Showing posts with label Android. Show all posts
Showing posts with label Android. Show all posts

Hex editors for the Droid :p

Now continuing from our last post on hex editors on Linux and Windows we decide to find a few apps for Android users here are a few apps which we found and used .


 Hex pirate:
When compared to the rest it is one of the most primitive editor the GUI is like window 98. Although it is quite efficient and practical. But still I would say it needs a little bit of work. In our tests it turned out to be a little slow and sticky. But considering the age of the developer, it is quite good and practical and can run on even on your grandmothers phone. I might count my grandmother out of the set, as her phone is dope(awesome :p).


Macro Hex edit:

This is an intermediate between Hex pirate and Hex editor free. Its GUI looks more like hex editor free GUI minus the hacker gene colour scheme. But it sucked at performance as I crashed if you just scrolled down really quick practical but slow. It will be good for beginner other than that no application for the application.




Hex editor free:
This feels more like "welcome to the hacker space!" kind of app. The GUI is great and the colour scheme used is attractive considering that you are looking a binary values. The app as such has no performance issues. The free one is cool but if you badly want it you can purchase the pro version. Its a step ahead of macro hex edit. 

 Note:-
None of the developers have paid me shit so all the reviews are based on use and MY personal experience with the apps and you might find difference between your views and mine. I can't help. 


Posted by No comments :

Installing Debian with GNURoot!!

GNURoot is an android app which helps you to run a terminal emulator of some select distributions on android on an android phone without rooting it.

 How to


  1. Download the GNURoot app from the play store.
  2. Open the app and select Create New Rootfs.
  3. Now download and install the other part of  the app, I am installing wheezy which is a form of debian.
  4. Now launch the by selecting the Launch Rootfs (make sure the checked box is checked).                                                               
Now if you only need only debian you can try the other trick.
  1. Download the GNURoot debian form the play store.
  2. Click on install/reinstall to install the distro.
  3. Now hit launch to start the terminal emulator.
  4. And you are done.                                                   

Note:-
This is better than debian noroot as it is more convenient to type commands but lacks a GUI interface of the distro. 

Posted by 2 comments :

Debian on android without rooting.

Now we have seen people installing Linux on their android phones after rooting it, lately I was wondering if this could be done without the root access. There are may ways to do this but the easiest way I could find was this.

 How to?

  1. Download the Debian noroot app from play store.
  2. Now open the app and wait till it downloads the required files

    .
  3. Now the app will boot Debian.
  4. And that's it we have Debian.
Note:-
  • Now you can install Kali packages on top of it, when installed it only consist of the core packages only.
  • If you have OTG support then it will make your life a lot easy. My Setup was something like this:-
Posted by No comments :

Packet capturing without proxy!

The first step of an android app audit is packet capturing which can be used to analyse whether the communication between app and server is encrypted or not. The most common way to capture the packets and analyse them is through proxies but setting up a proxy can be a headache. We had discussed in our post on packet capturing with android app in the article "sniffing without rooting your phone" but the apps discussed in this post don't allow you to analyse the packets on your phone. So I was searching for a better alternative and found this app.

 How to?

  1. Download the packet capture app from the play store and install it.
  2. Now open the app and select the capture button(Play button).
  3. It will ask you to create a VPN, select OK.
  4. Now minimize the app and go ahead use the app which you want to test.
  5. When you are done go back to the app and select the stop button.
  6. You will see your captured packet which is timestamped. Select it, you will get a bunch of packets which were captured during your use.                         .
  7. Now select any one packet and you will see the details of the particular packet.                                  
  8. You can hit the http decode button at the top so that the packet is represented in a readable manner.          
Note:-
tpacketcapture doesn't give you the comfort of analysing the packet directly on the phone.


Posted by No comments :

Add SDRTouch to life!!

We have discussed in our article listing to WFM radio about how you can tune into WFM radio and listen to it. So now I was wandering about how to do it on Android. So I started search for apps to do it.

How to
  1. Download rtl2832u driver and SDRtouch from the play Store and install it.
  2.  Now connect your phone and your rtl SDR dongle with an OTG adapter.
  3. Now run SDRTouch App and select the power icon on the top left corner.                                                  
  4. Now select the rtl2832u driver for your backhand decoder.
  5. Now set the desired frequency to listen to the transmissions.
 Note:-
The landscape mode is far more convenient to use when compared to the portrait mode.



Posted by No comments :

Adsb on Android

I was wondering if I could track planes from an android phone. So I started looking for apps which could perform the interception and decoding. I also found out that my phone should support USB OTG to connect the SDR.

How to?
  1. Download the Adsb app from the play store.
  2. Now connect the SDR dongle to your phone with the OTG cable or adapter.
  3. Launch the app and hit the start driver ADSB button, select the app's default driver.                                        
  4. Now wait and watch you will get the data on the main screen.

Note:-
The map view is very lousy so I would advice you to stay away from it.
Posted by No comments :

RFID Hacking without rooting your phone!

RFID is a technology mostly used in access control cards and credit cards. This technology is based on receiver and transmitter type architecture, in which the transmitter is present inside the card. After the famous NFC hacking the easy way by Eddie Lee a large number of hacker have started their research in this field.So to get you started we decide to show you how to collect data from an RFID card with an ordinary android phone.

 How to?
  1. Download and install NFC Tools app from the play store.
  2. Now enable NFC on your android phone. 
  3. Open the app and take it near to an RFID card and make sure that the read tab is selected.                      
  4. Now you will see that it will show you the data extracted from the card, save it if you want to duplicate the card.

Note:-
You might have to keep your phone exactly on top of your card as the nfc is a really short range technology.

Posted by No comments :

Bypassing stupid app-locks :p

We all have that one friend who keeps app-locks for all his applications instead of encrypting his device. It's like writing the password of your computer on sticky note and pasting it on your monitor. People forget that app-locks are application which you install on your phone. And if we just kill the process then the application will no longer protect your secrets.I tested 2 of the top play store app-locks, I don't indent to harm the reputation of the poor developers. But I would like to convey to them in simple words that "Your application is SHIT!".


How to? 
  1. Try opening a app which is protected by the app-lock, it will ask you some stupid PIN which I assume that you won't be knowing.
  2. Go to device settings & open Application Manager.
  3. Now locate the app-lock in the list and select it.
  4. Now click on force stop and open the the app which was locked initially, it will open.
  5. If the first trick doesn't work then go to the app-lock and select clear data. All the apps will be unlocked.
Note:-
Clearing the data will disable the app-lock permanently while force stopping will temporarily disable it.
Encrypting your entire device is the best protection. Another way is to lock the application manager with the app-lock.

Posted by No comments :

Sniffing wireless networks without rooting your phone..

Sniffing from an android phone can be an great advantage when it comes to testing corporate security as it is easy to smuggle a phone into a building instead of a laptop or a computer.The main problem with wireless sniffing on android phones is that you might need root access to do so. As rooting voids your warranty, most users don't prefer to root their phones. So we started searching for alternative software that can do the task without root access. The 2 most effective tools from the lot are tpacketCapture and Wi-Fi PCAP Capture.

Wi-Fi PCAP Capture is based on kismet and its usage is available at https://www.kismetwireless.net/android-pcap/ where as tpacketCapture is developed by taosoftware co,ltd. 
Wi-Fi PCAP Capture is open sourced where as tpacketCapture is copyright protected. 
Wi-Fi PCAP Capture requires an external wireless card which will not work if your phone doesn't have OTG compatibility where as tpacketCapture uses the inbuilt wireless card of your phone which means that tpacketCapture will work on eventually any out of the box phone.
Both these apps save the captured data in the form of .pcap file which can be then analyzed in Wireshark. The one thing that both these apps lack was the ability to analyze the captured packets. over all these apps performed well in the tests but we did notice that Wi-Fi PCAP only worked with particularity phones and external wireless card as stated on their official website

Note:-
You will have to choose a location to save the captured files or else they will be saved to the default location which might be a problem if your phone memory is really low.
Posted by 2 comments :

Kick Off with Dsploit

What you need?
For this attack you will only need a rooted android phone and of course the app Dsploit.

How to??
  1. Open the app Dsploit on your phone.
  2. It will show you all that devices connected to the wireless network. If not then hit the refresh symbol on the left hand side of the screen.
  3. Now select the specific target which you would like to kick out of the network. If you want to attack the entire wireless network then select the router.
  4. Now select MITM(man-in-the-middle) from the list.
  5. Now it will open a new list. Select kill connections to kick the target which can be a single devices or all of them from the network. 
  6.  After a few seconds you will see that your devices will be unable to connect to the net through the browser.

  7. Select it once again to stop it...
Note:-
You can also select the other options like redirect, replace images, etc. We will advice you not to try on corporate networks. If caught you could be sent to jail. You can still use it to annoy your siblings or friends. 
If you are using an android phone with android 4.0+ then you can use Zanti 2 which is an updated version of Dsploit.

 
Posted by No comments :

Network analysis with a non-rooted android phone

Introduction:-
Network analysis is the first step toward an network penetration test. Both windows and Linux have many tools to analyze an network on the bases of different standards. But these operating systems usually run on devices which are a little to large for an usual pant or shirt pocket and another problem with these tools are that most of the don't have an GUI which means you might go retard trying to explain an professional who doesn't have an IT baground. Thus a set of tools were required which can be installed on an normal android which could be deployed instantly. So I decide to find out a few tools which could be used for network analysis on an out of the box android phone.


What you need?
An android phone or tablet with 4.0 or above. You can also try it on phones with lower versions of android but we can't tell you if it will work or not. The phone used to test is an Samsung galaxy grand 2 with android 4.4.2 operating system.

Apps:-
Wifi Analyzer:- This is mostly an wireless network analysis tool. It's main advantage is that it scans the network and tells you which are the wifi channels have are having the most signal strength. It has 5 different views which are channel graph, time graph, signal meter, AP list, channel rating. The 2 best views are the signal meter and the channel graph. Our personal favorite was signal meter view which is a meter like GUI which notifies you about the wifi signal strength with a beeping sound similar to that of a mental detector. download
Landroid:- Landroid is a little geeky app as the interface requires a little knowledge about networks. It has features like ping, traceroute, publicIP, netstat, whois, etc which are mostly the features which network admins and network penetration tester requires to check the servers and the network connectivity. We would advice you not to download this app if you are not used to an less graphical user interface. It is a pure geek and pro stuff. download


Network signal info:- This is mostly an info app which can be used to find out information regarding cellular & wireless networks. This app has a nice GUI in which it displays various information like mac address, ip, ssid ,bssid, etc. The most interesting feature of this app is that this app shows you the location of the nearest cell tower under an feature called "cell
location". Some of the features of this app might be blocked as they require you to buy an pro version to use them. In all an fairly good app to find out information regarding various stuff about your cellular as well as wireless network.download
Fing-network tools:- This app is an wireless newtork scanning app which is similar to nmap. This app scans the networks and shows you the ip address assigned to different devices in the network. This is mostly a scanning app and can be used with Dsploit for an inside attack on a computer on the network.download
Posted by
Subscribe to: Posts ( Atom )