Willie169 Android Non Root

Android Non Root

Android Non Root has three versions:

In this tutorial, we'll explore a range of powerful, open-source tools such as Termux, Shizuku, Tor, TrackerControl, InviZible Pro, QEMU, and Andronix to enhance your Android device’s functionality, security, privacy, and customization without the need for root access.

Please read the Global Note before you start or you may encounter errors.

Table of Contents

Author Information

The author of this tutorial is Willie169 (Willie Shen).

If for whatever reason you want to send me money, here are where you may do so:

Global Note

Many sections of the tutorial mention Termux and Linux. Read the tutorial about them in Termux: A Powerful Terminal Emulation with an Extensive Linux Package Collection, Termux Graphical Environment with VNC Server, and Fluxbox or Openbox Windows Manager or XFCE, LXQt, or MATE Desktop Environment, File and Directory Management of Termux and Linux, OpenSSH with Linux or Termux: Secure Remote Access, Linux Command Library, and Linux and Termux Odds and Ends.

Termux: A Powerful Terminal Emulation with an Extensive Linux Package Collection

Install Termux

Introduction of Termux

Official Wiki and Community of Termux

Termux App User Interface

Shortcuts

The following are some of the shortcuts commonly used in the terminal, and they also work in Ter­mux. The volume plus button (abbreviated to Volume below) can be used as a special key to generate a specific input, which can be roughly understood as the Fn key on a laptop.

Grant Termux Storage Permission

Run the following command Termux:

termux-setup-storage

and tap Allow.
Many processes mentioned in this tutorial need Termux to have this permission.

Termux-Properties

You can edit properties of Termux by:

nano ~/.termux/termux-properties

Properties can be changed including default-working-directory, allow-external-apps, volume-keys, etc.

Termux pkg Package Management

pkg is a tool for managing apt packages.
Usage: pkg [--check-mirror] command [arguments].

Text Editor: Nano and Vim

Nano and Vim are both text editors used in Unix-like operating systems.

Nano

Install:

apt install nano

Nano is a simple, user-friendly text editor designed for ease of use.

Vim

Vim (Vi IMproved) is a highly configurable and powerful text editor, which is an enhanced version of the original Vi editor. It is favored by experienced users and programmers.

Package Command Error

Termux had to move the primary Termux package repository hosting from Bintray to Fosshost since Bintray shut down on May 1st, 2021 which created problems for users while running package installation and update commands with pkg or apt and their commands would fail with errors similar to the following:

E: The repository 'https://termux.org/packages stable Release' does no longer have a Release file.
N: Metadata integrity can't be verified, repository is disabled now.
N: Possible cause: repository is under maintenance or down (wrong sources.list URL?).

E: The repository 'https://dl.bintray.com/grimler/game-packages-24 games Release' does not have a Release file.
N: Metadata integrity can't be verified, repository is disabled now.
N: Possible cause: repository is under maintenance or down (wrong sources.list URL?).

E: The repository 'https://science.termux-mirror.ml science Release' does not have a Release file.
N: Metadata integrity can't be verified, repository is disabled now.
N: Possible cause: repository is under maintenance or down (wrong sources.list URL?).

Command Solution

E: Repository 'https://grimler.se/termux-root-packages-24 root InRelease' changed its 'Origin' value from 'Bintray' to 'termux-root-packages-24 root'  
E: Repository 'https://grimler.se/termux-root-packages-24 root InRelease' changed its 'Label' value from 'Bintray' to 'termux-root-packages-24 root'  
N: This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details.  
Do you want to accept these changes and continue updating from this repository? [y/N]


, then accept them by typing y.

Manual Solution

Further Readings and References about Package Command Error

Process completed (signal 9) - press Enter Error

Some Android OS will kill any (phantom) processes greater than 32 (limit is for all apps combined) and also kill any processes using excessive CPU. You may get Process completed (signal 9) - press Enter message in the terminal without actually exiting the shell process yourself. Here is the guide of how to turn it off.

Fix for Stock Android 12L and beyond

Fix for QEMs like OneUI, MiUi, Samsung, etc. and other non-stock Android 12L and beyond

/system/bin/device_config set_sync_disabled_for_tests persistent  
/system/bin/device_config put activity_manager max_phantom_processes 2147483647  
settings put global settings_enable_monitor_phantom_procs false  

/system/bin/dumpsys activity settings | grep max_phantom_processes  
/system/bin/device_config get activity_manager max_phantom_processes  

/system/bin/device_config set_sync_disabled_for_tests none; /system/bin/device_config put activity_manager max_phantom_processes 32  
settings put global settings_enable_monitor_phantom_procs true

Further Readings and References about Process completed (signal 9) - press Enter error

Termux Graphical Environment with VNC Server, and Fluxbox or Openbox Windows Manager or XFCE, LXQt, or MATE Desktop Environment

Enable the X11 Repository of Termux

X11 packages are available in a separate APT repository. You can enable it by running the following command:

pkg install x11-repo

It will automatically add appropriate sources.list file and PGP key.
You can disable this repository by running the following command:

pkg uninstall x11-repo

VNC Server in Termux

In this section, you will learn how to set up a VNC server in Termux for graphical output.

Install TigerVNC

pkg install tigervnc

Start a VNC Server

Not specifying port:

vncserver -localhost

VNC server will start on unused port with the smallest positive integer number, like localhost:1 if port 1 is not used.
Specifying port:

vncserver :1

VNC server will start on the port you specified.
Specifying resolution:

vncserver :1 -geometry 1920x1080

You can specify resolution with -geometry.
At first time, you will be prompted for setting up passwords:

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? n

Note that passwords are not visible when you are typing them and maximal password length is 8 characters.
If everything is okay, you will see this message:

New 'localhost:1 ()' desktop is localhost:1

Creating default startup script /data/data/com.termux/files/home/.vnc/xstartup
Creating default config /data/data/com.termux/files/home/.vnc/config
Starting applications specified in /data/data/com.termux/files/home/.vnc/xstartup
Log file is /data/data/com.termux/files/home/.vnc/localhost:1.log

It means that the server is available on display localhost:1.
To make programs do graphical output to the display localhost:1, set environment variable like shown here (yes, without specifying localhost):

export DISPLAY=":1"

You may even put this variable to your bashrc or profile so you don't have to always set it manually unless display address will be changed.
Connect to the VNC server from a VNC viewer to view the output, you will not see anything except your mouse pointer if no windows manager or desktop environment is started.

Kill All VNC Servers

vncserver -kill localhost:1

Change the port with the actual port your VNC server started on.

Fluxbox in Termux

Install Fluxbox

pkg install fluxbox

Setup

nano ~/.vnc/xstartup

Copy below command and paste to it:

#!/data/data/com.termux/files/usr/bin/sh

## Fluxbox desktop.

# Generate menu.
fluxbox-generate_menu

# Start fluxbox.
fluxbox &

Fluxbox will start automatically on VNC server startup.

Openbox in Termux

Install Openbox

pkg install openbox pypanel xorg-xsetroot

Setup

nano ~/.vnc/xstartup

Copy below command and paste to it:

#!/data/data/com.termux/files/usr/bin/sh

# Start Openbox.
openbox-session &

Don't put any else command to the file ~/.vnc/xstartup but only the lines shown above since Openbox has its own autostart script, which is located at ${PREFIX}/etc/xdg/openbox/autostart.

nano ~/etc/xdg/openbox/autostart

Copy below command and paste to it:

# Make background gray.
xsetroot -solid gray

# Launch PyPanel.
pypanel &

Openbox will start automatically on VNC server startup.

XFCE in Termux

Install XFCE

pkg install xfce4

Setup

nano ~/.vnc/xstartup

Copy below command and paste to it:

#!/data/data/com.termux/files/usr/bin/sh
xfce4-session &

Don't put any other command to the file ~/.vnc/xstartup but only the lines shown above.
XFCE will start automatically on VNC server startup.

LXQt in Termux

Install LXQt

pkg install lxqt

Setup

nano ~/.vnc/xstartup

Copy below command and paste to it:

#!/data/data/com.termux/files/usr/bin/sh
startlxqt &

Don't put any other command to the file ~/.vnc/xstartup but only the lines shown above.
LXQt will start automatically on VNC server startup.

MATE in Termux

Install MATE

pkg install mate-* marco

Setup

nano ~/.vnc/xstartup

Copy below command and paste to it:

#!/data/data/com.termux/files/usr/bin/sh
mate-session &

Don't put any other command to the file ~/.vnc/xstartup but only the lines shown above.
MATE will start automatically on VNC server startup.

Further Readings and References about Termux Graphical Environment

Andronix with Termux: Install Linux Distributions in Termux on Non-Rooted Android Devices

Install Andronix from Google Play: https://play.google.com/store/apps/details?id=studio.com.techriz.andronix.

Introduction of Andronix and PRoot

Install an OS with Andronix

Uninstall an OS (Not Modded) with Andronix

Sound Output from PRoot OS

Install and Setup Sound Output from PRoot OS

Run the following command in Termux (Not inside Linux):

pkg install wget && wget https://andronixos.sfo2.cdn.digitaloceanspaces.com/OS-Files/setup-audio.sh && chmod +x setup-audio.sh && ./setup-audio.sh

Start PulseAudio Server

pulseaudio --start

Example: Debian with XFCE Desktop Environment

Install Debian with XFCE

pkg update -y && pkg install wget curl proot tar -y && wget https://raw.githubusercontent.com/AndronixApp/AndronixOrigin/master/Installer/Debian/debian-xfce.sh -O debian-xfce.sh && chmod +x debian-xfce.sh &&  bash debian-xfce.sh

The file directory of the Debian OS will be debian-fs. You can read, write, and execute files in it both in Termux or in the Debian OS.

Turn on the OS (CLI)

./start-debian.sh

VNC Server

Example: Debian with CLI Only

Install Debian

pkg update -y && pkg install wget curl proot tar -y && wget https://raw.githubusercontent.com/AndronixApp/AndronixOrigin/master/Installer/Debian/debian.sh -O debian.sh && chmod +x debian.sh && bash debian.sh

The file directory of the Debian OS will be debian-fs. You can read, write, and execute files in it both in Termux or in the Debian OS.

Turn on the OS (CLI)

./start-debian.sh

Example: Uninstall Debian OS (Not Modded)

wget https://raw.githubusercontent.com/AndronixApp/AndronixOrigin/master/Uninstall/Debian/UNI-debian.sh && chmod +x UNI-debian.sh && bash UNI-debian.sh

QEMU System Emulation with Termux: Full System Emulation of Multiple CPU Architectures and Operating Systems with ISO Image Method or QCOW2 Cloud Image

Install QEMU

Run the following command in Termux:

pkg install qemu-system-x86_64 qemu-utils qemu-common openssl

ISO Image method

This method is more customizable but may encounter some issues like GRUB menu not showing on CLI or stuck at 79% or 83% of the installation of the base system. Use qcow2 cloud image method if you don't prepare to solve these problems. This tutorial assumes no such problems are encounter.
It is recommended to get started with Ubuntu or Debian if you are overwhelmed by the options.

Prepare the ISO Image

Prepare the ISO image. Here takes Debian AMD64 for example. Change the URL to the download link of the ISO image you want or cp or mv the ISO image you want to the directory you want.

wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso

Create a Virtual Disk Image Where the Operating System Will Be Installed

qemu-img create -f qcow2 debian_amd64.qcow2 20G

Change the debian_amd64.qcow2 to the file name you want. 20G indicates 20GB disk image. You can adjust the size as needed.

Install VM with CLI

nano install-qemu.sh

Copy below command and paste to it:

qemu-system-x86_64 -machine q35 

-drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd 

-m 2G 

-accel tcg,thread=multi 

-smp sockets=1,cores=4,threads=1 

-cpu qemu64 

-vga std 

-netdev user,id=n1,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 

-device intel-hda 

-device qemu-xhci 

-boot d 

-boot menu=on 

-drive file=debian_amd64.qcow2 

-nographic 

-serial mon:stdio 

-display none 

-cdrom ~/debian-12.7.0-amd64-DVD-1.iso

Adjust hostfwd as needed. In the above command, tcp specifies the TCP protocol for the forwarding rule, ::2222 indicates that on the host machine, TCP connections to port 2222 will be forwarded, and -:22 indicates that these connections will be forwarded to port 22 (the default SSH port) on the guest virtual machine. Change the debian_amd64.qcow2 to the real file name. Change the debian-12.7.0-amd64-netinst.iso to the real ISO path. 20G indicates 20GB disk image. You can adjust the size as needed.
Make it executable:

chmod +x install-qemu.sh

Run it:

./install-qemu.sh

Follow the screen guide to install.

Install VM with GUI

nano install-qemu.sh

Copy below command and paste to it:

qemu-system-x86_64 -machine q35 

-drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd 

-m 2G 

-accel tcg,thread=multi 

-smp sockets=1,cores=4,threads=1 

-cpu qemu64 

-vga std 

-netdev user,id=n1,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 

-device intel-hda 

-device usb-tablet 

-boot menu=on 

-drive file=debian_amd64.qcow2 

--vnc :0 

-cdrom ~/debian-12.7.0-amd64-netinst.iso

Adjust hostfwd as needed. Change the debian_amd64.qcow2 to the real file name. Change the debian-12.7.0-amd64-netinst.iso to the real ISO path. 20G indicates 20GB disk image. You can adjust the size as needed. Change the numerical value after --vnc : to the port you want to use.
Make it executable:

chmod +x install-qemu.sh

Run it:

./install-qemu.sh

Connect to the VNC server from a VNC viewer and follow the screen guide on the VNC viewer to install.

Boot VM with CLI

nano qemu-cli.sh

Copy below command and paste to it:

qemu-system-x86_64 -machine q35 

-drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd 

-m 2G 

-accel tcg,thread=multi 

-smp sockets=1,cores=4,threads=1 

-cpu qemu64 

-vga std 

-netdev user,id=n1,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 

-device intel-hda 

-device usb-tablet 

-boot menu=on 

-drive file=debian_amd64.qcow2 

-serial mon:stdio 

-display none

Adjust hostfwd as needed. Change the debian_amd64.qcow2 to the real file name. 20G indicates 20GB disk image. You can adjust the size as needed.
Make it executable:

chmod +x qemu-cli.sh

Run it to boot the VM with CLI:

./qemu-cli.sh

Boot with GUI

nano qemu-gui.sh

Copy below command and paste to it:

qemu-system-x86_64 -machine q35 

-drive if=pflash,format=raw,read-only=on,file=$PREFIX/share/qemu/edk2-x86_64-code.fd 

-m 2G 

-accel tcg,thread=multi 

-smp sockets=1,cores=4,threads=1 

-cpu qemu64 

-vga std 

-netdev user,id=n1,hostfwd=tcp::2222-:22 -device virtio-net,netdev=n1 

-device intel-hda 

-device usb-tablet 

-boot menu=on 

-drive file=debian_amd64.qcow2 

--vnc :0

Adjust hostfwd as needed. Change the debian_amd64.qcow2 to the real file name. 20G indicates 20GB disk image. You can adjust the size as needed. Change the numerical value after --vnc : to the port you want to use.
Make it executable:

chmod +x qemu-cli.sh

Run it to boot the VM with GUI:

./qemu-gui.sh

Connect to the VNC server from a VNC viewer.

QCOW2 Image Method

This method is more easy but less customizable.
It is recommended to get started with Ubuntu or Debian if you are overwhelmed by the options.

Prepare the QCOW2 Image

Prepare the qcow2 image. Here takes Debian AMD64 qcow2 cloud image for example. Change the URL to the download link of the qcow2 image you want or cp or mv the qcow2 image you want to the directory you want.

wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-nocloud-amd64.qcow2

Boot with CLI

nano qemu-cli.sh

Copy below command and paste to it:

qemu-system-x86_64 -m 2G 

-drive file=debian-12-nocloud-amd64.qcow2,format=qcow2 

-nographic 

-serial mon:stdio 

-display none 

-netdev user,id=net0,hostfwd=tcp::2222-:22 

-device e1000,netdev=net0

Change the debian-12-nocloud-amd64.qcow2 to the real file name. 20G indicates 20GB disk image. You can adjust the size as needed. Adjust hostfwd as needed.
Make it executable:

chmod +x qemu-cli.sh

Run it to boot the VM with CLI:

./qemu-cli.sh

Boot with GUI

nano qemu-gui.sh

Copy below command and paste to it:

qemu-system-x86_64 -m 2G 

-drive file=debian-12-nocloud-amd64.qcow2,format=qcow2 

-vnc :0
-netdev user,id=net0,hostfwd=tcp::2222-:22 

-device e1000,netdev=net0

Change debian-12-nocloud-amd64.qcow2 to the real file name. 20G indicates 20GB disk image. You can adjust the size as needed. Change the numerical value after --vnc : to the port you want to use. Adjust hostfwd as needed.
Make it executable:

chmod +x qemu-cli.sh

Run it to boot the VM with GUI:

./qemu-gui.sh

Connect to the VNC server from a VNC viewer.

Window Managers or Desktop Environments

You can install a window manager such as Fluxbox or Openbox, or desktop environment such as XFCE, LXQt, or MATE for your GUI.

Login

When you see something similar to the below in the VM:

Debian GNU/Linux 12 localhost ttyS0

localhost login:

In the first time, type root and you will be logged in without a password.
You can set password latter by:

passwd

The password should be at least 4 letters long.
If you don't want to set a password, just type root and you will be logged in without a password every time.

Resize Disk Space

In Termux (outside VM), run:

qemu-img resize debian-12-nocloud-amd64.qcow2 +30G

Change debian-12-nocloud-amd64.qcow2 to the real file name. +30G indicates increasing 30GB disk image. You can adjust the size as needed.
Inside VM, run:

sudo apt update
sudo apt install parted e2fsprogs
sudo parted /dev/sda
print
fix
resizepart 1 100%
quit
sudo resize2fs /dev/sda1

Check Image Info

In Termux (outside VM), run:

qemu-img info debian-12-nocloud-amd64.qcow2

Change debian-12-nocloud-amd64.qcow2 to the real file name.

Check VM Disk

Inside VM, run:

df -h

and for partition, run:

lsblk

OpenSSH

You can start a SSH server in QEMU VM and start a client in another Termux session with openssh.

Further Readings and References about QEMU

AVNC: A VNC Client for Android

Install AVNC

You can install AVNC from F-Droid: https://f-droid.org/packages/com.gaurav.avnc/.

Connect a VNC Server

Features of AVNC

Shizuku, SystemUI Tuner, and aShell: Use Local ADB of Android Device on Terminals Such as Termux without Another Device with Shizuku, Leave Developer Options off When Doing So with SystemUI Tuner, and Use ADB with Features like Autocomplete Suggestion with aShell

Install Shizuku

Introduction of Shizuku and ADB

Connect Shizuku to Wireless ADB

  1. Grant Shizuku notification permission.
  2. Tap Pairing in Start via Wireless debugging block in Shizuku.
  3. Connect to a WiFi you trust. You don't need to log in to the WiFi if the WiFi needs that. You just need to let your phone think that you're connected to WiFi.
  4. In phone's Settings or something similar, go to About Phone > Software Information or something similar, and tap the Version Number seven times to enable Developer Options. Some phones may have different methods to enable Developer Options.
  5. In the Developer Options, enable Wireless ADB and tap Pair with a pairing code.
  6. Input the pairing code in the notification of Shizuku.
  7. In the Developer Options, togle on Disable adb authorization timeout if you don't want to do all the above again every few times using Shizuku. If the connection is disconnected due to whatever reason, follow Reconnect Shizuku in Case it Stops with SystemUI Tuner to reconnect if you're using SystemUI Tuner, or follow above guide again to reconnect if not.
  8. Back to Shizuku and tap Start in Start via Wireless debugging block. You all see Shizuku is running on the top of the interface of Shizuku.

Use Shizuku in a Terminal Application for the First Time (Termux for Example)

  1. Tap Use Shizuku in terminal applications in Shizuku and export files rish and rish_shizuku.dex to somewhere on your phone.
  2. Use a text editor to replace PKG in rish with the package name of your terminal application. Take Termux for example, Termux's package name is com.termux. Run termux-setup-storage and tap Allow to grant Termux storage permission if you want to use it to run ADB commands (and many other commands).
  3. Open your terminal application and move the exported files to somewhere it can access with mv old_location new_location. The root directory of the main storage of Android is usually /storage/emulated/0. The home directory of Termux is /data/data/com.termux/home, which is abbreviated as ~ in Termux.
  4. Go to the directory you moved the exported files to with cd directory (assumed ~/shizuku below) and run sh rish.
  5. Where used to be ~ $ should become e2q:/ $ or something similar if sh rish succeeded. Write ADB commands here. Note that there is no need to use adb or adb shell prefixes before commands and that devices command gets /system/bin/sh: devices: inaccessible or not found.
  6. You can turn WiFi off after ADB is connected. The notification of Shizuku may say Paring failed after that, but you can check Shizuku app to check whether there's a block read Shizuku is running on the top.
  7. Optionally, create a .sh file (nano ~/shizuku.sh for example), paste the following code block, save it, and make it executable with chmod +x shizuku.sh so that you can run this shortcut to start Shizuku on your terminal afterward.#!/data/data/com.termux/files/usr/bin/bash cd shizuku sh rish
  8. Note: It is recommended to use Termux's F-Droid version and avoid using Google Play version because the latter is depreciated. F-Droid: https://f-droid.org/packages/com.termux/.

Install SystemUI Tuner

Install SystemUI Tuner (pub: Zachary Wander) from Google Play: https://play.google.com/store/apps/details?id=com.zacharee1.systemuituner.

To Leave Developer Options off When Using Shizuku to Connect to ADB

Some financial apps may require Developer Options to be off when using them. This section is the tutorial about how to turn Developer Options off while still using Shizuku ADB Shell.

  1. Follow the screen instructions of SystemUI Tuner.
  2. Run adb shell command pm grant com.zacharee1.systemuituner android.permission.WRITE_SECURE_SETTINGS (you can do it with Shizuku and a terminal such as Termux or aShell).
  3. Connect to a WiFi. You don't need to log in or have real WiFi access, just make your phone believes you are connected to WiFi.
  4. Turn off Developer Options if it's on. The toggle switch is usually on the top of Developer Options.
  5. In SystemUI Tuner, go to Developer and turn on Enable ADB and Enable Wireless ADB.
  6. Go to Persistent Options and select Enable ADB.
  7. Press Start on Shizuku.
  8. Turn off WiFi. Enable Wireless ADB will be turned off automatically by system settings. You can check that in SystemUI Tuner.

Reconnect Shizuku in Case it Stops with SystemUI Tuner

  1. Connect to a WiFi. You don't need to log in or have real WiFi access, just make your phone believes you are connected to WiFi.
  2. Turn off Developer Options if it's on. The toggle switch is usually on the top of Developer Options.
  3. In SystemUI Tuner, go to Developer and turn on Enable Wireless ADB.
  4. Press Start on Shizuku.
  5. Turn off WiFi. Enable Wireless ADB will be turned off automatically by system settings. You can check that in SystemUI Tuner.

Other SystemUI Tuner Usage

SystemUI Tuner exposes some hidden options in Android. You can set them, add them to Persistent Options to keep them on, etc. Different manufacturers may remove or change these options, which SystemUI Tuner CANNOT work around.
You may need to run the following adb shell command (you can do it with Shizuku and a terminal such as Termux or aShell) in order to change the settings:

pm grant com.zacharee1.systemuituner android.permission.WRITE_SECURE_SETTINGS
pm grant com.zacharee1.systemuituner android.permission.PACKAGE_USAGE_STATS
pm grant com.zacharee1.systemuituner android.permission.DUMP

Using aShell

TrackerControl and InviZible Pro: Route Traffic through Tor, Block DNS over UDP, Set DNS Server, and Block Trackers

Install InviZible Pro

Install TrackerControl

Use TrackerControl to Block Trackers

Configure TrackerControl (TC) to be used with InviZible Pro

<?xml version='1.0' encoding='UTF-8' standalone='yes' ?>
<trackercontrol>
  <application>
    <setting key="dns2" type="string" value="149.112.112.112" />
    <setting key="filter_udp" type="boolean" value="true" />
    <setting key="domain_based_blocking" type="boolean" value="true" />
    <setting key="dark_theme" type="boolean" value="true" />
    <setting key="dns" type="string" value="9.9.9.9" />
    <setting key="hosts_url_new" type="string" value="https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" />
    <setting key="wifi_homes" type="set" value="" />
    <setting key="traffic_blocked" type="boolean" value="true" />
    <setting key="hosts_url" type="string" value="https://www.netguard.me/hosts" />
    <setting key="socks5_addr" type="string" value="127.0.0.1" />
    <setting key="socks5_port" type="string" value="9050" />
    <setting key="proto_tcp" type="boolean" value="true" />
    <setting key="manage_system" type="boolean" value="true" />
    <setting key="validate" type="string" value="www.f-droid.org" />
    <setting key="update_check" type="boolean" value="true" />
    <setting key="socks5_enabled" type="boolean" value="true" />
    <setting key="filter" type="boolean" value="true" />
  </application>
  <apply>
    <setting key="com.termux" type="boolean" value="false" />
    <setting key="pan.alexander.tordnscrypt.stable" type="boolean" value="false" />
  </apply>
  <forward>
    <port pkg="nobody" protocol="17" dport="53" raddr="127.0.0.1" rport="5354" />
    <port pkg="nobody" protocol="6" dport="53" raddr="127.0.0.1" rport="5354" />
  </forward>
</trackercontrol>

Configure InviZible Pro to be used with TrackerControl

ipv4_servers = true  
ipv6_servers = true  
require_dnssec = true  
require_nolog = false  
require_nofilter = false  
block_ipv6 = false  
force_tcp = true  
server_names = ['adguard-dns', 'adguard-dns-ipv6', 'ahadns-doh-la', 'brahma-world-ipv6', 'dnsforge.de', 'mullvad-base-doh', 'sfw.scaleway-fr']  
disabled_server_names = []  
listen_addresses = ['127.0.0.1:5354', '[::1]:5354']  
max_clients = 250  
#user_name = '0'  
dnscrypt_servers = true  
doh_servers = true  
odoh_servers = true  
timeout = 5000  
keepalive = 30  
netprobe_timeout = -1  
log_level = 2  
log_file = '/data/user/0/pan.alexander.tordnscrypt.stable/logs/DnsCrypt.log'  
use_syslog = false  
cert_refresh_delay = 240  
dnscrypt_ephemeral_keys = false  
tls_disable_session_tickets = false  
bootstrap_resolvers = ['9.9.9.9:53', '[2620:fe::fe]:53']  
netprobe_address = '9.9.9.9:53'  
block_unqualified = true  
block_undelegated = true  
reject_ttl = 10  
ignore_system_dns = false  
http3 = true  
log_files_max_size = 1  
log_files_max_age = 7  
log_files_max_backups = 1  
cache = true  
cache_size = 4096  
cache_min_ttl = 2400  
cache_max_ttl = 86400  
cache_neg_ttl = 60  
cache_neg_max_ttl = 600  
forwarding_rules = 'forwarding-rules.txt'  
cloaking_rules = 'cloaking-rules.txt'  
proxy = 'socks5://127.0.0.1:9050'  
[captive_portals]  
map_file = 'captive-portals.txt'  
[dns64]  
#prefix = ['64:ff9b::/96']  
[local_doh]  
#listen_addresses = ['127.0.0.1:3000']  
#path = '/dns-query'  
#cert_file = 'localhost.pem'  
#cert_key_file = 'localhost.pem'  
[query_log]  
format = 'tsv'  
file = '/data/user/0/pan.alexander.tordnscrypt.stable/cache/query.log'  
ignored_qtypes = ['DNSKEY', 'NS']  
[nx_log]  
format = 'tsv'  
file = '/data/user/0/pan.alexander.tordnscrypt.stable/cache/nx.log'  
[blocked_names]  
blocked_names_file = 'blacklist.txt'  
[blocked_ips]  
blocked_ips_file = 'ip-blacklist.txt'  
[allowed_names]  
allowed_names_file = 'whitelist.txt'  
[sources]  
[sources.'public-resolvers']  
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']  
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'  
cache_file = 'public-resolvers.md'  
refresh_delay = 72  
prefix = ''  
[sources.'relays']  
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md']  
cache_file = 'relays.md'  
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'  
refresh_delay = 72  
prefix = ''  
[sources.'odoh-servers']  
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md']  
cache_file = 'odoh-servers.md'  
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'  
refresh_delay = 72  
prefix = ''  
[sources.'odoh-relays']  
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md']  
cache_file = 'odoh-relays.md'  
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'  
refresh_delay = 72  
prefix = ''  
[broken_implementations]  
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']  
[anonymized_dns]  
skip_incompatible = false  
routes = [  
{ server_name = 'adguard-dns', via=['anon-kama', 'anon-scaleway', 'anon-tiarap'] },  
{ server_name = 'sfw.scaleway-fr', via=['anon-kama', 'anon-serbica', 'anon-tiarap'] },  
{ server_name = 'adguard-dns-ipv6', via=['anon-ams-ipv6', 'anon-scaleway-ams-ipv6', 'anon-tiarap-ipv6'] }  
]  
[static]

tor.conf: Copy the text in the below block, tap Edit tor.conf in Tor Settings, and paste.

RunAsDaemon 0
AvoidDiskWrites 1
AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit, .onion
#ExcludeExitNodes
TransPort 9040
DNSPort 127.0.0.1:5400
DNSPort [::1]:5400
SOCKSPort 127.0.0.1:9050
SOCKSPort [::1]:9050
HardwareAccel 1
Schedulers Vanilla
#Socks5Proxy 127.0.0.1:1080
ClientOnly 1
ExitPolicy reject *:*
ExitPolicy reject6 *:*
GeoIPFile /data/user/0/pan.alexander.tordnscrypt.stable/app_data/tor/geoip
GeoIPv6File /data/user/0/pan.alexander.tordnscrypt.stable/app_data/tor/geoip6
DataDirectory /data/user/0/pan.alexander.tordnscrypt.stable/tor_data
VirtualAddrNetworkIPv4 10.192.0.0/10
VirtualAddrNetworkIPv6 [FC00::]/8
Log notice file /data/user/0/pan.alexander.tordnscrypt.stable/logs/Tor.log
ConnectionPadding 1
ReducedConnectionPadding 1
#ExcludeNodes
ExitNodes {AU},{AT},{GB},{US},{DE},{SE},{CH},{LU},{NL},{NZ},{CA},{JP},{TW},{KR},{BE},{KY},{DK},{FI},{GL},{GR},{IS},{HU},{IE},{IT},{ES},{PT},{PL},{HR},{EE},{LV},{NO},{PH},{SG},{FR}
#EntryNodes
StrictNodes 0
#ReachableAddresses *:80,*:443
NewCircuitPeriod 30
MaxCircuitDirtiness 600
EnforceDistinctSubnets 1
HTTPTunnelPort 8118
DormantCanceledByStartup 1
DormantClientTimeout 15 minutes
CircuitsAvailableTimeout 86400
ClientUseIPv4 1
ClientUseIPv6 1
UseBridges 0

Use Tor but not DNSCrypr of InviZible Pro

If you want to use Tor but not DNSCrypr of InviZible Pro with TrackerControl, do below modification on configuration of both DNSCrypt and Tor above:

Use DNSCrypr But not Tor of InviZible Pro

If you want to use DNSCrypr But not Tor of InviZible Pro with TrackerControl, do below modification on configuration of both DNSCrypt and Tor above:

Check Whether the Tor Route Setup Is Successful

Use Invizible Pro without TrackerControl

Tor Browser

Install Tor Browser

You can install Tor Browser from Google Play: https://play.google.com/store/apps/details?id=org.torproject.torbrowser.

Introduction of Tor

Tor is a free overlay network for enabling anonymous communication. Built on free and open-source software and more than seven thousand volunteer-operated relays worldwide, users can have their Internet traffic routed via a random path through the network.
Using Tor makes it more difficult to trace a user's Internet activity by preventing any single point on the Internet (other than the user's device) from being able to view both where traffic originated from and where it is ultimately going to at the same time. This conceals a user's location and usage from anyone performing network surveillance or traffic analysis from any such point, protecting the user's freedom and ability to communicate confidentially.
Key Features of Tor:

  1. Anonymity: Tor allows users to browse the internet anonymously by routing their internet traffic through a network of volunteer-operated servers called nodes or relays. Each relay only knows the IP address of the previous and next node, making it difficult to trace the origin of the traffic.
  2. Onion Routing: The name "Onion Router" comes from the way data is encrypted in layers, similar to the layers of an onion. When data is sent through the Tor network, it is encrypted multiple times, and each node decrypts a layer before passing it on to the next, protecting user privacy.
  3. Access to .onion Sites: Tor allows users to access hidden services with .onion domain names, which are not reachable through standard web browsers. These sites often provide additional privacy and anonymity.
  4. Bypass Censorship: Tor can help users bypass censorship and access restricted content by routing traffic through nodes in different countries.
  5. Privacy Tools: The Tor Browser, based on Mozilla Firefox, comes preconfigured with privacy enhancements, making it easier for users to maintain anonymity while browsing.
    The Tor Browser for Android is a mobile version of the Tor Browser that utilizes Mozilla Firefox for Android codebase.

NoScript Security Suite

NoScript (or NoScript Security Suite) is a free and open-source extension for Firefox- and Chromium-based web browsers, written and maintained by Giorgio Maone, a software developer and member of the Mozilla Security Group.
By default, NoScript blocks active (executable) web content, which can be wholly or partially unblocked by allowlisting a site or domain from the extension's toolbar menu or by clicking a placeholder icon.
It is recommended to enable NoScript for all Tor sites unless you fully trust it.

OpenSSL: Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols and Cryptography Library Implementation

Introduction of OpenSSL

OpenSSL is an open-source library that provides a comprehensive suite of cryptographic tools for securing communications over computer networks. It implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a general-purpose cryptographic library that supports a variety of encryption algorithms, hashing functions, digital signatures, key generation, certificate management, and secure random number generation.

Installation of OpenSSL in Termux

pkg install openssl openssl-tool

Installation of OpenSSL in Debian

sudo apt install openssl libssl-dev

RSA (Rivest-Shamir-Adleman)

Introduction of RSA

RSA is a widely used asymmetric encryption algorithm that underpins many security protocols. Its strength lies in the difficulty of factoring large prime numbers. The algorithm involves key generation, encryption, and decryption processes utilizing a pair of keys: a public key, shared openly, and a private key, kept secret.

  1. Mathematical Foundation and Key Generation:
    The algorithm begins by selecting two large prime numbers, \( p \) and \( q \). These are multiplied to produce \( n = p \times q \), the modulus for both keys. The totient function \( \phi(n) = (p-1)(q-1) \) is computed. A public exponent \( e \), typically 65537, is chosen, which is coprime to \( \phi(n) \). The public key is \( (n, e) \). The private exponent \( d \) is calculated such that \( d \cdot e \equiv 1 \mod \phi(n) \), making \( (n, d) \) the private key. RSA's security relies on the ease of multiplying primes and the difficulty of factoring their product.
  2. Public Encryption and Private Decryption (Communication):
    After generating the keys, RSA can be used for secure communication. To encrypt a message \( m \), the sender uses the recipient's public key \( (n, e) \) with the formula \( c \equiv m^e \mod n \), where \( c \) is the ciphertext. Only the intended recipient, with the private key \( (n, d) \), can decrypt it using \( m \equiv c^d \mod n \).
  3. Private Encryption and Public Decryption (Signature):
    RSA can also create digital signatures for authenticity and non-repudiation. The sender encrypts a hash \( h \) of the message with their private key \( (n, d) \): \( s \equiv h^d \mod n \). This signature \( s \) accompanies the original message \( m \). The recipient verifies the signature by decrypting it with the sender's public key \( (n, e) \): \( h' \equiv s^e \mod n \). If \( h' \) matches the hash of the received message \( m \), it confirms the message's authenticity.
  4. Applications:
    RSA is employed in various applications that require secure communication and data integrity:

Generate New Private Key

openssl genrsa -out /path/privatekeyfilename.pem 2048

2048 means 2048 iterations, change the number as needed.

Generate Public Key from Private Key

openssl rsa -pubout -in /path/privatekeyfilename.pem -out /path/publickeyfilename.pem

Encrypt with Public Key

openssl pkeyutl -in /path/filename.txt -out /path/publickeyencryptedfilename.txt -inkey /path/publickeyfilename.pem -pubin -encrypt

Decrypt with Public Key

openssl pkeyutl -in /path/publickeyencryptedfilename.txt -out /path/filename.txt -inkey /path/privatekeyfilename.pem -decrypt

Encrypt with Private Key

openssl pkeyutl -in /path/filename.txt -out /path/privatekeyencryptedfilename.txt -inkey /path/privatekeyfilename.pem -encrypt

Decrypt with Private Key

openssl pkeyutl -in /path/privatekeyencryptedfilename.txt -out /path/filename.txt -inkey /path/publickeyfilename.pem -pubin -decrypt

Sign a Raw File

openssl pkeyutl -in filename.txt -rawin -out signed_filename.txt -inkey keyfile/privatekeyfile.pem -sign

Sign a Hex File

openssl pkeyutl -in hexfilename.txt -out signed_filename.txt -inkey keyfile/privatekeyfile.pem -sign

Verify a Signature Against a Raw File

openssl pkeyutl -in filename.txt -rawin -out verification.txt -sigfile signed_filename.txt -inkey keyfile/publickeyfile.pem -pubin -verify

Verify a Signature Against a Hex File

openssl pkeyutl -in hexfilename.txt -rawin -out verification.txt -sigfile signed_filename.txt -inkey keyfile/publickeyfile.pem -pubin -verify

All Command Options of Pkeyutl

openssl pkeyutl [-help] [-in file] [-rawin] [-digest algorithm] [-out file] [-sigfile file] [-inkey filename|uri] [-keyform DER|PEM|P12|ENGINE] [-passin arg] [-peerkey file] [-peerform DER|PEM|P12|ENGINE] [-pubin] [-certin] [-rev] [-sign] [-verify] [-verifyrecover] [-encrypt] [-decrypt] [-derive] [-kdf algorithm] [-kdflen length] [-pkeyopt opt:value] [-pkeyopt_passin opt[:passarg]] [-hexdump] [-asn1parse] [-engine id] [-engine_impl] [-rand files] [-writerand file] [-provider name] [-provider-path path] [-propquery propq] [-config configfile]

DESCRIPTION: This command can be used to perform low-level public key operations using any supported algorithm.
OPTIONS:

Symmetric Encryption

Introduction of Symmetric Encryption

Symmetric encryption uses the same key for both encryption and decryption, requiring both parties to possess and keep the key confidential.

  1. Single Key: Both parties use the same key, making key management critical. If the key is compromised, the encrypted data is at risk.
  2. Speed: Symmetric algorithms are faster than asymmetric ones, making them ideal for encrypting large amounts of data, particularly in real-time applications.
  3. Confidentiality: Only authorized parties with the correct key can decrypt the data, maintaining its confidentiality.
  4. Common Algorithms:
  1. Applications:

AES-256-CBC Encryption

openssl enc -aes-256-cbc -in file.rar -out encfile.rar -pass pass:1234567890123456789012345678901234567890123456789012345678901234 -base64 -iv 12345678901234567890123456789012 -S 1234567890123456 -md sha-256 -iter 2048 -pbkdf2 -p

AES-256-CBC Decryption

openssl enc -aes-256-cbc -in encfile.rar -out file.rar -pass pass:1234567890123456789012345678901234567890123456789012345678901234 -d -base64 -iv 12345678901234567890123456789012 -S 1234567890123456 -md sha-256 -iter 2048 -pbkdf2

All Command Options of Enc / Cipher

openssl enc|cipher [-cipher] [-help] [-list] [-ciphers] [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a] [-base64] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-S salt] [-salt] [-nosalt] [-z] [-md digest] [-iter count] [-pbkdf2] [-saltlen size] [-p] [-P] [-bufsize number] [-nopad] [-v] [-debug] [-none] [-engine id] [-rand files] [-writerand file] [-provider name] [-provider-path path] [-propquery propq]

DESCRIPTION: The symmetric cipher commands allow data to be encrypted or decrypted using various block and stream ciphers using keys based on passwords or explicitly provided. Base64 encoding or decoding can also be performed either by itself or in addition to the encryption or decryption.
OPTIONS:

File and Directory Management of Termux and Linux

cp (Copy files and directories)

mv (Move or rename files and directories)

rm (Remove files or directories)

mkdir (Create directories)

ls (List directory contents)

rmdir (Remove empty directories)

find (Search for files and directories)

touch (Create or update file timestamps)

chmod (Change File Permissions)

chmod can use both numeric (octal) and symbolic modes to set file permissions.

Numeric (Octal) Mode

Symbolic Mode

Options

chown (Change File Ownership)

df (Disk Space Usage)

du (Disk Usage)

pwd (Check Current Directory)

OpenSSH with Linux or Termux and SFTP Server Mount on Material Files: Secure Remote Access

Introduction of SSH and OpenSSH

SSH provides a secure way for accessing remote hosts and replaces tools such as telnet, rlogin, rsh, ftp.
OpenSSH (also known as OpenBSD Secure Shell) is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.
Default SSH port in Termux is 8022.
Default SSH port in Linux is usually 22.

OpenSSH Server in Linux

Install and Setup

sudo apt install openssh-server
sudo systemctl enable --now ssh

Edit Configuration

sudo nano /etc/ssh/sshd_config

Edit as your need.
If you're setting OpenSSH server for QEMU VM with same setup as this tutorial, namely, hostfwd=tcp::2222-:22, and you hope to connect it from outside of the VM (e.g. Termux), then you can edit the configuration as the following:

sudo rm /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config

Copy below and paste to it:

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

Port 22
#AddressFamily any
ListenAddress 0.0.0.0
#ListenAddress ::

# The default requires explicit activation of protocol 1
#Protocol 2

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#RSAAuthentication yes
#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile    .ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox        # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem    sftp    /usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#    X11Forwarding no
#    AllowTcpForwarding no
#    ForceCommand cvs server

Run:

sudo nano /etc/hosts .deny

and delete all lines in it.

Start

sudo service ssh start

Restart

sudo service ssh restart

Stop

sudo service ssh stop

Disable

sudo systemctl disable ssh

Enable

sudo systemctl enable ssh

Check Status

sudo service ssh status

OpenSSH Server in Termux

Install

apt install openssh

Start

sshd

Stop

pkill sshd

OpenSSH Client in Linux or Termux

Install in Linux

sudo apt install openssh-client

Install in Termux

apt install openssh

Key Generation

If you plan to use key authentication, you have to generate key by:

mkdir -p ~/.ssh
ssh-keygen -t rsa -b 4096

If you're setting OpenSSH server for QEMU VM with same setup as this tutorial, namely, use password authentication (with password set by running passwd), you won't need to generate key.

Run

ssh root@localhost

Change the root@localhost to the actual user name and address. Port will be set as default.
Run with port specified:

ssh root@localhost -p 2222

Change 2222 to the port of the server.
If you're setting OpenSSH server for QEMU VM with same setup as this tutorial, namely, hostfwd=tcp::2222-:22 and Port 22, then you can run:

ssh root@localhost -p 2222

on client side.

Exit

exit

kex_exchange_identification: read: Connection reset by peer Error

To solve this error, try:

SCP (Secure Copy Protocol)

You can use scp on the client side to transfer files between the server side and the client side.
The syntax of scp is the same as that of cp, but with the username@host: added before the path to copy to or from the server. For example:

scp -r root@localhost:/root/Desktop /data/data/com.termux/files/home/

Use SFTP server mount if you encounter errors in this method.

SFTP Server Mound on Material Files

Install Material Files

You can install Material Files from Google Play: https://play.google.com/store/apps/details?id=me.zhanghai.android.files or F-Droid: https://f-droid.org/packages/me.zhanghai.android.files/.

Introduction of SFTP

SFTP, or Secure File Transfer Protocol, is a secure network protocol used for transferring files over a secure connection. It is an extension of the SSH (Secure Shell) protocol, which means it provides the same level of security and encryption that SSH offers. Here are some key points about SFTP:

  1. Security: SFTP encrypts both commands and data. This makes it more secure than traditional FTP (File Transfer Protocol).
  2. Authentication: SFTP supports various password-based and key-based authentication.
  3. File Management: SFTP allows for various file management operations, such as listing files, changing directories, and deleting files.
  4. Port: SFTP typically operates over the same port used by SSH.
  5. Cross-Platform: SFTP is supported on various platforms, making it a versatile option for file transfers across different systems.

Mount SFTP Server

Further Readings and References about OpenSSH with Linux and Termux

droidVNC-NG: VNC server app for Android that does not require root privileges

Install droidVNC-NG

You can install droidVNC-NG on:

Features of droidVNC-NG

Remote Control & Interaction

Comfort Features

Security & Configuration

Advanced VNC Features

SD Maid SE: A File Management Tool and System Cleaner

Install SD Maid SE

You can install SD Maid SE on:

Introduction of SD Maid SE

SD Maid SE (also known as SD Maid 2 or SD Maid 2/SE) is a file management tool and system cleaner for Android that specializes in maintenance, freeing up space, and removing unwanted data.
Features include:

Use SD Maid SE with Shizuku

Linux Command Library

Introduction of Linux Command Library

The app has 6056 manual pages, 22+ basic categories and a bunch of general terminal tips about Linux (retrieved Sep. 27, 2024). It works 100% offline, doesn't need an internet connection and has no tracking software. Some of the commands available in Linux are available in Termux too, such as cp, mv, ls, mkdir, apt, and apt-get.

Install and Use Linux Command Library

You can install Linux Command Library in Google Play: https://play.google.com/store/apps/details?id=com.inspiredandroid.linuxcommandbibliotheca or F-Droid: https://f-droid.org/packages/com.inspiredandroid.linuxcommandbibliotheca/, or browse it on its official website: https://linuxcommandlibrary.com/.

Linux and Termux Odds and Ends

apt (Termux, Debian, etc.)

apt is a commandline package manager and provides commands for searching and managing as well as querying information about packages. It provides the same functionality as the specialized APT tools, like apt-get and apt-cache, but enables options more suitable for interactive use by default.\

Commands for Copy

Linux Setup Command

sudo apt update && sudo apt upgrade
sudo apt install xfce4 xfce4-goodies python3-all-dev python3-venv build-essential cmake curl wget git gh openjdk-17-jdk nano vim iproute2 procps grep libboost-all-dev gdb tmux openssl libssl-dev openssh-server
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 -m venv myenv
source myenv/bin/activate
python3 get-pip.py
pip3 install numpy sympy matplotlib setuptools selenium jupyter pandas

Termux Package Management Command (All)

apt update && apt upgrade && apt --fix-broken install && apt autoremove --purge && apt clean && pkg update && pkg upgrade && pkg clean

Termux Package Management Command (All apt)

apt update && apt upgrade && apt --fix-broken install && apt autoremove --purge && apt clean

Termux Package Management Command (All pkg)

pkg update && pkg upgrade && pkg clean

Termux Package Management Command (Update and Upgrade All)

apt update && apt upgrade && pkg update && pkg upgrade

Termux Package Management Command (Update and Upgrade apt)

apt update && apt upgrade

Termux Package Management Command (Update and Upgrade pkg)

pkg update && pkg upgrade

Termux Package Management Command (Update All)

apt update && pkg update

Termux Package Management Command (Update apt)

apt update

Termux Package Management Command (Update pkg)

pkg update

Linux Package Management Command (All apt)

sudo apt update && sudo apt upgrade && sudo apt --fix-broken install && sudo apt autoremove --purge && sudo apt clean

Linux Package Management Command (Update and Upgrade apt)

sudo apt update && sudo apt upgrade

Linux Package Management Command (Update apt)

sudo apt update

Termux by Fredrik Fornwall / Termux / termux

Andronix by Devriz Technologies LLP / Andronix App /AndronixApp

Shizuku by Xingchen & Rikka / RikkaApps

SystemUI Tuner by Zachary Wander / zacharee

Invizible Pro by Garmatin Oleksandr / Oleksandr Garmatin / Gedsh

TrackerControl / TC by TrackerControl / Oxford HCC

NetGuard by Marcel Bokhorst / M66B / Marcel Bokhorst, FairCode BV

DontKillMyApp / DontKillMyApp: Make apps work by Urbandroid Team / urbandroid-team / Petr Nálevka (Urbandroid)

aShell by Sunil Paul Mathew M. / sunilpaulmathew

QEMU by Qemu Project / QEMU

Tor and Tor Browser by The Tor Project

MyIP / IPCheck.ing by Jason Ng / jason5ng32

Debian

Linux Command Library by Simon Schubert / SimonSchubert

OpenSSL by OpenSSL / openssl

ANC by Gaurav Ujwal / gujjwal00

Material Files / MaterialFiles by Hai Zhang / zhanghai

SD Maid SE / SD Maid 2/SE - System Cleaner / sdmaid-se by d4rken / d4rken-org / darken / darken development

droidVNC-NG / droidVNC-NG VNC Server by Christian Beier / bk138

Others

Contribution

We welcome contributions to this project! Please fork the repository and submit a pull request for your contributions. For clarity and convenience, we recommend making one pull request per revised section or added feature.

License

Copyright (C) 2024 Willie169.

This project is licensed under the terms of either:

GNU Free Documentation License, Version 1.3 (GFDL 1.3)

Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

You should have received a copy of the GNU Free Documentation License along with this document. If not, see https://www.gnu.org/licenses/fdl-1.3.html.

Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0)

You are free to:

The licensor cannot revoke these freedoms as long as you follow the license terms.

Under the following terms:

No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

You should have received a copy of the Creative Commons Attribution-ShareAlike 4.0 International License along with this program. If not, see https://creativecommons.org/licenses/by-sa/4.0/.