DERBYCON 2013 – LIVING OFF THE LAND: A MINIMALIST’S GUIDE TO WINDOWS POST-EXPLOITATION – CHRISTOPHER CAMPBELL, MATTHEW GRAEBER
Back in the summer of 2012 I began reading about the Nexus 4. I had a lot of hope in this device due to the fact that Google is one of the most successful companies ever with Linux based devices. At the time I was still using my beloved Nokia N900 as my primary phone but I thought it was time to get something more powerful and more modern.
During the late summer of 2012, I decided to purchase a Nexus 7 as an experiment. I soon fell in love with this device due to the fact that it’s easy to root (I suggest that you use the Nexus 7 toolkit that is found on the XDA Developers forum). Also since it’s a Nexus device, it has a stock version of the Android OS and it can receive updates directly from Google instead of having to rely on a carrier for updates. This is one of the many reasons why I waited several months to purchase a Nexus 4.
On a side note, I strongly encourage you to root your Android device if you have the time, the know-how, and if you’re fastidious. Rooting your Android based device will unlock the full potential of it and you can potentially fix issues. (To root your Nexus 4, please see this.) There are many apps that even require root. For instance, there is StickMount. If your Android device pushes out 5 volts from the Micro-Usb port, you can connect a flash drive via an OTG cable. You can even connect a hard drive that may be NTFS or HFS, if you have Paragon exFAT, NTFS & HFS+ installed.
Sadly, while you can do this with a Nexus 7, the Nexus 4 does not support OTG. Originally on the Nexus 4 product page, Google had stated that the Nexus 4 supported OTG but later redacted this detail. I agree with others that this felt like a bait-and-switch tactic. This is especially annoying due to the fact that the Nexus 4 does not have a microSD card slot. However, this is not the only annoyance with this device.
I dearly love SSH. I thought it would be wonderful to have a secure shell server on my Nexus 4. I even purchased SSHDroidPro. (Which works well but stores your password in clear text in a file located at /data/data/berserker.android.apps.sshdroidpro/shared_prefs/preferences.xml). If the Nexus 4 is charging, I am able to connect to SSH with little to no problems. If the Nexus 4 is on battery power and if the screen is on I am able to connect to SSH with no problems or delay. However, the Nexus 4 with the stock Android firmware either 4.2.1 or 4.2.2 if the screen is off, I am unable to connect to SSH on my phone or even ping my phone. Ergo without any modifications, if the phone is idle and the screen is off my SSH server is practically useless.
I was really disappointed with this. I heard rumors that Android 4.2.2 was suppose to fix this issue, however it doesn’t. Fortunately, there are brilliant minds who use the XDA Developers forum. There is a *fix* for this issue but it’s not quite perfect. By it not being perfect, I mean that SSH is usable but there are big delays between keystrokes. In addition, to install this fix you must have root and a recovery manager (I advocate using TeamWin) which some Nexus 4 users may not be technically savvy enough to attempt.