Tag Archives: phone

FreeBSD Desktop – Part 20 – Configuration – Unlock Your Laptop with Phone

I really do not like the smart card ecosystem – probably because it will be a big PITA to setup such subsystem on FreeBSD to make it lock/unlock my laptop with a smart card – not to mention of it will be even possible because of probable lack of drivers for a laptop builtin smart card reader. I mention it because you can lock and unlock your laptop with such smart card in very fast way.

Some people use finger prints readers (for fast workstation/laptop unlock purpose) – but its the same case scenario as with smart card – the time needed to setup it properly. Not to mention that is not that fast anyway as I often see my colleagues swinging the finger over the fingerprint reader over and over again so it will finally work the 7th time …

… but you wan also lock and unlock your UNIX laptop with your phone – by just attaching it to your device – this is where the FreeBSD’s devd(8) subsystem come handy.

Today I will show you how to lock/unlock your laptop with your phone.

You may want to check other articles in the FreeBSD Desktop series on the FreeBSD Desktop – Global Page where you will find links to all episodes of the series along with table of contents for each episode’s contents.

Keep in mind that in order to make it work you need to attach the phone to laptop using cable that supports data transfer – it will not work with cables that only provide power for charging your phone.

Device Detection

First we need to detect what device will be your locker/unlocker.

Stop the devd(8) daemon.

# service devd stop
Stopping devd.
Waiting for PIDS: 71455.

Now start it in ‘foreground’ for debug purposes and then attach your phone. The command below with grep(1) will help you to find needed information.

# devd -d 2>&1 | grep --line-buffered 'Processing event' | grep --line-buffered DEVICE
Processing event '!system=USB subsystem=DEVICE type=ATTACH ugen=ugen2.3 cdev=ugen2.3 vendor=0x04e8 product=0x6860 devclass=0x00 devsubclass=0x00 sernum="31000e243eb5a12e" release=0x0400 mode=host port=2 parent=ugen2.2'

I have highlited the needed information.

Do not stop this process yet.

Now you know which device will be your locker/unlocker and what even the devd(8) daemon gets when you attach your phone.

Things to note hare are:

vendor=0x04e8
product=0x6860
sernum=31000e243eb5a12e

This data above is more then enough to unlock your workstation.

Now detach your phone from the computer. You will see the DETACH even similar to the one below.

Processing event '!system=USB subsystem=DEVICE type=DETACH ugen=ugen2.3 cdev=ugen2.3 vendor=0x04e8 product=0x6860 devclass=0x00 devsubclass=0x00 sernum="31000e243eb5a12e" release=0x0400 mode=host port=2 parent=ugen2.2'

Now you know the event that will be spawned when you detach your phone.

Stop the foreground devd(8) daemon and start the service traditionally.

# devd -d 2>&1 | grep --line-buffered 'Processing event' | grep --line-buffered DEVICE
Processing event '!system=USB subsystem=DEVICE type=ATTACH ugen=ugen2.3 cdev=ugen2.3 vendor=0x04e8 product=0x6860 devclass=0x00 devsubclass=0x00 sernum="31000e243eb5a12e" release=0x0400 mode=host port=2 parent=ugen2.2'
Processing event '!system=USB subsystem=DEVICE type=DETACH ugen=ugen2.3 cdev=ugen2.3 vendor=0x04e8 product=0x6860 devclass=0x00 devsubclass=0x00 sernum="31000e243eb5a12e" release=0x0400 mode=host port=2 parent=ugen2.2'
^C
# service devd start
Starting devd.

Commands for Events

Now, what action or command should be executed when you attach or detach your phone? That depends on which screen locker you are using on your X11 setup.

I for example use the mate-screensaver for this purpose.

The ATTACH event in my case would be to kill the current process mate-screensaver which will unlock the screen and then start it again for the next lock purposes – below is the command that I will run for the ATTACH event.

pkill -9 mate-screensaver && su -l vermaden -c 'env DISPLAY=:0 mate-screensaver' &

The DETACH event will be notifying the mate-screensaver to lock the screen – here is the command that will be used for that purpose.

su -l vermaden -c 'env DISPLAY=:0 mate-screensaver-command --lock' &

Implementation

Here is how the devd(8) config file for my phone would look like.

# cat /usr/local/etc/devd/phonelock.conf

# PHONE ATTACH - UNLOCK
notify 100 {
    match "system" "USB";
    match "subsystem" "DEVICE";
    match "type" "ATTACH";
    match "vendor" "0x04e8";
    match "product" "0x6860";
    match "sernum" "31000e243eb5a12e";
    action "pkill -9 mate-screensaver && su -l vermaden -c 'env DISPLAY=:0 mate-screensaver' &";
};

# PHONE DETACH - LOCK
notify 100 {
    match "system" "USB";
    match "subsystem" "DEVICE";
    match "type" "DETACH";
    match "vendor" "0x04e8";
    match "product" "0x6860";
    match "sernum" "31000e243eb5a12e";
    action "su -l vermaden -c 'env DISPLAY=:0 mate-screensaver-command --lock' &";
};

Now restart the devd(8) daemon so it will read new configuration files.

# service devd restart
Stopping devd.
Waiting for PIDS: 1458.
Starting devd.

Viola! Now you can lock and unlock your screen just by attaching or detaching your phone. I do not have any fancy video on how it behaves but you must trust me that is less then a second to lock and unlock the laptop now – be sure to keep and additional eye on your phone now, as it can unlock the access to all your files now πŸ™‚

You can of course use any USB device or even network actions – any event that is supported by the devd(8) daemon.

You can of course create such lock/unlock config when you attach/detach your phone and additionally configure power down action when you detach other USB device.

I forgot to mention it, that method does not disables the ‘classic’ password authentication – it just adds automatic screen lock/unlock when you attach your phone – you can still login (unlock) using just password on the mate-screensaver lock screen.

UPDATE 1 – Better devd Sniffing – Better Unlock Method

As oh5nxo from Reddit suggested its not needed to stop devd and start it in ‘debug’ mode – its easier just to attach to its ‘pipe’ with nc(1) tool.

# nc -U /var/run/devd.pipe

There is also no need to kill(1) the mate-screensaver command, its more elegant to just send the mate-screensaver-command --unlock command.

Below is the updated /usr/local/etc/devd/phonelock.conf config file for the devd(8) daemon.

# cat /usr/local/etc/devd/phonelock.conf

# PHONE ATTACH - UNLOCK
notify 100 {
    match "system" "USB";
    match "subsystem" "DEVICE";
    match "type" "ATTACH";
    match "vendor" "0x04e8";
    match "product" "0x6860";
    match "sernum" "33000e343fb4a42d";
    action "su -l vermaden -c 'env DISPLAY=:0 mate-screensaver-command --unlock' &";
};

# PHONE DETACH - LOCK
notify 100 {
    match "system" "USB";
    match "subsystem" "DEVICE";
    match "type" "DETACH";
    match "vendor" "0x04e8";
    match "product" "0x6860";
    match "sernum" "33000e343fb4a42d";
    action "su -l vermaden -c 'env DISPLAY=:0 mate-screensaver-command --lock' &";
};

EOF

Setup Android When Its Not Your Phone

I have read many guides about perfect phone for a sysadmin or a programmer. They often assumed that I would get exact phone model (some recommended latest one, someΒ recommended old phone known to work reliably) then root it and put some custom ROM on it, let it be MIUI or Copperhead OS for security.

Most of these guides are actually valuable but they all fail when they are applied to phone that is only lend to you. You can not put a custom ROM on it. You can not root it. You can not even pick the model you get.

You are left with the stock options. The Android settings themselves, the wallpaper and lock screen settings, maybe add or remove/disable some apps if policy allows that.

Today I will share my experiences on how to setup your Android phone when it’s not your phone. When there are some strings attached with it and its required that you will have to keep it ready to use for the work purposes.

Initial Setup

When you setup such phone it ‘requires’ you to accept dozen EULA and other agreements just to start using you phone. Be very alert and agree only for the ones that are required to make that Next button work. No metadata sharing for reliability, no usage patterns sharing for making the product better. Always remember that if something is for free then you are the product. Your data, metadata and ‘noise’ that you generate is the bill here.

Do not connect to any wireless (WiFi) network or allow connection to the WWAN network (mobile data). You will enable them later when proper permissions would be set on applications.

I get the impression that I had to select everything inversely. For most of the setup process if something was selected I had to deselect it and valuable options to not do many useless things were not selected.

Main Screen

After you will see the main screen for the first time it definitely has some useless power draining widgets enabled and has the most useless icons/apps placed.

For example I disable huge widget on the first desktop.

android-widget

First go to Settings > Connections and disable all connectivity, WiFi, mobile data, Bluetooth, NFC, KFC and WTF. Everything.

android-connections

Then go to Settings > Apps and remove/disable everything that you would not use or everything that is not allowed to use by the company policy like Facebook, Google Drive, etc. I will not use Office OneNote or Gmail so I also disabled them. I also revoked all permissions from these apps.

android-apps-disabled

Β 

As you will finish with the removal we will now revoke permissions from apps that so not need them like Google Play Services. I also disabled permission for notifications for most apps so they will not disturb me in the future.

android-apps-permissions

Β 

For the apps that are not on the desktop but are left in the Apps place I gathered the most useless ones in the directory so all Apps that are still on the phone fit on one screen so I do not have to switch between screens.

android-apps

Desktop

You will need black wallpaper for the desktop and lock screen to save battery time. How to get one? Just type BACK BLACK in DuckDuckGo Images and pick the one that is entirely black. You may also prepare one by yourself of course.

Next, remove all unneeded icons/apps from the desktop and put the useful ones. Also remove unused desktops and widgets.

android-desktop-only-one

Β 

I wanted to change icon theme to something more dark and toned instead of the default circus but that would require me to accept another enormous Samsung EULA, so I passed with the default circus one.

The lock screen is also clean am black.

android-lock-screen

Keyboard

To setup the keyboard I added my native language to the spell check and I also configured what special chars appear after I hit the dot button. You only have 10 slots so pick wisely : ) I do not remember if Swipe option for the keyboard was enabled bit I sometimes use it when typing so I left it in enabled state.

android-keyboard

Β 

Drop Down Console … Bar

I also configured the dropdown bar with only useful icons. This ROM had 6 slots on the dropdown bar so everything needed fits nicely.

android-bar

Battery

After such configuration the phone runtime is very long. For example with 60% of the battery capacity and Medium level Battery Saver enabled it will still allow me to use it for about 40 hours. Not bad.

android-battery

Other

From the other setting I enabled the Blue Light Filter so the phone screen would mess less with my Circadian Rhythm.

I also configured Wireless Hotspot so next time my laptop will need it – it will be ready.

I did not configured Play Store as I do not need any additional Google connection, if any app is needed the APK are available. The only APK I added was latest Firefox browser. Of course you need to allow (at least one time) installation from unknown sources.

I also picked up some less annoying sounds for incoming call and for notifications. I also disabled sounds and vibration (so called touch feedback) so the phone will not emit annoying sounds with every touch and will save battery instead of playing and vibrating.

The entire configuration process took about 2 hours.

Model and Version

I deliberately did not specified what phone model I used for the purposes of this article because it does not matter. If you read this article then you will probably get other model.

Same for Android version. It’s not detailed Android setup guide for the Android version that came with this phone. It’s a general setup guide for the ones that need to work with foreign owner phone.

Single Finger Writer

It may be worth mentioning that I wrote that entire article using that phone. I wanted to check what annoyances will occur when something desktop/laptop oriented will be forced to do on the phone. I must admit the experience was not that terrible. Of course I will choose my FreeBSD laptop anytime over phone but as I typed the article on the phone itself more and more thoughts about the phone came naturally. If I would use laptop for that then many of these small quirks would be lost.

Also writing this article on the phone took about 15% of its battery including taking the screenshots.

android-writing-01

android-writing-02

EOF