Hex editors for the Droid :p

Now continuing from our last post on hex editors on Linux and Windows we decide to find a few apps for Android users here are a few apps which we found and used .


Hex pirate:
When compared to the rest it is one of the most primitive editor the GUI is like window 98. Although it is quite efficient and practical. But still I would say it needs a little bit of work. In our tests it turned out to be a little slow and sticky. But considering the age of the developer, it is quite good and practical and can run on even on your grandmothers phone. I might count my grandmother out of the set, as her phone is dope(awesome :p).





Macro Hex edit:

This is an intermediate between Hex pirate and Hex editor free. Its GUI looks more like hex editor free GUI minus the hacker gene colour scheme. But it sucked at performance as I crashed if you just scrolled down really quick practical but slow. It will be good for beginner other than that no application for the application.






Hex editor free:
This feels more like "welcome to the hacker space!" kind of app. The GUI is great and the colour scheme used is attractive considering that you are looking a binary values. The app as such has no performance issues. The free one is cool but if you badly want it you can purchase the pro version. Its a step ahead of macro hex edit. 

Note:-
None of the developers have paid me shit so all the reviews are based on use and MY personal experience with the apps and you might find difference between your views and mine. I can't help. 


Just dump it.

Hexdump or hexadecimal dumping is a way to represent a file in hexadecimal format which helps the investigators to find out some basic things about the file and its contents. This is a primitive way to find out details regarding a file, but this can be helpful if you are doing a black box investigation on a file. The major draw back about this trick is that hexadecimal format is hard to read. 

How to?
Linux:-

  1. To do an hexadecimal dump on any Linux machine just open the terminal and type hexdump <filename>. This will generate a flow of hexadecimal stream which keeps on going. To get this stream in a proper representation you might have to pipe it with less or more like hexdump <filename>  | less.                                     
  2. A better version of this command is hexdump -c.
Windows:-
  1. There is no predefined package in windows to get the hexdump value, thus you might have to download & install the application Hxd which is a hex editor.
  2. Now select open under the file menu and select your file and that's all.


Note:-
This is the most easy way to find out some basic properties of the file. But this is not effective for more descriptive analysis.







converting dex2jar

Now whenever you create a android app an .dex file is automatically created, this file is saved inside the .apk file and runs on dalvik virtual machine. The original android app is mostly written in Java and hence converting a file from dex to jar is as simple as unzipping a rar file. The script used to do this task is known as dex2jar and comes per-installed in Kali Linux 2.0.

How to?

  1. Open a new terminal window.
  2. Type dex2jar <filename> and hit enter.
  3. Now wait and watch once the script stops running just type ls to see the list of files.
  4. Now you can open this jar files in various ides.

Note:-
If the .apk file is encrypted then you will not get anything at all.





Capturing traffic of Virtual machines!!

Sniffing traffic of Virtual machines is very useful when it comes to testing operating systems and applications, this helps you to check for a wide range of bugs. In our demonstration we will be using Wireshark with VMware and the test system is Ubuntu 15.0  machine.


How to?

  1. Click on edit virtual machine settings.And select Network Adapter and set Network connection property to custom and then select the interface.
  2. Now start the virtual machine and leave it running.
  3. Now fire Wireshark and start sniffing the VMware interface.
  4. And at the end you will be able to sniff everything going and coming out of the Virtual machine.


Shit I forgot my RTL-SDR !!


Till now we have seen how to use the rtl-sdr dongle but what if you can't afford one or forgot your at home. sdr.hu is great website which allows you to access open sourced sdr receivers around the world. This helps you to study software defined radio even without owning it. 

To get access to a sdr dongle which is openly hosted you can select any one of the receivers from the huge list. The receivers are voted by the users as per their performance. You might not be able to get the entire radio spectrum as the receivers vary from provider to provider. The deceives may work or not as these devices are not installed by the website or maintained by it. This might not be helpful for IOT(internet of things) testing. This can be a great starter kit as it can help a noob to learn the basics about SDR. While using it we found that some of the devices were a bit slow or it might just be my internet connection. The "how to?" is quite easy hence help your self around. It's as easy as opening a website and going around it.  

Note:-  
If you are using a proxy then you might have to stop it or use a VPN to bypass it.

Installing Debian with GNURoot!!

GNURoot is an android app which helps you to run a terminal emulator of some select distributions on android on an android phone without rooting it.

How to


  1. Download the GNURoot app from the play store.
  2. Open the app and select Create New Rootfs.
  3. Now download and install the other part of  the app, I am installing wheezy which is a form of debian.
  4. Now launch the by selecting the Launch Rootfs (make sure the checked box is checked).                                                               
Now if you only need only debian you can try the other trick.
  1. Download the GNURoot debian form the play store.
  2. Click on install/reinstall to install the distro.
  3. Now hit launch to start the terminal emulator.
  4. And you are done.                                                   

Note:-
This is better than debian noroot as it is more convenient to type commands but lacks a GUI interface of the distro. 

Mini,light & regular: What's different?

Now we all know that there are three types of Kali Linux ISO, the difference between these ISOs are that:-
Regular:-
The regular version is the fully fledged Kali Linux with the cool GUI and has all the tools, this version can be installed as a bootable media.

Light:-
The light version is a stripped up version of Kali Linux,it only has some main tools like sqlmap, nmap, etc. It looks more like CentOS.
And can be installed on bootable media.


Mini:- The mini is the a version which is the smallest one of all which can be used to install it with internet access.This one cannot be installed on bootable media and you can only be access it  after the distro is installed. This only consist of the core packages. And you might have to do a lot of apt-gets to get it to a full fledged environment. 





Hide it!!(basics of steganography)

Steganography is a technique of hiding data in a audio or a image file. Originally designed for spies, this technique is often used by malicious elements and government officials. But now a days all sorts of people use it to hide their data even if its sensitive or not.
There are a bunch of tools that are available on the internet that you can download and use. All these tools have simple wizards which can be used to hide your data. 
For example I can use any random software to explain it but I would prefer using DeepSound to explain it.

How to? 

  1. Download and install Deepsound on your computer.
  2. Now open Deepsound, you will see a window like this.
  3. First of all select the carrier file in which you want hide the data.                            
  4. Now add the files which you want to hide.
  5. Hit encode to start the encoding.
  6. Now you will you can check the check-box under encrypt to set a password if you want to make it even more secure else just hit OK.                         
  7.  To extract the data just open the file under the  carrier file tab and hit extract secret file.

Hum I have see this somewhere.......



Debian on android without rooting.

Now we have seen people installing Linux on their android phones after rooting it, lately I was wondering if this could be done without the root access. There are may ways to do this but the easiest way I could find was this.

How to?

  1. Download the Debian noroot app from play store.
  2. Now open the app and wait till it downloads the required files

    .
  3. Now the app will boot Debian.
  4. And that's it we have Debian.
Note:-
  • Now you can install Kali packages on top of it, when installed it only consist of the core packages only.
  • If you have OTG support then it will make your life a lot easy. My Setup was something like this:-

Packet capturing without proxy!

The first step of an android app audit is packet capturing which can be used to analyse whether the communication between app and server is encrypted or not. The most common way to capture the packets and analyse them is through proxies but setting up a proxy can be a headache. We had discussed in our post on packet capturing with android app in the article "sniffing without rooting your phone" but the apps discussed in this post don't allow you to analyse the packets on your phone. So I was searching for a better alternative and found this app.

How to?

  1. Download the packet capture app from the play store and install it.
  2. Now open the app and select the capture button(Play button).
  3. It will ask you to create a VPN, select OK.
  4. Now minimize the app and go ahead use the app which you want to test.
  5. When you are done go back to the app and select the stop button.
  6. You will see your captured packet which is timestamped. Select it, you will get a bunch of packets which were captured during your use.                         .
  7. Now select any one packet and you will see the details of the particular packet.                                  
  8. You can hit the http decode button at the top so that the packet is represented in a readable manner.          
Note:-
tpacketcapture doesn't give you the comfort of analysing the packet directly on the phone.


Add SDRTouch to life!!

We have discussed in our article listing to WFM radio about how you can tune into WFM radio and listen to it. So now I was wandering about how to do it on Android. So I started search for apps to do it.

How to
  1. Download rtl2832u driver and SDRtouch from the play Store and install it.
  2.  Now connect your phone and your rtl SDR dongle with an OTG adapter.
  3. Now run SDRTouch App and select the power icon on the top left corner.                                                  
  4. Now select the rtl2832u driver for your backhand decoder.
  5. Now set the desired frequency to listen to the transmissions.
 Note:-
The landscape mode is far more convenient to use when compared to the portrait mode.