OnionCat on Android

This article is about how to compile and run OnionCat on Android. Unfortunately, there is no Android app which simply enables it, due to the lack of programming power.¹ But if you are familiar with compiling projects and using ADB and the command line, this should be no big deal for you. Here’s how it works!

Root Your Phone

A requirement is that you Android smartphone is rooted since OnionCat accesses the tunnel device and configures an IPv6 address. Please do not ask how to root your phone! Please have a look at xdadevelopers instead.

Install Android NDK

You have to install the Android NDK. Go to developer.android.com/ndk and download and install it according to the instructions found on this page. Please do not forget to set the environment variable ANDROID_NDK properly. The best place to do this is .bashrc or .zshrc (or whatever shell you use). In my case this is

ANDROID_NDK=/home/eagle/android/android-ndk-r9d

Download OnionCat

Download the latest OnionCat package from www.cypherpunk.at/ocat/download/Source/current, extract the package and cd into it.

$ tar xfz onioncat-0.2.2.r569.tar.gz
$ cd onioncat-0.2.2.r569

Download the android_configure shell script into the previously extracted build directory of OC. This is a simple script which sets up the environment for cross-compilation and finally runs OnionCat’s native configure script. Run the script with

$ sh android_configure

Now simply run make.

$ make

This will compile OnionCat and finally produce an ARM 32 bit binary. You’ll find the executable file in src/ocat. ARM may not be the right platform for your smartphone. You’ll find the type of CPU in Settings->About Phone->CPU. If it is different you have to adjust the android_configure script accordingly (enivronment variables ANDROID_PREFIX and SYSROOT).

Copy OnionCat to Your Phone

Copy the executable to your Android phone. A good place for it is e.g. /system/bin. Make sure that it is executable. The best way to do the following tasks is either on the adb shell or directly within a terminal on your smartphone (or tablet). ADB (the Android Debug Bridge) is part of the Android SDK. Most Linux distros also have a package for it. I assume that you copied the ocat executable to your sdcard. Now run the adb shell, copy the file, and make it executable.

$ adb shell
shell@kumquat:/ $ su
root@kumquat:/ # cp /sdcard/ocat /system/bin
root@kumquat:/ # cd /system/bin
root@kumquat:/system/bin # chmod 755 ocat
root@kumquat:/system/bin #

 Finally test if the OnionCat executable is fine by simply starting it without any options. It should output a short help message.

root@kumquat:/system/bin # ocat
onioncat 0.2.2.r571 (c) Bernhard R. Fischer (OnionCat mode)
usage: ocat [OPTIONS]
-a create connect log at "$HOME/.ocat/ocat_connect_log" (default = 0)
-b daemonize (default = 1)
-B do not daemonize (default = 0)
-h display usage message
[...]

Install Orbot

Now install Orbot from F-Droid or GooglePlay and start the app. Go into the Settings and enable Hidden Service Hosting and choose 8060 to be the Hidden Service Port. Finally close the app and restart it. Connect Orbot to the Tor network by long-pressing the push button in the middle of the app. It will first turn yellow and then green if it’s ready.

Orbot will create the hidden service which is necessary for OnionCat. You can find the Onion Hostname (Onion ID) either in the Orbot Settings under Onion Hostname or on the command line in the appropriate data directory:

root@kumquat:/ # cd /data/data/org.torproject.android/app_data/hs8060
root@kumquat:/data/data/org.torproject.android/app_data/hs8060 # cat hostname
xxxxxxxxxxxxxxxx.onion
root@kumquat:/data/data/org.torproject.android/app_data/hs8060 #

This is your unique Onion Hostname of your Android phone. You are now ready to start OnionCat.

Run OnionCat

Make sure that there is a device node for the tunnel interfaces under /dev/tun.

root@kumquat:/ # ls -l /dev/tun
ls: /dev/tun: No such file or directory
1|root@kumquat:/ #

If this fails as show above you have to insert tun kernel module.

root@kumquat:/ # modprobe tun
root@kumquat:/ # ls -l /dev/tun
crw-rw—-    1 system       vpn            10, 200 Sep  5 21:16 /dev/tun
root@kumquat:/ #

Now you are ready to run OnionCat with the following command. Of course, you have to insert your correct Onion Hostname.

root@kumquat:/ # ocat -T /dev/tun -r -B xxxxxxxxxxxxxxxx.onion
Sat, 05 Sep 2015 21:17:26.358 +0200 [0:main      :  info] onioncat 0.2.2.r571 (c) Bernhard R. Fischer (OnionCat mode)
Sat, 05 Sep 2015 21:17:26.380 +0200 [0:main      :  info] IPv6 address fd87:d87e:eb43:xxxx:xxxx:xxxx:xxxx:xxxx
Sat, 05 Sep 2015 21:17:26.380 +0200 [0:main      :  info] TUN/TAP device tun0
Sat, 05 Sep 2015 21:17:26.381 +0200 [0:main      :  info] starting packet forwarder

Now test it. The best way is to ping6 some other OnionCat host of which you know that it is up.

root@kumquat:/ # ping6 fd87:d87e:eb43:744:208d:5408:63a4:ac4f
PING fd87:d87e:eb43:744:208d:5408:63a4:ac4f(fd87:d87e:eb43:744:208d:5408:63a4:ac4f) 56 data bytes
64 bytes from fd87:d87e:eb43:744:208d:5408:63a4:ac4f: icmp_seq=5 ttl=64 time=387 ms
64 bytes from fd87:d87e:eb43:744:208d:5408:63a4:ac4f: icmp_seq=6 ttl=64 time=275 ms
64 bytes from fd87:d87e:eb43:744:208d:5408:63a4:ac4f: icmp_seq=7 ttl=64 time=253 ms
64 bytes from fd87:d87e:eb43:744:208d:5408:63a4:ac4f: icmp_seq=8 ttl=64 time=250 ms
64 bytes from fd87:d87e:eb43:744:208d:5408:63a4:ac4f: icmp_seq=9 ttl=64 time=269 ms

If this works you are ready to use the OnionCat VPN. All OnionCat destination addresses will automatically be routed through your OnionCat and OrBot respectively.

Have phun and don’t hesitate to contact me!