Setting a package as Device Administrator with StageNow, reversing the DevAdmin class name

I had to perform a simple task recently: set up the Battery Swap application on out TC51 as a Device Administrator, so that it can do its battery swapping preparations correctly (for some reason it’s not set up as such by default). MX and StageNow allow this via the DevMgr CSP. But that CSP requires Package Name and Class Name. Let’s find out and do some more package dumping for fun and profit!



Calling Android Settings pages programmatically during Staging

In quite a few situations we need the user to input specific data during device Staging. For instance, I have been doing a job for a customer, requiring a PIN code pre-set on the device, when it comes back from repairs. This PIN code can only be set programmatically by Device Administrator class app (or MDM agent, which usually registers as one). Given the circumstances, this was not an option.

Normally, this means that you’d have to provide instruction containing lots of “tap this” and “skip that” as well as lots of screenshots to ensure that there is no way the user will be lost. However, this approach is error prone and time consuming. And for repair loop operations this means $$$. Wouldn’t it be better to just scan a barcode? But how?

Each page of the Settings app in an Activity. Thus, we can write an intent to pop it up. StageNow (via MX) allows us to run intents. The question is, how do we find, which data to populate the intent with? Let’s find out!


WING5 CLI Tip: Running config at-a-glance

Often you have to deal with existing AP/Controller and need to understand what’s configured on it. Of course, you can click 100500 times in the GUI all over the place, or read through 20+ pages of “show run” output (those who’ve been to my WING5 training should remember the little space-bar-thrashing exercise). For instance, the full config dump for the WING5 class is about 21KB ~= 29 pages.

Or you can do this to quickly :

mywing5device>sh run | include ^\\w

and get this:

version 2.1
ip access-list fw-acl-full
ip access-list fw-acl-limited
ip access-list fw-acl-verylimited
mac access-list 12-block-mint
mac access-list PERMIT-ARP-AND-IPv4
mac access-list l2-block-mint
firewall-policy default
firewall-policy lab-fw-wips
role-policy lab-rolepol
mint-policy global-default
wlan-qos-policy default
radio-qos-policy default
aaa-policy lab-aaapol
captive-portal lab-hotspot
wlan team6-eap
wlan team6-hotspot
wlan team6-psk1
wlan team6-psk2
smart-rf-policy lab-smartrf
wips-policy lab-wips-basic
advanced-wips-policy lab-wips-adv
auto-provisioning-policy lab-autopolicy
radius-group radgroup-fullusers
radius-group radgrp-hotspot
radius-user-pool-policy lab-radpool
radius-server-policy lab-radius
dhcp-server-policy ADSPLAB
dhcp-server-policy RFS2
management-policy default
management-policy lab-mgmt
l2tpv3 policy default
profile rfs4000 default-rfs4000
profile rfs4000 lab-rfs4000
profile ap71xx lab-7131
profile ap650 default-ap650
profile ap650 lab-ap650
profile ap6521 lab-6521
profile ap621 lab-621
rf-domain default
rf-domain lab-rfdomain
rfs4000 5C-0E-8B-1B-9B-44
ap650 5C-0E-8B-98-C5-44
ap6521 5C-0E-8B-E8-31-68
ap621 5C-0E-8B-97-C2-48
ap621 5C-0E-8B-97-DA-AA

Now you can see all the configured rf-domains, profiles, policies, ACLs, WLANs, devices etc in a nice quick overview.

Since WiNG5 controller contains the configuration for the entire network this thing can be very helpful – try fishing this out of the full dump when you have several hundred sites and thousands of devices!

<IMHO>Overall, the way the distributed configuration and reporting is implemented in WiNG5, and how many cool shortcuts and features are available for mass management/deployment/troubleshooting, deserves a dedicated series of articles. After I really don’t want to go back to previous generation UIs</IMHO>

So, what really happened?

show run… |include <regexp> only shows lines that include regexp.

The config (i.e. “pure” show run) looks like this (note the indentations):

! <header>
<section X>
<section Y>

Thus, essentially, we need to only show the lines that don’t have space or ‘!’ at the beginning to get all the section names. Alternatively, we could just say, that the line should begin with a letter.

The regexp for “letter” is ‘\w‘. The regexp for “line begins with” is ‘^‘. Thus we get ‘^\w‘ –  “begins with a letter“. However, because we’re using a backslash in the CLI, we need to escape it with another backslash, hence ‘^\\w‘. This is it!

P.S. Two pages on text to describe a one-liner… Was there a shorter way? What do you think?

Should I attempt to uninstall Android bloatware? Android storage explained (or part of it)

There is a significant number of posts on the internet regarding how people hate bloatware that comes bundled with their devices, how it eats at their precious internal storage space and how they would want to uninstall it (which is impossible w/o rooting your device). While I agree with one’s right to hate the bloatware, everything else is a delusion. Let’s take a look.


How Android measures WLAN signal strength

Ever wondered how Android decides how many bars to show in the WLAN indicator? (Well, the “bars” are gone, but there’s still exactly the same number of levels) While going through Android source code  I’ve found this:


* RSSI levels as used by notification icon
* Level 4  -55 <= RSSI
* Level 3  -66 <= RSSI < -55
* Level 2  -77 <= RSSI < -67
* Level 1  -88 <= RSSI < -78
* Level 0         RSSI < -88


/** Anything worse than or equal to this will show 0 bars. */
private static final int MIN_RSSI = -100;

/** Anything better than or equal to this will show the max bars. */
private static final int MAX_RSSI = -55;

So, now you know! Of course, vendors may change these values, but let’s hope they don’t! 🙂

Why is this important? This the basis of Android’s Poor Link Detection Watchdog – the thing that causes your WLAN clients to switch to another WLAN profile or to WWAN entirely when you least expect it. But I haven’t grok’d all the code yet. Stay tuned…