Showing posts with label Android. Show all posts
Showing posts with label Android. Show all posts

Tuesday, July 3, 2012

How to install the Android SDK

How to install the Android SDK

First, install Eclipse here.

After installing Eclipse, install the Android ADT plugin for Eclipse:
 - Click on Help > Then click on
 - Install New Software Copy and paste this and click "Add":
https://dl-ssl.google.com/android/eclipse/
 - Click "OK"

Eclipse will ask you to restart. After you restart, the Android ADT plugin will ask you to either download and install the Android SDK for you or you can do it yourself.

If you are using an existing SDK or downloading it yourself:

Download the SDK:

http://developer.android.com/sdk/index.html

The file should look like:

android-sdk_r20-linux.tgz

Extract the file to your /home/USER directory by either double clicking on the file or command line:

tar -zxvf android-sdk_r20-linux.tgz
Next you will go into Eclipse and use the Android ADT plugin to use with the /home/USER/android-sdk that you have extracted.

Installing Android Versions

 - Go to Window > then click on Android SDK Manager

 From here, you can select the Android Packages that you would like.

How to install Google Chrome on Ubuntu

How to install Google Chrome

Fast Way:
https://www.google.com/intl/en/chrome/browser/

Download the ".deb" file and install through the software store.

Command Line:
First, you need to get the repository:

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -

Next, you need to edit your source list:

sudo nano /etc/apt/sources.list

Add this:

deb http://dl.google.com/linux/chrome/deb/ stable main

Crtl + x, then Enter to save

Followed by updating your package list:

sudo apt-get update

Finally install Google Chrome:

sudo apt-get google-chrome-stable

Tuesday, May 8, 2012

How to Reverse Engineer Android Malware

Reverse Engineer Android Malware

Tools you may need for decompiling Android malware:

apktool – a tool used for manipulating .apk files
   Download: http://code.google.com/p/android-apktool/
jad – a Java decompiler (Windows only)
   Download: http://www.varaneckas.com/jad
JD-Core + JD-GUI – another Java decompiler, supporting newer Java versions and features
   Download: http://java.decompiler.free.fr
dex2jar – a tool for converting .dex files to .class files
   Download: http://code.google.com/p/dex2jar/downloads/list (dex2jar)
apkinspector - all in one tool
   Download: http://code.google.com/p/apkinspector/

However, this tutorial is fairly easy and simple and I will only be using dex2jar and jd-gui. This tutorial is a standard for all apps. You can use the same tools and methods to help decompile your applications and other applications, especially malware, in order to see and understand what the code is actually doing.

So, say we have our malicious malware such as "file.apk".

A lot of these tools can be used in Windows as well as Linux, however I happen to be using Windows for this tutorial.
For Linux: sh dex2jar.sh file.apk
For Windows: dex2jar.bat file.apk



This will create the file called file_dex2jar.jar. Now we can easily view our app's code with jd-gui.
Simply just click on the jd-gui and open the file_dex2jar.jar.


 Now we can easily read and see the code.

Further Research/Advanced Topics:

  • Code Obfuscation 
  • Decompiling Manifest Files
  • Obtaining the Resources - images, etc.

For Related Articles:

http://blog.burrowsapps.com/2012/02/hacking-facebook-for-android.html

Friday, April 27, 2012

Android - Text Bomber/Spammer

A Simple Text Spamming App

This is only for proof of concept, please only use for educational purposes only.


Make sure the app contains:

Java Code - SpamActivity.java

XML code - main.xml

Monday, February 6, 2012

How to hack the Facebook for Android App

Source Code
I always liked to poke around at things to see how they worked. A while ago I wanted to look inside some of my favorite apps such as the Facebook for Android app:

This is old, however we felt like making a video. So please comment and add helpful suggestions. And there are more ways than one for doing this.

Decompiling *.apks using Dex2Jar and viewing the compiled *.class files in JD-GUI
Tools:
Dex2Jar - http://code.google.com/p/dex2jar/
JD-GUI - http://java.decompiler.free.fr/?q=jdgui
ApkTool - http://code.google.com/p/android-apktool/

Need:
com.facebook.katana.apk
sh dex2jar.sh com.facebook.katana.apk
 - dumps the compiled java *.class files - creates com.facebook.katana_dex2jar.jar
./jd-gui
 - finally, run jd-gui and click on com.facebook.katana_dex2jar.jar
For the resources, use apktool
./apktool d com.facebook.katana.apk
 - this will dump the source files, the xml and images


Dex2Jar is a very powerful tool that dumps the Java compiled *.class files into a folder and then JD-GUI can easily read the compiled *.class files. From here you can read the source code and do whatever you would like.

Wednesday, October 26, 2011

How to setup ADB for Linux terminals

Run adb from terminal
Since the new Eclipse and Android SDK install I had to redo this:

Open your .bashrc, located in your /home/"user"/ and add this:

# Android tools 
export PATH=${PATH}:~/android-sdk-linux_x86/tools 
export PATH=${PATH}:~/android-sdk-linux_x86/platform-tools

Save the file, then in a terminal, type in "source" to refresh the terminal

http://forum.xda-developers.com/showthread.php?p=11823740

Monday, September 5, 2011

How to change your Hostname in Android

DHCP Hostname
With GingerBread, some devices show up in a router's DHCP list as 'android-sdr4r55ed'
Old Ways:
You can change host name in Gingerbread:
 > go to Settings -> Applications -> Development -> Device hostname or
Settings -> Wireless & networks -> Bluetooth settings -> Device name

Using adb shell, then
 > hostname NAME or edit /proc/sys/kernel/hostname
    echo NAME > /proc/sys/kernel/hostname

Using adb shell with busybox installed
 > busybox hostname NAME 

Best Way:
This worked for my Droid X, .602+ Rooted was using adb shell, then:
getprop net.hostname
setprop net.hostname NAME

Since the above code gets reset after each reboot, here is what else
I have found:


after

editing net.hostname
># getprop net.hostname
android_430217a864834bd5
># setprop net.hostname NAME

after the reboot it reverts to android_

so, hook your phone up to your computer:

your computer > adb > phone

> adb shell

> su
 - always backup all files first
> cp /data/data/com.android.providers.settings/databases/settings.db 
/data/data/com.android.providers.settings/databases/settings.db.backup

> cp /data/data/com.android.providers.settings/databases/settings.db 
/mnt/sdcard/settings.db

> rm /data/data/com.android.providers.settings/databases/settings.db

now click disk storage on the usb to access the mnt on your own computer

your computer > access your sdcard

> file settings.db

Ex. settings.db: SQLite 3.x database, user version 57

> sqlite3 settings.db

to show databases:

sqlite> .databases
seq  name             file                                                      
---  ---------------  ------------------------------
0    main             /media/249A-11E0/z/settings.db

to show tables:

sqlite> .tables
android_metadata   bookmarks          system           
bluetooth_devices  secure 

to show the column names:

sqlite> .schema secure
CREATE TABLE secure (_id INTEGER PRIMARY KEY AUTOINCREMENT,name TEXT 
UNIQUE ON CONFLICT REPLACE,value TEXT);
CREATE INDEX secureIndex1 ON secure (name);

The column names go from left to right: _id, name, value.

now select the table, secure, this command with show everything:

sqlite> select * from secure;

Here I picked id = 24, this is where my id was.

sqlite> select * from secure where _id = "24";
24|android_id|
 - just another way
sqlite> select * from secure where name = "android_id";
24|android_id|
 - just another way
sqlite> select * from secure where value = "";
24|android_id|

We can easily change the "ID" value from the <16 digit id> 
to any number. Here I changed it to 0:

sqlite> update secure set value = 0 where _id = 24;

Type .exit in order to exit.

sqlite> .exit

On the USB notification change from storage to charge to mount your 
sdcard to your phone.
phone > sdcard

again
> adb shell

> su

> cp /mnt/sdcard/settings.db 
/data/data/com.android.providers.settings/databases/settings.db

Now simply reboot your phone. You should now see "android_0" as your 
new hostname. I know I didnt change the entire hostname, however I will 
continue to look into this.

Thursday, September 1, 2011

Android - FREE Samples

Free Code and Projects
I used Google to find these, very helpful for learning new layouts and different android features.

GitHub
https://github.com/

Blogspot(Google Blogs)
http://android-coding.blogspot.com/
http://androidblogger.blogspot.com/
http://techdroid.kbeanie.com/

Google Code
http://code.google.com/p/androidnetworktester/
http://code.google.com/p/myandroidwidgets/

StackOverflow
http://stackoverflow.com/

Wordpess
http://pareshnmayani.wordpress.com/

Tuesday, August 2, 2011

crypTo. - Android Application

crypTo. - Android Application


Mobile Encryption on the Go! Hash fast with crypTo.

Encryption on the Go! Hash fast with crypTo!

>>>>>>>>>Please Donate! - Be sure to Rate/Comment/Suggest!
*crypTo currently has 17 hashing algorithms!*

crypTo is an hashing/encryption application with the follow features:

Encoding (Hashing/Encryption and Decryption):
– Encrypts strings in Base64, Binary, CRC32, GOST, MD2, MD4, MD5, RipeMD128, RipeMD160, RipeMD256, RipeMD320, SHA-1, SHA-256, SHA-384, SHA-512, Tiger and Whirlpool!
– Decrypts Base64, Binary and looks up MD5 back to its original string!
– Hashing messages or numbers can be used in order to hide or send secret messages that could be decrypted later on!
– Hashing you own passwords and then pasting into Google in order to see if they have been cracked is a good way of checking the security of your passwords.

File Checksums (File Verification)
– Using CRC32, GOST, MD2, MD4, MD5, RipeMD128, RipeMD160, RipeMD256, RipeMD320, SHA-1, SHA-256, SHA-384, SHA-512, Tiger and Whirlpool!
– MAKE SURE TO USE A GOOD FILE MANAGER WHEN DOING FILE CHECKSUMS FOR BIG FILES (ex. ASTRO)
– Every file has a checksum and when downloading files it is very important that these checksums are matched to the checksum given by the source providing the downloaded file because the files could contain malware or may not work properly because it was not completely downloaded.

Compare Strings and Files
– Copy and Compare Strings and check is they match!
– After Hashing a String or File, you may check and compare Checksums to make sure they are correct!
– Compare File to File through MD5 File Checkum!

FAQ:
What is a string?
– A string can be letters or numbers before they are encrypted into a hash.

What is a hash?
– A hash is an encrypted string of letters or numbers by different encryption methods. Hashes are used in cryptography for creating strong passwords, data encryption and to check the integrity of files.

What is a checksum?
– A checksum is a hash of a file.

Test on the following phone(s):
– Droid X
– HTC Inspire

Explanation of permissions requested:
– Internet: MD5 Reverse Lookup

Suggestions/Possible Future Updates:
– Widgets
– Saving Hashes
– File Encryption
– More Encryption Methods such as Adler-32 and Haval-128


Tags: hash encryption decryption Base64 Binary CRC32 GOST MD2 MD4 MD5 RipeMD128 RipeMD160 RipeMD256 RipeMD320 SHA-1 SHA-256 SHA-384 SHA-512 Tiger Whirlpool password security hash hack hacking encryption decryption

Monday, July 4, 2011

How to get Free Mobile 3G/4G Tethering

Using Operating System(No Software, No Root)


Ubuntu (Tested on Droid X)
Disclaimer - must have Bluetooth on your computer
1. Turn Bluetooth on both devices
2. On Ubuntu, select use device as "network device (NAP/PAN)"
3. Click on the "wifi/internet" icon and now your using your 3G/4G.

Using Windows 7(Tested on Droid X)
Disclaimer - must have Bluetooth on your computer
1. Go to start, search "Bluetooth", click on "Change Bluetooth Settings".
2. Turn on Bluetooth on the computer and allow other devices to connect to it in "Options".
3. Use your phone to Scan Bluetooth Devices and attempt to pair with the computer.
4. Accept both connections on the computer and the phone.
5. Go to Control Panel, Hardware and Sound and then Device and Printers.
There you should see your phone, right click and click on Connect Using Access Point.

PDA Net(No Root)

- http://junefabrics.com/

1. Go the main page, download the app to your phone.
2. Install the application to your computer.
3. Turn the app on your phone and connect to the net.

Easy Tether Lite(No Root)

- http://www.mobile-stream.com/easytether/android.html - http://easytether.blogspot.com


Wireless Tether(Requires Root- Tested on Froyo)

-Download

Saturday, July 2, 2011

How to change your Hostname in Linux

When first starting on the linux operating system such as Ubuntu, you may be prompted to create a hostname(computer name). Here is how you can change your hostname:

When opening up a terminal, you will see (your username)@(hostname). This is also the name that shows up in DHCP when connected to a network.


Run these commands to change the host name:

sudo sysctl kernel.hostname (new hostname)
or hostname (new hostname)

 For Android (You can ssh into your phone using an app or simply run root adb):
getprop net.hostname (shows you your current name)

 setprop net.hostname (new name)

Monday, May 30, 2011

HelloWorld in Android

1) Download Eclipse IDE: http://www.eclipse.org/downloads/
2) Download Android SDK for Eclipse: http://developer.android.com/sdk/index.html
-Installing Setup: http://developer.android.com/sdk/installing.html
3) Beginning Tutorial: http://developer.android.com/resources/tutorials/hello-world.html


HelloWorld.java
location: HelloWorld > src > com.HelloWord > HelloWorld.java
package com.HelloWorld;

import android.app.Activity;
import android.os.Bundle;

public class Hello extends Activity {
    /** Called when the activity is first created. */
    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.main);
        
    }

}

main.xml

location: HelloWorld > res > layout > main.xml
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
    android:orientation="vertical"
    android:layout_width="fill_parent"
    android:layout_height="fill_parent"
    >
<TextView  
    android:layout_width="fill_parent" 
    android:layout_height="wrap_content" 
    android:text="@string/hello"
    />
</LinearLayout>

strings.xml

location: HelloWorld > res > values > strings.xml
<?xml version="1.0" encoding="utf-8"?>
<resources>
    <string name="hello">Hello World, Hello!</string>
    <string name="app_name">HelloWorld</string>
</resources>

AndroidManifest.xml

location: HelloWorld > AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
      package="com.HelloWorld"
      android:versionCode="1"
      android:versionName="1.0">
    <uses-sdk android:minSdkVersion="3" />

    <application android:icon="@drawable/icon" android:label="@string/app_name">
        <activity android:name=".Hello"
                  android:label="@string/app_name">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>

    </application>
</manifest>


Notice: "System.out.println("HelloWorld!");" is not being used because "HelloWorld" is a string pulled from "strings.xml" which is used in the "main.xml"