[solved] "Capture failed" for camera app, Screenshots missing and gallery app malfunction

Hi,

recently I had a problem where I could not take photos, screenshots and more.
Found a fix, thought to share it here.

Symptoms:

• try to take photos with camera app - error Capture failed - Restarting your device might fix the problem. (It didn't)
• Screenshots don't appear. After searching you will find them in ~/Screenshots instead of ~/Pictures/Screenshots
• Gallery is empty
• saving images via content hub, e.g. from the web browser, doesn't work

What I did to break it:

• connect phone via USB + MTP to a PC, backup content, delete Pictures and Videos folders to free storage
• use phone and forget about it, maybe reboot once or twice

Root of the problem:
I deleted the Picture and Video folder via MTP, so they were gone. It did not suffice to simple recreate them with mkdir or via the Files app, it'd still not work.
This was because the reboot has caused the respective entries in ~/.config/user-dirs.dirs to be changed. The entry on my device was XDG_PICTURES_DIR="$HOME/", which misses the trailing Pictures.
This causes AppArmor violation for the camera app. The screenshots have permission to the home folder, which causes those images to be written to he wrong folder.
This is known: https://askubuntu.com/questions/171263/where-can-i-find-the-pictures-music-downloads-folder-icons/171309#171309
Note: the folders are french in this answer and might differ to yours.

Fix:
Make sure the content ~/.config/user-dirs.dirs has correct paths depending on your language / locale. For EN:

XDG_DESKTOP_DIR="$HOME/Desktop"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/Templates"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_MUSIC_DIR="$HOME/Music"
XDG_PICTURES_DIR="$HOME/Pictures"
XDG_VIDEOS_DIR="$HOME/Videos"

and then make sure that all those folder actually exists, e.g. with
mkdir Videos Pictures Music Documents Public Templates Downloads Desktop && chmod 655 * && chown phablet:phablet * (untested command, should work)

Permanent fix proposal:

• The user should not be able to accidentally or unknowingly delete important folders, like me via MTP
• Check sanity of ~/.config/user-dirs.dirs upon reboot and show a warning / reset it to default when broken

Hope this helps somebody

Nice Work @kugiigi with the OSK of the current OTA! I really like it!

There is a new phone upcoming: the F(x)tec Pro 1
https://www.fxtec.com/pro1/
Shipping is said to start in october.

It has a physical Keyboard, unlocked bootloader, modern hardware and ships with Android 9, Lineage OS as well as Sailfish.
The physical keyboard would be extremely convenient when working with the terminal app and for libertine X11 apps.

Question: Does Sailfish ease the porting process for devices? E.g. with regards to drivers, HAL etc?

The Specs:

DESIGN
Dimensions: 154 x 73.6 x 13.98 mm

DISPLAY
5.99-inch 2160 x 1080 (FHD+) AMOLED with curved edges
Corning Gorilla Glass 3

KEYBOARD
Physical Keyboard layout: 5-row, 64-key, staggered, backlit, landscape QWERTY keyboard
Keyboard mechanism: sliding (angled)

MEMORY
RAM: 6GB LPDDR4
Storage: 128GB, expandable via microSD card up to 2TB

CAMERA
Front Camera: 8MP, fixed focus, f/2.0
Rear Cameras: 12MP (Sony IMX363), f/1.8, 1.4µm pixels + 5MP, fixed focus, f/2.0

VIDEO
Video: capture up to 4K @ 30fps, playback up to [email protected] (supports H264 (AVC), H265 (HEVC),VP9)

PROCESSOR
Qualcomm Snapdragon 835 MSM8998

NETWORK
Global LTE (FDD+TDD), WCDMA/UMTS, CDMA/EVDO, GSM/EDGE
Cellular Bands;
GSM: 2, 3, 5, 8
WCDMA: 1, 2, 4, 5, 8
CDMA/EVDO: BC0, BC1
TD-SCDMA: 34/39
TDD-LTE: 38/39/40/41(100mhz)
FDD-LTE: 1, 2/25, 3, 4, 5/26, 7, 8, 12/17, 13, 20, 28

CONNECTIVITY
WiFi: 802.11a/b/g/n/ac (WiFi 5)
Bluetooth: 5.0 + LE
NFC (supports Google Pay)
USB Type-C with HDMI support

BATTERY
3200 mAh
Talk time 10hrs
Standby time 480hrs
Quick Charge 3.0

SIM
Dual Nano SIM with microSD support (shared with SIM #2),
no SIM tool needed

CUSTOM APPLICATIONS
Landscape-optimized apps: launcher, calendar, email

SOUND
Speakers: dual, stereo
Audio connectivity: 3.5mm TRRS headphone Jack
FM Radio

NOTIFICATION
Flash: dual colour, dual LED
Notification light: Yes (RGB LED)

SENSORS
Fingerprint reader: Yes (side mounted)
GPS/A-GPS, Accelerometer, Magnetometer, Gyroscope, Proximity, Ambient Light, Hall effect

BUTTONS
Power/lock key, Volume rocker, 2-stage camera shutter key

OS
Android 9.0 Pie
Bootloader unlockable, supports other popular OS’s (Lineage, Sailfish etc)

What happens if you enter the url with HTTPS in the address bar of the web browser? Does it work or are there certificate errors?

Which is the donations account? Patreon is nice, but real donations are deductible

@UniSuperBox Very nice, thank you!

While searching for the right recovery to modify, I found the Canonicle documentation stating it is not on Launchpad [1]:

The upgrader will be run from the recovery partition. [...] Here is the source code for the recovery partition upgrader (it is not on Launchpad).

The link leads to [2]. This website does not exist anymore. Ubports does not have a frieza branch in the GIT repo [3]. So apparently the frieza recovery might have become unavailable. Am I wrong?

[1] https://wiki.ubuntu.com/ImageBasedUpgrades/Upgrader
[2] https://code-review.phablet.ubuntu.com/gitweb?p=CyanogenMod%2Fandroid_bootable_recovery.git;a=shortlog;h=refs%2Fheads%2Fphablet-4.4.2_r1
[3] https://github.com/ubports/android_bootable_recovery

I want to modify the recovery such that it mounts /data when it is encrypted.
Now, in the docs of Halium it reads:

You will also need to ensure the /data partition is formatted with ext4 and does not have any encryption on it.

https://docs.ubports.com/en/latest/porting/installing-16-04.html

This explicitly states that encryption must not be present. Why is that? Does the recovery lack the capabilities to use LUKS? Can I add this feature by building my own recovery?

@UniSuperBox said in How to safely testing a modifed recovery?:

Note that ubports/android_bootable_recovery is only used for the Oneplus One, Fairphone 2, and Nexus 5. Y

What is the Aquaris M10 FHD (frieza) using as recovery? "TWRP"?

Well, I got the support needed - so it fits

Hello together,

I would like to test changes to the recovery, found here: https://github.com/ubports/android_bootable_recovery/
Specifically I want to change some of the contained bash scripts.

How can I safely do this?
What do I need do pay attention to in order to avoid bricking my device?

With kind regards

@trainailleur said in Encryption and vpn:

but I'm not familiar with Ubuntu or Debian logon and screen-unlock security

Maybe those files are what you are looking for:
https://github.com/ubports/unity8/blob/xenial/qml/Components/PinLockscreen.qml
https://github.com/ubports/unity8/blob/xenial/qml/Components/Lockscreen.qml

Hello,

there are good news and new challenges.
My Aquaris M10 FHD now automatically mounts a LUKS volume at /home/phablet when booting, without the use of custom scripts.

I achieved this by creating the LUKS volume (based on your previous posts) in a ~3GB file /userdata/luksHome.img, then adding a file with random bytes /userdata/luksHome.key as cryptographic key.

An entry in /etc/crypttab uses this key to decrypt the volume, when the boot order triggers cryptdisk. The option _netdev is necessary, because otherwise /userdata isn't mounted when LUKS tries to access /userdata/luksHome.img. The original purpose of this option is to wait for network devices to start. noearly serves a similar purpose of skipping the first invokation of cryptdisk. We want the second one, where the other mounts are finished.

# <target name>	<source device>		<key file>	<options>
luksHome	/userdata/luksHome.img	/userdata/luksHome.key	luks,noearly,tries=1,_netdev

So now we have the LUKS as a device in /dev/mapper/luksHome, which we mount at /home/phablet.
Unfortunately, we cannot use /etc/fstab as it is created by dark magic (any info about it is appreciated!)
Therefore we append one line to /lib/init/fstab, which is a normal, non-magic file.
Note the _netdev option, otherwise you softbrick your device.

/dev/mapper/luksHome	/home/phablet	ext4	defaults,_netdev	0	0

Now to the challenges:

• Storing an unwrapped keyfile next to the cipher is as useless as no encryption at all. An acceptable solution for now would be using a passphrase, which the user must enter each time the device boots. The missing On Screen Keyboard and the Splash-Screen (which hides the passphrase prompt I assume) are obstacles for now. Maybe one can use a USB keyboard as a compromise?
• A second option is the keyscript feature of crypttab. This script is called by cryptdisk and returns the key. For example there is a keyscript which receives the key via UDP [1]. Nice would be a keyscript to unwrap a key file using a hardware token like YubiKey.
• Lastly, the biggest challenge: encrypting /home/phablet is not sufficient. There are more writable paths. At first I wondered why my wallpaper changes persisted reboots between encrypted <-> unencrypted mode. App (de)installations have persistent effects regardless is /home/phablet is the original folder or the mounted LUKS device, which should be impossible.
  My guess is that the bind mounts [2] from the /etc/fstab are the cause of trouble. They happen before /home/phablet is shadowed by the crypto mount. As a result, a bind like /opt/click.ubuntu.com always leads into the unencrypted folder.
  Maybe this can be fixed with mount orders. Or maybe the entire partition which gets mounted at /userdata should be encrypted. This way OTAs might still work afterwards. The very challenge is that we can't use /lib/init/fstab because this file is probably located inside the folders we want to encrypt.

What do you think? Do you know how we can receive a passphrase during boot time via user interaction?

@dobey

then brute force the wrapped passphrase for the encryption key, to eventually decrypt

You can brute force every cryptosystem (well, but the OTP). This is not an argument against using wrapped keys, but rather an argument for educating users about strong passphrases. Until we can use secure enclaves, TPMs, vein scanners or similar is a long, long way for UT. For now we need to just raise the base line to a reasonable minimum.
Our attacker model should not be nation-state, but rather the common MTP-/ADB-savy "finder" of your lost phone.

[1] https://github.com/basak/netkeyscript
[2] http://manpages.ubuntu.com/manpages/xenial/man5/writable-paths.5.html

Have a nice day!

I'd take one sticker, please

@domubpkm VPN is already integrated on a system-level in Ubuntu Touch. Unfortunately, tracking is not solely about cookies.

Cookies are the simplest way of tracking, but not the only one. Cookies behave like a name badge, which you can choose to wear or remove any time. Fingerprinting based on characteristics like canvas hashes or installed fonts are inherent to the environment of the browser and cannot be changed as easily. This is analogue to your physical appearance.
A person who has seen you before can recognize you again even if you have removed your name badge.

The group of people using UT is quite small already. User Agent combined with geo ip and screen resolution is probably already enough to distinguish you from every one else on earth.
In contrast, Apple hardware is very uniform: same hardware, same OS, few configuration options, only one browser engine.
The more diverse your browser is, the easier it is to track.

There are two countermeasures:

1. Camouflage the browser to be part of the largest, indistinguishable group of features. E.g. Behave like a desktop chromium. This rather difficult and a sufficiently motivated fingerprinter will probably circumvent this.
2. Detecting and blocking known fingerprinting mechanisms. E.g. @mariogrip uAdBlock can block domains which are known to collect such data. It would be lovely if we had domain-wise JavaScript whitelisting (like NoScript) available on Morph.

I just used ubports-installer to flash 16.04/rc onto the frieza, then resized the partition, then installed anbox using the doc.ubports.com tutorial. No success
@mariogrip How did you do it?

@arubislander So did I. Maybe boot is incorrect?

@honigwald I have the same problem. BQ Aquaris FHD (frieza).
Flashed the the kernel as shown at docs.ubports.com, but anbox-tool status says:

phablet@ubuntu-phablet:~$ anbox-tool status
Kernel: NOT OK
System: NOT FOUND
Enabled: NO
Running: NO

Prior to installing I grew the ubuntu.img / system.img to have enough space for apt on /.
Somehow the kernel does not get installed... Anyone has solved this?

Maybe this is relevant: I bought the Android version of the tablet - then installed UBports UT. Maybe this changes the boot partition / image?

This Usenix 2018 paper / talk presents an overview on tracking mechanisms and why anti-tracker plugins might make you more trackable.

Abstract/talk/slides:
https://www.usenix.org/conference/usenixsecurity18/presentation/vastel
Paper pdf:
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-vastel.pdf

Currently, the morph browser is very prone to tracking.
For example, check out the tracking test of the Electronic Frontier Foundation. It will tell you in detail, how unique your browser installation is, and why. You can run it in Morph private mode - doesn't really help.
https://panopticlick.eff.org/

How could be combat this? Should we?