tmp/
adb push busybox /data/local/tmp/
adb shell chmod 755 /data/local/tmp/busybox
adb shell /data/local/tmp/getroot

Then it is easy to retrieve the DB file and to adapt it – here is how I proceeded :

./adb shell # enter the local shell

su # get the root privileges

cp /data/data/com.android.providers.settings/databases/settings.db /data/local/tmp # copy the settings database to a user readable directory

chmod 666 /data/local/tmp/settings.db #make it readable for normal user

now exit the shell (twice CTRL-D)

./adb pull /data/local/tmp/settings.db # copy the db to your local machine

sqlite3 settings.db # enter sqlite3 command line nb – apt-get install sqlite3 if it is not installed on your linux box

insert into global values (null,’captive_portal_detection_enabled’,’0″); — This will artificially set the parameter “captive_portal_detect” to Zero, hence desactivating this needless feature.

Exit sqlite3 (twice CTRL-D)

Now, replace the file “settings.db” on place in the device – don’t forget to chown and chmod it to appropriate values (file owned by system:system, and chmoded 660), reboot your device and…

NO MORE CAPTIVE PORTAL DETECTION

You know what ?  I’m happy !

… last edit – It seems that replacing the DB file is sometimes not sufficient.  I think that the settings.db is probably kept open by some process.  I obtained better results by moving the original file to some dummy name, copy back the renamed file to settings.db, and edit the file locally on the device  (I stole a sqlite executable on an android simulator)

Advertisements

5 thoughts on “Android : How to remove “captive portal” detection on android 4.2.2 and 4.3

  1. Great info, but a simpler way without the hassle is::

    open a terminal
    su -c
    settings global captive_portal_detection_enabled 0

    cheers!

  2. Hello,
    When you downloaded the source did you have to build it or did you just download and search through the source? On the US versions of the Samsung Galaxy S3 it looks like the carrier, or Samsung disabled the native Sip settings in the dialer. I want to do a search similar to how you did to see if it can be enabled.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s